Research

Explore in-depth research on the latest cybersecurity threats, trends, and defense strategies. Get insights from Microsoft that’ll help you better understand and respond to today’s challenges.

Refine Results

Filtered by

Clear All

Research

Refine results

Sort By

Content Type

Topic

Products and services

Publish date

Start Date

End Date

Simplify endpoint management with Microsoft Intune

Microsoft Intune is a cloud-based unified endpoint management platform that empowers IT to manage, assess, and protect apps and devices.

Learn more
March 6

21 min read

AI as tradecraft: How threat actors operationalize AI

Threat actors are operationalizing AI to scale and sustain malicious activity, accelerating tradecraft and increasing risk for defenders, as illustrated by recent activity from North Korean groups such as Jasper Sleet and Coral Sleet (formerly Storm-1877).
March 5

6 min read

Malicious AI Assistant Extensions Harvest LLM Chat Histories

Malicious AI browser extensions collected LLM chat histories and browsing data from platforms such as ChatGPT and DeepSeek.
March 4

15 min read

Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale

Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 organizations monthly, prompting Microsoft’s Digital Crimes Unit (DCU) to work with Europol and industry partners to facilitate a disruption of Tycoon2FA’s infrastructure and operations.
March 3

12 min read

Signed malware impersonating workplace apps deploys RMM backdoors

Signed malware backed by a stolen EV certificate deployed legitimate RMM tools to gain persistent access inside enterprise environments.
Secure and verify every identity with Microsoft Entra

Microsoft Entra expands beyond identity and access management with new product categories such as cloud infrastructure entitlement management (CIEM) and decentralized identity.

Learn more
March 2

10 min read

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path.
February 26

8 min read

Threat modeling AI applications

AI threat modeling helps teams identify misuse, emergent risk, and failure modes in probabilistic and agentic AI systems.
February 24

14 min read

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.
February 19

12 min read

Running OpenClaw safely: identity, isolation, and runtime risk

Self-hosted agents execute code with durable credentials and process untrusted input.
Prevent threats with Microsoft Defender

The Microsoft Defender family offers comprehensive threat prevention, detection, and response capabilities for everyone—from individuals looking to protect their family to the world’s largest enterprises.

Explore products
February 12

17 min read

Detecting and mitigating common agent misconfigurations

Agents are increasingly powerful. With that power comes risk: small misconfigurations, over‑broad sharing, unauthenticated access, and weak orchestration controls can create real exposure.
February 10

15 min read

Manipulating AI memory for profit: The rise of AI Recommendation Poisoning

That helpful “Summarize with AI” button? It might be secretly manipulating what your AI recommends.
February 9

3 min read

A one-prompt attack that breaks LLM safety alignment

As LLMs and diffusion models power more applications, their safety alignment becomes critical.
February 6

5 min read

Analysis of active exploitation of SolarWinds Web Help Desk

We are seeing exploitation of SolarWinds Web Help Desk via CVE‑2025‑40551 and CVE‑2025‑40536 that can lead to domain compromise; here is how to patch, hunt, and mitigate now.