84 result(s)
Microsoft published a new e-book positioned as a maturity-based guide for adopting Microsoft Security Exposure Management. It focuses on moving from fragmented, reactive security practices to a unified exposure management approach intended to support proactive defense.
Microsoft Security Blog outlines risks of self-hosted agent runtimes (like OpenClaw) that execute untrusted input while holding long-lived credentials, creating compounded supply-chain exposure. It emphasizes governance plus identity controls and runtime isolation to reduce credential and execution risk in enterprise deployments.
Microsoft and Omdia report that fragmented security tooling and workflows are increasing SOC operational strain and contributing to overload.
Microsoft outlines 10 common security risks in Copilot Studio agents and pairs each with suggested detection and mitigation approaches using Microsoft Defender. The focus is on preventing exposure from configuration, access, and orchestration weaknesses.
Microsoft announced its presence at the RSAC 2026 Conference and positioned its show-floor content around “Frontier Firms,” described as human-led and agent-operated organizations.
Microsoft Security Blog published a post promoting a new buyer’s guide for selecting a unified, AI-ready SIEM platform aimed at supporting “agentic” AI-era security operations.
Microsoft Security Blog post promoting its Cyber Pulse report, focused on cybersecurity risks related to active AI agents and the need for observability, governance, and security.
Microsoft security researchers describe a growing pattern of “AI Recommendation Poisoning,” where attackers poison an AI system’s memory to manipulate future recommendations for promotional gain.
The provided excerpt is only a short teaser and does not include the article’s technical details, findings, or mitigations.
Microsoft reports active exploitation of SolarWinds Web Help Desk using CVE-2025-40551 and CVE-2025-40536 that can lead to domain compromise, and provides guidance to patch, hunt, and mitigate.
Microsoft reports a new ClickFix variant, “CrashFix,” that intentionally crashes browsers to trick users into running commands that install a Python-based remote access trojan (RAT). The campaign abuses built-in utilities (finger.exe) and a portable Python runtime to reduce detection and maintain persistence on targeted systems.
Microsoft explains that many incidents stem from inconsistent implementation of known security controls and describes its support for Operation Winter SHIELD to help organizations close this “implementation gap.”
Microsoft published research on detecting backdoors in open-weight language models and described a scanner intended to identify backdoored models at scale.
Microsoft describes an updated Secure Development Lifecycle (SDL) approach aimed at securing AI systems, combining internal policy, security research, and enablement activities.
Microsoft describes recent infostealer activity targeting macOS, highlighting Python-based stealers and distribution techniques that abuse trusted platforms and common utilities.
The article argues that securing AI-powered applications requires a holistic supply-chain approach beyond protecting prompts, including monitoring frameworks, SDKs, and orchestration layers, plus enforcing strong runtime controls so security teams can detect, respond to, and remediate risks before exploitation.
The Microsoft Security Blog describes an AI-assisted workflow that converts lengthy incident reports and threat writeups into actionable detections by automatically extracting TTPs, mapping them to existing detection coverage, and flagging gaps — completing in minutes instead of days while preserving human expert review.
The 2026 Microsoft Data Security Index examines how organizations can harness generative AI while protecting sensitive data, providing insights on secure AI adoption, governance, controls, and risk mitigation.
Microsoft announced the winners of the 2026 Security Excellence Awards, recognizing innovative defenders who went above and beyond. The announcement appeared on the Microsoft Security Blog.
A concise overview of strategies and leadership guidance for government agencies to protect sensitive data and improve overall cybersecurity resilience, as highlighted on the Microsoft Security Blog.
Microsoft Security Blog warns that attackers are increasingly exploiting generative orchestration, so securing AI agents at runtime is essential and requires real‑time defensive measures to detect and mitigate threats during operation.
Microsoft highlights how Ford, Icertis, and TriNet modernized their security posture by adopting integrated Microsoft security solutions—embedding Zero Trust principles, automating defenses, and enabling secure AI innovation at scale.
Microsoft Defender researchers reported a resurgence of a multi-stage Adversary-in-the-Middle (AiTM) phishing campaign paired with business email compromise (BEC) that abused SharePoint and targeted multiple organizations in the energy sector, according to a Microsoft Security Blog post.
Microsoft’s post argues that the rise of autonomous AI agents is changing how organizations operate and requires a rethinking of security posture because increased agent autonomy expands the attack surface.
The Microsoft Security Blog post outlines four key identity and network access priorities for 2026, aimed at strengthening an organization’s identity security baseline by leveraging AI and modern access controls.
Microsoft was named a Leader in the 2025-2026 IDC MarketScape for Unified AI Governance Platforms, recognizing the company’s commitment to making AI innovation safe, responsible, and enterprise-ready, according to the Microsoft Security Blog.
Microsoft investigated RedVDS, a virtual desktop provider whose services were purchased by a global network of disparate cybercriminals to target multiple sectors. Working with law enforcement worldwide, Microsoft’s Digital Crimes Unit helped disrupt RedVDS infrastructure and related operations, a disruption detailed in a Microsoft Security Blog post.
The article describes how Microsoft aligns privacy and security initiatives, using advanced tools and adherence to global compliance standards to protect customer data and foster trust.
Microsoft Incident Response has introduced new proactive services that use expert‑led preparation and advanced intelligence to convert security uncertainty into operational readiness and improved organizational resilience.
Threat actors are exploiting complex mail routing and misconfigured anti-spoof protections to send phishing emails that appear to come from internal senders.
Microsoft announced the Microsoft Defender Experts Suite, an integrated collection of expert-led services designed to help security teams respond to and keep pace with modern cyberattacks, as described on the Microsoft Security Blog.
Microsoft published an e-book arguing that replacing isolated point solutions with a unified, AI-ready security platform delivers greater speed, operational resilience, and measurable security gains. The blog post announces the e-book and invites readers to explore the guidance.
Microsoft defines Access Fabric as a unified access security solution that continuously and in real time decides who can access what resources, from where, and under what conditions.
The Microsoft Security Blog post describes CVE-2025-55182 (React2Shell), a critical pre-authentication remote code execution vulnerability that affects React Server Components and related frameworks. The advisory notes that CVE-2025-66478 was merged into CVE-2025-55182.
Microsoft was named an overall leader in the KuppingerCole Leadership Compass for Generative AI Defense, announced on the Microsoft Security Blog.
The Microsoft Security Blog post warns that ‘fake employees’—synthetic or forged identities created to look like legitimate workers—are an emerging threat that can infiltrate organizations and obtain real access. It outlines common ways these imposters gain entry through onboarding gaps, stolen or fabricated credentials, and social engineering, and recommends operational and technical controls to reduce risk.
Microsoft emphasizes that insights from Cybersecurity Awareness Month and Microsoft Ignite 2025 show security remains a top business priority. The article calls for moving from awareness to concrete action by building a security-first culture suited to the risks and opportunities of agentic (autonomous) AI, combining leadership commitment, policy and governance, workforce training, and technical controls.
Microsoft’s new benchmarking report examines how layered email defenses perform in real-world conditions, providing transparent metrics and practical insights to help organizations strengthen email protection and reduce risk.
Shai‑Hulud 2.0 is a large-scale supply chain attack in which adversaries maliciously modified hundreds of public packages to compromise developer environments, CI/CD pipelines, and cloud workloads in order to harvest credentials and configuration secrets. Microsoft published guidance to detect, investigate, and defend against these compromises across development toolchains, build systems, and cloud assets.
The article explains how cyber defense is shifting by applying graph-powered approaches and AI to accelerate threat detection and strengthen basic security hygiene across organizations.
Microsoft announced a new collaboration with Beazley naming them an incident response partner to strengthen cyber resilience by aligning with ecosystem partners and improving security for customers.
Microsoft was named a Leader in the 2025 Gartner® Magic Quadrant™ for Email Security, highlighting the innovative capabilities of Microsoft Defender for Office 365.
Microsoft Security Blog post by Damon Becknel, Vice President and Deputy CISO for Regulated Industries, outlining four cybersecurity priorities to act on immediately.
The article argues organizations must future-proof cybersecurity talent by building agile, innovative teams that prioritize continuous learning and adaptability to evolving threats.
Microsoft describes its experience building autonomous AI agents for managed detection and response (MDR) and argues that GenAI-powered security operations centers (SOCs) will reshape how humans and AI collaborate to improve detection, investigation, and response.
Microsoft was named a Leader in the 2025 Gartner® Magic Quadrant™ for Access Management, marking the ninth consecutive year the company has received this recognition.
Microsoft outlines a vision for ‘ambient and autonomous’ security to protect AI-driven systems in the emerging agentic era, proposing security become a foundational, proactive capability rather than an add-on.
Microsoft announced at Ignite 2025 that Security Copilot is being integrated into Microsoft 365 E5, introducing agents built into security workflows to help teams move from reactive incident response to more proactive, strategic protection.
Microsoft and NVIDIA published a joint research post on the Microsoft Security Blog about collaborative work investigating real-time immunity.
Microsoft published a November 2025 progress report for its Secure Future Initiative, reporting steady progress across all areas and engineering pillars. The initiative’s mission is to accelerate innovation, strengthen resilience, and lead the industry toward a safer digital future, with the report underscoring Microsoft’s continued commitment to security.
Microsoft disclosed a new side-channel attack called “Whisper Leak” that enables attackers to infer conversation topics from interactions with remote language models even when communications are encrypted. The finding was published on the Microsoft Security Blog.
IDC research urges CISOs to adopt AI-powered, integrated cloud security platforms—such as CNAPP, XDR, and SIEM—to lower risk, reduce complexity, and improve resilience, according to a Microsoft Security Blog post.
The article explains how new European Union risk-based legislation helps CISOs strengthen cybersecurity for critical infrastructure by encouraging organizations to assess and prioritize risks, align controls with regulatory expectations, and build more resilient systems.
Microsoft Security Blog published an e-book that shows how generative AI can improve Security Operations Centers (SOCs) by reducing alert fatigue, speeding triage, enabling proactive threat hunting, and helping teams get ahead of cyberattacks.
Microsoft DART researchers identified a novel backdoor, dubbed SesameOp, that abuses the OpenAI Assistants API as a covert command-and-control (C2) channel. A component of the backdoor uses the Assistants API as a storage/relay to fetch commands and execute tasks inside compromised environments, avoiding traditional C2 methods.
Microsoft’s blog post summarizes a new e-book that outlines the main challenges organizations face with generative AI, details the top generative AI security threats, and recommends steps companies can take to strengthen their security posture against unpredictable AI risks.
Microsoft announced expanded Identity Threat Detection and Response (ITDR) capabilities, including the new Microsoft Defender for Identity sensor now generally available, delivering improved protection, deeper correlation across signals, and richer contextual information to help organizations modernize their identity defenses.
Microsoft’s Digital Defense Report 2025 highlights a changing cyberthreat landscape with a rise in financially motivated attacks and ongoing nation-state risks. The article argues that CISOs must focus on organizational response, adaptation, and resilience-building to meet accelerating threats.
Microsoft announced the new Microsoft Security Store, a centralized gateway that helps customers discover, purchase, and deploy vetted security solutions and AI agents from leading partners, aiming to simplify procurement and accelerate partner-driven innovation.
Microsoft’s Security Blog highlights that Azure Blob Storage is an attractive, high-value target because it stores massive volumes of unstructured data across many workloads. Threat actors are increasingly using sophisticated attack chains that exploit misconfigurations, exposed credentials, and evolving cloud-specific tactics to compromise Blob Storage.
Microsoft has been recognized again as a Leader in the 2025 Gartner Magic Quadrant for Security Information and Event Management (SIEM), according to a post on the Microsoft Security Blog.
Microsoft reports that extortion and ransomware account for over half of cyberattacks; in 80% of incidents their security teams investigated last year attackers attempted to steal data, driven more by financial gain than intelligence gathering.
Microsoft Security Blog warns that customer support tools, now more connected and data-rich, are increasingly targeted by cyberattacks. Hardening these systems is essential to safeguard customer trust, protect sensitive data, and maintain business continuity.
Microsoft introduced ExCyTIn-Bench, an open-source benchmarking tool that evaluates how effectively AI systems perform real-world cybersecurity investigations, aiming to standardize measurement and improve AI-driven defensive capabilities.
Microsoft frames building a lasting security culture as a strategic priority and a call to action: security is people-centered, every employee has a role, and embedding secure practices into how people think, work, and collaborate creates a unified, proactive, and resilient defense for Microsoft and its customers.
Microsoft highlights security as a central theme at Ignite 2025, offering dedicated sessions and hands-on experiences focused on securing agentic AI for security professionals and leaders. The blog points readers to the session catalog for details and scheduling.
Microsoft Threat Intelligence reports a financially motivated actor tracked as Storm-2657 conducting “payroll pirate” attacks against US universities by compromising employee accounts, accessing employee profiles, and diverting salary payments to attacker-controlled accounts.
Microsoft highlights that threat actors are abusing Microsoft Teams features across the attack chain and urges defenders to proactively monitor, detect, and respond. The blog recommends layered countermeasures and optimal controls across identity, endpoints, data and app protection, and network controls to better protect enterprise Teams users.
Microsoft’s Secure Future Initiative (SFI) patterns and practices provide practical, practitioner‑led guidance based on Microsoft’s Zero Trust implementation. The guides are designed to help organizations accelerate security maturity, reduce implementation friction, and build systems that are secure by design, by default, and in operation.
Microsoft’s Incident Response team works effectively amid the disorder caused by fast-moving threat actors, treating compromised environments, missing data, and shaken confidence as the starting point for investigations, as described in the Microsoft Security Blog post “Inside Microsoft Threat Intelligence: Calm in the chaos.”
Microsoft observed active exploitation of CVE-2025-10035, a deserialization vulnerability in the GoAnywhere Managed File Transfer (MFT) License Servlet, by the financially motivated actor Storm-1175 (associated with Medusa ransomware). The blog post raises awareness and describes end-to-end protection coverage in Microsoft Defender.
Microsoft was named a Leader in IDC’s inaugural Worldwide Extended Detection and Response (XDR) Software MarketScape for 2025, recognized for its deep integration, intelligent automation, and unified security operations solutions, as reported on the Microsoft Security Blog.
Microsoft highlights that cybersecurity is as much about people as technology in its Cybersecurity Awareness Month post, “Security starts with you.” The blog directs readers to Microsoft’s resources and practical guidance to help individuals stay safe online and adopt safer habits.
Microsoft Sentinel is expanding into an agentic security platform: the Sentinel data lake is generally available, and Sentinel graph plus the Sentinel Model Context Protocol (MCP) server are available in public preview to enable richer data, graph-based analysis, and model-aware agentic workflows for defenders.
Microsoft announced the launch of the reimagined Microsoft Marketplace, a unified and trusted destination for cloud solutions, AI apps and agents designed to connect thousands of solutions with millions of customers and empower organizations to become ‘Frontier’.
Microsoft Threat Intelligence has identified a new variant of the XCSSET malware that targets Xcode projects used by developers building Apple and macOS applications, detailed in a Microsoft Security Blog post.
Microsoft’s Cyberattack Series examines a retail incident where a single security alert exposed a persistent cyberthreat. Attackers exploited unpatched SharePoint vulnerabilities and compromised identities to infiltrate networks, causing widespread operational risk—echoed by industry statistics (60% operational disruptions, 43% breaches). Microsoft’s Detection and Response Team (DART) provided forensic analysis and actionable remediation guidance; the full report offers detailed findings and defensive recommendations.
Microsoft Threat Intelligence detected and blocked a credential-phishing campaign that likely used AI-generated code to obfuscate its payload and evade traditional defenses, highlighting a trend of attackers leveraging AI and the need for defenders to anticipate and adapt to AI-driven threats.
A Forrester Consulting Total Economic Impact study, commissioned by Microsoft, found that unifying data security, governance, and compliance on Microsoft Purview reduced the likelihood of data breaches by 30% and delivered measurable benefits for modernizing data protection.
A 2025 Forrester Consulting TEI study found Microsoft Defender delivered a 242% ROI over three years, produced $17.8 million in benefits, and paid for itself in under six months by helping organizations consolidate security tools and improve SecOps efficiency with AI and automation.
Microsoft Fabric and Purview teams announced their participation in the European Microsoft Fabric Community Conference and highlighted Microsoft Purview innovations focused on unifying data security and governance for the AI era in a Microsoft Security Blog post.
Microsoft Azure will begin Phase 2 mandatory multi-factor authentication enforcement at the Azure Resource Manager layer starting October 1, 2025, as announced on the Microsoft Security Blog.
Microsoft reports that financially motivated threat actor Storm-0501 has shifted from deploying on-premises endpoint ransomware toward cloud-based ransomware tactics, increasingly focusing on cloud-specific TTPs after previously targeting hybrid cloud environments.
Microsoft was ranked number one in the modern endpoint security market share for the third consecutive year, according to a new IDC report, as announced on the Microsoft Security Blog.