SecurityMicrosoft says the Storm-2561 threat group is using SEO poisoning and fake vendor-branded download pages to trick users searching for VPN software into installing trojanized clients. The campaign matters because the malware steals VPN credentials and configuration data, uses GitHub-hosted payloads and a legitimate code-signing certificate to appear trustworthy, and could give attackers a stealthy path into enterprise networks.
3 min read · Mar 16, 2026
SecurityMicrosoft warned that a recent attack used Teams-based voice phishing to impersonate IT support, trick an employee into approving a Quick Assist session, and then steal credentials, deploy malware, and expand access using legitimate Windows tools. The incident matters because it shows how attackers can bypass traditional patch-focused defenses by exploiting trust in everyday collaboration and remote support workflows, making stronger identity protections, user verification, and remote-access controls essential.
3 min read · Mar 16, 2026
SecurityMicrosoft announced new Microsoft Purview updates for Fabric focused on safer AI and data use, including generally available Data Loss Prevention policies for Warehouses, preview access restrictions for sensitive data in databases and Warehouses, and expanded Insider Risk Management for lakehouses. These changes matter because they help organizations reduce oversharing and data theft risks while improving governance and visibility as they scale AI initiatives in Microsoft Fabric.
3 min read · Mar 16, 2026
SecurityMicrosoft warns that the ongoing “Contagious Interview” campaign is targeting software developers by disguising malware as recruiter outreach, coding tests, GitHub repositories, and even Visual Studio Code tasks. The threat matters because compromised developer devices can give attackers a path into source code, CI/CD systems, cloud environments, and sensitive secrets, turning the hiring process into a high-impact enterprise attack vector.
3 min read · Mar 11, 2026
SecurityMicrosoft has introduced Agent 365, a centralized control plane for managing enterprise AI agents across Microsoft and partner ecosystems, with tools for inventory, observability, risk monitoring, and policy enforcement. It matters because it brings identity, access, and security governance to AI agents through Microsoft Entra, Defender, and Purview, helping organizations safely scale agentic AI while reducing the risks of unmanaged autonomous systems.
3 min read · Mar 9, 2026
SecurityMicrosoft Threat Intelligence says attackers are already using AI mainly as an accelerator for existing cyberattack tactics, including phishing, reconnaissance, stolen-data triage, and code generation, rather than as a wholly new attack method. This matters because AI lowers the skill and time required for common operations, helping threat actors scale campaigns and maintain persistence, which means defenders need to focus on strengthening controls around familiar attack paths that can now move faster.
3 min read · Mar 6, 2026
SecurityMicrosoft is urging organizations to treat gender diversity in cybersecurity as a business and risk-management priority, arguing that broader perspectives improve threat modeling, innovation, and decision-making as AI and threats evolve. The post highlights that women make up only about 24% of the global cybersecurity workforce and calls on IT leaders to go beyond hiring by improving job descriptions, creating visible role models, and building inclusive training and long-term career pathways.
3 min read · Mar 5, 2026
SecurityMicrosoft Defender found malicious Chromium browser extensions masquerading as popular AI assistant add-ons that can harvest sensitive ChatGPT and DeepSeek prompts, responses, visited URLs, and internal browsing context, then quietly exfiltrate that data over routine-looking HTTPS traffic. The discovery matters because these extensions reportedly reached about 900,000 installs and appeared across more than 20,000 enterprise tenants, turning trusted browser marketplaces and everyday AI workflows into a significant data-loss risk for organizations.
3 min read · Mar 5, 2026
SecurityMicrosoft says the Tycoon2FA phishing-as-a-service kit has enabled attackers to bypass MFA at massive scale by using adversary-in-the-middle proxying to steal session cookies during real logins. That matters because organizations cannot rely on passwords and MFA alone to stop account takeovers—defenders must also revoke active sessions, harden authentication controls, and prepare for highly automated phishing campaigns that can reach hundreds of thousands of organizations.
3 min read · Mar 4, 2026
SecurityMicrosoft Defender Experts uncovered phishing campaigns that use fake meeting, invoice, and document lures to deliver malware installers disguised as trusted apps like Teams, Zoom, and Adobe Reader. What makes this notable is that the installers were signed with an EV certificate and used to deploy legitimate remote management tools such as ScreenConnect and Tactical RMM, giving attackers stealthy initial access that can blend into normal enterprise IT activity.
3 min read · Mar 3, 2026
SecurityMicrosoft says attackers are abusing a normal Microsoft Entra ID OAuth redirect behavior to turn trusted login links into phishing or malware delivery paths, often by forcing an OAuth error and sending victims to attacker-controlled redirect URIs. The campaign matters because it can bypass user suspicion and some security filters without stealing tokens, and it has been observed targeting government and public-sector organizations.
3 min read · Mar 2, 2026
SecurityMicrosoft says traditional threat modeling is no longer enough for generative and agentic AI apps because these systems are nondeterministic, easier to manipulate through prompt injection, and increasingly connected to tools, memory, and autonomous workflows. The guidance matters because it helps security teams anticipate AI-specific risks like tool misuse, privilege escalation, and silent data leakage before they turn into real-world exploits.
3 min read · Feb 26, 2026