Skip to main content
Microsoft Security

Threat intelligence

The Microsoft Threat Intelligence community is made up of world-class experts, security researchers, analysts, and threat hunters who analyze 100 trillion signals daily to discover threats and deliver timely and timely, relevant insight to protect customers. See our latest findings, insights, and guidance.

Refine Results

Filtered by

Clear All

Refine results

Sort By
Content Type
Research (374)
News (16)
Best practices (4)
Events (1)
Industry trends (0)
Topic
Threat intelligence (397)
Incident response (34)
AI and agents (10)
Threat trends (5)
Security operations (5)
Endpoint security (5)
Cloud security (4)
SIEM and XDR (3)
Internet of Things (IoT) security (3)
Identity and access management (3)
Email security (3)
Zero Trust (2)
Risk management (2)
Analyst reports (2)
Small and medium business (1)
Office of the CISO (1)
Multifactor authentication (1)
Data protection (1)
Compliance (1)
Security management (0)
Secure remote work (0)
Privacy (0)
Network security (0)
MISA (0)
Microsoft Secure Future Initiative (0)
Information protection and governance (0)
Device management (0)
Data security (0)
Built-in security (0)
Products and services
Microsoft Defender (156)
Microsoft Defender for Endpoint (103)
Microsoft Defender XDR (59)
Microsoft Defender for Office 365 (30)
Microsoft Defender Threat Intelligence (22)
Microsoft Defender Vulnerability Management (18)
Microsoft Defender for Cloud Apps (18)
Microsoft Defender for Identity (14)
Microsoft Defender for Cloud (14)
Microsoft Defender for IoT (9)
Microsoft Defender External Attack Surface Management (4)
Microsoft Defender for Business (0)
Microsoft Sentinel (37)
Microsoft Security Experts (18)
Microsoft Incident Response (8)
Microsoft Defender Experts for Hunting (7)
Microsoft Defender Experts for XDR (5)
Microsoft Security Services for Enterprise (0)
Microsoft Entra (14)
Microsoft Entra ID (8)
Microsoft Entra ID Protection (7)
Microsoft Entra Workload ID (0)
Microsoft Entra Verified ID (0)
Microsoft Entra Private Access (0)
Microsoft Entra Internet Access (0)
Microsoft Entra ID Governance (0)
Microsoft Entra External ID (0)
Microsoft Security Copilot (7)
Microsoft Purview (1)
Microsoft Purview Insider Risk Management (0)
Microsoft Purview Information Protection (0)
Microsoft Purview eDiscovery (0)
Microsoft Purview Data Loss Prevention (0)
Microsoft Purview Data Lifecycle Management (0)
Microsoft Purview Compliance Manager (0)
Microsoft Purview Communication Compliance (0)
Microsoft Purview Audit (0)
Microsoft Priva (0)
Microsoft Priva Subject Rights Requests (0)
Microsoft Priva Risk Management (0)
Microsoft Intune (0)
Microsoft Entra Agent ID (0)
Publish date
  • Retail shop worker using a digital tablet checks inventory in a storage room
    • 20 min read

    Inside the attack chain: Threat activity targeting Azure Blob Storage

    Azure Blob Storage is a high-value target for threat actors due to its critical role in storing and managing massive amounts of unstructured data at scale across diverse workloads and is increasingly targeted through sophisticated attack chains that exploit misconfigurations, exposed credentials, and evolving cloud tactics.
  • Professor works at a table in a campus office space
    • 12 min read

    Investigating targeted “payroll pirate” attacks affecting US universities

    Microsoft Threat Intelligence has identified a financially motivated threat actor that we track as Storm-2657 compromising employee accounts to gain unauthorized access to employee profiles and divert salary payments to attacker-controlled accounts, attacks that have been dubbed “payroll pirate”.
  • Photo of two employees collaborating during a Microsoft Teams meeting while working in an open office setting on dual monitors.
    • 23 min read

    Disrupting threats targeting Microsoft Teams

    Threat actors seek to abuse Microsoft Teams features and capabilities across the attack chain, underscoring the importance for defenders to proactively monitor, detect, and respond effectively.

  • Retain Microsoft Security Experts

    Microsoft Security Experts are now available to strengthen your team with managed security services. Learn how to defend against threats with security experts.

    Get started
  • Person typing on a laptop
    • 10 min read

    AI vs. AI: Detecting an AI-obfuscated phishing campaign

    Microsoft Threat Intelligence recently detected and blocked a credential phishing campaign that likely used AI-generated code to obfuscate its payload and evade traditional defenses, demonstrating a broader trend of attackers leveraging AI to increase the effectiveness of their operations and underscoring the need for defenders to understand and anticipate AI-driven threats.
  • A woman walking down the street
    • 13 min read

    Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats

    Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard that has been ongoing since at least 2024, targeting embassies in Moscow using an adversary-in-the-middle (AiTM) position to deploy their custom ApolloShadow malware.
  • A woman sitting on a couch using a laptop
    • 9 min read

    Sploitlight: Analyzing a Spotlight-based macOS TCC vulnerability

    Microsoft Threat Intelligence has discovered a macOS vulnerability, tracked as CVE-2025-31199, that could allow attackers to steal private data of files normally protected by Transparency, Consent, and Control (TCC), including the ability to extract and leak sensitive information cached by Apple Intelligence.
Load More

Get started with Microsoft Security

Protect your people, data, and infrastructure with AI-powered, end-to-end security from Microsoft.

Learn how

Connect with us on social