Microsoft’s guidance to help mitigate Kerberoasting
Kerberoasting, a well-known Active Directory (AD) attack vector, enables threat actors to steal credentials and navigate through devices and networks.
Microsoft Defender
Microsoft Defender helps prevent, detect, and respond to attacks across devices, identities, apps, email, data, workloads, and clouds. Explore threat intelligence, capabilities, and real-world guidance to help you get more out of Defender.
Refine results
Topic
Products and services
Publish date
Go beyond data protection with Microsoft Purview
Govern, protect, and manage all of your data with Microsoft Purview, comprehensive solutions to help give you better visibility and control.
-
-
File hosting services misused for identity phishing
Since mid-April 2024, Microsoft has observed an increase in defense evasion tactics used in campaigns abusing file hosting services like SharePoint, OneDrive, and Dropbox. -
Microsoft Defender for Cloud remediated threats 30% faster than other solutions, according to Forrester TEI study
Forrester found that Microsoft Defender for Cloud markedly enhanced the security, compliance, and operational efficiency of each company participating. -
Storm-0501: Ransomware attacks expanding to hybrid cloud environments
August 27, 2025 update: Storm-0501 has continuously evolved to achieve sharpened focus on cloud-based TTPs as their primary objective shifted from deploying on-premises endpoint ransomware to using cloud-based ransomware tactics. Streamline privacy management with Microsoft Priva
Protect and govern personal information, reduce privacy risks, and manage subject rights requests at scale with Microsoft Priva privacy risk management solutions.
-
Microsoft is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms
Gartner® names Microsoft a Leader in Endpoint Protection Platforms—a reflection, we believe, of our continued progress in helping organizations protect their endpoints against even the most sophisticated attacks, while driving continued efficiency for security operations center teams. -
North Korean threat actor Citrine Sleet exploiting Chromium zero-day
Microsoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium (CVE-2024-7971) to gain remote code execution (RCE) in the Chromium renderer process. -
Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations
Between April and July 2024, Microsoft observed Iranian state-sponsored threat actor Peach Sandstorm deploying a new custom multi-stage backdoor, which we named Tickler. -
Microsoft again ranked number one in modern endpoint security market share
IDC Worldwide Corporate Endpoint Security Market Shares report for 2023 ranks Microsoft number one in market share with a 40. Simplify endpoint management with Microsoft Intune
Microsoft Intune is a cloud-based unified endpoint management platform that empowers IT to manage, assess, and protect apps and devices.
-
Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE
Microsoft researchers found multiple vulnerabilities in OpenVPN that could lead to an attack chain allowing remote code execution and local privilege escalation. -
Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption
Microsoft Security researchers have observed a vulnerability used by various ransomware operators to get full administrative access to domain-joined ESXi hypervisors and encrypt the virtual machines running on them. -
Onyx Sleet uses array of malware to gather intelligence for North Korea
On July 25, 2024, the United States Department of Justice (DOJ) indicted an individual linked to the North Korean threat actor that Microsoft tracks as Onyx Sleet. -
Simplified Zero Trust security with the Microsoft Entra Suite and unified security operations platform, now generally available
Microsoft is announcing the Microsoft Entra Suite and the unified security operations platform, two innovations that simplify the implementation of your Zero Trust security strategy.
