logo

Microsoft Security

ID: b951ba98-6659-5660-af1d-d9bce60a6749

STIX ID: identity--b951ba98-6659-5660-af1d-d9bce60a6749

Feed Type: rss

Earliest post: 2023-12-05

Latest post: 2026-05-29

Threat intelligence updates, defense strategies, vulnerability research, and insights from Microsoft’s security teams — covering cloud security, cybercrime trends, and best practices to protect enterprises and users.

01/01/2020
05/29/2026
Title Date Published Describes IncidentAuthorVisible
Typosquatted npm packages used to steal cloud and CI/CD secrets2026-05-29TrueMicrosoft Defender Security Research TeamTrue
The Gentlemen ransomware: Dissecting a self-propagating Go encryptor2026-05-28TrueMicrosoft Threat IntelligenceTrue
From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities2026-05-26TrueMicrosoft Defender Experts and Microsoft Defender Security Research TeamTrue
From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence2026-05-22TrueMicrosoft Defender Security Research TeamTrue
Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft2026-05-20TrueMicrosoft Defender Security Research TeamTrue
Exposing Fox Tempest: A malware-signing service operation2026-05-19TrueMicrosoft Threat IntelligenceTrue
How Storm-2949 turned a compromised identity into a cloud-wide breach2026-05-18TrueMicrosoft Defender Security Research TeamTrue
Kazuar: Anatomy of a nation-state botnet2026-05-14TrueMicrosoft Threat IntelligenceTrue
When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps2026-05-14TrueMicrosoft Defender Security Research Team and Yossi WeizmanTrue
Defense at AI speed: Microsoft’s new multi-model agentic security system tops leading industry benchmark2026-05-12TrueTaesoo KimTrue
Undermining the trust boundary: Investigating a stealthy intrusion through third-party compromise2026-05-12TrueMicrosoft Incident ResponseTrue
Active attack: Dirty Frag Linux vulnerability expands post-compromise risk2026-05-08TrueMicrosoft Defender Security Research TeamTrue
When prompts become shells: RCE vulnerabilities in AI agent frameworks2026-05-07TrueMicrosoft Defender Security Research Team, Uri Oren, Amit Eliahu and Dor EdryTrue
ClickFix campaign uses fake macOS utilities lures to deliver infostealers2026-05-06TrueMicrosoft Defender Security Research Team and Microsoft Defender ExpertsTrue
Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise2026-05-04TrueMicrosoft Defender Security Research Team and Microsoft Threat IntelligenceTrue
CVE-2026-31431: Copy Fail vulnerability enables Linux root privilege escalation across cloud environments2026-05-02TrueMicrosoft Defender Security Research TeamTrue
Email threat landscape: Q1 2026 trends and insights2026-04-30TrueMicrosoft Threat Intelligence and Microsoft Defender Security Research TeamTrue
Detection strategies across cloud and identities against infiltrating IT workers2026-04-21TrueMicrosoft Defender Security Research Team and Microsoft Threat IntelligenceTrue
Cross‑tenant helpdesk impersonation to data exfiltration: A human-operated intrusion playbook2026-04-18TrueMicrosoft Defender Security Research TeamTrue
Containing a domain compromise: How predictive shielding shut down lateral movement2026-04-17TrueMicrosoft Defender Security Research TeamTrue
Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise2026-04-16TrueMicrosoft Threat Intelligence and Microsoft Defender Security Research TeamTrue
Investigating Storm-2755: “Payroll pirate” attacks targeting Canadian employees2026-04-09TrueMicrosoft Incident ResponseTrue
Intent redirection vulnerability in third-party SDK exposed millions of Android wallets to potential risk2026-04-09TrueMicrosoft Defender Security Research TeamTrue
SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks2026-04-07TrueMicrosoft Threat IntelligenceTrue
Inside an AI‑enabled device code phishing campaign2026-04-06TrueMicrosoft Defender Security Research TeamTrue
Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations2026-04-06TrueMicrosoft Threat IntelligenceTrue
Threat actor abuse of AI accelerates from tool to cyberattack surface2026-04-02TrueSherrod DeGrippoTrue
Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments2026-04-02TrueMicrosoft Defender Security Research TeamTrue
Mitigating the Axios npm supply chain compromise2026-04-01TrueMicrosoft Threat Intelligence and Microsoft Defender Security Research TeamTrue
The threat to critical infrastructure has changed. Has your readiness?2026-03-31TrueSherrod DeGrippoTrue
WhatsApp malware campaign delivers VBScript and MSI backdoors2026-03-31TrueMicrosoft Defender Security Research TeamTrue
How Microsoft Defender protects high-value assets in real-world attack scenarios2026-03-27TrueMicrosoft Defender Security Research TeamTrue
Guidance for detecting, investigating, and defending against the Trivy supply chain compromise2026-03-25TrueMicrosoft Defender Security Research TeamTrue
Case study: How predictive shielding in Defender stopped GPO-based ransomware before it started2026-03-23TrueMicrosoft Defender Security Research TeamTrue
When tax season becomes cyberattack season: Phishing and malware campaigns using tax-related lures2026-03-19TrueMicrosoft Threat Intelligence and Microsoft Defender Security Research TeamTrue
Help on the line: How a Microsoft Teams support call led to compromise2026-03-16TrueMicrosoft Incident ResponseTrue
Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft2026-03-12TrueMicrosoft Threat Intelligence and Microsoft Defender ExpertsTrue
Detecting and analyzing prompt abuse in AI tools2026-03-12TrueMicrosoft Incident ResponseTrue
Contagious Interview: Malware delivered through fake developer job interviews2026-03-11TrueMicrosoft Defender Experts and Microsoft Defender Security Research TeamTrue
AI as tradecraft: How threat actors operationalize AI2026-03-06TrueMicrosoft Threat IntelligenceTrue
Malicious AI Assistant Extensions Harvest LLM Chat Histories2026-03-05TrueMicrosoft Defender Security Research TeamTrue
Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale2026-03-04TrueMicrosoft Threat Intelligence and Microsoft Defender Security Research TeamTrue
Signed malware impersonating workplace apps deploys RMM backdoors2026-03-03TrueMicrosoft Defender Security Research TeamTrue
OAuth redirection abuse enables phishing and malware delivery2026-03-02TrueMicrosoft Defender Security Research TeamTrue
Developer-targeting campaign using malicious Next.js repositories2026-02-24TrueMicrosoft Defender Experts and Microsoft Defender Security Research TeamTrue
Analysis of active exploitation of SolarWinds Web Help Desk2026-02-07TrueMicrosoft Defender Security Research TeamTrue
New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan2026-02-05TrueMicrosoft Defender Security Research TeamTrue
Infostealers without borders: macOS, Python stealers, and platform abuse2026-02-02TrueMicrosoft Defender Security Research TeamTrue
Case study: Securing AI application supply chains2026-01-30TrueMicrosoft Defender Security Research TeamTrue
From runtime risk to real‑time defense: Securing AI agents 2026-01-23TrueMicrosoft Defender Security Research TeamTrue

1–50 of 115

Built by the dogesec team. Copyright 2026.