Vendor watch hub
The Microsoftwatch hub is a vendor-specific view inside ITECS MSP Threat Radar. We pull the latest security advisories, incidents, and known-exploited CVEs directly from the official feeds below, score each one for MSP relevance, and surface what's most likely to need attention this week.
At a glance
Tracked
Active
Featured
Unique CVEs
Most recent entry
May 7, 2026, 5:16 PM
Feed refreshes daily · 5:15 a.m. Central
Sources·Microsoft Security Update Guide (MSRC), CISA KEV, and NVD
"Most recent entry" is the newest item the upstream feed has published — not our sync time.
Watch items
Showing the 20 most recent items, newest first. Each row links to the official advisory.
20 rows · sorted newest first
Operations viewImproper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network.
Information published.
Information published.
Information published.
Information published.
Information published.
Information published.
Information published.
Information published.
Information published.
Information published.
Information published.
Information published.
Information published.
Information published.
Information published.
Information published.
Information published.
Information published.
Information published.
| Alert | Exposure | Status | Published | Source |
|---|---|---|---|---|
azure ai foundry vulnerability (CVE-2026-35435)Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network. azure ai foundry | CRITICALCVE-2026-35435 Elevated | watch | May 7, 2026, 5:16 PM | NVDOpen source |
Chromium: CVE-2026-7896 Integer overflow in Blink (CVE-2026-7896)Information published. Microsoft Edge (Chromium-based) | CVE-2026-7896 Elevated | active | May 7, 2026, 9:00 AM | Vendor advisoryOpen source |
Microsoft Team Events Portal Information Disclosure Vulnerability (CVE-2026-33823)Information published. Microsoft Teams | criticalCVE-2026-33823 Elevated | watch | May 7, 2026, 9:00 AM | Vendor advisoryOpen source |
Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability (CVE-2026-33844)Information published. Azure Managed Instance for Apache Cassandra | criticalCVE-2026-33844 Elevated | watch | May 7, 2026, 9:00 AM | Vendor advisoryOpen source |
Microsoft Enterprise Security Token Service (ESTS) Spoofing Vulnerability (CVE-2026-40379)Information published. Azure Entra ID | criticalCVE-2026-40379 Elevated | watch | May 7, 2026, 9:00 AM | Vendor advisoryOpen source |
Azure DevOps Information Disclosure Vulnerability (CVE-2026-42826)Information published. Azure DevOps | criticalCVE-2026-42826 Elevated | watch | May 7, 2026, 9:00 AM | Vendor advisoryOpen source |
Azure Cloud Shell Spoofing Vulnerability (CVE-2026-35428)Information published. Azure Cloud Shell | criticalCVE-2026-35428 Elevated | watch | May 7, 2026, 9:00 AM | Vendor advisoryOpen source |
Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability (CVE-2026-33109)Information published. Azure Managed Instance for Apache Cassandra | criticalCVE-2026-33109 Elevated | watch | May 7, 2026, 9:00 AM | Vendor advisoryOpen source |
Chromium: CVE-2026-7900 Heap buffer overflow in ANGLE (CVE-2026-7900)Information published. Microsoft Edge (Chromium-based) | CVE-2026-7900 Elevated | active | May 7, 2026, 9:00 AM | Vendor advisoryOpen source |
Chromium: CVE-2026-7898 Use after free in Chromoting (CVE-2026-7898)Information published. Microsoft Edge (Chromium-based) | CVE-2026-7898 Elevated | active | May 7, 2026, 9:00 AM | Vendor advisoryOpen source |
Chromium: CVE-2026-7909 Inappropriate implementation in ServiceWorker (CVE-2026-7909)Information published. Microsoft Edge (Chromium-based) | CVE-2026-7909 Elevated | active | May 7, 2026, 9:00 AM | Vendor advisoryOpen source |
Chromium: CVE-2026-7906 Use after free in SVG (CVE-2026-7906)Information published. Microsoft Edge (Chromium-based) | CVE-2026-7906 Elevated | active | May 7, 2026, 9:00 AM | Vendor advisoryOpen source |
Chromium: CVE-2026-7904 Out of bounds read in Fonts (CVE-2026-7904)Information published. Microsoft Edge (Chromium-based) | CVE-2026-7904 Elevated | active | May 7, 2026, 9:00 AM | Vendor advisoryOpen source |
Chromium: CVE-2026-7899 Out of bounds read and write in V8 (CVE-2026-7899)Information published. Microsoft Edge (Chromium-based) | CVE-2026-7899 Elevated | active | May 7, 2026, 9:00 AM | Vendor advisoryOpen source |
Chromium: CVE-2026-7907 Use after free in DOM (CVE-2026-7907)Information published. Microsoft Edge (Chromium-based) | CVE-2026-7907 Elevated | active | May 7, 2026, 9:00 AM | Vendor advisoryOpen source |
Chromium: CVE-2026-7902 Out of bounds memory access in V8 (CVE-2026-7902)Information published. Microsoft Edge (Chromium-based) | CVE-2026-7902 Elevated | active | May 7, 2026, 9:00 AM | Vendor advisoryOpen source |
Chromium: CVE-2026-7901 Use after free in ANGLE (CVE-2026-7901)Information published. Microsoft Edge (Chromium-based) | CVE-2026-7901 Elevated | active | May 7, 2026, 9:00 AM | Vendor advisoryOpen source |
Chromium: CVE-2026-7903 Integer overflow in ANGLE (CVE-2026-7903)Information published. Microsoft Edge (Chromium-based) | CVE-2026-7903 Elevated | active | May 7, 2026, 9:00 AM | Vendor advisoryOpen source |
Chromium: CVE-2026-7908 Use after free in Fullscreen (CVE-2026-7908)Information published. Microsoft Edge (Chromium-based) | CVE-2026-7908 Elevated | active | May 7, 2026, 9:00 AM | Vendor advisoryOpen source |
Chromium: CVE-2026-7910 Use after free in Views (CVE-2026-7910)Information published. Microsoft Edge (Chromium-based) | CVE-2026-7910 Elevated | active | May 7, 2026, 9:00 AM | Vendor advisoryOpen source |
ITECS response pathways
These pathways connect the vendor watch feed into service-owner resources that already carry commercial authority.
Use the microsoft 365 consulting pathway when this vendor alert needs an ITECS-managed response plan.
Connect the vendor watch page to broader managed detection, response, and governance planning.
Translate current watch items into a faster risk snapshot and prioritized remediation plan.
Return to the hub for cross-vendor prioritization, live filtering, and broader MSP threat context.
Vendor watch FAQ
It is the Microsoft-specific view inside ITECS Threat Radar, built to track recent advisories, incidents, and watch items that may affect Dallas-area business operations.
Use it to confirm whether current Microsoft issues overlap with your environment, prioritize remediation, and decide whether you need an assessment, managed security follow-through, or vendor-specific hardening work.
Yes. ITECS can help map Microsoft advisories against your systems, validate affected services, prioritize remediation, and connect the issue to broader managed cybersecurity or managed IT workflows.
