Security


Microsoft Moves Up Quantum Safe Security Timeline

Microsoft is accelerating its quantum-safe security timeline, saying advances in quantum computing and new federal requirements have pushed post-quantum cryptography from a future planning issue into an immediate engineering priority.

Microsoft Disrupts StegoAd Extension Campaign Affecting Up to 2.6 Million Users

Microsoft has disrupted a large malicious browser extension campaign that used hidden payloads, delayed execution and disposable developer accounts to evade detection while targeting users with ad fraud, credential theft and remote code execution capabilities.

Microsoft Disrupts StealC, Amadey Malware Infrastructure in AI-Assisted Cybercrime Action

Microsoft on Wednesday said it has disrupted infrastructure tied to StealC and Amadey, two widely used cybercrime tools that the company says have become part of a broader malware supply chain used to steal credentials, support fraud and enable ransomware attacks.

Where Air Gapped Backups Actually Fail, Part 2

Air gapped backups can still fail when configuration drift, lost encryption keys and routine human mistakes go unnoticed until recovery is needed.

Banks Targeted by Fileless Phantom Stealer Phishing Campaign

A new phishing campaign is targeting banks and other high-value organizations with Phantom Stealer, a commercially available infostealer that runs in memory to avoid traditional detection, according to new research from Fortra.

Where Air Gapped Backups Actually Fail, Part 1

Air gapped backups can provide critical ransomware resilience, but restore testing gaps, documentation drift and media rotation mistakes can leave organizations unsure whether they can actually recover.

Microsoft Makes Copilot Cowork Generally Available Worldwide

Microsoft on Tuesday announced the general availability of Copilot Cowork, moving one of its major agentic AI tools out of preview and into broader enterprise use.

Microsoft June Patch Tuesday Breaks Records, Includes 4 Zero-Day Fixes

Microsoft's June Patch Tuesday release is one of the largest in company history, but the bigger concern for enterprise IT teams is the handful of zero-days already known to attackers and researchers.

Supply Chain Attack Hits Microsoft GitHub Repos, AI Coding Tools

GitHub disabled 73 Microsoft repositories on June 5 after a malicious commit landed in an Azure project, in what researchers described as a supply chain attack aimed at developer workstations and AI coding environments.

Active Directory Basics Are Anything but Basic

Microsoft MVP Derek Melber explains why real AD knowledge depends on understanding how Group Policy, replication and DNS behave in production.

Microsoft 365 Android Coding Error Put Account Tokens at Risk

A coding error in several Microsoft 365 Android apps could have allowed a malicious app on the same device to silently obtain account tokens and act as the signed-in user, according to new research from Enclave.

White House AI Order Focuses on Security Without New Regulatory Clampdown

President Donald Trump signed a new executive order Tuesday that aims to keep the United States ahead in AI while giving the federal government a limited role in reviewing the security risks tied to the most advanced models.

Microsoft Uses Build 2026 To Put AI Agents at the Center of Windows

Microsoft used Build 2026 to position Windows as a platform for building and running AI agents, expanding its developer focus beyond AI-assisted apps and into agents that can act across local devices, cloud environments and enterprise systems.

FBI Urges Microsoft 365 Defenders To Watch for Kali365 Phishing Attacks

The FBI is warning orgs about Kali365, a phishing-as-a-service kit that can help attackers get around multifactor authentication protections in Microsoft 365 environments by stealing access tokens instead of passwords.

Shards

Microsoft Disrupts Fox Tempest Malware-Signing Service Used in Ransomware Attacks

Microsoft has disrupted a cybercrime service that allegedly helped ransomware operators and other attackers make malware appear as verified software, the company said last week.

Microsoft Open Sources AI Safety Tools for Agent Development

Microsoft released RAMPART and Clarity as open-source projects intended to help developers test AI agents earlier in the software lifecycle and turn red-team findings into repeatable engineering checks.

Cybersecurity Concerns Push SMBs To Increase Spending

More than half of small and midsize businesses rank cybersecurity and data protection among their top priorities, with many planning to increase security spending as AI adoption adds new risks, according to a new IDC survey commissioned by Sage.

Microsoft Pushes Agentic AI Security with New Multi-Model Defense System

A new agentic AI security multi-model defense system built by Microsoft's Autonomous Code Security team helped researchers find 16 new vulnerabilities across the Windows networking and authentication stack.

No Zero-Days, but Plenty to Patch in Microsoft May Update

Microsoft's May Patch Tuesday release broke a long zero-day streak, arriving without any vulnerabilities listed as exploited or publicly disclosed.

Using LLMs in SecOps Without Handing AI the Keys

TechMentor speaker Heather Wilde Renze says LLMs can help security teams move faster, but data boundaries, review loops and access controls need to come first.

Subscribe on YouTube