28 result(s)
Microsoft says critical infrastructure threat patterns are changing and highlights five facts CI leaders should act on in 2026 based on current Microsoft Threat Intelligence observations across sectors. The post is a short security blog entry pointing readers to the full analysis.
Microsoft Security published guidance for CISOs on securing AI systems by applying established security fundamentals to AI-powered environments. The post focuses on practical steps for managing AI risk rather than introducing new product features.
Microsoft describes a malware campaign delivered through WhatsApp messages that uses VBS scripts to start a multi-stage infection chain. The attackers rely on renamed Windows utilities and cloud-hosted payloads to install MSI backdoors and keep persistent access on compromised systems.
Microsoft describes a malware campaign distributed through WhatsApp messages that uses VBS scripts to start a multi-stage infection chain. The attackers use renamed Windows tools and cloud-hosted payloads to deploy MSI backdoors and keep persistent access on infected systems.
Microsoft published a security blog post mapping OWASP’s Top 10 risks for agentic applications to mitigations in Microsoft Copilot Studio. The article frames agentic AI as introducing new security risks and presents Copilot Studio as a way to address them.
Microsoft says Defender uses Microsoft Security Exposure Management to apply asset-aware protection for high-value systems such as domain controllers, web servers, and identity infrastructure. The article describes real-world attack scenarios and defense techniques for those critical assets.
Microsoft points readers to its Secure Access report, which argues that identity has become a key attack surface and that a unified identity and access strategy improves protection.
Microsoft describes a Trivy supply-chain compromise in which attackers abused trusted distribution channels to deliver credential-stealing malware into CI/CD pipelines. The post outlines attacker techniques plus detection, investigation, and defense steps for security teams.
The report discusses how to govern AI agent behavior by aligning user, developer, role, and organizational intent for secure enterprise AI adoption.
Microsoft Defender blocked a human-operated ransomware attack that used Group Policy Objects (GPOs) to disable defenses and deploy encryption at scale. Predictive shielding hardened 700 devices in time, preventing any GPO-based encryptions and blocking most of the attempted impact.
Microsoft introduced CTI-REALM, an open-source benchmark for evaluating AI agents on end-to-end detection engineering. It measures whether agents can turn cyber threat intelligence into validated detection rules.
Microsoft announced new security capabilities for the agentic AI era at RSAC 2026, focused on securing agents, securing AI foundations, and using agents alongside experts for defense. The post frames these as purpose-built additions to cover the AI estate end to end.
Microsoft added a new AI pillar to its Zero Trust materials, including an updated workshop, reference architecture, guidance, and a new assessment tool. The announcement focuses on applying Zero Trust principles to AI systems.
Microsoft says threat actors are using tax-season urgency to deliver phishing and malware via refund notices, payroll forms, filing reminders, and fake tax-professional requests. The lures can include malicious attachments, links, and QR codes.
The post says observability is becoming necessary as AI systems become more autonomous, because visibility into AI behavior can help detect risk earlier and support secure development. It is presented as a Microsoft Security Blog article focused on proactive risk detection.
Microsoft announced new Microsoft Purview innovations for Fabric aimed at supporting safer AI adoption by strengthening security and governance. The post frames Purview as part of the governance layer for organizations using AI with Fabric.
Microsoft describes a DART investigation into a Teams voice-phishing attack that used deception and trusted Microsoft tools to enable an identity-led intrusion. The post focuses on how the compromise happened and how to prevent similar attacks.
Microsoft reports that Storm-2561 has been using SEO poisoning to promote fake VPN client downloads that install signed trojans and steal VPN credentials. The activity has been observed since 2025 and relies on impersonating trusted brands and abusing legitimate services.
Microsoft published a blog post about its latest email security benchmarking data, comparing Microsoft Defender’s mitigation of modern email threats against SEG and ICES vendors. The post says the benchmark is intended to move from transparency to action.
Microsoft describes how hidden instructions in content can influence AI tool behavior and uses a scenario to illustrate prompt injection. The post emphasizes the need for human oversight and a structured response playbook.
Microsoft describes the Contagious Interview campaign, where attackers impersonate recruiters from crypto and AI firms to target developers with fake coding assessments. The delivered malware installs backdoors and steals API tokens, cloud credentials, crypto wallets, and source code.
Microsoft Security Blog post about securing agentic AI initiatives, highlighting Microsoft Agent 365 and Microsoft 365 E7 in the context of a “Frontier Transformation.”
Microsoft reports that threat actors are using AI to scale and sustain malicious operations, accelerating tradecraft and increasing defender risk. It cites recent activity involving North Korean groups Jasper Sleet and Coral Sleet (formerly Storm-1877).
Microsoft Security Blog post for Women’s History Month focusing on how to support and encourage women in cybersecurity across different career stages.
Microsoft reports a campaign of malicious AI browser extensions that exfiltrated LLM chat histories and browsing data from services including ChatGPT and DeepSeek, affecting large numbers of users and enterprises.
Microsoft reports that the Tycoon2FA adversary-in-the-middle (AiTM) phishing-as-a-service kit enabled large-scale phishing campaigns and says it coordinated a disruption of the kit’s infrastructure with Europol and industry partners.
Signed malware using a stolen EV code-signing certificate impersonated workplace apps to install legitimate remote monitoring and management (RMM) tools for persistent enterprise access. The post advises tightening certificate controls and monitoring RMM tool usage to reduce risk.
Microsoft reports attackers abusing OAuth redirect behavior to move users from legitimate sign-in pages to attacker-controlled sites, enabling phishing and malware delivery via trusted authentication flows.