Latest news and updates about Security.
Microsoft has announced new security capabilities across Agent 365, Defender for Cloud, GitHub Advanced Security, and Microsoft Purview. The updates focus on improving visibility into AI agent activity, strengthening code-to-runtime protection, and accelerating data security investigations for security and IT teams.
Microsoft has published a practical framework for CISOs and security leaders to run more effective risk reviews amid rising AI-enabled cyberthreats. The guidance focuses on eight review areas—from assets and applications to authentication, authorization, and network isolation—to help organizations shift from reactive response to proactive risk reduction.
Microsoft Sentinel UEBA now adds richer behavioral analytics for AWS CloudTrail data, giving security teams built-in context like first-time geography, uncommon ISP, unusual actions, and abnormal operation volume. The update helps defenders detect suspicious AWS activity faster and reduces the need for complex KQL baselines and manual enrichment.
Microsoft says AI is accelerating how vulnerabilities are found and exploited, shrinking the time defenders have to respond. In response, the company is expanding AI-driven vulnerability discovery, exposure management, and Defender-based protections, while also previewing a new multi-model scanning solution for customers in June 2026.
Microsoft has outlined detection strategies for identifying North Korea-aligned threat actors posing as remote IT hires to infiltrate organizations. The guidance focuses on correlating HR SaaS, identity, email, conferencing, and Microsoft 365 signals so security and HR teams can spot suspicious candidates before and after onboarding.
Microsoft is urging organizations to make opportunistic cyberattacks harder by removing credentials, shrinking public attack surfaces, and standardizing secure platform patterns. The guidance is especially relevant for teams running Azure, Dynamics 365, and Power Platform workloads at scale, where inconsistent architectures and exposed secrets can make lateral movement easier for attackers.
Microsoft has detailed a human-operated intrusion chain where attackers use cross-tenant Microsoft Teams chats to impersonate helpdesk staff and trick users into granting remote access through tools like Quick Assist. The campaign matters because it blends legitimate collaboration, remote support, and admin tools to enable lateral movement, persistence, and data exfiltration while appearing like normal IT activity.
Microsoft detailed how Defender’s predictive shielding can contain Active Directory domain compromise by restricting exposed high-privilege accounts before attackers can reuse stolen credentials. The capability helps security teams reduce lateral movement and close the response gap during fast-moving identity attacks.
Microsoft Threat Intelligence detailed a macOS-focused campaign by Sapphire Sleet that uses social engineering and fake software updates instead of exploiting vulnerabilities. The attack chain relies on user-initiated AppleScript and Terminal execution to bypass native macOS protections, making layered defenses, user awareness, and endpoint detection especially important.
Microsoft is urging organizations to treat cryptographic inventory as the first practical step toward post-quantum readiness. The company outlines a continuous cryptography posture management lifecycle to help security teams discover, assess, prioritize, and remediate cryptographic risks across code, networks, runtime, and storage.
Microsoft says traditional incident response principles still apply to AI systems, but teams must adapt to non-deterministic behavior, faster harm at scale, and new categories of risk. The company highlights the need for better AI telemetry, cross-functional response plans, and staged remediation to contain issues quickly while longer-term fixes are developed.
Microsoft is outlining an "agentic SOC" model that combines autonomous threat disruption with AI agents to accelerate investigations and reduce alert fatigue. The approach aims to shift security operations from reactive incident response to faster, more adaptive defense, giving SOC teams more time for strategic risk reduction and governance.