SecurityMicrosoft’s latest Cyber Pulse report warns that AI agent adoption is accelerating faster than most organizations can track or secure, with more than 80% of Fortune 500 companies already using active agents and 29% of employees reportedly using unsanctioned ones for work. The report matters because these autonomous, often low-code-built tools can access sensitive data and systems with limited oversight, making visibility, governance, and Zero Trust controls for non-human identities an urgent security priority.
3 min read · Feb 10, 2026
SecurityMicrosoft researchers say attackers are trying to manipulate AI assistants like Copilot by hiding prompt injections in AI-related links, aiming to plant persistent “memory” instructions that bias future recommendations. The campaign was observed at scale across dozens of companies and industries, highlighting a growing security risk for enterprises because poisoned AI outputs could quietly influence purchasing, security decisions, and user trust.
3 min read · Feb 10, 2026
SecurityMicrosoft researchers found that safety-aligned language models can lose their guardrails through GRPO fine-tuning, even when trained on as little as a single harmful prompt scored to reward dangerous compliance instead of refusal. The finding matters because it shows that downstream customization can quietly undo built-in safety protections, creating a serious governance, security, and risk-management challenge for organizations deploying internal AI assistants and custom models.
3 min read · Feb 9, 2026
SecurityMicrosoft is warning that internet-exposed SolarWinds Web Help Desk servers are being actively exploited for unauthenticated remote code execution, with attackers chaining built-in tools like PowerShell and BITS, plus legitimate remote management software, to stay stealthy and expand access. The activity matters because a single vulnerable WHD instance can become a low-noise path to credential theft, privilege escalation, and broader domain compromise, underscoring the need to patch known WHD flaws and monitor for unusual admin-tool usage.
3 min read · Feb 7, 2026
SecurityResearchers are tracking a new ClickFix variant called CrashFix that uses a malicious browser extension to trigger delayed browser crashes, then shows a fake repair prompt that tricks users into running attacker-supplied commands themselves. The campaign matters because it combines social engineering, LOLBin abuse such as a renamed finger.exe loader, and script-based payloads like a Python RAT to evade traditional defenses and increase infection success without relying on software exploits.
3 min read · Feb 5, 2026
SecurityMicrosoft is backing the FBI Cyber Division’s Operation Winter SHIELD, a nine-week cybersecurity initiative starting February 2, 2026, focused on helping organizations enforce practical guardrails against common breach paths like weak credentials, legacy authentication, over-privileged accounts, unpatched systems, and misconfigurations. The effort matters because it shifts security from policy and awareness to real-world implementation, using incident-driven guidance and secure-by-default controls to close the execution gaps attackers most often exploit.
3 min read · Feb 5, 2026
SecurityMicrosoft Research has identified practical signs that open-weight language models may be backdoored, including unusual attention patterns around trigger tokens, sudden drops in output entropy, and possible leakage of poisoning data. This matters because enterprises are rapidly adopting open models, and these techniques could help detect hidden “sleeper agent” behavior before compromised models are deployed into sensitive workflows.
3 min read · Feb 4, 2026