Microsoft this week released one of the largest Patch Tuesday bundles in its history, delivering fixes for 163 new Microsoft CVEs in a month that includes three zero-days and eight Critical-rated vulnerabilities.
Microsoft is warning organizations about two active cybersecurity threats: a fast-moving ransomware campaign and a Russian espionage operation that abuses small office and home office routers to monitor victims' network traffic.
Microsoft this week says it has uncovered a large-scale, sophisticated AI-driven phishing campaign that uses automation and legitimate authentication processes to compromise accounts more effectively than traditional phishing attacks.
Two of the bigger authentication announcements to come out of the RSA Conference this week both point in the same direction: organizations need a more flexible, unified approach to identity security, especially as AI agents start acting alongside human workers.
Rubrik unveiled a new integration with Microsoft Defender at RSAC 2026, linking real-time identity threat detection with automated rollback and recovery capabilities.
Microsoft is hitting the brakes on its aggressive Copilot push in Windows 11, promising a sweeping quality overhaul that puts performance and reliability ahead of AI feature expansion .
AI adoption is forcing companies to trade security for speed -- and identity controls are the first casualty.
The Cybersecurity and Infrastructure Security Agency is urging U.S. organizations to strengthen security around Microsoft Intune and other endpoint management platforms after a cyberattack on medical technology giant Stryker Corp. disrupted operations and contributed to surgery delays at hospitals nationwide.
As geopolitical tensions escalate and nation-state cyberattacks increase, organizations must adopt an "assume breach" mindset and strengthen disaster recovery planning -- including preparing for physical threats to cloud infrastructure.
- By Joey D'Antoni
- 03/16/2026
Microsoft rolled out a trio of AI updates this week, spanning Microsoft 365 Copilot, Security Copilot and Microsoft Foundry.
Hackers are shifting their focus from "breaking in" to "logging in," according to the inaugural Cloudflare Threat Report, released in early March.
Microsoft's March 2026 Patch Tuesday includes fixes for 83 vulnerabilities affecting Windows, Office, SQL Server, Azure and .NET.
Security researchers are tracking two separate GitHub-related threat campaigns that use the platform's infrastructure in different ways -- one to deliver vishing lures through legitimate GitHub notifications, and another to push Windows users toward malware-infected downloads hosted through deceptive GitHub Pages and repositories.
Microsoft's Defender Security Research Team has identified a series of phishing campaigns in which an unknown attacker used digitally signed malware masked as common workplace applications to deploy remote monitoring and management tools as persistent backdoors on targeted systems.
Microsoft this week moved forward on two parallel tracks of its Windows strategy, releasing a new Windows 11 Beta Channel preview while unveiling an enterprise-focused 5G laptop management partnership with Ericsson aimed at simplifying connectivity oversight for IT departments.
Microsoft's February Patch Tuesday release addresses 58 vulnerabilities across Windows, Office and several other products, with six zero-day flaws highlighting the monthly release.
Microsoft's Defender Security Research Team has observed threat actors actively exploiting internet-exposed SolarWinds Web Help Desk instances in multi-stage intrusions that led to lateral movement toward high-value assets within targeted organizations.
Microsoft is adding security warning messages in Teams for organizations using default configurations, a move the company says is part of its Secure By Default initiative and aimed at increasing user awareness of potentially risky files and links without changing existing enforcement policies.
Microsoft announced a leadership shake-up Wednesday that will see Hayete Gallot return to the company as executive vice president of security, replacing Charlie Bell, who is shifting into a new role focused on Microsoft’s Quality Excellence Initiative.
Microsoft issued an out-of-band security update on Jan. 26 to address CVE-2026-21509, a Microsoft Office vulnerability the company said was being actively exploited at the time of disclosure.