Intelligence Feed
Why geopolitical turmoil is a gift for scammers, and how to stay safe
WeLiveSecurity
15 May 2026
SEV 1/10
Why geopolitical turmoil is a gift for scammers, and how to stay safe Digital Security Conflict is a boon for opportunistic fraudsters. Phil Muncaster 15 May 2026 5 min. read It didn’t take long for tensions in the Middle East to spill over into the cyber domain .
The Dark Side of Efficiency: When Network Controllers Become "God Mode" for Attackers
Rapid7 Blog
14 May 2026
SEV 1/10
When Network Controllers Become "God Mode" for Attackers Back to Blog Vulnerabilities and Exploits The Dark Side of Efficiency: When Network Controllers Become "God Mode" for Attackers Douglas McKee, Director, Vulnerability Intelligence May 14, 2026 | Last updated on May 14, 2026 | xx min read REGISTER FOR THE WEBINAR Imagine you build a massive corporate campus with every security control money can buy. Maybe something similar to the infamous Death Star. Then, somewhere along the way, somebody decides the maintenance team needs a universal key that opens every door in the building without setting off any alarms.
Rapid7 Partner Academy: Driving Impact with Gold Stevie Award-Winning Partner Services Certifications
Rapid7 Blog
13 May 2026
SEV 2/10
Rapid7 Drives Partner Impact with Stevie Award-Winning Certifications Back to Blog Culture Rapid7 Partner Academy: Driving Impact with Gold Stevie Award-Winning Partner Services Certifications Rapid7 May 13, 2026 | Last updated on May 13, 2026 | xx min read DISCOVER RAPID7 MDR At Rapid7, our commitment to our partners is built on the foundation of the PACT (Partnering with Accountability, Consistency, and Transparency) program. Central to this mission is the Rapid7 Partner Academy, which was recently honored with a Gold Stevie Award in the 2026 American Business Awards® for Achievement in Collaboration and Partnership . This recognition underscores our dedication to providing world-class training that translates directly into partner success and customer resilience.
Proofpoint Launches Dedicated MSP Business Unit and Introduces 365 Total Protection for North America
Proofpoint Threat Insight
12 May 2026
SEV 2/10
Proofpoint Launches Dedicated MSP Business Unit and Introduces 365 Total Protection for North America | Proofpoint US English: Americas Search Partners Support Login Back Get a Demo Contact Us Top Suggestions: Email Security Phishing Email Fraud Prime Threat Protection Platform Collaboration Security Data Security and Governance AI Security Platform Technologies Services Cybersecurity for the agentic workspace starts with Proofpoint’s human and agent-centric security platform. Featured Join a live Protect event—learn how to protect people, data, and AI Live Events Stop cyberthreats with AI-driven multichannel protection. Discover Collaboration Security Prime Experience Core Email Protection in action—block 99.99% of email threats Interactive Demo Transform data security with a unified, omnichannel approach.
Elastic Security MCP App: Interactive security operations inside your AI Tools
Elastic Security Labs
12 May 2026
SEV 2/10
Elastic Security MCP App: fast & interactive security operations — Elastic Security Labs 12 May 2026 • David Elgut Elastic Security MCP App: Interactive security operations inside your AI Tools Elastic Security is the first security vendor to ship an interactive UI in AI tools. Triage alerts, hunt threats, correlate attack chains, and open cases, all from inside your AI conversation. 9 min read Product Updates , Generative AI Every SOC analyst knows the drill: an alert fires, and the next ten minutes are spent switching between a triage dashboard, a threat hunt, a case file, and the AI tool that told you to look in the first place.
Final Countdown: Last Chance to Join the Rapid7 Global Cybersecurity Summit
Rapid7 Blog
11 May 2026
SEV 2/10
Over the past few weeks, we’ve shared a preview of what to expect, from the sessions and speakers to the themes running across the agenda. What has become increasingly clear is how closely these topics are connected. Security teams are being asked to move beyond reacting to incidents and instead understand how attacks begin, how they evolve, and how decisions can be made earlier with greater confidence.
The spy who logged me in.
Proofpoint Threat Insight
09 May 2026
SEV 2/10
Podcasts Research Saturday Ep 424 Ep 424 | 5.9.26 The spy who logged me in. Subscribe Apple Podcasts Apple Podcasts Spotify Overcast Overcast Castbox RSS Show Notes Transcript Mark Kelly , Staff Threat Researcher at Proofpoint , is discussing their work on "I’d come running back to EU again: TA416 resumes European government espionage campaigns." China-linked threat group TA416 has resumed large-scale phishing and malware campaigns targeting European governments, diplomatic missions tied to the EU and NATO, and more recently Middle Eastern entities following the outbreak of conflict in Iran. The group has continually evolved its tactics between mid-2025 and early 2026, using techniques like fake Cloudflare verification pages, Microsoft OAuth redirect abuse, and malicious C# project files to deliver customized PlugX malware through spearphishing campaigns.
Zero Chaos: Scaling Detection Engineering at the Speed of Software, with Detection As Code
Rapid7 Blog
08 May 2026
SEV 1/10
Scaling Detection Engineering at the Speed of Software, with Detection As Code Back to Blog Detection and Response Zero Chaos: Scaling Detection Engineering at the Speed of Software, with Detection As Code Zachary Zeid | James Gallahan May 8, 2026 | Last updated on May 8, 2026 | xx min read DISCOVER NEXT-GEN SIEM Every engineering team in your organization ships code through a pipeline. They branch, test, review, and deploy. If something breaks, they roll back.
Working in London at the World’s Largest Intelligence Company
Recorded Future Research
08 May 2026
SEV 2/10
Working in London at the World’s Largest Intelligence Company Intro There’s a certain energy you can only find at Recorded Future. Take that energy and bring it to London’s “Silicon Roundabout” and you get the perfect spot for Futurists to build and innovate. Recorded Future's office @ The Bower on Old Street.
Proofpoint Establishes Innovation Precedent for Source-Agnostic Modern Enterprise Investigations
Proofpoint Threat Insight
06 May 2026
SEV 2/10
Proofpoint Establishes Innovation Precedent for Source-Agnostic Modern Enterprise Investigations | Proofpoint US English: Americas Search Partners Support Login Back Get a Demo Contact Us Top Suggestions: Email Security Phishing Email Fraud Prime Threat Protection Platform Collaboration Security Data Security and Governance AI Security Platform Technologies Services Cybersecurity for the agentic workspace starts with Proofpoint’s human and agent-centric security platform. Featured Join a live Protect event—learn how to protect people, data, and AI Live Events Stop cyberthreats with AI-driven multichannel protection. Discover Collaboration Security Prime Experience Core Email Protection in action—block 99.99% of email threats Interactive Demo Transform data security with a unified, omnichannel approach.
AI and the New Threat Landscape | Sumit Dhawan with NightDragon | RSAC 2026
Proofpoint Threat Insight
05 May 2026
SEV 1/10
- YouTube Info Presse Urheberrecht Kontakt Creator Werben Entwickler Impressum Verträge hier kündigen Nutzungsbedingungen Datenschutz Richtlinien & Sicherheit Wie funktioniert YouTube? Neue Funktionen testen © 2026 Google LLC
A Walkthrough of the 2026 Global Cybersecurity Summit Agenda
Rapid7 Blog
05 May 2026
SEV 2/10
A Walkthrough of the 2026 Global Cybersecurity Summit Agenda Back to Blog Industry Trends A Walkthrough of the 2026 Global Cybersecurity Summit Agenda Emma Burdett May 5, 2026 | Last updated on May 5, 2026 | xx min read REGISTER FOR THE SUMMIT The full agenda for the Rapid7 2026 Global Cybersecurity Summit is now live, and it gives a clearer sense of how the conversation around security operations is evolving. Across two days, the sessions progress from a shared understanding of how threats are changing into a more detailed look at how teams detect, respond, and make decisions in practice. Day 1: How threats evolve and how teams respond The day opens with a keynote, Defense Starts Earlier Than You Think , where Brian Castagna is joined by Craig Robinson, Research Vice President at IDC, to examine why complexity has become the main barrier to effective security and what changes when teams start acting earlier.
This month in security with Tony Anscombe – April 2026 edition
WeLiveSecurity
30 Apr 2026
SEV 1/10
This month in security with Tony Anscombe – April 2026 edition Video Warnings about helpdesk impersonation scams and Iran-linked hackers targeting critical sectors in the US, plus the most damaging scams of 2025 - here's some of what made the headlines this month Editor 30 Apr 2026 With April coming to a close, it's time for ESET Chief Security Evangelist Tony Anscombe to look back at some of the top cybersecurity stories that made the news this month. Tony also offers insights that the they may hold for your own cyber-defenses. Here's some of what caught Tony's attention this month: Microsoft has issued a warning about helpdesk impersonation scams where bad actors increasingly misuse external Microsoft Teams collaboration to trick users into granting them remote access.
Five Things we Took Away from Gartner SRM Sydney 2026
Rapid7 Blog
29 Apr 2026
SEV 1/10
Five Things we Took Away from Gartner SRM Sydney 2026 Back to Blog Industry Trends Five Things we Took Away from Gartner SRM Sydney 2026 Rapid7 Apr 29, 2026 | Last updated on Apr 29, 2026 | xx min read DISCOVER RAPID7 MDR At this year's Gartner Security and Risk Management Summit in Sydney, Rapid7 CISO Brian Castagna joined industry CISO Nigel Hedges for a fireside chat on the decisions security leaders are actually making right now. They discussed the real decisions being made right now about budgets, burnout, AI, and perspective on consolidation. The conversation reinforced what we see across many organizations: SecOps is very much focused on protecting business resilience, enabling confident decisions by senior security leaders, and building programs that scale across people, platforms, and emerging technology.
Experts on Experts: The 2026 Threat Landscape is Moving Faster than Defenders Expect
Rapid7 Blog
29 Apr 2026
SEV 2/10
Experts on Experts: The 2026 Threat Landscape is Moving Faster than Defenders Expect Back to Blog Industry Trends Experts on Experts: The 2026 Threat Landscape is Moving Faster than Defenders Expect Craig Adams Apr 29, 2026 | Last updated on Apr 29, 2026 | xx min read DISCOVER RAPID7 MDR This week on Experts on Experts, I’m joined by Christiaan Beek, Rapid7’s VP of Threat Analytics, to talk through what we’re seeing in the 2026 threat landscape and how it connects to recent research coming out of Rapid7 Labs. We start with the report, but quickly move into what’s already playing out in active campaigns. What stands out is not a change in attacker technique, but the pace.
AI-Era Threats Spread Beyond Email Into SaaS, Collaboration Apps, and AI Assistants
Proofpoint Threat Insight
28 Apr 2026
SEV 1/10
AI-Era Threats Spread Beyond Email Into SaaS, Collaboration Apps, and AI Assistants Proofpoint’s annual survey of 1,453 security professionals shows that organizations hit by an AI incident saw threats appear across every collaboration channel, not just the inbox. The data, coming from the latest Proofpoint survey , analyzed the responses of 1,453 security professionals across 12 countries. Among the 42% of respondents whose organization had experienced an AI-related incident, threat activity was reported in email (67%), SaaS or cloud apps (57%), AI assistants or agents (53%), and collaboration tools, social platforms, and file-sharing (49% each).
Proofpoint Research Reveals Half of Global Organizations Experienced AI Incidents Despite Having AI Security Controls in Place
Proofpoint Threat Insight
28 Apr 2026
SEV 1/10
Proofpoint Research Reveals Half of Global Organizations Experienced AI Incidents Despite Having AI Security Controls in Place | Proofpoint US English: Americas Search Partners Support Login Back Get a Demo Contact Us Top Suggestions: Email Security Phishing Email Fraud Prime Threat Protection Platform Collaboration Security Data Security and Governance AI Security Platform Technologies Services Cybersecurity for the agentic workspace starts with Proofpoint’s human and agent-centric security platform. Featured Join a live Protect event—learn how to protect people, data, and AI Live Events Stop cyberthreats with AI-driven multichannel protection. Discover Collaboration Security Prime Experience Core Email Protection in action—block 99.99% of email threats Interactive Demo Transform data security with a unified, omnichannel approach.
27th April – Threat Intelligence Report
Check Point Research
27 Apr 2026
SEV 1/10
No content extracted.
TGR-STA-1030: New Activity in Central and South America
Unit 42
24 Apr 2026
SEV 2/10
TGR-STA-1030: New Activity in Central and South America Threat Research Center Insights General General min read Related Products Unit 42 Incident Response By: Unit 42 Published: April 24, 2026 Categories: General Insights Tags: TGR-STA-1030 TGR-STA-1030 remains an active threat. Since February, we have observed widespread activity from this group across multiple countries. Most recently, their efforts appear to be heavily focused on regions within Central and South America.
Today, trust is the superpower that makes innovation possible
Recorded Future Research
23 Apr 2026
SEV 2/10
Today, trust is the superpower that makes innovation possible How better intelligence and collaboration can unlock new opportunities for growth and greater financial health for more people. The paradoxes of today’s digital world are well-known to anyone with a smartphone. Over the last decade, connectivity has expanded, yet the world has become more fragmented.
20th April – Threat Intelligence Report
Check Point Research
20 Apr 2026
SEV 1/10
No content extracted.
DFIR Report – The Gentlemen & SystemBC: A Sneak Peek Behind the Proxy
Check Point Research
20 Apr 2026
SEV 1/10
No content extracted.
13th April – Threat Intelligence Report
Check Point Research
13 Apr 2026
SEV 1/10
No content extracted.
6th April – Threat Intelligence Report
Check Point Research
06 Apr 2026
SEV 1/10
No content extracted.
Day in the Life: Product Manager at Recorded Future
Recorded Future Research
03 Apr 2026
SEV 1/10
Day in the Life: Product Manager at Recorded Future Recorded Future is the World’s Largest Intelligence Company. Our team works to build products that customers love. In this video, Kyle Kohler interviewed with VentureFizz about his day-to-day as a Senior Product Manager for Integrations.
Operation TrueChaos: 0-Day Exploitation Against Southeast Asian Government Targets
Check Point Research
31 Mar 2026
SEV 1/10
No content extracted.
This month in security with Tony Anscombe – March 2026 edition
WeLiveSecurity
31 Mar 2026
SEV 1/10
This month in security with Tony Anscombe – March 2026 edition Video The past four weeks have seen a slew of new cybersecurity wake-up calls that showed why every organization needs a well-thought-out cyber-resilience plan Editor 31 Mar 2026 As March 2026 draws to a close, ESET Chief Security Evangelist Tony Anscombe looks at some of the top cybersecurity stories that made the news this month and offers insights that they may hold for your cyber-defenses. Here's Tony's rundown of some of what stood out most over the four or so weeks: The medtech giant Stryker fell victim to a cyberattack that was claimed by the Iran-linked Handala hacktivist group and reportedly wiped “over 200,000 systems, servers, and mobile devices” and stole 50 terabytes of data, Research by the Google Threat Intelligence Group has found that suspected data theft was present in no fewer than 77% of ransomware attacks in 2025 (up from 57% the year prior) and that attackers are increasingly relying on built-in Windows utilities, Starting in May, Instagram will stop encrypting private messages between users, A Europol-led operation has taken down the Tycoon 2FA phishing platform that up to the middle of 2025 accounted for 62% of all phishing attempts blocked by Microsoft, What are some of the lessons businesses should take away from these news stories? Watch the video to learn more and be sure to check out the February 2026 edition of Tony's monthly security news roundup, as well as his highlights from the RSAC 2026 conference that wrapped up just a few days ago.
ChatGPT Data Leakage via a Hidden Outbound Channel in the Code Execution Runtime
Check Point Research
30 Mar 2026
SEV 1/10
No content extracted.
30th March – Threat Intelligence Report
Check Point Research
30 Mar 2026
SEV 1/10
No content extracted.
AI Threat Landscape Digest January-February 2026
Check Point Research
29 Mar 2026
SEV 1/10
No content extracted.
RSAC 2026 wrap-up – Week in security with Tony Anscombe
WeLiveSecurity
27 Mar 2026
SEV 1/10
RSAC 2026 wrap-up – Week in security with Tony Anscombe Video This year, AI agents took the center stage – as a defensive capability, but more pressingly as a risk many organizations haven't caught up with Editor 27 Mar 2026 That's a wrap on the RSAC™ 2026 Conference . For its 35th edition, the conference drew the usual mix of security practitioners, researchers and vendors. Predictably, AI agents dominated much of the conversation – as a defensive capability, but more pressingly as a risk that many organizations have yet to fully think through.
23rd March – Threat Intelligence Report
Check Point Research
23 Mar 2026
SEV 1/10
No content extracted.
Face value: What it takes to fool facial recognition
WeLiveSecurity
13 Mar 2026
SEV 1/10
Face value: What it takes to fool facial recognition Privacy ESET’s Jake Moore used smart glasses, deepfakes and face swaps to ‘hack’ widely-used facial recognition systems – and he'll demo it all at RSAC 2026 Tomáš Foltýn 13 Mar 2026 2 min. read Facial recognition is increasingly embedded in everything from airport boarding gates to bank onboarding flows. The widely-held assumption is that a face is hard to fake and that matching a live face to a trusted source is a reliable identity signal.
Digital Citizenship Glossary: Key Terms Every Internet User Should Know
Recorded Future Research
08 Mar 2026
SEV 2/10
Digital Citizenship Glossary: Key Terms Every Internet User Should Know Digital Citizenship Glossary: Navigating the Internet Without Crashing and Burning The internet is basically a giant digital city, and you need to be just as streetwise here as outside your front door. Most people go online every day - scrolling through TikTok, finishing a research paper, or making purchases - but they don't always know the "rules of the road" or the vocabulary that tech experts use to describe our digital lives. Here's a breakdown of essential digital citizenship terms to help you navigate the web and mobile apps like a pro: Authority - Authority refers to how trustworthy a source is based on who created it.
Latin America's Cybersecurity Turning Point: From Reactive Defense to Threat Intelligence
Recorded Future Research
03 Mar 2026
SEV 1/10
Latin America's Cybersecurity Turning Point: From Reactive Defense to Threat Intelligence Key Takeaways Latin America faces a distinct and evolving cyber threat landscape, from PIX payment fraud to ransomware hitting critical infrastructure. Most LATAM security teams are still reactive by necessity, and that posture is costing organizations in downtime, data, and trust. Recorded Future offers LATAM-specific threat intelligence, automation, and 100+ integrations to help stretched teams get ahead of attacks before they land.
This month in security with Tony Anscombe – February 2026 edition
WeLiveSecurity
28 Feb 2026
SEV 1/10
This month in security with Tony Anscombe – February 2026 edition Video In this roundup, Tony looks at how opportunistic threat actors are taking advantage of weak authentication, unmanaged exposure, and popular AI tools Editor 28 Feb 2026 With the second month of 2026 (almost) behind us, it's time for ESET Chief Security Evangelist Tony Anscombe to look at cybersecurity stories that moved the needle and offered vital lessons over the past four weeks. Here's Tony's rundown of some of what stood out in February 2026: Threat actors misused commercial generative AI tools to compromise more than 600 FortiGate devices located in 55 countries. Rather than specific vulnerabilities, the attacks exploited exposed management ports and weak credentials without two-factor authentication, according to Amazon Threat Intelligence .
Mobile app permissions (still) matter more than you may think
WeLiveSecurity
27 Feb 2026
SEV 2/10
Mobile app permissions (still) matter more than you may think Mobile Security Start using a new app and you’ll often be asked to grant it permissions. But blindly accepting them could expose you to serious privacy and security risks. Phil Muncaster 27 Feb 2026 5 min.
Recorded Future Expands Coverage of Scams and Financial Fraud with Money Mule Intelligence from CYBERA
Recorded Future Research
26 Feb 2026
SEV 2/10
Recorded Future Expands Coverage of Scams and Financial Fraud with Money Mule Intelligence from CYBERA Recorded Future is expanding its payment fraud prevention capabilities through a partnership with CYBERA , the industry leader in detecting and verifying data on scam-linked bank accounts. Available for purchase now via the Recorded Future Platform, Money Mule Intelligence helps fraud teams identify the accounts criminals use to extract and move stolen funds—addressing a critical gap as scams increasingly become banks' most pressing fraud challenge. The Growing Threat of Authorized Push Payment Fraud Authorized Push Payment (APP) fraud is accelerating.
Faking it on the phone: How to tell if a voice call is AI or not
WeLiveSecurity
23 Feb 2026
SEV 1/10
Faking it on the phone: How to tell if a voice call is AI or not Scams Can you believe your ears? Increasingly, the answer is no. Here’s what’s at stake for your business, and how to beat the deepfakers.
Is Poshmark safe? How to buy and sell without getting scammed
WeLiveSecurity
19 Feb 2026
SEV 2/10
How to buy and sell without getting scammed Scams Like any other marketplace, the social commerce platform has its share of red flags. It pays to know what to look for so you can shop or sell without headaches. Phil Muncaster 19 Feb 2026 5 min.
Is it OK to let your children post selfies online?
WeLiveSecurity
17 Feb 2026
SEV 2/10
Is it OK to let your children post selfies online? Kids Online When it comes to our children’s digital lives, prohibition rarely works. It’s our responsibility to help them build a healthy relationship with tech.
From 27 Steps to 5: How Recorded Future Reimagined Threat Hunting with Autonomous Threat Operations
Recorded Future Research
11 Feb 2026
SEV 2/10
From 27 Steps to 5: How Recorded Future Reimagined Threat Hunting with Autonomous Threat Operations The manual operations gap can be a business risk Manual threat hunting requires 27 steps that burn analyst time Autonomous Threat Operations can reduce 27 steps to 5 Autonomous operations prove measurable ROI At Recorded Future, we’re constantly looking for ways to help security teams work more efficiently so they can focus their expertise where it matters most: stopping threats before they impact business. Over the past few years, as we spent time talking to our customers and observing the ways that their SOCs actually work day to day, we discovered a troubling pattern. Every Monday morning, analysts would begin a new round of threat hunts, manually gathering intelligence, writing queries for different tools, correlating findings, and documenting results.
Taxing times: Top IRS scams to look out for in 2026
WeLiveSecurity
10 Feb 2026
SEV 2/10
Taxing times: Top IRS scams to look out for in 2026 Scams It’s time to file your tax return. And cybercriminals are lurking to make an already stressful period even more edgy. Phil Muncaster 10 Feb 2026 5 min.
OfferUp scammers are out in force: Here’s what you should know
WeLiveSecurity
04 Feb 2026
SEV 2/10
OfferUp scammers are out in force: Here’s what you should know Scams The mobile marketplace app has a growing number of users, but not all of them are genuine. Watch out for these common scams. Phil Muncaster 04 Feb 2026 6 min.
Children and chatbots: What parents should know
WeLiveSecurity
23 Jan 2026
SEV 1/10
Children and chatbots: What parents should know Kids Online As children turn to AI chatbots for answers, advice, and companionship, questions emerge about their safety, privacy, and emotional development Phil Muncaster 23 Jan 2026 4 min. read AI chatbots have become a big part of all of our lives since they burst onto the scene more than three years ago. ChatGPT, for example, says it has around 700 million weekly active users, many of whom are “young people.” A UK study from July 2025 found that nearly two-thirds (64%) of children use such tools.
Common Apple Pay scams, and how to stay safe
WeLiveSecurity
22 Jan 2026
SEV 2/10
Common Apple Pay scams, and how to stay safe Scams Here’s how the most common scams targeting Apple Pay users work and what you can do to stay one step ahead Phil Muncaster 22 Jan 2026 6 min. read Apple Pay is clearly a hit with consumers. According to estimates , it had hundreds of millions of global users and processed trillions of payments in 2025 alone.
Actionable threat insights
Microsoft Security Blog
—
SEV 1/10
May 14 7 min read Defense in depth for autonomous AI agents As AI agents gain autonomy, defense in depth must evolve, with application-layer design, identity, and human oversight at the center.
Vulnerabilities & exploits
Microsoft Security Blog
—
SEV 2/10
April 6 12 min read Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations The financially motivated cybercriminal threat actor Storm-1175 operates high-velocity ransomware campaigns that weaponize recently disclosed vulnerabilities to obtain initial access, exfiltrate data, and deploy Medusa ransomware.
Social engineering and phishing
Microsoft Security Blog
—
SEV 1/10
May 4 8 min read Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise Microsoft Defender Research observed a large-scale credential theft campaign that exemplifies this trend, using code of conduct-themed lures, a multi-step attack chain, and legitimate email services to distribute fully authenticated messages from attacker-controlled domains.
Ransomware
Microsoft Security Blog
—
SEV 2/10
April 6 12 min read Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations The financially motivated cybercriminal threat actor Storm-1175 operates high-velocity ransomware campaigns that weaponize recently disclosed vulnerabilities to obtain initial access, exfiltrate data, and deploy Medusa ransomware.
Mobile threats
Microsoft Security Blog
—
SEV 2/10
August 8, 2024 15 min read Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE Microsoft researchers found multiple vulnerabilities in OpenVPN that could lead to an attack chain allowing remote code execution and local privilege escalation.
IoT and OT threats
Microsoft Security Blog
—
SEV 2/10
July 2, 2024 7 min read Vulnerabilities in PanelView Plus devices could lead to remote code execution Microsoft discovered and responsibly disclosed two vulnerabilities in Rockwell’s PanelView Plus that could be remotely exploited by unauthenticated attackers, allowing them to perform remote code execution (RCE) and denial-of-service (DoS).
Influence operations
Microsoft Security Blog
—
SEV 1/10
October 10, 2024 12 min read Cyber Signals Issue 8 | Education under siege: How cybercriminals target our schools This edition of Cyber Signals delves into the cybersecurity challenges facing classrooms and campuses, highlighting the critical need for robust defenses and proactive measures.
Cybercrime
Microsoft Security Blog
—
SEV 1/10
April 30 15 min read Email threat landscape: Q1 2026 trends and insights In early 2026, email threats increased with a rise in credential phishing, QR code phishing, and CAPTCHA-gated campaigns, highlighted by Microsoft’s disruption of the Tycoon2FA phishing platform which led to a 15% volume decrease and shifts in threat actor tactics.
Cloud threats
Microsoft Security Blog
—
SEV 1/10
October 20, 2025 20 min read Inside the attack chain: Threat activity targeting Azure Blob Storage Azure Blob Storage is a high-value target for threat actors due to its critical role in storing and managing massive amounts of unstructured data at scale across diverse workloads and is increasingly targeted through sophisticated attack chains that exploit misconfigurations, exposed credentials, and evolving cloud tactics.
Business email compromise
Microsoft Security Blog
—
SEV 1/10
April 30 15 min read Email threat landscape: Q1 2026 trends and insights In early 2026, email threats increased with a rise in credential phishing, QR code phishing, and CAPTCHA-gated campaigns, highlighted by Microsoft’s disruption of the Tycoon2FA phishing platform which led to a 15% volume decrease and shifts in threat actor tactics.
AI threats
Microsoft Security Blog
—
SEV 1/10
March 6 21 min read AI as tradecraft: How threat actors operationalize AI Threat actors are operationalizing AI to scale and sustain malicious activity, accelerating tradecraft and increasing risk for defenders, as illustrated by recent activity from North Korean groups such as Jasper Sleet and Coral Sleet (formerly Storm-1877).
Zero Trust
Microsoft Security Blog
—
SEV 1/10
April 29 10 min read 8 best practices for CISOs conducting risk reviews Embracing strong proactive security is something we can all do to mitigate our increased exposure to security threats.
Threat trends
Microsoft Security Blog
—
SEV 1/10
October 22, 2025 5 min read The CISO imperative: Building resilience in an era of accelerated cyberthreats The latest Microsoft Digital Defense Report 2025 paints a vivid picture of a cyberthreat landscape in flux.
Small & medium business
Microsoft Security Blog
—
SEV 2/10
October 31, 2024 6 min read 7 cybersecurity trends and tips for small and medium businesses to stay protected The challenges that small and midsize businesses (SMBs) face when it comes to security continue to increase as it becomes more difficult to keep up with sophisticated cyberthreats with limited resources or security expertise.
SIEM & XDR
Microsoft Security Blog
—
SEV 1/10
April 9 7 min read The agentic SOC—Rethinking SecOps for the next decade In the SOC of the future, autonomous defense moves at machine speed, agents add context and coordination, and humans focus on judgment, risk, and outcomes.
Security operations
Microsoft Security Blog
—
SEV 1/10
May 12 8 min read Defending consumer web properties against modern DDoS attacks Read how to protect consumer websites and defend against modern DDoS attacks with layered security, resilient architecture, and graceful service degradation.
Security management
Microsoft Security Blog
—
SEV 1/10
May 12 8 min read Defending consumer web properties against modern DDoS attacks Read how to protect consumer websites and defend against modern DDoS attacks with layered security, resilient architecture, and graceful service degradation.
Secure remote work
Microsoft Security Blog
—
SEV 1/10
February 26, 2025 4 min read Rethinking remote assistance security in a Zero Trust world The rise in sophisticated cyberthreats demands a fundamental shift in our approach.
Risk management
Microsoft Security Blog
—
SEV 1/10
February 2, 2023 5 min read Mitigate risk by integrating threat modeling and DevOps processes Are you wondering how you can effectively integrate threat modeling with your DevOps practice to maximize value and shift-left security? We have collected a few ideas for you, with the help of a few leading security experts.
Privacy
Microsoft Security Blog
—
SEV 1/10
January 13 7 min read How Microsoft builds privacy and security to work hand-in-hand Learn how Microsoft unites privacy and security through advanced tools and global compliance to protect data and build trust.
Office of the CISO
Microsoft Security Blog
—
SEV 1/10
May 12 8 min read Defending consumer web properties against modern DDoS attacks Read how to protect consumer websites and defend against modern DDoS attacks with layered security, resilient architecture, and graceful service degradation.
Network security
Microsoft Security Blog
—
SEV 1/10
February 19 3 min read New e-book: Establishing a proactive defense with Microsoft Security Exposure Management Read the new maturity-based guide that helps organizations move from fragmented, reactive security practices to a unified exposure management approach that enables proactive defense.
Multifactor authentication
Microsoft Security Blog
—
SEV 1/10
May 7 5 min read World Passkey Day: Advancing passwordless authentication This World Passkey Day, read how Microsoft is advancing passkey adoption to replace passwords, cut phishing risk, and deliver simpler, more secure sign-ins.
MISA
Microsoft Security Blog
—
SEV 1/10
January 27 3 min read Microsoft announces the 2026 Security Excellence Awards winners Congratulations to the winners of the 2026 Microsoft Security Excellence Awards that recognize the innovative defenders who have gone above and beyond.
Internet of Things (IoT) security
Microsoft Security Blog
—
SEV 1/10
May 30, 2024 9 min read Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology (OT) devices.
Information protection & governance
Microsoft Security Blog
—
SEV 1/10
March 31, 2025 5 min read New innovations in Microsoft Purview for protected, AI-ready data Microsoft Purview delivers a comprehensive set of solutions that help customers seamlessly secure and confidently activate data in the era of AI.
Identity & access management
Microsoft Security Blog
—
SEV 1/10
May 7 5 min read World Passkey Day: Advancing passwordless authentication This World Passkey Day, read how Microsoft is advancing passkey adoption to replace passwords, cut phishing risk, and deliver simpler, more secure sign-ins.
Incident response
Microsoft Security Blog
—
SEV 1/10
March 16 4 min read Help on the line: How a Microsoft Teams support call led to compromise A DART investigation into a Microsoft Teams voice phishing attack shows how deception and trusted tools can enable identity-led intrusions and how to stop them.
Endpoint security
Microsoft Security Blog
—
SEV 1/10
March 12 9 min read Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials.
Email security
Microsoft Security Blog
—
SEV 1/10
March 12 4 min read From transparency to action: What the latest Microsoft email security benchmark reveals The latest Microsoft benchmarking data reveals how Microsoft Defender mitigates modern email threats compared to SEG and ICES vendors.
Device management
Microsoft Security Blog
—
SEV 1/10
March 16 4 min read Help on the line: How a Microsoft Teams support call led to compromise A DART investigation into a Microsoft Teams voice phishing attack shows how deception and trusted tools can enable identity-led intrusions and how to stop them.
Data security
Microsoft Security Blog
—
SEV 1/10
April 30 3 min read What’s new, updated, or recently released in Microsoft Security Stay ahead of emerging threats with Microsoft’s newest security innovations and updates, delivered through the In the Loop series.
Data protection
Microsoft Security Blog
—
SEV 1/10
March 16 5 min read New Microsoft Purview innovations for Fabric to safely accelerate your AI transformation As organizations adopt AI, security and governance remain core primitives for safe AI transformation and acceleration.
Compliance
Microsoft Security Blog
—
SEV 1/10
September 16, 2025 6 min read Microsoft Purview innovations for your Fabric data: Unify data security and governance for the AI era The Microsoft Fabric and Purview teams are thrilled to participate in the European Microsoft Fabric Community Conference.