Threat actor abuse of AI accelerates from tool to cyberattack surface
Generative AI is upgrading cyberattacks, from 450% higher phishing click‑through rates to industrialized MFA bypass. The post Threat actor abuse of AI accele...
Microsoft Security Blog
19 articles
Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments
Cookie-gated PHP webshells use obfuscation, php-fpm execution, and cron-based persistence to evade detection in Linux hosting environments. This post examine...
Mitigating the Axios npm supply chain compromise
On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages for version updates (1.14.
The threat to critical infrastructure has changed. Has your readiness?
Five facts critical infrastructure (CI) leaders need to act on in 2026, grounded in what Microsoft Threat Intelligence is observing across sectors right now....
Applying security fundamentals to AI: Practical advice for CISOs
Read actionable advice for CISOs on securing AI, managing risk, and applying core security principles in today’s AI‑powered environment. The post Applying se...
WhatsApp malware campaign delivers VBS payloads and MSI backdoors
A malware campaign uses WhatsApp messages to deliver VBS scripts that initiate a multi-stage infection chain. The attack leverages renamed Windows tools and ...
Addressing the OWASP Top 10 Risks in Agentic AI with Microsoft Copilot Studio
Agentic AI introduces new security risks. Learn how the OWASP Top 10 Risks for Agentic Applications maps to real mitigations in Microsoft Copilot Studio.
How Microsoft Defender protects high-value assets in real-world attack scenarios
High-value assets including domain controllers, web servers, and identity infrastructure are frequent targets in sophisticated attacks. Microsoft Defender ap...
Identity security is the new pressure point for modern cyberattacks
Read the latest Microsoft Secure Access report for insights into why a unified identity and access strategy offers strong modern protection. The post Identit...
Guidance for detecting, investigating, and defending against the Trivy supply chain compromise
Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide. This analysis walks through th...
Governing AI agent behavior: Aligning user, developer, role, and organizational intent
This research report explores the layers of agent intent and how to align them for secure enterprise AI adoption. The post Governing AI agent behavior: Align...
Case study: How predictive shielding in Defender stopped GPO-based ransomware before it started
Microsoft Defender stopped a human-operated ransomware attack that abused Group Policy Objects (GPOs) to disable defenses and push encryption at scale. This ...
CTI-REALM: A new benchmark for end-to-end detection rule generation with AI agents
Excerpt: CTI-REALM is Microsoft’s open-source benchmark for evaluating AI agents on real-world detection engineering—turning cyber threat intelligence (CTI) ...
Secure agentic AI end-to-end
In this agentic era, security must be woven into, and around, every layer of the AI estate. At RSAC 2026, we are delivering on that vision with new purpose-b...
New tools and guidance: Announcing Zero Trust for AI
Microsoft introduces Zero Trust for AI, adding a new AI pillar to its workshop, enhanced reference architecture, updated guidance, and a new assessment tool....
When tax season becomes cyberattack season: Phishing and malware campaigns using tax-related lures
During tax season, threat actors reliably take advantage of the urgency and familiarity of time-sensitive emails, including refund notices, payroll forms, fi...
Observability for AI Systems: Strengthening visibility for proactive risk detection
As AI systems grow more autonomous, observability becomes essential. Learn how visibility into AI behavior helps detect risk and strengthen secure development.
New Microsoft Purview innovations for Fabric to safely accelerate your AI transformation
As organizations adopt AI, security and governance remain core primitives for safe AI transformation and acceleration. The post New Microsoft Purview innovat...
Help on the line: How a Microsoft Teams support call led to compromise
A DART investigation into a Microsoft Teams voice phishing attack shows how deception and trusted tools can enable identity-led intrusions and how to stop th...