Microsoft said it has disrupted RedVDS, a global cybercrime subscription service used by financially motivated attackers to carry out business email compromise, mass phishing and account takeover campaigns.
Microsoft rang in 2026 with its biggest January Patch Tuesday rollout in four years, shipping fixes for 113 vulnerabilities across Windows, Office and other products
Microsoft has begun out new AI-powered incident prioritization capabilities in Microsoft Defender alongside an expanded suite of proactive incident response services, giving security teams more tools to prevent, detect and recover from cybersecurity threats.
Microsoft closed out 2025 with its final Patch Tuesday release. This month's update fixes 56 vulnerabilities across Windows, Office and several other products, and includes three zero-day flaw fixes.
Microsoft is bringing advanced endpoint management capabilities from its Intune Suite directly into Microsoft 365 E3 and E5 subscriptions.
Microsoft is tightening security around its Entra ID sign-in process by blocking external script injection, a move that could force some orgs to rethink their browser extension strategies.
At Ignite 2025, Microsoft doubled down on its Copilot strategy, announcing new agents and capabilities that bring deeper intelligence and automation to everyday workflows in Microsoft 365.
In what may be the first publicly known case of a state-sponsored cyber-espionage campaign using a large language model, Anthropic reported that attackers linked to China leveraged its Claude Code AI to carry out intrusions against about 30 global organizations.
Microsoft's latest Patch Tuesday brings fixes for 63 security flaws spread across Windows, Office and several other Microsoft products, including one zero-day vulnerability.
Microsoft is warning IT administrators about an increase in attacks aimed at Azure Blob Storage, saying threat actors are taking advantage of exposed credentials, weak access controls and misconfigurations to gain access to sensitive cloud data.
A lightweight free utility gives Windows users an easy way to review and control system-level privacy settings without digging into the registry.
At Live! 360 Orlando, Microsoft MVP John O’Neill Sr. will explore how combining Security Copilot with Defender XDR is helping SOCs accelerate response times, improve accuracy and reduce analyst fatigue.
Microsoft 365 administrators can fine-tune Defender's anti-phishing policies to determine how detected spoofed or impersonated messages are handled, from quarantine and deletion to user safety tips that flag suspicious senders.
Microsoft's latest Insider Preview, Build 26220.6772, introduces a significant policy change: removal of known workarounds to skip Microsoft Account setup during Windows 11 installation (OOBE).
Microsoft 365 administrators can use built-in Defender for Office 365 tools to enable impersonation and domain protection, reducing phishing risks by identifying spoofed senders and untrusted domains.
Microsoft 365 includes built-in tools to defend against phishing attempts that use domain and user impersonation, but administrators need to understand how these protections work to avoid unintended disruptions.
Microsoft has announced new capabilities in Microsoft Sentinel designed to support the use of autonomous AI agents in security operations.
Despite layers of security controls on corporate hardware, unmanaged devices remain a critical weak spot.
Microsoft reports that it has seized 338 domains tied to RaccoonO365, a phishing-as-a-service operation it described as one of the fastest-growing criminal platforms targeting its users.
Getting executive buy-in for Microsoft 365 attack simulation training is essential, as leadership accounts often carry the highest risk and the greatest impact if compromised.