Onyx Sleet uses array of malware to gather intelligence for North Korea
On July 25, 2024, the United States Department of Justice (DOJ) indicted an individual linked to the North Korean threat...
On July 25, 2024, the United States Department of Justice (DOJ) indicted an individual linked to the North Korean threat...
Microsoft discovered and responsibly disclosed two vulnerabilities in Rockwell Automation PanelView Plus that could be remotely exploited by unauthenticated attackers,...
In generative AI, jailbreaks, also known as direct prompt injection attacks, are malicious user inputs that attempt to circumvent an...
Generative AI systems are made up of multiple components that interact to provide a rich user experience between the human...
Since mid-April 2024, Microsoft Threat Intelligence has observed the threat actor Storm-1811 misusing the client management tool Quick Assist to...
Microsoft discovered a path traversal-affiliated vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite...
Microsoft Threat Intelligence is publishing results of our longstanding investigation into activity by the Russian-based threat actor Forest Blizzard (STRONTIUM)...
Attackers are constantly seeking new vulnerabilities to compromise Kubernetes environments. Microsoft recently uncovered an attack that exploits new critical vulnerabilities...
As we continue to integrate generative AI into our daily lives, it’s important to understand the potential harms that can...
Cybercriminals use social engineering during holidays and important events like tax season to steal user information. Our new Microsoft Threat...
Microsoft Threat Intelligence has uncovered a supply chain attack by the North Korea-based threat actor Diamond Sleet (ZINC) involving a...
Threat actors are misusing OAuth applications as an automation tool in financially motivated attacks. OAuth is an open standard for...
Microsoft Threat Intelligence continues to track and disrupt malicious activity attributed to a Russian state-sponsored actor we track as Star...
Microsoft discovered, responsibly disclosed, and helped remediate four vulnerabilities that could be remotely exploited by unauthenticated attackers in Perforce Helix...
Since mid-November 2023, Microsoft Threat Intelligence has observed threat actors, including financially motivated actors like Storm-0569, Storm-1113, Sangria Tempest, and...
Jupyter notebooks are continuing to grow in popularity in information security as an alternative or supplement to mainstream security operations...
Over the last year, the speed, scale, and sophistication of attacks has increased alongside the rapid development and adoption of...
Since November 2023, Microsoft has observed a distinct subset of Mint Sandstorm (PHOSPHORUS) targeting high-profile individuals working on Middle Eastern...
The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our...
US lawmakers have demanded an investigation into the hack of the Securities and Exchange Commission (SEC)’s X (formerly Twitter) account...
A new threat intelligence assessment released by Microsoft’s Threat Analysis Center (MTAC) has warned of potential unprecedented challenges to the...
Threat intelligence experts from Group-IB have shed light on the hacktivist collective known as Mysterious Team Bangladesh.In a report published...
Governments and private organisations have around 20 minutes to detect and contain a hack from Russian nation-state actors. New statistics...
TLDR: Canary tokens are not new but can help give you some Intel into your attackers, be it insider or...