Announcing a new strategic collaboration to bring clarity to threat actor naming
Microsoft and CrowdStrike are teaming up to create alignment across our individual threat actor taxonomies to help security professionals connect insights faster.
Microsoft Security Blog
Your source for the latest in cybersecurity
Cyber resilience begins before the crisis
Hear directly from Microsoft’s Deputy CISO for Customer Security, Ann Johnson, about the need for proactive planning in cyber incidents.
Microsoft extends Zero Trust to secure the agentic workforce
At Microsoft Build 2025, we’re taking important steps to secure the agentic workforce.
Defending against evolving identity attack techniques
Threat actors continue to develop and leverage various techniques that aim to compromise cloud identities.
Threat intelligence
-
Defending against evolving identity attack techniques
Threat actors continue to develop and leverage various techniques that aim to compromise cloud identities. -
New Russia-affiliated actor Void Blizzard targets critical sectors for espionage
Microsoft Threat Intelligence has discovered a cluster of worldwide cloud abuse activity conducted by a threat actor we track as Void Blizzard, who we assess with high confidence is Russia-affiliated and has been active since at least April 2024. -
Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer
Over the past year, Microsoft Threat Intelligence observed the persistent growth and operational sophistication of Lumma Stealer, an info-stealing malware used by multiple financially motivated threat actors to target various industries. -
Marbled Dust leverages zero-day in Output Messenger for regional espionage
Since April 2024, the threat actor that Microsoft Threat Intelligence tracks as Marbled Dust has been observed exploiting user accounts that have not applied fixes to a zero-day vulnerability (CVE-2025-27920) in the messaging app Output Messenger, a multiplatform chat software. -
Analyzing CVE-2025-31191: A macOS security-scoped bookmarks-based sandbox escape
Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. -
Understanding the threat landscape for Kubernetes and containerized assets
The dynamic nature of containers can make it challenging for security teams to detect runtime anomalies or pinpoint the source of a security incident, presenting an opportunity for attackers to stay undetected.
Stay ahead of threats
Get expert insights, threat intelligence, and the latest cybersecurity reports from Security Insider.
AI and machine learning
-
How to deploy AI safely
Microsoft Deputy CISO Yonatan Zunger shares tips and guidance for safely and efficiently implementing AI in your organization. -
The future of AI agents—and why OAuth must evolve
Our industry needs to continue working together on identity standards for agent access across systems. -
Microsoft extends Zero Trust to secure the agentic workforce
At Microsoft Build 2025, we’re taking important steps to secure the agentic workforce. -
14 secure coding tips: Learn from the experts at Microsoft Build
At Microsoft Build 2025, we’re bringing together security engineers, researchers, and developers to share practical tips and modern best practices to help you ship secure code faster. -
New whitepaper outlines the taxonomy of failure modes in AI agents
Read the new whitepaper from the Microsoft AI Red Team to better understand the taxonomy of failure mode in agentic AI. -
Securing our future: April 2025 progress report on Microsoft’s Secure Future Initiative
The Microsoft Secure Future Initiative (SFI) stands as the largest cybersecurity engineering project in history and most extensive effort of its kind at Microsoft.
Modernize your security operations center
Confidently secure your multicloud, multiplatform environment with Microsoft Sentinel – a cloud-native security information and event management (SIEM) solution.
Latest posts
-
Cyber resilience begins before the crisis
Hear directly from Microsoft’s Deputy CISO for Customer Security, Ann Johnson, about the need for proactive planning in cyber incidents. -
Connect with us at the Gartner Security & Risk Management Summit
Microsoft will spotlight its AI-first, end-to-end security platform at the Gartner Security & Risk Management Summit. -
Meet the Deputy CISOs who help shape Microsoft’s approach to cybersecurity: Part 3
Meet the minds behind how Microsoft prioritizes cybersecurity across every team and employee. -
How Microsoft Defender for Endpoint is redefining endpoint security
Learn why many CISOs prefer Microsoft Defender for Endpoint for comprehensive cyberthreat protection across devices and platforms. -
Discover how automatic attack disruption protects critical assets while ensuring business continuity
To help security teams protect critical assets while ensuring business continuity, Microsoft Defender developed automatic attack disruption: a built-in self-defense capability. -
Announcing a new strategic collaboration to bring clarity to threat actor naming
Microsoft and CrowdStrike are teaming up to create alignment across our individual threat actor taxonomies to help security professionals connect insights faster.