Malicious npm packages abuse dependency confusion to profile developer environments
A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments.
Microsoft Defender
Microsoft Defender helps prevent, detect, and respond to attacks across devices, identities, apps, email, data, workloads, and clouds. Explore threat intelligence, capabilities, and real-world guidance to help you get more out of Defender.
Refine results
Topic
Threat intelligence
Products and services
Publish date
-
-
Microsoft is named a Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection
Microsoft is named a Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. -
Typosquatted npm packages used to steal cloud and CI/CD secrets
The Mini Shai-Hulud campaign used malicious npm packages to target cloud and CI/CD credentials across developer environments. -
The Gentlemen ransomware: Dissecting a self-propagating Go encryptor
Microsoft Threat Intelligence presents a comprehensive analysis of The Gentlemen, a Go-based ransomware deployed by affiliates of Storm-2697 that combines per-file ephemeral key encryption with an aggressive self-propagation module to deploy itself across an entire network using series of simultaneous lateral movement techniques per target. Prevent threats with Microsoft Defender
The Microsoft Defender family offers comprehensive threat prevention, detection, and response capabilities for everyone—from individuals looking to protect their family to the world’s largest enterprises.
-
From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities
Microsoft exposes a cryptojacking campaign using SEO poisoning and ScreenConnect to target high-performance PCs, with malicious sites also surfaced through AI chatbots. -
From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence
A multi-stage attack on Linux devices began with an exposed F5 BIG-IP edge appliance and pivoted to an internal Confluence server for credential theft and identity compromise. -
Microsoft Security success stories: How St. Luke’s and ManpowerGroup are securing AI foundations
How Frontier firms secure AI at scale: read how Microsoft customers embed governance, identity, and cloud security to make protection an enabler of AI growth. -
What’s new in Microsoft Security: May 2026
Microsoft Security’s latest updates extend visibility, control, and protection across expanding ecosystems as organizations accelerate AI adoption. Retain Microsoft Security Experts
Microsoft Security Experts are now available to strengthen your team with managed security services. Learn how to defend against threats with security experts.
-
Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft
Compromised @antv npm packages deploy the Mini Shai-Hulud payload to steal CI/CD secrets from Linux-based automation environments. -
Securing the gaming culture of cultures
Read about the unique challenges and rewards of securing gaming platforms and how to better protect gaming communities. -
Exposing Fox Tempest: A malware-signing service operation
Fox Tempest is a financially motivated threat actor operating a malware‑signing‑as‑a‑service (MSaaS) used by other cybercriminals, including Vanilla Tempest and Storm groups, to more effectively distribute malicious code, including ransomware. -
How Storm-2949 turned a compromised identity into a cloud-wide breach
Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft without using malware.
