Google Said 'Nice Catch' Then Denied Bountytheregister.com6 points·by olearysec·vor 25 Tagen·0 comments
Microsoft rejects critical Azure vulnerability report, no CVE issuedbleepingcomputer.com5 points·by olearysec·vor 2 Monaten·1 comments
olearysec·vor 2 Monaten·discussI'm the researcher. You've nailed it — Backup Contributor automatically granted cluster-admin via Trusted Access, no K8s permissions required. Microsoft called it "expected behavior," then silently patched it.Full writeup with CERT/CC timeline and evidence: https://olearysec.com/research/azure-backup-aks-silent-patch...