Latest news and updates about Security.
Microsoft has outlined how it secures AI memory in Microsoft 365, addressing emerging risks such as memory poisoning and delayed tool execution. The update matters because persistent AI memory can improve personalization and agent performance, but it also creates new security, compliance, and audit requirements for IT and security teams.
Microsoft Incident Response detailed a complex intrusion in which two unrelated threat actors operated simultaneously in the same environment, complicating attribution and detection. The case highlights how ransomware activity, SharePoint exploitation, trusted tool abuse, and identity compromise can overlap across hybrid estates, reinforcing the need for strong telemetry, patching, and coordinated response.
Microsoft security researchers detailed AutoJack, an exploit chain in AutoGen Studio that could let untrusted web content rendered by an AI browsing agent trigger remote code execution on the host. Although the vulnerable MCP WebSocket surface was never shipped in a PyPI release and the issue was hardened upstream during development, the findings highlight important security risks for agent frameworks that combine web browsing with privileged local services.
A new Forrester Total Economic Impact study found that organizations consolidating on Microsoft Security could see a projected 124% ROI over three years. The report highlights lower breach risk, reduced remediation costs, lower technology spend, and productivity gains as key reasons unified security platforms matter in the AI era.
Microsoft has detailed a large-scale npm supply chain compromise affecting more than 140 Mastra packages after an attacker took over a maintainer account and injected a malicious dependency. The attack is significant because the payload executed during npm install, putting developer workstations and CI/CD pipelines at risk even if the package was never directly used in code.
Microsoft has detailed a Windows-based crypto clipper campaign that uses malicious shortcut files, a bundled Tor client, and worm-like USB propagation to steal wallet data and maintain persistence. The threat matters because it combines clipboard theft, screenshot exfiltration, and remote code execution with stealthy Tor-based command and control, making behavioral detection critical for defenders.
Microsoft says its MDASH multi-agent AI security system has moved from research into production workflows across Windows, Azure, and identity engineering teams. The platform now feeds validated findings into GitHub Advanced Security, Azure DevOps, and Microsoft Defender, helping teams discover and remediate high-impact vulnerabilities earlier in the development lifecycle.
Microsoft has been named a Leader in The Forrester Wave for Extended Detection and Response Platforms, Q2 2026, with the highest strategy score and the only top vision score. For security teams, the news highlights Microsoft's momentum in XDR, threat intelligence, attack disruption, and Security Copilot capabilities across identity, cloud, endpoints, and SIEM workflows.
Microsoft says AI is accelerating identity-based cyberattacks and is responding with tighter integration between Entra and Defender. Key updates include a unified identity risk score, an improved Entra ID Protection experience, new least-privilege response roles, and smarter Conditional Access optimization to help security teams detect and contain threats faster.
Microsoft has shared one year of real-world email security benchmarking data showing Defender consistently leading in pre-delivery detection versus SEG vendors. The latest results also show ICES tools add the most value for promotional and bulk email, while Defender now handles the vast majority of post-delivery malicious remediation.
Microsoft has released ASSERT, an open-source framework that converts natural-language behavior requirements into executable evaluation pipelines for AI models, agents, and applications. The tool helps teams build behavior-specific tests faster, improve regression coverage, and better validate whether AI systems follow product policies and safety expectations.
Microsoft has published a new investigator playbook to help security teams reconstruct AI-related activity across Microsoft 365 Copilot and Azure AI services. The guidance brings together telemetry, KQL queries, schema references, and detection logic across Purview, Defender, and Sentinel so investigators can move from isolated signals to a clear incident timeline.