Intelligence Feed
View all latest posts
Microsoft Security Blog
—
SEV 1/10
May 14 7 min read Defense in depth for autonomous AI agents As AI agents gain autonomy, defense in depth must evolve, with application-layer design, identity, and human oversight at the center.
Defending consumer web properties against modern DDoS attacks
Microsoft Security Blog
—
SEV 1/10
Best practices May 12 8 min read Defending consumer web properties against modern DDoS attacks By Kumar Srinivasamurthy , Vice President, Intelligent Conversation and Communications Cloud Platform, Microsoft Listen to this post / 1x Powered by Microsoft Copilot
Accelerating detection engineering using AI-assisted synthetic attack logs generation
Microsoft Security Blog
—
SEV 1/10
Research May 12 9 min read Accelerating detection engineering using AI-assisted synthetic attack logs generation By Microsoft Defender Security Research Team Listen to this post / 1x Powered by Microsoft Copilot
When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps
Microsoft Security Blog
—
SEV 1/10
Research May 14 7 min read When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps By Microsoft Defender Security Research Team and Yossi Weizman Listen to this post / 1x Powered by Microsoft Copilot
View all AI and machine learning
Microsoft Security Blog
—
SEV 1/10
May 14 7 min read Defense in depth for autonomous AI agents As AI agents gain autonomy, defense in depth must evolve, with application-layer design, identity, and human oversight at the center.
When prompts become shells: RCE vulnerabilities in AI agent frameworks
Microsoft Security Blog
—
SEV 1/10
Research May 7 13 min read When prompts become shells: RCE vulnerabilities in AI agent frameworks By Microsoft Defender Security Research Team , Uri Oren , Amit Eliahu and Dor Edry Listen to this post / 1x Powered by Microsoft Copilot
View all threat intelligence
Microsoft Security Blog
—
SEV 3/10
May 14 18 min read Kazuar: Anatomy of a nation-state botnet Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for years and continues to evolve in support of espionage-focused operations.
Defense in depth for autonomous AI agents
Microsoft Security Blog
—
SEV 1/10
Research May 14 7 min read Defense in depth for autonomous AI agents By Alyssa Ofstein and Elliot H Omiya
Undermining the trust boundary: Investigating a stealthy intrusion through third-party compromise
Microsoft Security Blog
—
SEV 1/10
Research May 12 11 min read Undermining the trust boundary: Investigating a stealthy intrusion through third-party compromise By Microsoft Incident Response
Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise
Microsoft Security Blog
—
SEV 1/10
Research May 4 8 min read Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise By Microsoft Defender Security Research Team and Microsoft Threat Intelligence Listen to this post / 1x Powered by Microsoft Copilot
Kazuar: Anatomy of a nation-state botnet
Microsoft Security Blog
—
SEV 2/10
Research May 14 18 min read Kazuar: Anatomy of a nation-state botnet By Microsoft Threat Intelligence Listen to this post / 1x Powered by Microsoft Copilot
Microsoft Agent 365, now generally available, expands capabilities and integrations
Microsoft Security Blog
—
SEV 1/10
News May 1 11 min read Microsoft Agent 365, now generally available, expands capabilities and integrations By Nirav Shah , Rob Lefferts and Jason Roszak Listen to this post / 1x Powered by Microsoft Copilot
Microsoft named an overall leader in KuppingerCole Analyst’s 2026 Emerging AI Security Operations Center (SOC) report
Microsoft Security Blog
—
SEV 1/10
News May 6 3 min read Microsoft named an overall leader in KuppingerCole Analyst’s 2026 Emerging AI Security Operations Center (SOC) report By Rob Lefferts , Corporate Vice President, Microsoft Threat Protection
Defense at AI speed: Microsoft’s new multi-model agentic security system tops leading industry benchmark
Microsoft Security Blog
—
SEV 1/10
May 12 16 min read Defense at AI speed: Microsoft’s new multi-model agentic security system tops leading industry benchmark By Taesoo Kim , Vice President, Agentic Security, Microsoft
World Passkey Day: Advancing passwordless authentication
Microsoft Security Blog
—
SEV 1/10
Best practices May 7 5 min read World Passkey Day: Advancing passwordless authentication By Vasu Jakkal and Nadim Abdo Listen to this post / 1x Powered by Microsoft Copilot
Microsoft Sentinel
Microsoft Security Blog
—
SEV 1/10
May 6 3 min read Microsoft named an overall leader in KuppingerCole Analyst’s 2026 Emerging AI Security Operations Center (SOC) report Microsoft is excited to be named an Overall Leader, and the Market Leader in the Kuppinger Cole Analyst’s 2026 Emerging AI Security Operations Center (SOC) report, as we see automation and AI as core components of the future of cybersecurity.
Microsoft Security Copilot
Microsoft Security Blog
—
SEV 1/10
May 6 3 min read Microsoft named an overall leader in KuppingerCole Analyst’s 2026 Emerging AI Security Operations Center (SOC) report Microsoft is excited to be named an Overall Leader, and the Market Leader in the Kuppinger Cole Analyst’s 2026 Emerging AI Security Operations Center (SOC) report, as we see automation and AI as core components of the future of cybersecurity.
Microsoft Security Experts
Microsoft Security Blog
—
SEV 1/10
May 6 20 min read ClickFix campaign uses fake macOS utilities lures to deliver infostealers Threat actors are targeting macOS users with fake utility fixes that trick them into running malicious Terminal commands.
Microsoft Purview
Microsoft Security Blog
—
SEV 1/10
May 1 11 min read Microsoft Agent 365, now generally available, expands capabilities and integrations Today we’re announcing the general availability of Agent 365, plus previews of new capabilities to discover and manage shadow AI agents, including local agents like OpenClaw and Claude Code.
Microsoft Priva
Microsoft Security Blog
—
SEV 1/10
April 2, 2024 8 min read Microsoft Priva announces new solutions to help modernize your privacy program Today, we are beyond thrilled to announce the expansion of the Microsoft Priva family of products in public preview.
Microsoft Intune
Microsoft Security Blog
—
SEV 1/10
May 1 11 min read Microsoft Agent 365, now generally available, expands capabilities and integrations Today we’re announcing the general availability of Agent 365, plus previews of new capabilities to discover and manage shadow AI agents, including local agents like OpenClaw and Claude Code.
Microsoft Entra
Microsoft Security Blog
—
SEV 1/10
May 7 5 min read World Passkey Day: Advancing passwordless authentication This World Passkey Day, read how Microsoft is advancing passkey adoption to replace passwords, cut phishing risk, and deliver simpler, more secure sign-ins.
Microsoft Defender
Microsoft Security Blog
—
SEV 3/10
May 14 18 min read Kazuar: Anatomy of a nation-state botnet Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for years and continues to evolve in support of espionage-focused operations.
Detection and protection success stories
Microsoft Security Blog
—
SEV 1/10
May 12 9 min read Accelerating detection engineering using AI-assisted synthetic attack logs generation What if you could generate realistic attack telemetry on demand? Explore research methods that translate attacker behaviors (TTPs) into synthetic logs that can trigger detections at scale and without sensitive data.
Defending against advanced tactics
Microsoft Security Blog
—
SEV 4/10
May 1 6 min read CVE-2026-31431: Copy Fail vulnerability enables Linux root privilege escalation across cloud environments A high-severity Linux vulnerability, “Copy Fail” (CVE-2026-31431), enables root privilege escalation across cloud environments and Kubernetes workloads.
Actionable threat insights
Microsoft Security Blog
—
SEV 1/10
May 14 7 min read Defense in depth for autonomous AI agents As AI agents gain autonomy, defense in depth must evolve, with application-layer design, identity, and human oversight at the center.
Vulnerabilities & exploits
Microsoft Security Blog
—
SEV 2/10
April 6 12 min read Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations The financially motivated cybercriminal threat actor Storm-1175 operates high-velocity ransomware campaigns that weaponize recently disclosed vulnerabilities to obtain initial access, exfiltrate data, and deploy Medusa ransomware.
Threat actors
Microsoft Security Blog
—
SEV 3/10
May 14 18 min read Kazuar: Anatomy of a nation-state botnet Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for years and continues to evolve in support of espionage-focused operations.
Supply chain attacks
Microsoft Security Blog
—
SEV 3/10
April 1 16 min read Mitigating the Axios npm supply chain compromise On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages for version updates to download from command and control (C2) that Microsoft Threat Intelligence has attributed to the North Korean state actor Sapphire Sleet.
Social engineering and phishing
Microsoft Security Blog
—
SEV 1/10
May 4 8 min read Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise Microsoft Defender Research observed a large-scale credential theft campaign that exemplifies this trend, using code of conduct-themed lures, a multi-step attack chain, and legitimate email services to distribute fully authenticated messages from attacker-controlled domains.
Ransomware
Microsoft Security Blog
—
SEV 2/10
April 6 12 min read Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations The financially motivated cybercriminal threat actor Storm-1175 operates high-velocity ransomware campaigns that weaponize recently disclosed vulnerabilities to obtain initial access, exfiltrate data, and deploy Medusa ransomware.
Mobile threats
Microsoft Security Blog
—
SEV 2/10
August 8, 2024 15 min read Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE Microsoft researchers found multiple vulnerabilities in OpenVPN that could lead to an attack chain allowing remote code execution and local privilege escalation.
IoT and OT threats
Microsoft Security Blog
—
SEV 2/10
July 2, 2024 7 min read Vulnerabilities in PanelView Plus devices could lead to remote code execution Microsoft discovered and responsibly disclosed two vulnerabilities in Rockwell’s PanelView Plus that could be remotely exploited by unauthenticated attackers, allowing them to perform remote code execution (RCE) and denial-of-service (DoS).
Influence operations
Microsoft Security Blog
—
SEV 1/10
October 10, 2024 12 min read Cyber Signals Issue 8 | Education under siege: How cybercriminals target our schools This edition of Cyber Signals delves into the cybersecurity challenges facing classrooms and campuses, highlighting the critical need for robust defenses and proactive measures.
Cybercrime
Microsoft Security Blog
—
SEV 1/10
April 30 15 min read Email threat landscape: Q1 2026 trends and insights In early 2026, email threats increased with a rise in credential phishing, QR code phishing, and CAPTCHA-gated campaigns, highlighted by Microsoft’s disruption of the Tycoon2FA phishing platform which led to a 15% volume decrease and shifts in threat actor tactics.
Cloud threats
Microsoft Security Blog
—
SEV 1/10
October 20, 2025 20 min read Inside the attack chain: Threat activity targeting Azure Blob Storage Azure Blob Storage is a high-value target for threat actors due to its critical role in storing and managing massive amounts of unstructured data at scale across diverse workloads and is increasingly targeted through sophisticated attack chains that exploit misconfigurations, exposed credentials, and evolving cloud tactics.
Business email compromise
Microsoft Security Blog
—
SEV 1/10
April 30 15 min read Email threat landscape: Q1 2026 trends and insights In early 2026, email threats increased with a rise in credential phishing, QR code phishing, and CAPTCHA-gated campaigns, highlighted by Microsoft’s disruption of the Tycoon2FA phishing platform which led to a 15% volume decrease and shifts in threat actor tactics.
Cyberattacker techniques, tools, and infrastructure
Microsoft Security Blog
—
SEV 3/10
May 14 18 min read Kazuar: Anatomy of a nation-state botnet Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for years and continues to evolve in support of espionage-focused operations.
AI threats
Microsoft Security Blog
—
SEV 1/10
March 6 21 min read AI as tradecraft: How threat actors operationalize AI Threat actors are operationalizing AI to scale and sustain malicious activity, accelerating tradecraft and increasing risk for defenders, as illustrated by recent activity from North Korean groups such as Jasper Sleet and Coral Sleet (formerly Storm-1877).
Zero Trust
Microsoft Security Blog
—
SEV 1/10
April 29 10 min read 8 best practices for CISOs conducting risk reviews Embracing strong proactive security is something we can all do to mitigate our increased exposure to security threats.
Threat trends
Microsoft Security Blog
—
SEV 1/10
October 22, 2025 5 min read The CISO imperative: Building resilience in an era of accelerated cyberthreats The latest Microsoft Digital Defense Report 2025 paints a vivid picture of a cyberthreat landscape in flux.
Threat intelligence
Microsoft Security Blog
—
SEV 3/10
May 14 18 min read Kazuar: Anatomy of a nation-state botnet Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for years and continues to evolve in support of espionage-focused operations.
Small & medium business
Microsoft Security Blog
—
SEV 2/10
October 31, 2024 6 min read 7 cybersecurity trends and tips for small and medium businesses to stay protected The challenges that small and midsize businesses (SMBs) face when it comes to security continue to increase as it becomes more difficult to keep up with sophisticated cyberthreats with limited resources or security expertise.
SIEM & XDR
Microsoft Security Blog
—
SEV 1/10
April 9 7 min read The agentic SOC—Rethinking SecOps for the next decade In the SOC of the future, autonomous defense moves at machine speed, agents add context and coordination, and humans focus on judgment, risk, and outcomes.
Security operations
Microsoft Security Blog
—
SEV 1/10
May 12 8 min read Defending consumer web properties against modern DDoS attacks Read how to protect consumer websites and defend against modern DDoS attacks with layered security, resilient architecture, and graceful service degradation.
Security management
Microsoft Security Blog
—
SEV 1/10
May 12 8 min read Defending consumer web properties against modern DDoS attacks Read how to protect consumer websites and defend against modern DDoS attacks with layered security, resilient architecture, and graceful service degradation.
Secure remote work
Microsoft Security Blog
—
SEV 1/10
February 26, 2025 4 min read Rethinking remote assistance security in a Zero Trust world The rise in sophisticated cyberthreats demands a fundamental shift in our approach.
Risk management
Microsoft Security Blog
—
SEV 1/10
February 2, 2023 5 min read Mitigate risk by integrating threat modeling and DevOps processes Are you wondering how you can effectively integrate threat modeling with your DevOps practice to maximize value and shift-left security? We have collected a few ideas for you, with the help of a few leading security experts.
Privacy
Microsoft Security Blog
—
SEV 1/10
January 13 7 min read How Microsoft builds privacy and security to work hand-in-hand Learn how Microsoft unites privacy and security through advanced tools and global compliance to protect data and build trust.
Office of the CISO
Microsoft Security Blog
—
SEV 1/10
May 12 8 min read Defending consumer web properties against modern DDoS attacks Read how to protect consumer websites and defend against modern DDoS attacks with layered security, resilient architecture, and graceful service degradation.
Network security
Microsoft Security Blog
—
SEV 1/10
February 19 3 min read New e-book: Establishing a proactive defense with Microsoft Security Exposure Management Read the new maturity-based guide that helps organizations move from fragmented, reactive security practices to a unified exposure management approach that enables proactive defense.
Multifactor authentication
Microsoft Security Blog
—
SEV 1/10
May 7 5 min read World Passkey Day: Advancing passwordless authentication This World Passkey Day, read how Microsoft is advancing passkey adoption to replace passwords, cut phishing risk, and deliver simpler, more secure sign-ins.
MISA
Microsoft Security Blog
—
SEV 1/10
January 27 3 min read Microsoft announces the 2026 Security Excellence Awards winners Congratulations to the winners of the 2026 Microsoft Security Excellence Awards that recognize the innovative defenders who have gone above and beyond.
Internet of Things (IoT) security
Microsoft Security Blog
—
SEV 1/10
May 30, 2024 9 min read Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology (OT) devices.
Information protection & governance
Microsoft Security Blog
—
SEV 1/10
March 31, 2025 5 min read New innovations in Microsoft Purview for protected, AI-ready data Microsoft Purview delivers a comprehensive set of solutions that help customers seamlessly secure and confidently activate data in the era of AI.
Identity & access management
Microsoft Security Blog
—
SEV 1/10
May 7 5 min read World Passkey Day: Advancing passwordless authentication This World Passkey Day, read how Microsoft is advancing passkey adoption to replace passwords, cut phishing risk, and deliver simpler, more secure sign-ins.
Incident response
Microsoft Security Blog
—
SEV 1/10
March 16 4 min read Help on the line: How a Microsoft Teams support call led to compromise A DART investigation into a Microsoft Teams voice phishing attack shows how deception and trusted tools can enable identity-led intrusions and how to stop them.
Endpoint security
Microsoft Security Blog
—
SEV 1/10
March 12 9 min read Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials.
Email security
Microsoft Security Blog
—
SEV 1/10
March 12 4 min read From transparency to action: What the latest Microsoft email security benchmark reveals The latest Microsoft benchmarking data reveals how Microsoft Defender mitigates modern email threats compared to SEG and ICES vendors.
Device management
Microsoft Security Blog
—
SEV 1/10
March 16 4 min read Help on the line: How a Microsoft Teams support call led to compromise A DART investigation into a Microsoft Teams voice phishing attack shows how deception and trusted tools can enable identity-led intrusions and how to stop them.
Data security
Microsoft Security Blog
—
SEV 1/10
April 30 3 min read What’s new, updated, or recently released in Microsoft Security Stay ahead of emerging threats with Microsoft’s newest security innovations and updates, delivered through the In the Loop series.
Data protection
Microsoft Security Blog
—
SEV 1/10
March 16 5 min read New Microsoft Purview innovations for Fabric to safely accelerate your AI transformation As organizations adopt AI, security and governance remain core primitives for safe AI transformation and acceleration.
Compliance
Microsoft Security Blog
—
SEV 1/10
September 16, 2025 6 min read Microsoft Purview innovations for your Fabric data: Unify data security and governance for the AI era The Microsoft Fabric and Purview teams are thrilled to participate in the European Microsoft Fabric Community Conference.
Cloud security
Microsoft Security Blog
—
SEV 1/10
April 30 3 min read What’s new, updated, or recently released in Microsoft Security Stay ahead of emerging threats with Microsoft’s newest security innovations and updates, delivered through the In the Loop series.
Microsoft Secure Future Initiative
Microsoft Security Blog
—
SEV 1/10
May 12 8 min read Defending consumer web properties against modern DDoS attacks Read how to protect consumer websites and defend against modern DDoS attacks with layered security, resilient architecture, and graceful service degradation.
Analyst reports
Microsoft Security Blog
—
SEV 1/10
May 6 3 min read Microsoft named an overall leader in KuppingerCole Analyst’s 2026 Emerging AI Security Operations Center (SOC) report Microsoft is excited to be named an Overall Leader, and the Market Leader in the Kuppinger Cole Analyst’s 2026 Emerging AI Security Operations Center (SOC) report, as we see automation and AI as core components of the future of cybersecurity.
AI and agents
Microsoft Security Blog
—
SEV 1/10
May 14 7 min read Defense in depth for autonomous AI agents As AI agents gain autonomy, defense in depth must evolve, with application-layer design, identity, and human oversight at the center.
Research
Microsoft Security Blog
—
SEV 1/10
May 14 7 min read Defense in depth for autonomous AI agents As AI agents gain autonomy, defense in depth must evolve, with application-layer design, identity, and human oversight at the center.
Events
Microsoft Security Blog
—
SEV 1/10
March 20 9 min read Secure agentic AI end-to-end In this agentic era, security must be woven into, and around, every layer of the AI estate.
Industry trends
Microsoft Security Blog
—
SEV 1/10
April 16 8 min read Building your cryptographic inventory: A customer strategy for cryptographic posture management Learn how to build a comprehensive cryptographic inventory and strengthen quantum‑safe readiness using Microsoft Security tools, best‑practice lifecycle models, and partner solutions.
Best practices
Microsoft Security Blog
—
SEV 1/10
May 12 8 min read Defending consumer web properties against modern DDoS attacks Read how to protect consumer websites and defend against modern DDoS attacks with layered security, resilient architecture, and graceful service degradation.
News
Microsoft Security Blog
—
SEV 1/10
May 6 3 min read Microsoft named an overall leader in KuppingerCole Analyst’s 2026 Emerging AI Security Operations Center (SOC) report Microsoft is excited to be named an Overall Leader, and the Market Leader in the Kuppinger Cole Analyst’s 2026 Emerging AI Security Operations Center (SOC) report, as we see automation and AI as core components of the future of cybersecurity.
Microsoft Security Blog
Microsoft Security Blog
—
SEV 1/10
May 12 16 min read Defense at AI speed: Microsoft’s new multi-model agentic security system tops leading industry benchmark Today Microsoft is announcing a major step forward in AI-powered cyber defense: a new multi-model agentic scanning harness (codenamed MDASH).
Skip to main content
Microsoft Security Blog
—
SEV 1/10
May 12 16 min read Defense at AI speed: Microsoft’s new multi-model agentic security system tops leading industry benchmark Today Microsoft is announcing a major step forward in AI-powered cyber defense: a new multi-model agentic scanning harness (codenamed MDASH).
Skip to content
Microsoft Security Blog
—
SEV 1/10
May 12 16 min read Defense at AI speed: Microsoft’s new multi-model agentic security system tops leading industry benchmark Today Microsoft is announcing a major step forward in AI-powered cyber defense: a new multi-model agentic scanning harness (codenamed MDASH).