Microsoft Security Blog

Mar 6

3 min read

Women’s History Month: Why different perspectives in cybersecurity and AI matter more than ever before

This Women’s History Month serves as a crucial moment for us to lead and continue to pave the way for a more inclusive future. I am truly honored to support my amazing women colleagues who continue to excel in their careers. Their diverse perspectives and talents are invaluable, driving innovation and progress across various industries. I am proud to be a part of Microsoft Security, which is focused on building and nurturing an inclusive cybersecurity workforce and curating careers, tools, and resources that work for everyone. We recognize that this is what promotes business growth, strengthens global defenses, and enhances AI safety.

Threat intelligence

A woman sitting at a desk with a computer screen and a mug

New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects

AI and machine learning

Three people looking at computer screens overlayed with block of orange color.

Securing DeepSeek and other AI systems with Microsoft Security

Analyst reports

Chief information security officer collaborating with practitioners in a security operations center.

Microsoft Defender for Cloud remediated threats 30% faster than other solutions, according to Forrester TEI study

Malvertising campaign leads to info stealers hosted on GitHub

Microsoft detected a large-scale malvertising campaign in early December 2024 that impacted nearly one million devices globally. The attack originated from illegal streaming websites embedded with malvertising redirectors and ultimately redirected users to GitHub to deliver initial access payloads as the start of a modular and multi-stage attack chain.

Photo of coworkers discussing in an office, with the threat actor icon for Typhoon actors superimposed

Mar 5

13 min read

Silk Typhoon targeting IT supply chain

Silk Typhoon is a Chinese state actor focused on espionage campaigns targeting a wide range of industries in the US and throughout the world. In recent months, Silk Typhoon has shifted to performing IT supply chain attacks to gain access to targets. In this blog, we provide an overview of the threat actor along with insight into their recent activity as well as their longstanding tactics, techniques, and procedures (TTPs), including a persistent interest in the exploitation of zero-day vulnerabilities in various public-facing appliances and moving from on-premises to cloud environments.

Mar 4

4 min read

Securing generative AI models on Azure AI Foundry

Discover how Microsoft secures AI models on Azure AI Foundry, ensuring robust security and trustworthy deployments for your AI systems.

Feb 26

4 min read

Rethinking remote assistance security in a Zero Trust world

The rise in sophisticated cyberthreats demands a fundamental shift in our approach. Organizations must rethink remote assistance security through the lens of Zero Trust, using the three key principles of Verify Explicitly, Use Least Privilege, and Assume Breach as a guide and ensuring that every session, user, and device is verified, compliant, and monitored before access is granted.

Retain Microsoft Security Experts

Microsoft Security Experts are now available to strengthen your team with managed security services. Learn how to defend against threats with security experts.

Get started

Feb 20

4 min read

Microsoft at Legalweek: Help safeguard your AI future with Microsoft Purview

Connect with Microsoft at Legalweek 2025 to learn how to embrace AI while protecting your organization’s data with Microsoft Purview.

A man sitting in front of a computer screen

Feb 19

5 min read

Microsoft is named a Leader in the 2025 Gartner® Magic Quadrant™ for cyber-physical systems protection platforms

We are excited to announce that Gartner has named  Microsoft a Leader in the 2024 Gartner® Magic Quadrant™ for Cyber Physical Systems Protection Platforms. Gartner defines Cyber-physical systems (CPS) as "engineered systems that orchestrate sensing, computation, control, networking and analytics" that connect the digital and physical worlds. They span industrial control systems (ICS), OT devices, Internet of Things (IoT) devices, and more.  

The floor at the RSA conference with the hashtag #RSAC projected onto the carpet.

Feb 18

7 min read

Join us for the end-to-end Microsoft RSAC 2025 Conference experience

Join Microsoft at RSAC 2025, where we will showcase end-to-end security designed to help organizations accelerate the secure adoption of AI.

A group of people looking at a computer screen

Feb 13

10 min read

Storm-2372 conducts device code phishing campaign

Microsoft Threat Intelligence Center discovered an active and successful device code phishing campaign by a threat actor we track as Storm-2372. Our ongoing investigation indicates that this campaign has been active since August 2024 with the actor creating lures that resemble messaging app experiences including WhatsApp, Signal, and Microsoft Teams. Storm-2372’s targets during this time have included government, non-governmental organizations (NGOs), information technology (IT) services and technology, defense, telecommunications, health, higher education, and energy/oil and gas in Europe, North America, Africa, and the Middle East. Microsoft assesses with medium confidence that Storm-2372 aligns with Russian interests, victimology, and tradecraft.

Modernize your Security Operations Center with Microsoft Sentinel

Microsoft Sentinel is a cloud-native SIEM solution powered by AI and automation that delivers intelligent security analytics across your entire enterprise.

Learn more

Feb 12

23 min read

The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation

Microsoft is publishing for the first time our research into a subgroup within the Russian state actor Seashell Blizzard and its multiyear initial access operation, tracked by Microsoft Threat Intelligence as the “BadPilot campaign”. This subgroup has conducted globally diverse compromises of Internet-facing infrastructure to enable Seashell Blizzard to persist on high-value targets and support tailored network operations.

Computer programmer working at night in office.

Feb 10

4 min read

Build a stronger security strategy with proactive and reactive incident response: Cyberattack Series

Find out how a cyberattack by Storm-2077 was halted faster because the Microsoft Incident Response team is both proactive and reactive at the same time.

Photo of a developer coding her workspace in an enterprise office, using Visual Studio on a multi-monitor set up.

Feb 6

11 min read

Code injection attacks using publicly disclosed ASP.NET machine keys

Microsoft Threat Intelligence observed limited activity by an unattributed threat actor using a publicly available, static ASP.NET machine key to inject malicious code and deliver the Godzilla post-exploitation framework. In the course of investigating, remediating, and building protections against this activity, we observed an insecure practice whereby developers have incorporated various publicly disclosed ASP.NET machine keys from publicly accessible resources, such as code documentation and repositories, which threat actors have used to launch ViewState code injection attacks and perform malicious actions on target servers.

Feb 3

7 min read

Hear from Microsoft Security experts at these top cybersecurity events in 2025

Security events offer a valuable opportunity to learn about the latest trends and solutions, evolve your skills for cyberthreats, and meet like-minded security professionals. See where you can meet Microsoft Security in 2025.