ClickFix campaign uses fake macOS utilities lures to deliver infostealers
Threat actors are targeting macOS users with fake utility fixes that trick them into running malicious Terminal commands.
Research
Explore in-depth research on the latest cybersecurity threats, trends, and defense strategies. Get insights from Microsoft thatโll help you better understand and respond to todayโs challenges.
Refine results
Topic
Products and services
Publish date
Tailored AI insights from Microsoft Security Copilot
Empower your defenders to detect hidden patterns, harden defenses, and respond to incidents faster with generative AI.
-
-
Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise
Microsoft Defender Research observed a large-scale credential theft campaign that exemplifies this trend, using code of conduct-themed lures, a multi-step attack chain, and legitimate email services to distribute fully authenticated messages from attacker-controlled domains. -
CVE-2026-31431: Copy Fail vulnerability enables Linux root privilege escalation across cloud environments
A high-severity Linux vulnerability, “Copy Fail” (CVE-2026-31431), enables root privilege escalation across cloud environments and Kubernetes workloads. -
Email threat landscape: Q1 2026 trends and insights
In early 2026, email threats increased with a rise in credential phishing, QR code phishing, and CAPTCHA-gated campaigns, highlighted by Microsoft’s disruption of the Tycoon2FA phishing platform which led to a 15% volume decrease and shifts in threat actor tactics. Go beyond data protection with Microsoft Purview
Govern, protect, and manage all of your data with Microsoft Purview, comprehensive solutions to help give you better visibility and control.
-
Simplifying AWS defense with Microsoft Sentinel UEBA
Learn how Microsoft Sentinel UEBA helps defenders distinguish benign AWS activity from attacker behavior by enriching raw CloudTrail logs with clear, binary behavioral signals derived from baseline user, peer, and device behavior patterns. -
Detection strategies across cloud and identities against infiltrating IT workers
The shift to remote and hybrid work since the pandemic expanded global hiring and accelerated digital onboarding, increasing reliance on online identity verification and remote access. -
Cross‑tenant helpdesk impersonation to data exfiltration: A human-operated intrusion playbook
Threat actors are abusing external Microsoft Teams collaboration to impersonate IT helpdesk staff and convince users to grant remote access. -
Containing a domain compromise: How predictive shielding shut down lateral movement
Domain compromise accelerates fast. Predictive shielding slowed it down. Streamline privacy management with Microsoft Priva
Protect and govern personal information, reduce privacy risks, and manage subject rights requests at scale with Microsoft Priva privacy risk management solutions.
-
Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise
The Microsoft Defender Security Research Team uncovered a sophisticated macOS intrusion campaign attributed to the North Korean threat actor Sapphire Sleet that abuses user driven execution and social engineering to bypass macOS security protections and steal credentials, cryptocurrency assets, and sensitive data. -
Incident response for AI: Same fire, different fuel
AI changes how incidents unfold and how we respond. -
Investigating Storm-2755: “Payroll pirate” attacks targeting Canadian employees
Microsoft Incident Response – Detection and Response Team (DART) researchers observed an emerging, financially motivated threat actor, tracked as Storm-2755, compromising Canadian employee accounts to gain unauthorized access to employee profiles and divert salary payments to attacker-controlled accounts. -
Intent redirection vulnerability in third-party SDK exposed millions of Android wallets to potential risk
A severe Android intent‑redirection vulnerability in a widely deployed SDK exposed sensitive user data across millions of apps.
