HackerTrans
TopNewTrendsCommentsPastAskShowJobs

olearysec

no profile record

Submissions

Google Said 'Nice Catch' Then Denied Bounty

theregister.com
6 points·by olearysec·25 dni temu·0 comments

Microsoft rejects critical Azure vulnerability report, no CVE issued

bleepingcomputer.com
5 points·by olearysec·2 miesiące temu·1 comments

comments

olearysec
·2 miesiące temu·discuss
[flagged]
olearysec
·2 miesiące temu·discuss
I'm the researcher. You've nailed it — Backup Contributor automatically granted cluster-admin via Trusted Access, no K8s permissions required. Microsoft called it "expected behavior," then silently patched it.

Full writeup with CERT/CC timeline and evidence: https://olearysec.com/research/azure-backup-aks-silent-patch...