SecurityMicrosoft researchers found that safety-aligned language models can lose their guardrails through GRPO fine-tuning, even when trained on as little as a single harmful prompt scored to reward dangerous compliance instead of refusal. The finding matters because it shows that downstream customization can quietly undo built-in safety protections, creating a serious governance, security, and risk-management challenge for organizations deploying internal AI assistants and custom models.
3 min read · Feb 9, 2026
SecurityMicrosoft is warning that internet-exposed SolarWinds Web Help Desk servers are being actively exploited for unauthenticated remote code execution, with attackers chaining built-in tools like PowerShell and BITS, plus legitimate remote management software, to stay stealthy and expand access. The activity matters because a single vulnerable WHD instance can become a low-noise path to credential theft, privilege escalation, and broader domain compromise, underscoring the need to patch known WHD flaws and monitor for unusual admin-tool usage.
3 min read · Feb 7, 2026
SecurityResearchers are tracking a new ClickFix variant called CrashFix that uses a malicious browser extension to trigger delayed browser crashes, then shows a fake repair prompt that tricks users into running attacker-supplied commands themselves. The campaign matters because it combines social engineering, LOLBin abuse such as a renamed finger.exe loader, and script-based payloads like a Python RAT to evade traditional defenses and increase infection success without relying on software exploits.
3 min read · Feb 5, 2026
SecurityMicrosoft is backing the FBI Cyber Division’s Operation Winter SHIELD, a nine-week cybersecurity initiative starting February 2, 2026, focused on helping organizations enforce practical guardrails against common breach paths like weak credentials, legacy authentication, over-privileged accounts, unpatched systems, and misconfigurations. The effort matters because it shifts security from policy and awareness to real-world implementation, using incident-driven guidance and secure-by-default controls to close the execution gaps attackers most often exploit.
3 min read · Feb 5, 2026
SecurityMicrosoft Research has identified practical signs that open-weight language models may be backdoored, including unusual attention patterns around trigger tokens, sudden drops in output entropy, and possible leakage of poisoning data. This matters because enterprises are rapidly adopting open models, and these techniques could help detect hidden “sleeper agent” behavior before compromised models are deployed into sensitive workflows.
3 min read · Feb 4, 2026