Microsoft

How Storm-2949 turned a compromised identity into a cloud-wide breach

Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft ...
Microsoft

Exposing Fox Tempest: A malware-signing service operation

Fox Tempest is a financially motivated threat actor operating a malware‑signing‑as‑a‑service (MSaaS) used by other ...
Microsoft

Undermining the trust boundary: Investigating a stealthy intrusion through third-party ...

Microsoft Incident Response investigated an attack operated through legitimate and trusted administrative mechanisms to blend ...
Microsoft

Defense at AI speed: Microsoft’s new multi-model agentic security system tops leading ...

Today Microsoft is announcing a major step forward in AI-powered cyber defense: a new multi-model agentic scanning harness ...
Microsoft

From AI ambition to Frontier Transformation: Readiness defines the leaders

Organizations with high AI readiness achieve stronger performance and scale AI securely. Learn how Frontier Firms lead and ...
Microsoft

You’re not late to AI—you’re early to Frontier Transformation

AI transformation is still in its early days, but leaders can act now to focus on functions, culture, and outcomes to support ...
Microsoft

From risk transfer to risk prevention: How AI supports long-term financial resilience in ...

Insurers can generate upstream growth by evolving from risk transfer providers to proactive risk partners via AI tools and ...
Microsoft

ClickFix campaign uses fake macOS utilities lures to deliver infostealers

Threat actors are targeting macOS users with fake utility fixes that trick them into running malicious Terminal commands.
Microsoft

When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps

Exposed UIs, weak authentication, and risky defaults could turn cloud-native AI apps on Kubernetes into potential targets by ...
Microsoft

When prompts become shells: RCE vulnerabilities in AI agent frameworks

New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. Learn how these ...
Microsoft

Defending consumer web properties against modern DDoS attacks

Learn how to protect consumer websites and defend against modern DDoS attacks with layered security, resilient architecture, ...
Microsoft

Active attack: Dirty Frag Linux vulnerability expands post-compromise risk

Dirty Frag is a newly disclosed Linux local privilege escalation vulnerability affecting kernel networking and ...