Category: Microsoft Security Blog

Securing AI-powered applications requires more than just safeguarding prompts. Organizations must adopt a holistic approach that includes monitoring the AI supply chain, assessing frameworks, SDKs, and orchestration layers for vulnerabilities, and enforcing strong runtime controls for agents and tools. Leveraging…

Read more →

Security teams often spend days manually turning long incident reports and threat writeups into actionable detections by extracting TTPs. This blog post shows an AI-assisted workflow that does the same job in minutes. It extracts the TTPs, maps them to…

Read more →

The 2026 Microsoft Data Security Index explores one of the most pressing questions facing organizations today: How can we harness the power of generative while safeguarding sensitive data? The post New Microsoft Data Security Index report explores secure AI adoption…

Read more →

Congratulations to the winners of the 2026 Microsoft Security Excellence Awards that recognize the innovative defenders who have gone above and beyond. The post Microsoft announces the 2026 Security Excellence Awards winners appeared first on Microsoft Security Blog. This article…

Read more →

Discover key strategies and leadership insights to help government agencies protect sensitive data and strengthen overall cybersecurity resilience. The post Security strategies for safeguarding governmental data appeared first on Microsoft Security Blog. This article has been indexed from Microsoft Security…

Read more →

Why securing AI agents at runtime is essential as attackers find new ways to exploit generative orchestration. The post From runtime risk to real‑time defense: Securing AI agents  appeared first on Microsoft Security Blog. This article has been indexed from…

Read more →

Discover how Ford, Icertis, and TriNet modernized security with Microsoft—embedding Zero Trust, automating defenses, and enabling secure AI innovation at scale. The post Microsoft Security success stories: Why integrated security is the foundation of AI transformation appeared first on Microsoft…

Read more →

Microsoft Defender Researchers uncovered a multi‑stage AiTM phishing and business email compromise (BEC) campaign targeting multiple organizations in the energy sector. The post Resurgence of a multi‑stage AiTM phishing and BEC campaign abusing SharePoint  appeared first on Microsoft Security Blog.…

Read more →

AI agents are transforming how organizations operate, but their autonomy also expands the attack surface. The post A new era of agents, a new era of posture  appeared first on Microsoft Security Blog. This article has been indexed from Microsoft…

Read more →

Discover four key identity and access priorities for the new year to strengthen your organization’s identity security baseline. The post Four priorities for AI-powered identity and network access security in 2026 appeared first on Microsoft Security Blog. This article has…

Read more →

Microsoft is honored to be named a Leader in the 2025–2026 IDC MarketScape for Unified AI Governance Platforms, highlighting our commitment to making AI innovation safe, responsible, and enterprise-ready. The post Microsoft named a Leader in IDC MarketScape for Unified…

Read more →

Microsoft’s investigation into RedVDS services and infrastructure uncovered a global network of disparate cybercriminals purchasing and using to target multiple sectors. In collaboration with law enforcement agencies worldwide, Microsoft’s Digital Crimes Unit (DCU) recently facilitated a disruption of RedVDS infrastructure…

Read more →

Learn how Microsoft unites privacy and security through advanced tools and global compliance to protect data and build trust. The post How Microsoft builds privacy and security to work hand-in-hand appeared first on Microsoft Security Blog. This article has been…

Read more →

The new proactive services from Microsoft Incident Response turn security uncertainty into readiness with expert‑led preparation and advanced intelligence. The post Explore the latest Microsoft Incident Response proactive services for enhanced resilience appeared first on Microsoft Security Blog. This article…

Read more →

Threat actors are exploiting complex routing scenarios and misconfigured spoof protections to send spoofed phishing emails, crafted to appear as internally sent messages. The post Phishing actors exploit complex routing and misconfigurations to spoof domains appeared first on Microsoft Security…

Read more →

Announcing Microsoft Defender Experts Suite, a integrated set of expert-led services that helps security teams keep pace with modern cyberattacks. The post Introducing the Microsoft Defender Experts Suite: Elevate your security with expert-led services appeared first on Microsoft Security Blog.…

Read more →

Explore the new Microsoft e-book on how a unified, AI-ready platform delivers speed, resilience, and measurable security gains. The post New Microsoft e-book: 3 reasons point solutions are holding you back appeared first on Microsoft Security Blog. This article has…

Read more →

An Access Fabric is a unified access security solution that continuously decides who can access what, from where, and under what conditions—in real time. The post Access Fabric: A modern approach to identity and network access appeared first on Microsoft…

Read more →

CVE-2025-55182 (also referred to as React2Shell and includes CVE-2025-66478, which was merged into it) is a critical pre-authentication remote code execution (RCE) vulnerability affecting React Server Components and related frameworks. The post Defending against the CVE-2025-55182 (React2Shell) vulnerability in React…

Read more →

Today, we are proud to share that Microsoft has been recognized as an overall leader in the KuppingerCole Leadership Compass for Generative AI Defense. The post Microsoft named an overall leader in KuppingerCole Leadership Compass for Generative AI Defense appeared…

Read more →