Microsoft unveils Microsoft Security Copilot agents and new protections for AI
Learn about the upcoming availability of Microsoft Security Copilot agents and other new offerings for a more secure AI future.
Latest posts
Rethinking remote assistance security in a Zero Trust world
The rise in sophisticated cyberthreats demands a fundamental shift in our approach. Organizations must rethink remote assistance security through the lens of Zero Trust, using the three key principles of Verify Explicitly, Use Least Privilege, and Assume Breach as a guide and ensuring that every session, user, and device is verified, compliant, and monitored before access is granted. Â
Microsoft at Legalweek: Help safeguard your AI future with Microsoft Purview​
​Connect with Microsoft at Legalweek 2025 to learn how to embrace AI while protecting your organization’s data with Microsoft Purview. ​
Microsoft is named a Leader in the 2025 Gartner® Magic Quadrant™ for cyber-physical systems protection platforms​​
We are excited to announce that Gartner has named  Microsoft a Leader in the 2024 Gartner® Magic Quadrant™ for Cyber Physical Systems Protection Platforms. Gartner defines Cyber-physical systems (CPS) as "engineered systems that orchestrate sensing, computation, control, networking and analytics" that connect the digital and physical worlds. They span industrial control systems (ICS), OT devices, Internet of Things (IoT) devices, and more.  Â
​​Join us for the end-to-end Microsoft RSAC 2025 Conference experience
Join Microsoft at RSAC 2025, where we will showcase end-to-end security designed to help organizations accelerate the secure adoption of AI.
Retain Microsoft Security Experts
Microsoft Security Experts are now available to strengthen your team with managed security services. Learn how to defend against threats with security experts.
Storm-2372 conducts device code phishing campaign
Microsoft Threat Intelligence Center discovered an active and successful device code phishing campaign by a threat actor we track as Storm-2372. Our ongoing investigation indicates that this campaign has been active since August 2024 with the actor creating lures that resemble messaging app experiences including WhatsApp, Signal, and Microsoft Teams. Storm-2372’s targets during this time have included government, non-governmental organizations (NGOs), information technology (IT) services and technology, defense, telecommunications, health, higher education, and energy/oil and gas in Europe, North America, Africa, and the Middle East. Microsoft assesses with medium confidence that Storm-2372 aligns with Russian interests, victimology, and tradecraft.
The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation
Microsoft is publishing for the first time our research into a subgroup within the Russian state actor Seashell Blizzard and its multiyear initial access operation, tracked by Microsoft Threat Intelligence as the “BadPilot campaign”. This subgroup has conducted globally diverse compromises of Internet-facing infrastructure to enable Seashell Blizzard to persist on high-value targets and support tailored network operations.
Build a stronger security strategy with proactive and reactive incident response: Cyberattack Series
Find out how a cyberattack by Storm-2077 was halted faster because the Microsoft Incident Response team is both proactive and reactive at the same time.
Code injection attacks using publicly disclosed ASP.NET machine keys
Microsoft Threat Intelligence observed limited activity by an unattributed threat actor using a publicly available, static ASP.NET machine key to inject malicious code and deliver the Godzilla post-exploitation framework. In the course of investigating, remediating, and building protections against this activity, we observed an insecure practice whereby developers have incorporated various publicly disclosed ASP.NET machine keys from publicly accessible resources, such as code documentation and repositories, which threat actors have used to launch ViewState code injection attacks and perform malicious actions on target servers.
Modernize your Security Operations Center with Microsoft Sentinel
Microsoft Sentinel is a cloud-native SIEM solution powered by AI and automation that delivers intelligent security analytics across your entire enterprise.
Hear from Microsoft Security experts at these top cybersecurity events in 2025
Security events offer a valuable opportunity to learn about the latest trends and solutions, evolve your skills for cyberthreats, and meet like-minded security professionals. See where you can meet Microsoft Security in 2025.
3 priorities for adopting proactive identity and access security in 2025
Adopting proactive defensive measures is the only way to get ahead of determined efforts to compromise identities and gain access to your environment.
Fast-track generative AI security with Microsoft Purview
Read how Microsoft Purview can secure and govern generative AI quickly, with minimal user impact, deployment resources, and change management.
New Star Blizzard spear-phishing campaign targets WhatsApp accounts
In mid-November 2024, Microsoft Threat Intelligence observed the Russian threat actor we track as Star Blizzard sending their typical targets spear-phishing messages, this time offering the supposed opportunity to join a WhatsApp group. This is the first time we have identified a shift in Star Blizzard’s longstanding tactics, techniques, and procedures (TTPs) to leverage a […]