Security researchers at Varonis have uncovered a subtle yet powerful flaw in Microsoft Azure’s application registration system that allowed malicious actors to create fake apps with names like “Azure Portal,” bypassing long-standing safeguards meant to prevent impersonation of official Microsoft tools.The loophole—since patched by Microsoft—stemmed from the use of hidden Unicode characters to disguise application names. By inserting invisible “Combining Grapheme Joiner” characte...
