Google Said 'Nice Catch' Then Denied Bountytheregister.com6 points·by olearysec·قبل 25 يومًا·0 comments
Microsoft rejects critical Azure vulnerability report, no CVE issuedbleepingcomputer.com5 points·by olearysec·قبل شهرين·1 comments
olearysec·قبل شهرين·discussI'm the researcher. You've nailed it — Backup Contributor automatically granted cluster-admin via Trusted Access, no K8s permissions required. Microsoft called it "expected behavior," then silently patched it.Full writeup with CERT/CC timeline and evidence: https://olearysec.com/research/azure-backup-aks-silent-patch...