Analysis of active exploitation of SolarWinds Web Help Desk
We are seeing exploitation of SolarWinds Web Help Desk via CVE‑2025‑40551 and CVE‑2025‑40536 that can lead to domain compromise; here is how to patch, hunt, and mitigate now.
-
-
New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan
CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger. -
Infostealers without borders: macOS, Python stealers, and platform abuse
How modern infostealers target macOS systems, leverage Python‑based stealers, and abuse trusted platforms and utilities to distribute credential‑stealing payloads. -
Case study: Securing AI application supply chains
Securing AI-powered applications requires more than just safeguarding prompts. -
Turning threat reports into detection insights with AI
Security teams often spend days manually turning long incident reports and threat writeups into actionable detections by extracting TTPs. -
From runtime risk to real‑time defense: Securing AI agents
Why securing AI agents at runtime is essential as attackers find new ways to exploit generative orchestration. -
Resurgence of a multi‑stage AiTM phishing and BEC campaign abusing SharePoint
Microsoft Defender Researchers uncovered a multi‑stage AiTM phishing and business email compromise (BEC) campaign targeting multiple organizations in the energy sector. -
A new era of agents, a new era of posture
AI agents are transforming how organizations operate, but their autonomy also expands the attack surface. -
Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components
CVE-2025-55182 (also referred to as React2Shell and includes CVE-2025-66478, which was merged into it) is a critical pre-authentication remote code execution (RCE) vulnerability affecting React Server Components and related frameworks. -
Shai-Hulud 2.0: Guidance for detecting, investigating, and defending against the supply chain attack
The Shai‑Hulud 2.0 supply chain attack represents one of the most significant cloud-native ecosystem compromises observed recently. -
Whisper Leak: A novel side-channel attack on remote language models
Microsoft has discovered a side-channel attack on language models which allows adversaries to conclude model conversation topics, despite being encrypted. -
Protecting customers from Octo Tempest attacks across multiple industries
To help protect and inform customers, Microsoft highlights protection coverage across the Microsoft Defender security ecosystem to protect against threat actors like Octo Tempest.
