Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...
Microsoft

Intent redirection vulnerability in third-party SDK exposed millions of Android wallets to potential risk

A severe Android intent‑redirection vulnerability in a widely deployed SDK exposed sensitive user data across millions of ...
Microsoft

Inside an AI‑enabled device code phishing campaign

A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation.
Microsoft

The agentic SOC—Rethinking SecOps for the next decade

In the SOC of the future, autonomous defense moves at machine speed, agents add context and coordination, and humans focus on ...
Microsoft

Threat actor abuse of AI accelerates from tool to cyberattack surface

Generative AI is upgrading cyberattacks, from 450% higher phishing click‑through rates to industrialized MFA bypass. Learn ...
Microsoft

Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations

The financially motivated cybercriminal threat actor Storm-1175 operates high-velocity ransomware campaigns that weaponize ...
Microsoft

AI Decision Brief: How leaders can drive Frontier Transformation

Microsoft leaders share how to drive Frontier Transformation—scaling AI for real business impact across workflows, decisions, ...
Microsoft

Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments

Cookie-gated PHP webshells use obfuscation, php-fpm execution, and cron-based persistence to evade detection in Linux hosting ...
Microsoft

New and improved: Multi-agent orchestration, connected experiences, and faster prompt iteration

But in practice, prompt iteration has historically felt disjointed and slow. Makers previously balanced their flow of work ...
Microsoft

Applying security fundamentals to AI: Practical advice for CISOs

Read actionable advice for CISOs on securing AI, managing risk, and applying core security principles in today’s AI‑powered ...
Microsoft

WhatsApp malware campaign delivers VBScript and MSI backdoors

A malware campaign uses WhatsApp messages to deliver VBS scripts that initiate a multi-stage infection chain. The attack ...
Microsoft

The threat to critical infrastructure has changed. Has your readiness?

Critical infrastructure faces a new threat landscape as attackers embed persistent access. Governments are enforcing stronger ...