Forrester names Microsoft a Leader in the 2025 Zero Trust Platforms Wave™ report
Employing a Zero Trust strategy is an effective way to modernize security infrastructure to protect against ever evolving security challenges.
Microsoft Security Blog
Your source for the latest in cybersecurity
Enhancing Microsoft 365 security by eliminating high-privilege access
In this blog you will hear directly from Microsoft’s Deputy Chief Information Security Officer (CISO) for Experiences and Devices, Naresh Kannan, about eliminating high-privileged access across all Microsoft 365 applications.
Microsoft expands Zero Trust workshop to cover network, SecOps, and more
The Microsoft Zero Trust workshop has been expanded to cover all six pillars of Zero Trust security, providing a comprehensive guide for organizations to modernize their security posture.
Jasper Sleet: North Korean remote IT workers’ evolving tactics to infiltrate organizations
Since 2024, Microsoft Threat Intelligence has observed remote IT workers deployed by North Korea leveraging AI to improve the scale and sophistication of their operations, steal data, and generate revenue for the North Korean government.
Threat intelligence
-
Jasper Sleet: North Korean remote IT workers’ evolving tactics to infiltrate organizations
Since 2024, Microsoft Threat Intelligence has observed remote IT workers deployed by North Korea leveraging AI to improve the scale and sophistication of their operations, steal data, and generate revenue for the North Korean government. -
Unveiling RIFT: Enhancing Rust malware analysis through pattern matching
As threat actors are adopting Rust for malware development, RIFT, an open-source tool, helps reverse engineers analyze Rust malware, solving challenges in the security industry. -
Defending against evolving identity attack techniques
Threat actors continue to develop and leverage various techniques that aim to compromise cloud identities. -
New Russia-affiliated actor Void Blizzard targets critical sectors for espionage
Microsoft Threat Intelligence has discovered a cluster of worldwide cloud abuse activity conducted by a threat actor we track as Void Blizzard, who we assess with high confidence is Russia-affiliated and has been active since at least April 2024. -
Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer
Over the past year, Microsoft Threat Intelligence observed the persistent growth and operational sophistication of Lumma Stealer, an info-stealing malware used by multiple financially motivated threat actors to target various industries. -
Marbled Dust leverages zero-day in Output Messenger for regional espionage
Since April 2024, the threat actor that Microsoft Threat Intelligence tracks as Marbled Dust has been observed exploiting user accounts that have not applied fixes to a zero-day vulnerability (CVE-2025-27920) in the messaging app Output Messenger, a multiplatform chat software.
Stay ahead of threats
Get expert insights, threat intelligence, and the latest cybersecurity reports from Security Insider.
AI and machine learning
-
Learn how to build an AI-powered, unified SOC in new Microsoft e-book
Read Coordinated Defense: Building an AI-powered, unified SOC, the new e-book on how organizations can unify security operations to better meet the challenges of today’s cyberthreat landscape. -
How to deploy AI safely
Microsoft Deputy CISO Yonatan Zunger shares tips and guidance for safely and efficiently implementing AI in your organization. -
The future of AI agents—and why OAuth must evolve
Our industry needs to continue working together on identity standards for agent access across systems. -
Microsoft extends Zero Trust to secure the agentic workforce
At Microsoft Build 2025, we’re taking important steps to secure the agentic workforce. -
14 secure coding tips: Learn from the experts at Microsoft Build
At Microsoft Build 2025, we’re bringing together security engineers, researchers, and developers to share practical tips and modern best practices to help you ship secure code faster. -
New whitepaper outlines the taxonomy of failure modes in AI agents
Read the new whitepaper from the Microsoft AI Red Team to better understand the taxonomy of failure mode in agentic AI.
Modernize your security operations center
Confidently secure your multicloud, multiplatform environment with Microsoft Sentinel – a cloud-native security information and event management (SIEM) solution.
Latest posts
-
Forrester names Microsoft a Leader in the 2025 Zero Trust Platforms Wave™ report
Employing a Zero Trust strategy is an effective way to modernize security infrastructure to protect against ever evolving security challenges. -
Microsoft expands Zero Trust workshop to cover network, SecOps, and more
The Microsoft Zero Trust workshop has been expanded to cover all six pillars of Zero Trust security, providing a comprehensive guide for organizations to modernize their security posture. -
Enhancing Microsoft 365 security by eliminating high-privilege access
In this blog you will hear directly from Microsoft’s Deputy Chief Information Security Officer (CISO) for Experiences and Devices, Naresh Kannan, about eliminating high-privileged access across all Microsoft 365 applications. -
Planning your move to Microsoft Defender portal for all Microsoft Sentinel customers
Microsoft is transitioning Microsoft Sentinel into the Microsoft Defender portal to create a unified security operations experience. -
Building security that lasts: Microsoft’s journey towards durability at scale
In late 2023, Microsoft launched its most ambitious security transformation to date, the Microsoft Secure Future Initiative (SFI). -
Microsoft Named a Leader in the 2025 IDC CNAPP MarketScape: Key Takeaways for Security Buyers
The cloud-native application protection platform (CNAPP) market continues to evolve rapidly as organizations look to secure increasingly complex cloud environments.