Skip to main content
Microsoft Security

Threat intelligence

The Microsoft Threat Intelligence community is made up of world-class experts, security researchers, analysts, and threat hunters who analyze 100 trillion signals daily to discover threats and deliver timely and timely, relevant insight to protect customers. See our latest findings, insights, and guidance.

Refine Results

Filtered by

Clear All

Refine results

Sort By
Content Type
Research (376)
News (16)
Best practices (4)
Events (1)
Industry trends (0)
Topic
Threat intelligence (399)
Incident response (34)
AI and agents (10)
Endpoint security (7)
Threat trends (5)
Security operations (5)
Cloud security (5)
SIEM and XDR (3)
Internet of Things (IoT) security (3)
Identity and access management (3)
Email security (3)
Zero Trust (2)
Risk management (2)
Analyst reports (2)
Small and medium business (1)
Office of the CISO (1)
Multifactor authentication (1)
Data protection (1)
Compliance (1)
Security management (0)
Secure remote work (0)
Privacy (0)
Network security (0)
MISA (0)
Microsoft Secure Future Initiative (0)
Information protection and governance (0)
Device management (0)
Data security (0)
Built-in security (0)
Products and services
Microsoft Defender (158)
Microsoft Defender for Endpoint (105)
Microsoft Defender XDR (60)
Microsoft Defender for Office 365 (30)
Microsoft Defender Threat Intelligence (22)
Microsoft Defender Vulnerability Management (19)
Microsoft Defender for Cloud Apps (18)
Microsoft Defender for Cloud (16)
Microsoft Defender for Identity (14)
Microsoft Defender for IoT (9)
Microsoft Defender External Attack Surface Management (4)
Microsoft Defender for Business (0)
Microsoft Sentinel (38)
Microsoft Security Experts (20)
Microsoft Incident Response (8)
Microsoft Defender Experts for XDR (7)
Microsoft Defender Experts for Hunting (7)
Microsoft Security Services for Enterprise (0)
Microsoft Entra (14)
Microsoft Entra ID (8)
Microsoft Entra ID Protection (7)
Microsoft Entra Workload ID (0)
Microsoft Entra Verified ID (0)
Microsoft Entra Private Access (0)
Microsoft Entra Internet Access (0)
Microsoft Entra ID Governance (0)
Microsoft Entra External ID (0)
Microsoft Security Copilot (7)
Microsoft Purview (1)
Microsoft Purview Insider Risk Management (0)
Microsoft Purview Information Protection (0)
Microsoft Purview eDiscovery (0)
Microsoft Purview Data Loss Prevention (0)
Microsoft Purview Data Lifecycle Management (0)
Microsoft Purview Compliance Manager (0)
Microsoft Purview Communication Compliance (0)
Microsoft Purview Audit (0)
Microsoft Priva (0)
Microsoft Priva Subject Rights Requests (0)
Microsoft Priva Risk Management (0)
Microsoft Intune (0)
Microsoft Entra Agent ID (0)
Publish date
  • Man in a hooded sweater/sweatshirt inside a secure room, pointing at a geographic area displayed on a large monitor.
    • 13 min read

    Franken-phish: TodayZoo built from other phishing kits

    A phishing kit built using pieces of code copied from other kits, some available for sale through publicly accessible scam sellers or are reused and repackaged by other kit resellers, provides rich insight into the state of the economy that drives phishing and email threats today.
    • 8 min read

    Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors

    MSTIC has observed DEV-0343 conducting extensive password spraying against more than 250 Office 365 tenants, with a focus on United States and Israeli defense technology companies, Persian Gulf ports of entry, or global maritime transportation companies with business presence in the Middle East.

  • Retain Microsoft Security Experts

    Microsoft Security Experts are now available to strengthen your team with managed security services. Learn how to defend against threats with security experts.

    Get started
  • Female developer coding her workspace in an enterprise office, using Visual Studio on a multi-monitor set up.
    • 9 min read

    A guide to combatting human-operated ransomware: Part 2

    In this post, we will tackle the risks of human-operated ransomware and detail DART’s security recommendations for tactical containment actions and post-incident activities in the event of an attack.
  • Black female developer wearing headphones; coding at her PC workspace in an enterprise office, using Visual Studio on a multi-monitor set up.
    • 7 min read

    A guide to combatting human-operated ransomware: Part 1

    As human-operated ransomware is on the rise, Microsoft’s Detection and Response Team (DART) shares how they investigate these attacks and what to consider when faced with a similar event in your organization.
    • 8 min read

    Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability

    This blog details our in-depth analysis of the attacks that used the CVE-2021-40444, provides detection details and investigation guidance for Microsoft 365 Defender customers, and lists mitigation steps for hardening networks against this and similar attacks.
Load More

Get started with Microsoft Security

Protect your people, data, and infrastructure with AI-powered, end-to-end security from Microsoft.

Learn how

Connect with us on social