February 7, 2025
In December 2024, Microsoft Threat Intelligence observed limited activity by an unattributed threat actor using a publicly available, static ASP.NET machine key to inject malicious code […]
February 4, 2025
Inspiration can spark in an instant when you’re at a conference. Perhaps you discover a new tool during a keynote that could save you hours of […]
January 29, 2025
If 2024 taught us anything, it’s that a proactive, no-compromises approach to security is essential for 2025 and beyond. Nation-states and advanced cybercriminals are making significant […]
January 28, 2025
As a data security global black belt, I help organizations secure AI solutions. They are concerned about data oversharing, data leaks, compliance, and other potential risks. […]
January 21, 2025
Table of Contents Introduction Why most enterprises have trouble scaling DAST Web endpoint discovery Automated OpenAPI Specification generation solutions that do scale (sort of) Authentication and […]
January 17, 2025
In mid-November 2024, Microsoft Threat Intelligence observed the Russian threat actor we track as Star Blizzard sending their typical targets spear-phishing messages, this time offering the […]
January 16, 2025
As our Microsoft AI Tour reached Brussels, Paris, and Berlin toward the end of last year, we met with European organizations that were energized by the possibilities of […]
January 15, 2025
Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to […]
January 14, 2025
Microsoft Threat Intelligence discovered a new macOS vulnerability that could allow attackers to bypass Apple’s System Integrity Protection (SIP) in macOS by loading third party kernel […]
January 14, 2025
Microsoft’s AI red team is excited to share our whitepaper, “Lessons from Red Teaming 100 Generative AI Products.” The AI red team was formed in 2018 […]
January 7, 2025
The expanding attack surface is creating more opportunities for exploitation and adding to the pressure on security leaders and teams. Increasingly, organizations are investing in managed […]
December 20, 2024
The Cybersecurity Infrastructure Security Agency (CISA) Zero Trust Maturity Model (ZTMM) assists agencies in development of their Zero Trust strategies and continued evolution of their implementation […]