Microsoft is named a Leader in the 2025 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

Since 2022, the number of human-operated ransomware-linked encounters by organizations surged by 2.75x. Yet, Microsoft Defender for Endpoint has outpaced this rise, reducing the number of successful attacks by 3x, proving its power to turn the tide against evolving cyberthreats.1 Defender for...

Protecting customers from Octo Tempest attacks across multiple industries

In recent weeks, Microsoft has observed Octo Tempest, also known as Scattered Spider, impacting the airlines sector, following previous activity impacting retail, food services, hospitality organizations, and insurance between April and July 2025. This aligns with Octo Tempest’s typical patterns ...

📄 Microsoft Defender for Endpoint Privilege Escalation

Proof of concept exploit that demonstrates a privilege escalation vulnerability in Microsoft Defender for Endpoint MDE. !/bin/bash Exploit Title: Microsoft Defender for Endpoint MDE - Elevation of Privilege Date: 2025-05-27 Exploit Author: Rich Mirch Vendor Homepage:...

Security Bulletin: A denial-of-service attack, heap use after free, network server exploit, and other vulnerabilities might affect IBM Storage Defender - Resiliency Service

Summary IBM Storage Defender - Resiliency Service is vulnerable to denial-of-service attack, heap use after free, network server exploit, and others. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-32873 DESCRIPTION: An issue was discovered in Django 4.2 before 4.2.2...

Microsoft Defender for Endpoint (MDE) - Elevation of Privilege

!/bin/bash Exploit Title: Microsoft Defender for Endpoint MDE - Elevation of Privilege Date: 2025-05-27 Exploit Author: Rich Mirch Vendor Homepage: https://learn.microsoft.com/en-us/defender-endpoint/ Software Link:...

Planning your move to Microsoft Defender portal for all Microsoft Sentinel customers

In November 2023, Microsoft announced our strategy to unify security operations by bringing the best of XDR and SIEM together. Our first step was bringing Microsoft Sentinel into the Defender portal, giving teams a single, comprehensive view of incidents, reducing queue management, enriched threa...

The vulnerability of Windows Defender Application Control on Windows operating systems allows attackers to circumvent existing security restrictions.

The vulnerability of Windows Defender Application Control WDAC on Windows operating systems is related to errors in verifying the cryptographic signature. Exploiting this vulnerability can allow a hacker to circumvent existing security restrictions...

CyGym: a Simulation-Based Game-Theoretic Analysis Framework for Cybersecurity

We introduce a novel cybersecurity encounter simulator between a network defender and an attacker designed to facilitate game-theoretic modeling and analysis while maintaining many significant features of real cyber defense. Our simulator, built within the OpenAI Gym framework, incorporates...

Security Bulletin: IBM Storage Defender: Data Protect vulnerabilities resolved in release Defender 2.0.14/Data Protect 7.2.2_u1

Summary Security Bulletin: IBM Storage Defender: Data Protect vulnerabilities resolved in release Defender 2.0.14/Data Protect 7.2.2u1. The vulnerabilities have been addressed in Data Protect 7.2.2u1, which is included with IBM Storage Defender 2.0.14. Vulnerability Details CVEID:CVE-2023-26118...

On the Ethics of Using LLMs for Offensive Security

Large Language Models LLMs have rapidly evolved over the past few years and are currently evaluated for their efficacy within the domain of offensive cyber-security. While initial forays showcase the potential of LLMs to enhance security research, they also raise critical ethical concerns regardi...

Discover how automatic attack disruption protects critical assets while ensuring business continuity

Traditional security solutions often operate in a one-size-fits-all alert model that treats every detection equally, regardless of how important the asset is. But not all assets are equal. Critical assets are systems governing access, identity, or sensitive data. They are essential to an...

The vulnerability of Microsoft Defender for Endpoint on Linux operating systems, related to access control errors, allows attackers to increase their privileges.

The vulnerability of Microsoft Defender for Endpoint on Linux operating systems is related to access control errors. Exploiting this vulnerability can allow attackers to enhance their privileges...

Asymmetry by Design: Boosting Cyber Defenders with Differential Access to AI

As AI-enabled cyber capabilities become more advanced, we propose "differential access" as a strategy to tilt the cybersecurity balance toward defense by shaping access to these capabilities. We introduce three possible approaches that form a continuum, becoming progressively more restrictive for...

Lifelong Safety Alignment for Language Models

LLMs have made impressive progress, but their growing capabilities also expose them to highly flexible jailbreaking attacks designed to bypass safety alignment. While many existing defenses focus on known types of attacks, it is more critical to prepare LLMs for unseen attacks that may arise duri...

Co-Evolutionary Dynamics of Attack and Defence in Cybersecurity

In the evolving digital landscape, it is crucial to study the dynamics of cyberattacks and defences. This study uses an Evolutionary Game Theory EGT framework to investigate the evolutionary dynamics of attacks and defences in cyberspace. We develop a two-population asymmetric game between attack...

CVE-2024-22313

IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749...

CVE-2024-22312

IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748...

CVE-2024-38322

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error response discrepancy exposes product to brute force enumeration. IBM X-Force ID: 294869...

CVE-2024-25031

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout setting that could allow an attacker on the network to brute force account credentials. IBM X-Force ID: 281678...

CVE-2024-25595

Authentication Bypass by Spoofing vulnerability in WPMU DEV Defender Security allows Functionality Bypass.This issue affects Defender Security: from n/a through 4.4.1...