Microsoft Defender

Microsoft Defender helps prevent, detect, and respond to attacks across devices, identities, apps, email, data, workloads, and clouds. Explore threat intelligence, capabilities, and real-world guidance to help you get more out of Defender.

Refine Results

Filtered by

Clear All

Microsoft Defender

Refine results

Sort By

Content Type

Topic

Products and services

Publish date

Start Date

End Date

Prevent threats with Microsoft Defender
The Microsoft Defender family offers comprehensive threat prevention, detection, and response capabilities for everyone—from individuals looking to protect their family to the world’s largest enterprises.
Explore products
September 25, 2025

13 min read

XCSSET evolves again: Analyzing the latest updates to XCSSET’s inventory

Microsoft Threat Intelligence has uncovered a new variant of the XCSSET malware, which is designed to infect Xcode projects, typically used by software developers building Apple or macOS-related applications.
September 24, 2025

4 min read

Retail at risk: How one alert uncovered a persistent cyberthreat

In the latest edition of our Cyberattack Series, we dive into real-world cases targeting retail organizations.
September 24, 2025

10 min read

AI vs. AI: Detecting an AI-obfuscated phishing campaign

Microsoft Threat Intelligence recently detected and blocked a credential phishing campaign that likely used AI-generated code to obfuscate its payload and evade traditional defenses, demonstrating a broader trend of attackers leveraging AI to increase the effectiveness of their operations and underscoring the need for defenders to understand and anticipate AI-driven threats.
September 18, 2025

5 min read

Microsoft Defender delivered 242% return on investment over three years

The latest 2025 commissioned Forrester Consulting Total Economic Impact™ (TEI) study reveals a 242% ROI over three years for organizations that chose Microsoft Defender.
Retain Microsoft Security Experts
Microsoft Security Experts are now available to strengthen your team with managed security services. Learn how to defend against threats with security experts.
Get started
August 27, 2025

23 min read

Storm-0501’s evolving techniques lead to cloud-based ransomware

Financially motivated threat actor Storm-0501 has continuously evolved their campaigns to achieve sharpened focus on cloud-based tactics, techniques, and procedures (TTPs).
August 27, 2025

4 min read

Microsoft ranked number one in modern endpoint security market share third year in a row

For a third year a row, Microsoft has been named the number one leader for endpoint security market share, as featured in a new IDC report.
August 21, 2025

26 min read

Think before you Click(Fix): Analyzing the ClickFix social engineering technique

The ClickFix social engineering technique has been growing in popularity, with campaigns targeting thousands of enterprise and end-user devices daily.
August 18, 2025

16 min read

Dissecting PipeMagic: Inside the architecture of a modular backdoor framework

A comprehensive technical deep dive on PipeMagic, a highly modular backdoor used by Storm-2460 masquerading as a legitimate open-source ChatGPT Desktop Application.
Modernize your Security Operations Center with Microsoft Sentinel
Microsoft Sentinel is a cloud-native SIEM solution powered by AI and automation that delivers intelligent security analytics across your entire enterprise.
Learn more
August 7, 2025

5 min read

Announcing public preview: Phishing triage agent in Microsoft Defender

The Phishing Triage Agent in Microsoft Defender is now available in Public Preview.
August 5, 2025

4 min read

Elevate your protection with expanded Microsoft Defender Experts coverage

Defender Experts now offers 24/7, expert-driven protection for cloud workloads, beginning with hybrid and multicloud servers in Microsoft Defender for Cloud.
July 31, 2025

5 min read

Modernize your identity defense with Microsoft Identity Threat Detection and Response

Microsoft’s Identity Threat Detection and Response solution integrates identity and security operations to provide proactive, real-time protection against sophisticated identity-based cyberthreats.
July 31, 2025

13 min read

Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats

Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard that has been ongoing since at least 2024, targeting embassies in Moscow using an adversary-in-the-middle (AiTM) position to deploy their custom ApolloShadow malware.