Latest news and updates about Security.
Microsoft Defender Security Research detailed a new AI-assisted approach for generating high-fidelity synthetic attack logs from attacker TTPs and actions. The research could help security teams speed up detection engineering, test more attack scenarios, and reduce reliance on costly lab simulations while protecting sensitive data.
Microsoft says DDoS attacks against consumer web properties are becoming more frequent, stealthier, and increasingly focused on application-layer abuse rather than simple bandwidth floods. The company recommends a defense-in-depth approach using resilient application design, edge protections, telemetry, and Azure services such as DDoS Protection and Web Application Firewall to keep services available under attack.
Microsoft Incident Response detailed a stealthy intrusion in which attackers abused a compromised third-party IT services provider and trusted management tools to gain long-term access. The case highlights how legitimate admin channels, identity infrastructure, and web-based persistence can be misused, making stronger monitoring of trusted relationships critical for defenders.
Microsoft has warned of active exploitation involving the newly disclosed Dirty Frag Linux local privilege escalation vulnerability, which can help attackers move from a low-privileged account to root. The issue affects kernel networking components such as esp4, esp6, and rxrpc, making it especially important for administrators to review module exposure, restrict local access, and prepare for vendor kernel patches.
Microsoft Defender researchers disclosed two fixed vulnerabilities in Semantic Kernel that could let prompt injection escalate into host-level remote code execution in AI agents. The findings matter because they show how unsafe tool parameter handling in agent frameworks can turn natural language inputs into code execution paths, raising the stakes for organizations building or securing AI-powered apps.
Microsoft outlined major passkey and account recovery updates across Entra ID, Windows, External ID, and Microsoft Password Manager as part of World Passkey Day. The changes matter for IT teams because they expand phishing-resistant sign-in options, improve recovery security, and continue the retirement of weaker authentication methods such as security questions.
Microsoft says it has been named an Overall Leader and Market Leader in KuppingerCole Analysts’ 2026 Emerging AI Security Operations Center report. The announcement highlights Microsoft’s push beyond traditional SOAR toward AI-driven, agent-assisted security operations in Sentinel and Security Copilot to help SOC teams improve speed, consistency, and scale.
Microsoft has identified a new ClickFix-style campaign targeting macOS users with fake troubleshooting and utility instructions hosted on blogs and content platforms. Instead of downloading apps, victims are tricked into running Terminal commands that bypass typical macOS app checks and deploy infostealers such as Macsync, SHub Stealer, and AMOS.
Microsoft has detailed a large-scale adversary-in-the-middle (AiTM) phishing campaign that used fake code-of-conduct investigations to steal authentication tokens. The attack combined polished social engineering, staged CAPTCHA pages, and a legitimate Microsoft sign-in flow, highlighting why phishing-resistant protections and stronger email defenses matter.
Microsoft has detailed CVE-2026-31431, a high-severity Linux local privilege escalation flaw that can grant root access across major distributions and cloud-hosted workloads. The issue matters because it affects shared-kernel environments such as containers and Kubernetes, increasing the risk of container escape, lateral movement, and host compromise if systems are not patched quickly.
Microsoft Agent 365 is now generally available for commercial customers, giving IT and security teams a unified control plane to observe, govern, and secure AI agents across Microsoft 365, endpoints, and cloud environments. New preview capabilities also extend visibility to shadow AI, local Windows agents, multicloud agent platforms, and policy-based controls through Defender and Intune.
Microsoft reports 8.3 billion phishing emails detected in Q1 2026, with QR code phishing more than doubling and CAPTCHA-gated campaigns evolving quickly. The findings matter for security teams because attackers are shifting toward link-based credential theft, while disruption efforts against Tycoon2FA show coordinated action can reduce phishing impact.