Microsoft Security Blog
Your source for the latest in cybersecurity
What’s new, updated, or recently released in Microsoft Security
Stay ahead of emerging threats with Microsoft’s newest security innovations and updates, delivered through the In the Loop series.
Building your cryptographic inventory: A customer strategy for cryptographic posture management
Learn how to build a comprehensive cryptographic inventory and strengthen quantum‑safe readiness using Microsoft Security tools, best‑practice lifecycle models, and partner solutions.
The agentic SOC—Rethinking SecOps for the next decade
In the SOC of the future, autonomous defense moves at machine speed, agents add context and coordination, and humans focus on judgment, risk, and outcomes.
Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise
The Microsoft Defender Security Research Team uncovered a sophisticated macOS intrusion campaign attributed to the North Korean threat actor Sapphire Sleet that abuses user driven execution and social engineering to bypass macOS security protections and steal credentials, cryptocurrency assets, and sensitive data.
Threat intelligence
-
Email threat landscape: Q1 2026 trends and insights
In early 2026, email threats increased with a rise in credential phishing, QR code phishing, and CAPTCHA-gated campaigns, highlighted by Microsoft’s disruption of the Tycoon2FA phishing platform which led to a 15% volume decrease and shifts in threat actor tactics. -
Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise
The Microsoft Defender Security Research Team uncovered a sophisticated macOS intrusion campaign attributed to the North Korean threat actor Sapphire Sleet that abuses user driven execution and social engineering to bypass macOS security protections and steal credentials, cryptocurrency assets, and sensitive data. -
Investigating Storm-2755: “Payroll pirate” attacks targeting Canadian employees
Microsoft Incident Response – Detection and Response Team (DART) researchers observed an emerging, financially motivated threat actor, tracked as Storm-2755, compromising Canadian employee accounts to gain unauthorized access to employee profiles and divert salary payments to attacker-controlled accounts.
Stay ahead of threats
Get expert insights, threat intelligence, and the latest cybersecurity reports from Security Insider.
AI and machine learning
-
What’s new, updated, or recently released in Microsoft Security
Stay ahead of emerging threats with Microsoft’s newest security innovations and updates, delivered through the In the Loop series. -
Building your cryptographic inventory: A customer strategy for cryptographic posture management
Learn how to build a comprehensive cryptographic inventory and strengthen quantum‑safe readiness using Microsoft Security tools, best‑practice lifecycle models, and partner solutions. -
Incident response for AI: Same fire, different fuel
AI changes how incidents unfold and how we respond.
Modernize your security operations center
Confidently secure your multicloud, multiplatform environment with Microsoft Sentinel – a cloud-native security information and event management (SIEM) solution.
Latest posts
-
What’s new, updated, or recently released in Microsoft Security
Stay ahead of emerging threats with Microsoft’s newest security innovations and updates, delivered through the In the Loop series. -
Email threat landscape: Q1 2026 trends and insights
In early 2026, email threats increased with a rise in credential phishing, QR code phishing, and CAPTCHA-gated campaigns, highlighted by Microsoft’s disruption of the Tycoon2FA phishing platform which led to a 15% volume decrease and shifts in threat actor tactics. -
8 best practices for CISOs conducting risk reviews
Embracing strong proactive security is something we can all do to mitigate our increased exposure to security threats. -
Simplifying AWS defense with Microsoft Sentinel UEBA
Learn how Microsoft Sentinel UEBA helps defenders distinguish benign AWS activity from attacker behavior by enriching raw CloudTrail logs with clear, binary behavioral signals derived from baseline user, peer, and device behavior patterns. -
AI-powered defense for an AI-accelerated threat landscape
Read how Microsoft is partnering with Anthropic and broader industry to use leading models, paired with our platforms and expertise, to turn AI-driven discovery into protection at scale. -
Detection strategies across cloud and identities against infiltrating IT workers
The shift to remote and hybrid work since the pandemic expanded global hiring and accelerated digital onboarding, increasing reliance on online identity verification and remote access.