Research

Explore in-depth research on the latest cybersecurity threats, trends, and defense strategies. Get insights from Microsoft that’ll help you better understand and respond to today’s challenges.

Refine Results

Filtered by

Clear All

Research

Refine results

Sort By

Content Type

Topic

Products and services

Publish date

Start Date

End Date

Go beyond data protection with Microsoft Purview

Govern, protect, and manage all of your data with Microsoft Purview, comprehensive solutions to help give you better visibility and control.

Learn more
March 17, 2025

13 min read

StilachiRAT analysis: From system reconnaissance to cryptocurrency theft

Microsoft Incident Response uncovered a novel remote access trojan (RAT) named StilachiRAT, which demonstrates sophisticated techniques to evade detection, persist in the target environment, and exfiltrate sensitive data.
March 13, 2025

10 min read

Phishing campaign impersonates Booking.com, delivers a suite of credential-stealing malware

Microsoft Threat Intelligence identified a phishing campaign that impersonates online travel agency Booking.
March 11, 2025

22 min read

New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects

Microsoft Threat Intelligence has uncovered a new variant of XCSSET, a sophisticated modular macOS malware that infects Xcode projects, in the wild.
March 6, 2025

32 min read

Malvertising campaign leads to info stealers hosted on GitHub

Microsoft detected a large-scale malvertising campaign in early December 2024 that impacted nearly one million devices globally.
Streamline privacy management with Microsoft Priva

Protect and govern personal information, reduce privacy risks, and manage subject rights requests at scale with Microsoft Priva privacy risk management solutions.

Learn more
March 5, 2025

13 min read

Silk Typhoon targeting IT supply chain

Silk Typhoon is a Chinese state actor focused on espionage campaigns targeting a wide range of industries in the US and throughout the world.
February 13, 2025

10 min read

Storm-2372 conducts device code phishing campaign

Microsoft Threat Intelligence Center discovered an active and successful device code phishing campaign by a threat actor we track as Storm-2372.
February 12, 2025

23 min read

The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation

Microsoft is publishing for the first time our research into a subgroup within the Russian state actor Seashell Blizzard and its multiyear initial access operation, tracked by Microsoft Threat Intelligence as the “BadPilot campaign”.
February 6, 2025

11 min read

Code injection attacks using publicly disclosed ASP.NET machine keys

Microsoft Threat Intelligence observed limited activity by an unattributed threat actor using a publicly available, static ASP.
Simplify endpoint management with Microsoft Intune

Microsoft Intune is a cloud-based unified endpoint management platform that empowers IT to manage, assess, and protect apps and devices.

Learn more
January 16, 2025

7 min read

New Star Blizzard spear-phishing campaign targets WhatsApp accounts

In mid-November 2024, Microsoft Threat Intelligence observed the Russian threat actor we track as Star Blizzard sending their typical targets spear-phishing messages, this time offering the supposed opportunity to join a WhatsApp group.
January 13, 2025

9 min read

Analyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensions

Microsoft discovered a macOS vulnerability allowing attackers to bypass System Integrity Protection (SIP) by loading third party kernel extensions, which could lead to serious consequences, such as allowing attackers to install rootkits, create persistent malware, bypass Transparency, Consent, and Control (TCC), and expand the attack surface to perform other unauthorized operations.
January 13, 2025

6 min read

3 takeaways from red teaming 100 generative AI products

Since 2018, Microsoft’s AI Red Team has probed generative AI products for critical safety and security vulnerabilities.
December 19, 2024

7 min read

New Microsoft guidance for the CISA Zero Trust Maturity Model

New Microsoft guidance is now available for United States government agencies and their industry partners to help implement Zero Trust strategies and meet CISA Zero Trust requirements.