Imposter for hire: How fake people can gain very real access
Fake employees are an emerging cybersecurity threat.
Microsoft Defender for Endpoint
Refine results
Topic
Products and services
Publish date
Modernize your Security Operations Center with Microsoft Sentinel
Microsoft Sentinel is a cloud-native SIEM solution powered by AI and automation that delivers intelligent security analytics across your entire enterprise.
-
-
Shai-Hulud 2.0: Guidance for detecting, investigating, and defending against the supply chain attack
The Shai‑Hulud 2.0 supply chain attack represents one of the most significant cloud-native ecosystem compromises observed recently. -
Changing the physics of cyber defense
Cyber defense is evolving. Find out how graph-powered strategies and AI can help organizations detect threats faster and improve security hygiene. -
SesameOp: Novel backdoor uses OpenAI Assistants API for command and control
Microsoft Incident Response – Detection and Response Team (DART) researchers uncovered a new backdoor that is notable for its novel use of the OpenAI Assistants Application Programming Interface (API) as a mechanism for command-and-control (C2) communications. Tailored AI insights from Microsoft Security Copilot
Empower your defenders to detect hidden patterns, harden defenses, and respond to incidents faster with generative AI.
-
Disrupting threats targeting Microsoft Teams
Threat actors seek to abuse Microsoft Teams features and capabilities across the attack chain, underscoring the importance for defenders to proactively monitor, detect, and respond effectively. -
Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability
Storm-1175, a financially motivated actor known for deploying Medusa ransomware and exploiting public-facing applications for initial access, was observed exploiting the deserialization vulnerability in GoAnywhere MFT’s License Servlet, tracked as CVE-2025-10035. -
XCSSET evolves again: Analyzing the latest updates to XCSSET’s inventory
Microsoft Threat Intelligence has uncovered a new variant of the XCSSET malware, which is designed to infect Xcode projects, typically used by software developers building Apple or macOS-related applications. -
Storm-0501’s evolving techniques lead to cloud-based ransomware
Financially motivated threat actor Storm-0501 has continuously evolved their campaigns to achieve sharpened focus on cloud-based tactics, techniques, and procedures (TTPs). Go beyond data protection with Microsoft Purview
Govern, protect, and manage all of your data with Microsoft Purview, comprehensive solutions to help give you better visibility and control.
-
Microsoft ranked number one in modern endpoint security market share third year in a row
For a third year a row, Microsoft has been named the number one leader for endpoint security market share, as featured in a new IDC report. -
Think before you Click(Fix): Analyzing the ClickFix social engineering technique
The ClickFix social engineering technique has been growing in popularity, with campaigns targeting thousands of enterprise and end-user devices daily. -
Dissecting PipeMagic: Inside the architecture of a modular backdoor framework
A comprehensive technical deep dive on PipeMagic, a highly modular backdoor used by Storm-2460 masquerading as a legitimate open-source ChatGPT Desktop Application. -
Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats
Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard that has been ongoing since at least 2024, targeting embassies in Moscow using an adversary-in-the-middle (AiTM) position to deploy their custom ApolloShadow malware.
