Microsoft Security Blog Expert coverage of cybersecurity topics
- Microsoft at Black Hat USA 2026: Defending trust in the age of AI and supply chain attacksby Elliot Volkman on July 17, 2026 at 4:00 pm
Join Microsoft Security at Black Hat USA 2026 for supply chain research, hands-on security experiences, expert conversations, and our reception. The post Microsoft at Black Hat USA 2026: Defending trust in the age of AI and supply chain attacks appeared first on Microsoft Security Blog.
- ACR Stealer: Two observed intrusion chains amid increased threat activityby Microsoft Security Research and Balaji Venkatesh S on July 16, 2026 at 11:12 pm
From late April 2026 to mid-June 2026, Microsoft Defender Experts observed increased ACR Stealer activity across customer environments. These campaigns are successfully using ClickFix lures to steal browser credentials, authentication tokens, and sensitive documents from enterprise environments. The post ACR Stealer: Two observed intrusion chains amid increased threat activity appeared first on Microsoft Security Blog.
- Least privilege for AI agents: Identity, access, and tool bindingby Yesenia Yser and Toby Kohlenberg on July 16, 2026 at 4:00 pm
As AI agents become more autonomous, strong identity, access, and auditing controls are critical to keeping them secure. The post Least privilege for AI agents: Identity, access, and tool binding appeared first on Microsoft Security Blog.
- Unpacking the AsyncAPI npm supply chain compromise and import-time payload deliveryby Microsoft Security Research, Ravikant Tiwari, Sagar Patil, Suriyaraj Natarajan and Arvind Gowda on July 16, 2026 at 1:36 am
Threat actors compromised AsyncAPI packages and weaponized trusted CI/CD workflows to distribute malware through npm. This analysis breaks down the attack chain, payload delivery, and recommended defenses. The post Unpacking the AsyncAPI npm supply chain compromise and import-time payload delivery appeared first on Microsoft Security Blog.
- Turning threat intelligence into decisive action with Defender Expertsby Aarti Borkar on July 15, 2026 at 4:00 pm
Security teams have never had more visibility, yet rarely have they felt more uncertain. Signal pours in from endpoints, identities, cloud workloads, and a sprawling mix of third-party tools. The post Turning threat intelligence into decisive action with Defender Experts appeared first on Microsoft Security Blog.
- Defending SaaS-based applications against ShinyHunters OAuth abuseby Microsoft Security Research and Microsoft Defender Security Research Team on July 13, 2026 at 10:02 pm
Microsoft Threat Intelligence identified threat actor activity with overlapping tradecraft commonly associated with ShinyHunters, including voice phishing (vishing), supply-chain compromise, and misconfigured guest access targeting SaaS-based applications. The post Defending SaaS-based applications against ShinyHunters OAuth abuse appeared first on Microsoft Security Blog.
- Microsoft Entra ID security updates: Passkeys are the default authentication method in Entra IDby Nadim Abdo on July 13, 2026 at 5:00 pm
Microsoft Entra ID makes passkeys the default sign-in experience and introduces a new model for SMS and voice authentication. Read about how to prepare. The post Microsoft Entra ID security updates: Passkeys are the default authentication method in Entra ID appeared first on Microsoft Security Blog.
- Securing our future: July 2026 progress report on Microsoftâs Secure Future Initiativeby Salim Chawro on July 10, 2026 at 4:00 pm
Microsoftâs latest Secure Future Initiative report outlines progress on secure foundations, AI-powered defense, and future-ready cybersecurity. The post Securing our future: July 2026 progress report on Microsoftâs Secure Future Initiative appeared first on Microsoft Security Blog.
- GigaWiper: Anatomy of a destructive backdoor assembled from multiple malwareby Microsoft Threat Intelligence on July 9, 2026 at 3:00 pm
GigaWiper, also tracked as BLUERABBIT, is a destructive backdoor that combines multiple wiping and ransomware-like capabilities into a single operational platform. This blog analyzes how the malware incorporates code from several previously separate malware families and provides guidance to help defenders detect and defend against similar threats. The post GigaWiper: Anatomy of a destructive backdoor assembled from multiple malware appeared first on Microsoft Security Blog.
- Protecting Microsoft at AI speed: How SFI proactively hardens our cloud  by Salim Chawro on July 8, 2026 at 5:00 pm
At Microsoft we encompass these security requirements, along with threat knowledge, and operational frameworks inâŻourâŻSecure Future Initiative (SFI),âŻto guide what a well-defended cloud service looks like. But defining the requirements is only the start. Meeting the requirements means continuously evaluating our live services against them, at AI speed. The post Protecting Microsoft at AI speed: How SFI proactively hardens our cloud  appeared first on Microsoft Security Blog.









