Category: Microsoft Security Blog

Threat actors continue to develop and leverage various techniques that aim to compromise cloud identities. Despite advancements in protections like multifactor authentication (MFA) and passwordless solutions, social engineering remains a key aspect of phishing attacks. Implementing phishing-resistant solutions, like passkeys,…

Read more →

Our industry needs to continue working together on identity standards for agent access across systems. Read about how Microsoft is building a robust and sophisticated set of agents. The post The future of AI agents—and why OAuth must evolve appeared…

Read more →

Microsoft Threat Intelligence has discovered a cluster of worldwide cloud abuse activity conducted by a threat actor we track as Void Blizzard, who we assess with high confidence is Russia-affiliated and has been active since at least April 2024. Void…

Read more →

Over the past year, Microsoft Threat Intelligence observed the persistent growth and operational sophistication of Lumma Stealer, an info-stealing malware used by multiple financially motivated threat actors to target various industries. Microsoft, partnering with others across industry and international law…

Read more →

At Microsoft Build 2025, we’re taking important steps to secure the agentic workforce. We are excited to introduce Microsoft Entra Agent ID which extends industry-leading identity management and access capabilities to AI agents. The post Microsoft extends Zero Trust to…

Read more →

Read how you can improve your security posture by applying Zero Trust framework and principles based on learnings from the April 2025 Secure Future Initiative progress report. The post ​​How the Microsoft Secure Future Initiative brings Zero Trust to life…

Read more →

Since April 2024, the threat actor that Microsoft Threat Intelligence tracks as Marbled Dust has been observed exploiting user accounts that have not applied fixes to a zero-day vulnerability (CVE-2025-27920) in the messaging app Output Messenger, a multiplatform chat software.…

Read more →

Since April 2024, the threat actor that Microsoft Threat Intelligence tracks as Marbled Dust has been observed exploiting user accounts that have not applied fixes to a zero-day vulnerability (CVE-2025-27920) in the messaging app Output Messenger, a multiplatform chat software.…

Read more →

Meet the minds behind how Microsoft prioritizes cybersecurity across every team and employee. Three deputy chief information security officers share their experiences in cybersecurity and how they are redefining protection. The post Meet the Deputy CISOs who help shape Microsoft’s…

Read more →

In 2024 alone, scammers drained the global economy of more than $1.03 trillion. Together, Microsoft and the other members of GASA hope to stem these losses going forward. The post Microsoft partners with Global Anti-Scam Alliance to fight cybercrime appeared…

Read more →

Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. We shared our findings with Apple and a fix was released for this vulnerability, now identified as…

Read more →

Celebrate World Passkey Day with Microsoft! Join us in embracing passkeys for secure, passwordless sign-ins. Learn more about our commitment to a safer digital future. The post Pushing passkeys forward: Microsoft’s latest updates for simpler, safer sign-ins appeared first on…

Read more →

At Microsoft Build 2025, we’re bringing together security engineers, researchers, and developers to share practical tips and modern best practices to help you ship secure code faster. The post 14 secure coding tips: Learn from the experts at Microsoft Build…

Read more →

Congratulations to the winners of the Microsoft Security Excellence Awards that recognize the innovative defenders who have gone above and beyond. The post Microsoft announces the 2025 Security Excellence Awards winners appeared first on Microsoft Security Blog. This article has…

Read more →

Secure, cloud-based endpoint management helps healthcare providers empower frontline staff and improve patient care. The post Faster, more personalized service begins at the frontline with Microsoft Intune appeared first on Microsoft Security Blog. This article has been indexed from Microsoft…

Read more →

Microsoft presents best practices for securing data and optimizing Microsoft Purview implementation, emphasizing the integration of people, processes, and technology. The post ​​Explore practical best practices to secure your data with Microsoft Purview​​ appeared first on Microsoft Security Blog. This…

Read more →

Read the new whitepaper from the Microsoft AI Red Team to better understand the taxonomy of failure mode in agentic AI. The post New whitepaper outlines the taxonomy of failure modes in AI agents appeared first on Microsoft Security Blog.…

Read more →

The dynamic nature of containers can make it challenging for security teams to detect runtime anomalies or pinpoint the source of a security incident, presenting an opportunity for attackers to stay undetected. Microsoft Threat Intelligence has observed threat actors taking…

Read more →

The Microsoft Secure Future Initiative (SFI) stands as the largest cybersecurity engineering project in history and most extensive effort of its kind at Microsoft. Now, we are sharing the second SFI progress report, which highlights progress made in our multi-year…

Read more →

Read about the initiatives Microsoft has undertaken over the past 18 months to support secure by design, secure by default, and secure in operations objectives as part of our SFI Initiative. The post Microsoft’s Secure by Design journey: One year…

Read more →