Threat actor abuse of AI accelerates from tool to cyberattack surface
Generative AI is upgrading cyberattacks, from 450% higher phishing click‑through rates to industrialized MFA bypass.
Refine results
Content Type
Topic
Threat intelligence
Products and services
Publish date
Go beyond data protection with Microsoft Purview
Govern, protect, and manage all of your data with Microsoft Purview, comprehensive solutions to help give you better visibility and control.
-
-
Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments
Cookie-gated PHP webshells use obfuscation, php-fpm execution, and cron-based persistence to evade detection in Linux hosting environments. -
Mitigating the Axios npm supply chain compromise
On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages for version updates to download from command and control (C2) that Microsoft Threat Intelligence has attributed to the North Korean state actor Sapphire Sleet. -
The threat to critical infrastructure has changed. Has your readiness?
Five facts critical infrastructure (CI) leaders need to act on in 2026, grounded in what Microsoft Threat Intelligence is observing across sectors right now. Streamline privacy management with Microsoft Priva
Protect and govern personal information, reduce privacy risks, and manage subject rights requests at scale with Microsoft Priva privacy risk management solutions.
-
Applying security fundamentals to AI: Practical advice for CISOs
Read actionable advice for CISOs on securing AI, managing risk, and applying core security principles in today’s AI‑powered environment. -
WhatsApp malware campaign delivers VBScript and MSI backdoors
A malware campaign uses WhatsApp messages to deliver VBS scripts that initiate a multi-stage infection chain. -
Addressing the OWASP Top 10 Risks in Agentic AI with Microsoft Copilot Studio
Agentic AI introduces new security risks. -
How Microsoft Defender protects high-value assets in real-world attack scenarios
High-value assets including domain controllers, web servers, and identity infrastructure are frequent targets in sophisticated attacks. Simplify endpoint management with Microsoft Intune
Microsoft Intune is a cloud-based unified endpoint management platform that empowers IT to manage, assess, and protect apps and devices.
-
Identity security is the new pressure point for modern cyberattacks
Read the latest Microsoft Secure Access report for insights into why a unified identity and access strategy offers strong modern protection. -
Guidance for detecting, investigating, and defending against the Trivy supply chain compromise
Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide. -
Governing AI agent behavior: Aligning user, developer, role, and organizational intent
This research report explores the layers of agent intent and how to align them for secure enterprise AI adoption. -
Case study: How predictive shielding in Defender stopped GPO-based ransomware before it started
Microsoft Defender stopped a human-operated ransomware attack that abused Group Policy Objects (GPOs) to disable defenses and push encryption at scale.
