Security Insider
Explore the latest cybersecurity insights and updates
Ransomware-as-a-service: The new face of industrialized cybercrime
Cybercrime’s newest business model, human-operated attacks, emboldens criminals of varying ability.

Threat watch
Defending Ukraine: Early Lessons from the Cyber War
The latest findings in our ongoing threat intelligence efforts in the war between Russia and Ukraine, and a series of conclusions from its first four months reinforces the need for ongoing and new investments in technology, data, and partnerships to support governments, companies, NGOs, and universities.

Special Report: Ukraine
Microsoft shares insights into cyberattacks against Ukraine, highlighting details in the attack and context around the scope, scale, and methods of Russia-based nation state attackers.
View report
Ransomware, evolved: Meet the threat players, learn about the attack phases, and prepare your defense
Get a glimpse of the criminal players who operate within the underground ransomware economy. We’ll help you understand the motivations and mechanics of ransomware attacks and provide you with best practices for protection as well as backup and recovery.
Explore infographic
Threat Actor Insights
Microsoft Security is actively tracking threat actors across observed nation state, ransomware, and criminal activities. These insights represent publicly published activity from Microsoft Security threat researchers and provide a centralized catalog of actor profiles from the referenced blogs.
Behind the scenes
Walk through the world of attack surface management
Steve Ginty, director of cyber intelligence at Microsoft, talks about the importance of knowing your external attack surface, provides tips on effective security readiness, and identifies the most important step you can take to protect yourself against threat actors online.
Expert analysis from inside the Microsoft Security Response Center (MSRC)
Help stay ahead of attacks like LAPSUS$ by going behind the scenes with Russ McRee.
Perspectives
Cyber Resilience: Nine in ten security leaders who reported feeling vulnerable to attacks believe security is an enabler of business.
Read Cyber Resilience Report
Attacks are constantly changing. Fundamentals of security do not.
Read CISO Insider
Cybercrime and nation-state attacks on the rise.
Read Microsoft Digital Defense Report

Human operated ransomware—what it is and how to protect your organization from attack
Human operated ransomware is one of the most prevalent and top-of-mind threats for security professionals. Join our technical research team and learn about what developments Microsoft is seeing in the threat landscape, as well as how we can help your business mitigate these types of attacks.

The unseen threat: How cyber vulnerability may be putting our digital lives at risk
In the latest episode of SpyCast, we discuss the everyday dangers lurking in common areas of daily life. From vulnerability in online transactions to pumping gas at the station, we take a deep dive into the day-to-day security concerns of modern life. We also sat down with the founder of the Microsoft Threat Intelligence Center, John Lambert, and Digital Security chief, Cristin Goodwin, for their insights on the rise of dangerous new cybercriminals.
Trending blogs and articles
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
May 9, 2022Discover how ransomware’s newest business model has transformed one of cybercrime’s oldest threats. We’ll walk you through the players, the mechanics, and best practices for defense.
Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn
April 26, 2022Microsoft security researchers have discovered a spate of new vulnerabilities that attackers can exploit to gain root privileges on Linux desktop endpoints. This post will review each vulnerability and examine their affected components.
Microsoft best practices for managing IoT security concerns
April 25, 2022The Internet of Things (IoT) makes life more convenient, but as IoT technology proliferates throughout devices and systems, security concerns grow. In this post, we’ll explain the principles behind Microsoft’s approach to IoT security.
Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware
April 13, 2022In this post, we examine ZLoader attack chains, revealing email and other malicious techniques for delivery and installation. We’ll also detail ZLoader payloads and describe its range of defense evasion capabilities and persistence methods while summarizing best practices for defense.
SpringShell RCE vulnerability: Guidance for protecting against and detecting CVE-2022-22965
April 4, 2022Understand how recently discovered vulnerabilities in the widely used Spring Framework for Java may affect your business. This post provides an in-depth breakdown of the SpringShell exploit and details how to detect vulnerable installations on your network.
Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure
March 16, 2022In this post, we reveal how attackers establish command-and-control (C2) within compromised MikroTik-brand devices using the Trickbot trojan while providing advice on how to detect, remediate, and prevent infections.