- by Microsoft Threat IntelligenceFinancially motivated threat actor Storm-0501 has continuously evolved their campaigns to achieve sharpened focus on cloud-based tactics, techniques, and procedures (TTPs). While the threat actor has been known for targeting hybrid cloud environments, their primary objective has shifted from deploying on-premises endpoint ransomware to using cloud-based ransomware tactics. The post Storm-0501’s evolving techniques lead to […]
- by Rob LeffertsFor a third year a row, Microsoft has been named the number one leader for endpoint security market share, as featured in a new IDC report. The post Microsoft ranked number one in modern endpoint security market share third year in a row appeared first on Microsoft Security Blog.
- by Igor SakhnovHear directly from Corporate Vice President and Deputy Chief Information Security Officer (CISO) for Identity, Igor Sakhnov, about how to secure and govern autonomous agents. This blog is part of a new ongoing series where our Deputy CISOs share their thoughts on what is most important in their respective domains. In this series you will […]
- by Microsoft Threat Intelligence and Microsoft Defender ExpertsThe ClickFix social engineering technique has been growing in popularity, with campaigns targeting thousands of enterprise and end-user devices daily. This technique exploits users’ tendency to resolve technical issues by tricking them into running malicious commands. These commands, in turn, deliver payloads that ultimately lead to information theft and exfiltration. The post Think before you […]
- by Mark Russinovich and Michal Braverman-BlumenstykMicrosoft is proactively leading the transition to quantum-safe security by advancing post-quantum cryptography, collaborating with global standards bodies, and helping organizations prepare for the coming quantum era. The post Quantum-safe security: Progress towards next-generation cryptography appeared first on Microsoft Security Blog.
- by Microsoft Threat IntelligenceA comprehensive technical deep dive on PipeMagic, a highly modular backdoor used by Storm-2460 masquerading as a legitimate open-source ChatGPT Desktop Application. Beneath its disguise, PipeMagic is a sophisticated malware framework designed for flexibility and persistence. Once deployed, it can dynamically execute payloads while maintaining robust command and control (C2) communication via a dedicated networking […]
- by Microsoft Security TeamJoin us at Microsoft Ignite 2025 for a week of immersive learning, hands-on experiences, and strategic insights tailored for security leaders, practitioners, and innovators. The post Connect with the security community at Microsoft Ignite 2025 appeared first on Microsoft Security Blog.
- by Lizzie HeinzeMicrosoft recently spoke with Mario Ferket, Chief Information Security Officer for Dow, about the company’s approach to AI in security. The post Dow’s 125-year legacy: Innovating with AI to secure a long future appeared first on Microsoft Security Blog.
- by Cristina Da Gama HenriquezThe Phishing Triage Agent in Microsoft Defender is now available in Public Preview. It tackles one of the most repetitive tasks in the SOC: handling reports of user-submitted phish. The post Announcing public preview: Phishing triage agent in Microsoft Defender appeared first on Microsoft Security Blog.
- by Joy Chik and Ann JohnsonWe’re excited to launch SFI patterns and practices: a new library of actionable guidance designed to help organizations implement security measures at scale. This launch marks a next step in our journey to make our SFI learnings practical for our customers, partners, and broader security ecosystem. These patterns are not just theory—they’re based on what […]