GitHub disabled 73 Microsoft repositories on June 5 after a malicious commit landed in an Azure project, in what researchers described as a supply chain attack aimed at developer workstations and AI coding environments.
Microsoft MVP Derek Melber explains why real AD knowledge depends on understanding how Group Policy, replication and DNS behave in production.
A coding error in several Microsoft 365 Android apps could have allowed a malicious app on the same device to silently obtain account tokens and act as the signed-in user, according to new research from Enclave.
President Donald Trump signed a new executive order Tuesday that aims to keep the United States ahead in AI while giving the federal government a limited role in reviewing the security risks tied to the most advanced models.
Microsoft used Build 2026 to position Windows as a platform for building and running AI agents, expanding its developer focus beyond AI-assisted apps and into agents that can act across local devices, cloud environments and enterprise systems.
The FBI is warning orgs about Kali365, a phishing-as-a-service kit that can help attackers get around multifactor authentication protections in Microsoft 365 environments by stealing access tokens instead of passwords.
Microsoft has disrupted a cybercrime service that allegedly helped ransomware operators and other attackers make malware appear as verified software, the company said last week.
Microsoft released RAMPART and Clarity as open-source projects intended to help developers test AI agents earlier in the software lifecycle and turn red-team findings into repeatable engineering checks.
More than half of small and midsize businesses rank cybersecurity and data protection among their top priorities, with many planning to increase security spending as AI adoption adds new risks, according to a new IDC survey commissioned by Sage.
A new agentic AI security multi-model defense system built by Microsoft's Autonomous Code Security team helped researchers find 16 new vulnerabilities across the Windows networking and authentication stack.
Microsoft's May Patch Tuesday release broke a long zero-day streak, arriving without any vulnerabilities listed as exploited or publicly disclosed.
TechMentor speaker Heather Wilde Renze says LLMs can help security teams move faster, but data boundaries, review loops and access controls need to come first.
Microsoft on Friday announced the general availability of Agent 365, its control plane for governing and securing AI agents across enterprise environments, alongside the release of Microsoft 365 E7.
Dashmeet Kaur Ajmani discusses how Windows now isolates key credential material, why legacy authentication assumptions can create risk and what teams should watch for when hardening production environments.
Microsoft issued a report warning users about a popular attack method that involves a "human-operated" attack playbook, in which hackers impersonate IT helpdesk staff using Microsoft Teams to gain access to company systems and steal data.
Microsoft this week released one of the largest Patch Tuesday bundles in its history, delivering fixes for 163 new Microsoft CVEs in a month that includes three zero-days and eight Critical-rated vulnerabilities.
Microsoft is warning organizations about two active cybersecurity threats: a fast-moving ransomware campaign and a Russian espionage operation that abuses small office and home office routers to monitor victims' network traffic.
Microsoft this week says it has uncovered a large-scale, sophisticated AI-driven phishing campaign that uses automation and legitimate authentication processes to compromise accounts more effectively than traditional phishing attacks.
Two of the bigger authentication announcements to come out of the RSA Conference this week both point in the same direction: organizations need a more flexible, unified approach to identity security, especially as AI agents start acting alongside human workers.
Rubrik unveiled a new integration with Microsoft Defender at RSAC 2026, linking real-time identity threat detection with automated rollback and recovery capabilities.