Infostealers without borders: macOS, Python stealers, and platform abuse
How modern infostealers target macOS systems, leverage Python‑based stealers, and abuse trusted platforms and utilities to distribute credential‑stealing payloads.
Microsoft Defender XDR
Refine results
Topic
Products and services
Publish date
-
-
Inside RedVDS: How a single virtual desktop provider fueled worldwide cybercriminal operations
Microsoft’s investigation into RedVDS services and infrastructure uncovered a global network of disparate cybercriminals purchasing and using to target multiple sectors. -
Phishing actors exploit complex routing and misconfigurations to spoof domains
Threat actors are exploiting complex routing scenarios and misconfigured spoof protections to send spoofed phishing emails, crafted to appear as internally sent messages. -
Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components
CVE-2025-55182 (also referred to as React2Shell and includes CVE-2025-66478, which was merged into it) is a critical pre-authentication remote code execution (RCE) vulnerability affecting React Server Components and related frameworks. Prevent threats with Microsoft Defender
The Microsoft Defender family offers comprehensive threat prevention, detection, and response capabilities for everyone—from individuals looking to protect their family to the world’s largest enterprises.
-
Learn what generative AI can do for your security operations center
This new e-book showcases what generative AI can do for your SOC, from reducing alert fatigue and enabling quicker triage to getting ahead of cyberattacks with proactive threat hunting, and more. -
Inside the attack chain: Threat activity targeting Azure Blob Storage
Azure Blob Storage is a high-value target for threat actors due to its critical role in storing and managing massive amounts of unstructured data at scale across diverse workloads and is increasingly targeted through sophisticated attack chains that exploit misconfigurations, exposed credentials, and evolving cloud tactics. -
Investigating targeted “payroll pirate” attacks affecting US universities
Microsoft Threat Intelligence has identified a financially motivated threat actor that we track as Storm-2657 compromising employee accounts to gain unauthorized access to employee profiles and divert salary payments to attacker-controlled accounts, attacks that have been dubbed “payroll pirate”. -
Microsoft named a Leader in the IDC MarketScape for XDR
Microsoft has been named a Leader in IDC’s inaugural category for Worldwide Extended Detection and Response (XDR) Software for 2025, recognized for its deep integration, intelligent automation, and unified security operations solutions. Retain Microsoft Security Experts
Microsoft Security Experts are now available to strengthen your team with managed security services. Learn how to defend against threats with security experts.
-
AI vs. AI: Detecting an AI-obfuscated phishing campaign
Microsoft Threat Intelligence recently detected and blocked a credential phishing campaign that likely used AI-generated code to obfuscate its payload and evade traditional defenses, demonstrating a broader trend of attackers leveraging AI to increase the effectiveness of their operations and underscoring the need for defenders to understand and anticipate AI-driven threats. -
Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats
Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard that has been ongoing since at least 2024, targeting embassies in Moscow using an adversary-in-the-middle (AiTM) position to deploy their custom ApolloShadow malware. -
Microsoft Sentinel data lake: Unify signals, cut costs, and power agentic AI
We’re evolving our industry-leading Security Incidents and Event Management solution (SIEM), Microsoft Sentinel, to include a modern, cost-effective data lake. -
Protecting customers from Octo Tempest attacks across multiple industries
To help protect and inform customers, Microsoft highlights protection coverage across the Microsoft Defender security ecosystem to protect against threat actors like Octo Tempest.
