Skip to main content
Microsoft Security

Research

Explore in-depth research on the latest cybersecurity threats, trends, and defense strategies. Get insights from Microsoft thatโ€™ll help you better understand and respond to todayโ€™s challenges.

Refine Results

Filtered by

Clear All
  • Research

Refine results

Sort By
Content Type
Research (398)
Industry trends (3)
News (2)
Events (0)
Best practices (0)
Topic
Threat intelligence (378)
Incident response (33)
AI and agents (15)
Security operations (8)
Endpoint security (8)
Cloud security (6)
Analyst reports (5)
Actionable threat insights (5)
Threat trends (4)
Internet of Things (IoT) security (4)
Zero Trust (3)
Identity and access management (3)
Small and medium business (2)
Security management (2)
Email security (2)
Detection and protection success stories (2)
Defending against advanced tactics (2)
SIEM and XDR (1)
Office of the CISO (1)
Multifactor authentication (1)
Data security (1)
Secure remote work (0)
Risk management (0)
Privacy (0)
Network security (0)
MISA (0)
Microsoft Secure Future Initiative (0)
Information protection and governance (0)
Device management (0)
Data protection (0)
Compliance (0)
Built-in security (0)
Products and services
Microsoft Defender (162)
Microsoft Defender for Endpoint (104)
Microsoft Defender XDR (63)
Microsoft Defender for Office 365 (29)
Microsoft Defender Threat Intelligence (22)
Microsoft Defender Vulnerability Management (19)
Microsoft Defender for Cloud Apps (19)
Microsoft Defender for Cloud (18)
Microsoft Defender for Identity (15)
Microsoft Defender for IoT (9)
Microsoft Defender External Attack Surface Management (4)
Microsoft Defender for Business (0)
Microsoft Sentinel (39)
Microsoft Security Experts (19)
Microsoft Incident Response (8)
Microsoft Defender Experts for XDR (6)
Microsoft Defender Experts for Hunting (6)
Microsoft Security Services for Enterprise (0)
Microsoft Entra (17)
Microsoft Entra ID (11)
Microsoft Entra ID Protection (7)
Microsoft Entra Workload ID (1)
Microsoft Entra Verified ID (0)
Microsoft Entra Private Access (0)
Microsoft Entra Internet Access (0)
Microsoft Entra ID Governance (0)
Microsoft Entra External ID (0)
Microsoft Security Copilot (8)
Microsoft Purview (2)
Microsoft Purview Insider Risk Management (1)
Microsoft Purview Data Loss Prevention (1)
Microsoft Purview Information Protection (0)
Microsoft Purview eDiscovery (0)
Microsoft Purview Data Lifecycle Management (0)
Microsoft Purview Compliance Manager (0)
Microsoft Purview Communication Compliance (0)
Microsoft Purview Audit (0)
Microsoft Intune (2)
Microsoft Priva (0)
Microsoft Priva Subject Rights Requests (0)
Microsoft Priva Risk Management (0)
Microsoft Entra Agent ID (0)
Publish date

  • Tailored AI insights from Microsoft Security Copilot

    Empower your defenders to detect hidden patterns, harden defenses, and respond to incidents faster with generative AI.

    Learn more
  • Retail shop worker using a digital tablet checks inventory in a storage room
    • 20 min read

    Inside the attack chain: Threat activity targeting Azure Blob Storage

    Azure Blob Storage is a high-value target for threat actors due to its critical role in storing and managing massive amounts of unstructured data at scale across diverse workloads and is increasingly targeted through sophisticated attack chains that exploit misconfigurations, exposed credentials, and evolving cloud tactics.
  • Professor works at a table in a campus office space
    • 12 min read

    Investigating targeted “payroll pirate” attacks affecting US universities

    Microsoft Threat Intelligence has identified a financially motivated threat actor that we track as Storm-2657 compromising employee accounts to gain unauthorized access to employee profiles and divert salary payments to attacker-controlled accounts, attacks that have been dubbed “payroll pirate”.
  • Photo of two employees collaborating during a Microsoft Teams meeting while working in an open office setting on dual monitors.
    • 23 min read

    Disrupting threats targeting Microsoft Teams

    Threat actors seek to abuse Microsoft Teams features and capabilities across the attack chain, underscoring the importance for defenders to proactively monitor, detect, and respond effectively.

  • Go beyond data protection with Microsoft Purview

    Govern, protect, and manage all of your data with Microsoft Purview, comprehensive solutions to help give you better visibility and control.

    Learn more
  • Person typing on a laptop
    • 10 min read

    AI vs. AI: Detecting an AI-obfuscated phishing campaign

    Microsoft Threat Intelligence recently detected and blocked a credential phishing campaign that likely used AI-generated code to obfuscate its payload and evade traditional defenses, demonstrating a broader trend of attackers leveraging AI to increase the effectiveness of their operations and underscoring the need for defenders to understand and anticipate AI-driven threats.

  • Streamline privacy management with Microsoft Priva

    Protect and govern personal information, reduce privacy risks, and manage subject rights requests at scale with Microsoft Priva privacy risk management solutions.

    Learn more
  • A woman walking down the street
    • 13 min read

    Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats

    Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard that has been ongoing since at least 2024, targeting embassies in Moscow using an adversary-in-the-middle (AiTM) position to deploy their custom ApolloShadow malware.
  • A woman sitting on a couch using a laptop
    • 9 min read

    Sploitlight: Analyzing a Spotlight-based macOS TCC vulnerability

    Microsoft Threat Intelligence has discovered a macOS vulnerability, tracked as CVE-2025-31199, that could allow attackers to steal private data of files normally protected by Transparency, Consent, and Control (TCC), including the ability to extract and leak sensitive information cached by Apple Intelligence.
Load More

Get started with Microsoft Security

Protect your people, data, and infrastructure with AI-powered, end-to-end security from Microsoft.

Learn how

Connect with us on social