Microsoft Defender for Cloud Apps

Refine Results

Filtered by

Clear All

Microsoft Defender for Cloud Apps

Refine results

Sort By

Content Type

Topic

Products and services

Publish date

Start Date

End Date

January 6

16 min read

Phishing actors exploit complex routing and misconfigurations to spoof domains

Threat actors are exploiting complex routing scenarios and misconfigured spoof protections to send spoofed phishing emails, crafted to appear as internally sent messages.
October 9, 2025

12 min read

Investigating targeted “payroll pirate” attacks affecting US universities

Microsoft Threat Intelligence has identified a financially motivated threat actor that we track as Storm-2657 compromising employee accounts to gain unauthorized access to employee profiles and divert salary payments to attacker-controlled accounts, attacks that have been dubbed “payroll pirate”.
October 7, 2025

23 min read

Disrupting threats targeting Microsoft Teams

Threat actors seek to abuse Microsoft Teams features and capabilities across the attack chain, underscoring the importance for defenders to proactively monitor, detect, and respond effectively.
August 27, 2025

23 min read

Storm-0501’s evolving techniques lead to cloud-based ransomware

Financially motivated threat actor Storm-0501 has continuously evolved their campaigns to achieve sharpened focus on cloud-based tactics, techniques, and procedures (TTPs).
Prevent threats with Microsoft Defender
The Microsoft Defender family offers comprehensive threat prevention, detection, and response capabilities for everyone—from individuals looking to protect their family to the world’s largest enterprises.
Explore products
June 30, 2025

18 min read

Jasper Sleet: North Korean remote IT workers’ evolving tactics to infiltrate organizations

Since 2024, Microsoft Threat Intelligence has observed remote IT workers deployed by North Korea leveraging AI to improve the scale and sophistication of their operations, steal data, and generate revenue for the North Korean government.
May 27, 2025

16 min read

New Russia-affiliated actor Void Blizzard targets critical sectors for espionage

Microsoft Threat Intelligence has discovered a cluster of worldwide cloud abuse activity conducted by a threat actor we track as Void Blizzard, who we assess with high confidence is Russia-affiliated and has been active since at least April 2024.
March 5, 2025

13 min read

Silk Typhoon targeting IT supply chain

Silk Typhoon is a Chinese state actor focused on espionage campaigns targeting a wide range of industries in the US and throughout the world.
February 13, 2025

6 min read

Securing DeepSeek and other AI systems with Microsoft Security

Microsoft Security provides cyberthreat protection, posture management, data security, compliance and governance, and AI safety, to secure AI applications that you build and use.
Retain Microsoft Security Experts
Microsoft Security Experts are now available to strengthen your team with managed security services. Learn how to defend against threats with security experts.
Get started
January 6, 2025

7 min read

Why security teams rely on Microsoft Defender Experts for XDR for managed detection and response

Microsoft Defender Experts for XDR is a mature and proven service that triages, investigates, and responds to incidents and hunts for threats on a customer’s behalf around the clock.
October 31, 2024

8 min read

Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network

Since August 2023, Microsoft has observed intrusion activity targeting and successfully stealing credentials from multiple Microsoft customers that is enabled by highly evasive password spray attacks.
October 8, 2024

9 min read

File hosting services misused for identity phishing

Since mid-April 2024, Microsoft has observed an increase in defense evasion tactics used in campaigns abusing file hosting services like SharePoint, OneDrive, and Dropbox.
September 26, 2024

20 min read

Storm-0501: Ransomware attacks expanding to hybrid cloud environments

August 27, 2025 update: Storm-0501 has continuously evolved to achieve sharpened focus on cloud-based TTPs as their primary objective shifted from deploying on-premises endpoint ransomware to using cloud-based ransomware tactics.

Microsoft Defender for Cloud Apps

Filtered by

Refine results

Prevent threats with Microsoft Defender

Retain Microsoft Security Experts

Get started with Microsoft Security