Microsoft Sentinel data lake: Unify signals, cut costs, and power agentic AI
We’re evolving our industry-leading Security Incidents and Event Management solution (SIEM), Microsoft Sentinel, to include a modern, cost-effective data lake.
Microsoft Defender
Microsoft Defender helps prevent, detect, and respond to attacks across devices, identities, apps, email, data, workloads, and clouds. Explore threat intelligence, capabilities, and real-world guidance to help you get more out of Defender.
Refine results
Topic
Products and services
Publish date
Prevent threats with Microsoft Defender
The Microsoft Defender family offers comprehensive threat prevention, detection, and response capabilities for everyone—from individuals looking to protect their family to the world’s largest enterprises.
-
-
Sploitlight: Analyzing a Spotlight-based macOS TCC vulnerability
Microsoft Threat Intelligence has discovered a macOS vulnerability, tracked as CVE-2025-31199, that could allow attackers to steal private data of files normally protected by Transparency, Consent, and Control (TCC), including the ability to extract and leak sensitive information cached by Apple Intelligence. -
Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats
Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard that has been ongoing since at least 2024, targeting embassies in Moscow using an adversary-in-the-middle (AiTM) position to deploy their custom ApolloShadow malware. -
Modernize your identity defense with Microsoft Identity Threat Detection and Response
Microsoft’s Identity Threat Detection and Response solution integrates identity and security operations to provide proactive, real-time protection against sophisticated identity-based cyberthreats. Retain Microsoft Security Experts
Microsoft Security Experts are now available to strengthen your team with managed security services. Learn how to defend against threats with security experts.
-
Elevate your protection with expanded Microsoft Defender Experts coverage
Defender Experts now offers 24/7, expert-driven protection for cloud workloads, beginning with hybrid and multicloud servers in Microsoft Defender for Cloud. -
Announcing public preview: Phishing triage agent in Microsoft Defender
The Phishing Triage Agent in Microsoft Defender is now available in Public Preview. -
Dissecting PipeMagic: Inside the architecture of a modular backdoor framework
A comprehensive technical deep dive on PipeMagic, a highly modular backdoor used by Storm-2460 masquerading as a legitimate open-source ChatGPT Desktop Application. -
Think before you Click(Fix): Analyzing the ClickFix social engineering technique
The ClickFix social engineering technique has been growing in popularity, with campaigns targeting thousands of enterprise and end-user devices daily. Modernize your Security Operations Center with Microsoft Sentinel
Microsoft Sentinel is a cloud-native SIEM solution powered by AI and automation that delivers intelligent security analytics across your entire enterprise.
-
Microsoft ranked number one in modern endpoint security market share third year in a row
For a third year a row, Microsoft has been named the number one leader for endpoint security market share, as featured in a new IDC report. -
Storm-0501’s evolving techniques lead to cloud-based ransomware
Financially motivated threat actor Storm-0501 has continuously evolved their campaigns to achieve sharpened focus on cloud-based tactics, techniques, and procedures (TTPs). -
Microsoft Defender delivered 242% return on investment over three years
The latest 2025 commissioned Forrester Consulting Total Economic Impact™ (TEI) study reveals a 242% ROI over three years for organizations that chose Microsoft Defender. -
AI vs. AI: Detecting an AI-obfuscated phishing campaign
Microsoft Threat Intelligence recently detected and blocked a credential phishing campaign that likely used AI-generated code to obfuscate its payload and evade traditional defenses, demonstrating a broader trend of attackers leveraging AI to increase the effectiveness of their operations and underscoring the need for defenders to understand and anticipate AI-driven threats.
