For people interested in Microsoft technologies
Microsoft warns that threat actors are using HTTP cookies to control PHP webshells on Linux hosting environments, helping malicious code stay dormant unless specific cookie values are present. The technique reduces visibility in routine logs, supports persistence through cron jobs, and highlights the need for stronger monitoring, web protection, and endpoint detection on hosted Linux workloads.
Microsoft outlined how Windows 365 and Intune now work more closely together to manage Cloud PCs and physical devices from a single admin experience. The update highlights advanced endpoint management capabilities such as Remote Help, advanced analytics, Endpoint Privilege Management, Cloud PKI, and Enterprise App Management, helping IT teams improve security, support, and operational efficiency.
Microsoft warned that malicious Axios npm versions 1.14.1 and 0.30.4 were used in a supply chain attack attributed to Sapphire Sleet. Organizations using the affected packages should immediately rotate secrets, downgrade to safe versions, and review developer endpoints and CI/CD systems for compromise.
Microsoft highlighted Pervasent in its SharePoint Partner Showcase, featuring a board and executive meeting management solution built on Microsoft 365 and SharePoint Framework. The solution focuses on secure document preparation, offline review, voting, e-signatures, and Copilot-powered querying, giving organizations a way to streamline high-security meeting workflows inside their own tenant.
Microsoft has made Copilot Cowork available through the Frontier program, giving organizations early access to a Microsoft 365 experience built for long-running, multi-step work. For IT leaders and Microsoft 365 admins, this signals upcoming changes in how Copilot can support more complex task orchestration and collaborative productivity workflows.
Microsoft Intune’s March 2026 updates improve Windows notification delivery, tighten role assignment boundaries, and expand Apple device protections. The release also adds earlier app trust during Autopilot setup, general availability for Windows Autopatch update readiness, and better iOS app status reporting through Declarative Device Management.
Microsoft says the threat model for critical infrastructure has shifted from opportunistic attacks to persistent, identity-driven access designed for future disruption. For IT and security leaders, the message is clear: reduce exposure, harden identity, and validate operational readiness now as regulations and nation-state activity intensify.
Microsoft is advising CISOs to secure AI systems using the same core controls they already apply to software, identities, and data access. The guidance highlights least privilege, prompt injection defenses, and using AI itself to uncover permissioning issues before attackers or users do.
Microsoft Defender Experts uncovered a late-February 2026 campaign that uses WhatsApp messages to deliver malicious VBS files, then installs unsigned MSI packages for persistence and remote access. The attack blends social engineering, renamed Windows utilities, and trusted cloud services to evade detection, making endpoint controls and user awareness critical.
Microsoft highlighted four SharePoint AI capabilities that help improve content readiness for Microsoft 365 Copilot and agents. The updates focus on content quality recommendations, metadata extraction, admin governance insights, and smarter document library organization to strengthen AI grounding and improve enterprise search and productivity.
Microsoft outlines how Copilot Studio and the upcoming general availability of Agent 365 can help organizations address the OWASP Top 10 for Agentic Applications. The guidance matters because agentic AI systems can use real identities, data, and tools, creating security risks that go far beyond inaccurate outputs.
Microsoft detailed how Microsoft Defender uses high-value asset awareness to detect and stop attacks targeting domain controllers, web servers, and identity infrastructure. By combining Security Exposure Management context with differentiated detections and automated disruption, Defender can raise protection levels on Tier-0 assets and reduce the blast radius of sophisticated intrusions.