1517 matches found
Improve security with a Zero Trust access model
Zero Trust is a security model that I believe can begin to turn the tide in the cybersecurity battles. Traditional perimeter-based network security has proved insufficient because it assumes that if a user is inside the corporate perimeter, they can be trusted. We’ve learned that this isn't true...
Announcing the new Security Engineering website
To meet users’ expectations for security when using a product or cloud service, security must be an integral part of all aspects of the lifecycle. We all know this, and yet time has proven that this is far easier said than done because there is no single approach nor silver bullet that works in...
Detonating a bad rabbit: Windows Defender Antivirus and layered machine learning defenses
Windows Defender Antivirus uses a layered approach to protection: tiers of advanced automation and machine learning models evaluate files in order to reach a verdict on suspected malware. While Windows Defender AV detects a vast majority of new malware files at first sight, we always strive to...
Securing CI/CD in an agentic world: Claude Code Github action case
Microsoft Threat Intelligence discovered that Anthropic's Claude Code GitHub Action could expose CI/CD workflow secrets when AI agents process untrusted GitHub content, including issue bodies, pull request descriptions, and comments. We found that while Claude Code Action supported environment...
From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence
In this article 1. Attack chain overview 1. Initial access: Exploiting edge appliances 2. Discovery and reconnaissance 3. Lateral movement and identity compromise 2. Mitigation and protection guidance 1. Microsoft Defender XDR detections 2. Advanced hunting 3. Indicators of compromise IOC 4. MITR...
Accelerating detection engineering using AI-assisted synthetic attack logs generation
In this article 1. Core Idea: From TTPs to Logs 2. Approaches for Synthetic Attack Log Generation 3. Evaluation Datasets 4. References 5. Learn more Logs and telemetry are the foundation of modern cybersecurity. They enable threat detection, incident response, forensic investigation, and complian...
Active attack: Dirty Frag Linux vulnerability expands post-compromise risk
In this article 1. Why Dirty Frag matters 2. Technical overview 3. Exploitation scenarios 4. Mitigation guidance 5. Post-mitigation integrity verification 6. References A newly disclosed Linux local privilege escalation vulnerability known as “Dirty Frag” enables escalation from an unprivileged...
The agentic SOC—Rethinking SecOps for the next decade
Every major shift in cyberattacker behavior over the past decade has followed a meaningful shift in how defenders operate. When security operation centers SOCs deployed endpoint detection and response EDR—and later extended detection and response XDR—security teams raised the bar, pushing...
Inside RedVDS: How a single virtual desktop provider fueled worldwide cybercriminal operations
Over the past year, Microsoft Threat Intelligence observed the proliferation of RedVDS, a virtual dedicated server VDS provider used by multiple financially motivated threat actors to commit business email compromise BEC, mass phishing, account takeover, and financial fraud. Microsoft’s...
Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components
CVE-2025-55182 also referred to as React2Shell and includes CVE-2025-66478, which was merged into it is a critical pre-authentication remote code execution RCE vulnerability affecting React Server Components, Next.js, and related frameworks. With a CVSS score of 10.0, this vulnerability could all...
How Microsoft Defender for Endpoint is redefining endpoint security
Securing your digital estate with endpoint detection and response EDR across all platforms, devices, and Internet of Things IoT has never been more challenging. A rapidly evolving cyberthreat landscape has seen cyberattacks grow in sophistication, evolving from randomized single domain cyberattac...
Marbled Dust leverages zero-day in Output Messenger for regional espionage
Since April 2024, the threat actor that Microsoft Threat Intelligence tracks as Marbled Dust has been observed exploiting user accounts that have not applied fixes to a zero-day vulnerability CVE-2025-27920 in the messaging app Output Messenger, a multiplatform chat software. These exploits have...
Pushing passkeys forward: Microsoft’s latest updates for simpler, safer sign-ins
Happy World Passkey Day! As the world shifts from passwords to passkeys, we’re excited to join the FIDO Alliance in leaving “World Password Day” behind to celebrate the very first “World Passkey Day.” To commemorate this renaming, Microsoft and dozens of other organizations have taken the Passkey...
Explore practical best practices to secure your data with Microsoft Purview
According to the Microsoft 2024 Data Security Index, organizations experience an average of 156 data security incidents annually, and this cyberthreat continues to be a top concern for data security decision-makers.1 A full 82% of security decision-makers believe a comprehensive, fully integrated...
How implementing a trust fabric strengthens identity and network
The identity security landscape is transforming rapidly. Every digital experience and interaction is an opportunity for people to connect, share, and collaborate. But first, we need to know we can trust those digital experiences and interactions. Customers note a massive rise in the sheer number ...
New Microsoft Incident Response team guide shares best practices for security teams and leaders
As enterprise networks grow in both size and complexity, securing them from motivated cyberthreat actors becomes more challenging. The incident response process can be a maze that security professionals must quickly learn to navigate—which is no easy task. Surprisingly, many organizations still...
Digital security sessions at Microsoft Ignite to prepare you for the era of AI
Thousands of security professionals will join us for Microsoft Ignite 2023 from November 14 to 17, 2023, where we will share how to embrace the AI era confidently, with protection for people, data, devices, and apps that extends across clouds and platforms. With more than 45 security sessions,...
Automatic Conditional Access policies in Microsoft Entra streamline identity protection
Extending our commitment to help customers be secure by default, today were announcing the auto-rollout of Microsoft Entra Conditional Access policies that will automatically protect tenants based on risk signals, licensing, and usage. Weve designed these policies based on our deep knowledge of t...
New security features in Windows 11 protect users and empower IT
While attacks are getting more sophisticated, so are our defenses. With recent innovations like secured-core PCs that are 60 percent more resilient to malware than non-secured-core PCs,1 and the Microsoft Pluton Security Processor that adds more protection by isolating sensitive data like...
Forrester names Microsoft a Leader in the 2023 Zero Trust Platform Providers Wave™ report
Microsoft is proud to be recognized as a Leader in the Forrester Wave™: Zero Trust Platform Providers, Q3 2023 report. At Microsoft, we understand modernizing security is a complex task in this era of ever-evolving cyberthreats and complex digital environments. Serious threats have necessitated a...
How automation is evolving SecOps—and the real cost of cybercrime
This post is coauthored by Rob May, Founder and Managing Director, ramsac The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Community Voices blog series, Microsoft Security Senior...
Microsoft at NICE Conference: Resetting expectations and enabling diversity in the cybersecurity workforce
Closing the cybersecurity talent gap is not something we can achieve alone; it requires a collective effort from the entire industry and focus on enabling cybersecurity awareness and education for all. This realization hit home for us during our recent participation in the National Initiative for...
Forrester names Microsoft a Leader in 2023 Infrastructure-as-a-Service Platform Native Security report
As we continue to drive toward making the world safer and more productive for all, it is vital we empower our customers to secure every aspect of their organization. Each day we are seeing more advanced security threats as bad actors develop new tactics that aim to take advantage of businesses as...
Join us at InfoSec Jupyterthon 2022
Notebooks are gaining popularity in InfoSec. Used interactively for investigations and hunting or as scheduled processing jobs, notebooks offer plenty of advantages over traditional security operations center SOC tools. Sitting somewhere between scripting/macros and a full-blown development...
Introducing new Microsoft Defender for Cloud innovations to strengthen cloud-native protections
Security teams face an expanding attack surface as organizations increasingly use cloud-native services to develop, deploy, and manage applications across their multicloud and hybrid environments. Their challenge is compounded by incomplete visibility, siloed processes, and a lack of prioritized...
Introducing new Microsoft Defender for Cloud innovations to strengthen cloud-native protections
Security teams face an expanding attack surface as organizations increasingly use cloud-native services to develop, deploy, and manage applications across their multicloud and hybrid environments. Their challenge is compounded by incomplete visibility, siloed processes, and a lack of prioritized...
Microsoft Defender for Office 365 receives highest award in SE Labs Enterprise Email Security Services test
In today’s evolving threat landscape, email represents the primary attack vector for cybercrime, making effective email protection a key component of any security strategy.1 In Q1 2022, Microsoft participated in an evaluation of email security solutions, carried out by SE labs—a testing lab focus...
Announcing Microsoft Defender ATP for Mac and new Threat and Vulnerability Management capabilities
On February 28, 2019, we announced Microsoft Threat Experts, a new managed hunting service within the Microsoft 365 Security portfolio that enables customers to extend their expertise and insights with the help of Microsoft security professionals. This release showcased our philosophy that securi...
World Passkey Day: Advancing passwordless authentication
World Passkey Day is a chance to reflect on progress toward a shared goal: reducing our reliance on passwords and other phishable authentication methods by accelerating passkey adoption. As cyberattacks become more automated and AI-powered, each account is only as secure as its weakest credential...
Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise
In this article 1. Sapphire Sleet’s campaign lifecycle 2. Defending against Sapphire Sleet intrusion activity 3. Microsoft Defender detection and hunting guidance 4. Indicators of compromise Executive summary Microsoft Threat Intelligence uncovered a macOS‑focused cyber campaign by the North Kore...
Mitigating the Axios npm supply chain compromise
In this article 1. Analysis of the attack 2. Mitigation and protection guidance 3. Microsoft Defender detections 4. Indicators of compromise 5. Hunting queries On March 31, 2026, two new npm packages for updated versions of Axios, a popular HTTP client for JavaScript that simplifies making HTTP...
AI as tradecraft: How threat actors operationalize AI
In this article 1. AI as an enabler for cyberattacks 2. Post-compromise misuse of AI 3. Emerging trends 4. Mitigation guidance for AI-enabled threats 5. Microsoft Defender detections Threat actors are operationalizing AI along the cyberattack lifecycle to accelerate tradecraft, abusing both...
OAuth redirection abuse enables phishing and malware delivery
Microsoft observed phishing-led exploitation of OAuth’s by-design redirection mechanisms. The activity targets government and public-sector organizations and uses silent OAuth authentication flows and intentionally invalid scopes to redirect victims to attacker-controlled infrastructure without...
The future of AI agents—and why OAuth must evolve
I believe we're at the beginning of something extraordinary. Today's AI agents are already impressive—they're helping software engineers write code, assisting site reliability teams in troubleshooting systems, and handling a variety of analytical tasks. Yet, as capable as these specialized agents...
Meet the Deputy CISOs who help shape Microsoft’s approach to cybersecurity: Part 2
Microsoft launched its Cybersecurity Governance Council in 2024, and with it, named a group of deputy chief information security officers that ensure comprehensive oversight of the company’s cybersecurity risk, defense, and compliance. These leaders work in tandem with product and engineering...
Microsoft announces the 2025 Security Excellence Awards winners
In today’s rapidly evolving digital world, security requires a global community of defenders working together as a team to build a safer world for all. That’s why we’re thrilled to recognize the extraordinary individuals and organizations who have gone above and beyond in the fight against...
Faster, more personalized service begins at the frontline with Microsoft Intune
In healthcare, patient trust often begins at the frontline with people who deliver care, respond to questions, and manage crucial in-the-moment decisions. Increasingly, those experiences are shaped by the tools frontline workers use. When devices are secure, responsive, and tailored to clinical...
New whitepaper outlines the taxonomy of failure modes in AI agents
We are releasing a taxonomy of failure modes in AI agents to help security professionals and machine learning engineers think through how AI systems can fail and design them with safety and security in mind. The taxonomy continues Microsoft AI Red Team's work to lead the creation of systematizati...
Securing our future: April 2025 progress report on Microsoft’s Secure Future Initiative
The Microsoft Secure Future Initiative SFI stands as the largest cybersecurity engineering project in history and most extensive effort of its kind at Microsoft. Since inception, we've dedicated the equivalent of 34,000 engineers working full-time for 11 months to mitigate risks and address the...
How cyberattackers exploit domain controllers using ransomware
In recent years, human-operated cyberattacks have undergone a dramatic transformation. These attacks, once characterized by sporadic and opportunistic attacks, have evolved into highly sophisticated, targeted campaigns aimed at causing maximum damage to organizations, with the average cost of a...
Tech Accelerator: Azure security and AI adoption
Are you looking for guidance on how to effectively integrate security best practices within your Azure and AI projects? We know the pace of technological innovation offers as many opportunities as it does challenges. However, security cannot be an afterthought as you create Azure deployments and...
Threat actors leverage tax season to deploy tax-themed phishing campaigns
As Tax Day approaches in the United States on April 15, Microsoft has observed several phishing campaigns using tax-related themes for social engineering to steal credentials and deploy malware. These campaigns notably use redirection methods such as URL shorteners and QR codes contained in...
6 insights from Microsoft’s 2024 state of multicloud risk report to evolve your security strategy
Multicloud computing has become the foundation for digital businesses, with 86% of organizations having already adopted a multicloud approach.1 However, for all its benefits around increased agility, flexibility, and choice, we also see unique challenges with multicloud—including the need to mana...
Protecting credentials against social engineering: Cyberattack Series
Our story begins with a customer whose help desk unwittingly assisted a threat actor posing as a credentialed employee. In this fourth report in our ongoing Cyberattack Series, we look at the steps taken to discover, understand, and respond to a credential phishing and smishing text-based phishin...
Insights from Microsoft Security Copilot early adopters
To understand why customers are adopting generative AI solutions like Microsoft Security Copilot, we have to go back to the cyberthreat landscape—which continues to get more challenging. Organizations are facing a surge in cyberattacks while also dealing with a global shortage of security talent...
Join the new Microsoft Security experience at Microsoft Ignite 2023
During the past few years, we’ve managed a lot of change and disruption in our security work, in our lives, and in society at large. This year we’re excited to welcome back security leaders, aspiring leaders, and IT professionals—in person—to Microsoft Ignite from November 14 to 17, 2023, and...
Flax Typhoon using legitimate software to quietly access Taiwanese organizations
Summary Microsoft has identified a nation-state activity group tracked as Flax Typhoon, based in China, that is targeting dozens of organizations in Taiwan with the likely intention of performing espionage. Flax Typhoon gains and maintains long-term access to Taiwanese organizations networks with...
Boost identity protection with Axiad Cloud and Microsoft Entra ID
This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Passwords are a security weakness and phishing attacks to exploit accounts protected by passwords are on the rise. The last 12 months have seen an average of more than 4,000 password...
Microsoft publishes new report on holistic insider risk management
The risk landscape for organizations has changed significantly in the past few years. The amount of data captured, copied, and consumed is expected to grow to more than 180 zettabytes through 2025.1 Traditional ways of identifying and mitigating risks don’t always work. Historically, organization...
Making the world a safer place with Microsoft Defender for individuals
Today’s sophisticated cyber threats require a modern approach to security. And this doesn’t apply only to enterprises or government entities—in recent years we’ve seen attacks increase exponentially against individuals. There are 921 password attacks every second.1 We’ve seen ransomware threats...