Latest news and updates about Security.
Microsoft detailed a multi-stage intrusion where attackers compromised an internet-facing F5 BIG-IP appliance, pivoted to an internal Linux host, then exploited Confluence to steal credentials and target Active Directory. The incident highlights how edge devices, Linux systems, and SaaS apps can become linked attack paths in hybrid environments, making broader monitoring and patching essential.
Microsoft Security’s May 2026 updates focus on improving visibility and control across data, identities, and AI-driven environments. Highlights include the general availability of the new Purview Data Security Posture Management experience, deeper investigations with OCR and custom examinations, Entra ID Account recovery, and expanded preview for Windows 365 for Agents.
Microsoft has disclosed an active supply chain attack involving compromised @antv npm packages that used malicious preinstall scripts to steal credentials from GitHub Actions and other CI/CD environments. The campaign matters because it spread through popular downstream dependencies, putting developer pipelines, cloud secrets, and software supply chains at risk.
Microsoft’s latest Deputy CISO post explains why securing gaming requires a different approach than traditional enterprise IT. The company outlines the distinct risks across gaming platforms, studios, and shared central teams, and highlights how Entra ID, Purview, Defender for Cloud, and Sentinel help balance security with player experience and developer agility.
Microsoft has open-sourced RAMPART and Clarity, two tools aimed at improving safety in agentic AI development. RAMPART brings repeatable adversarial and regression testing into CI pipelines, while Clarity helps teams challenge design assumptions early before code is written.
Microsoft has disrupted Fox Tempest, a malware-signing-as-a-service operation that helped cybercriminals make ransomware and other malware appear legitimately signed. The takedown matters because the group abused Microsoft Artifact Signing, created more than 1,000 fraudulent certificates, and enabled attacks that could bypass security controls more easily.
Microsoft detailed how Storm-2949 turned a socially engineered Microsoft Entra ID compromise into broad data theft across Microsoft 365 and Azure. The case highlights how identity attacks can escalate quickly through legitimate cloud management features, making stronger MFA controls, monitoring, and cross-platform detections critical for defenders.
Microsoft is urging small and medium businesses to treat cybersecurity as a core business risk as AI makes phishing, malware, and identity attacks faster and more effective. The company highlights Microsoft 365 Business Premium and integrated security controls as a practical way for growing businesses to protect users, devices, email, and cloud apps without adding major complexity.
Microsoft outlines a defense-in-depth approach for securing autonomous AI agents as they move from assisting users to taking actions across systems. The guidance emphasizes that the application layer—not just the model—is the most important control point for limiting permissions, enforcing human review, and reducing blast radius in production.
Microsoft warns that insecure AI app deployments are creating exploitable misconfigurations, especially on Kubernetes, where public exposure and weak authentication can lead to remote code execution, credential theft, and data exposure. The research highlights risks in MCP servers, Mage AI, kagent, and AutoGen Studio, and reinforces the need for hardening and continuous posture monitoring with tools like Defender for Cloud.
Microsoft Threat Intelligence detailed how Kazuar has evolved from a traditional backdoor into a modular peer-to-peer botnet used by the Russian state actor Secret Blizzard. The report matters for defenders because the malware’s Kernel, Bridge, and Worker architecture is designed to reduce visibility, improve resilience, and support long-term espionage operations.
Microsoft unveiled MDASH, a new multi-model agentic security system that helped identify 16 previously unknown vulnerabilities in the Windows networking and authentication stack, including four critical remote code execution flaws. The announcement matters for security teams because it shows AI-driven vulnerability discovery is moving from research into production-scale defensive operations, with strong benchmark results and a limited private preview now underway.