Microsoft Security Response Center
@msrc.microsoft.com
We are the Microsoft Security Response Center. To report security vulnerabilities or abuse in Microsoft products, visit http://microsoft.com/en-us/msrc.
Got some downtime this weekend?
It’s the perfect time to submit your talk to BlueHat Redmond. The Call for Papers is open now. No paper required, just a great idea and a detailed abstract.
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...
Submit your abstract here: aka.ms/BH26CFP
It’s the perfect time to submit your talk to BlueHat Redmond. The Call for Papers is open now. No paper required, just a great idea and a detailed abstract.
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...
Submit your abstract here: aka.ms/BH26CFP
February 14, 2026 at 2:27 AM
Got some downtime this weekend?
It’s the perfect time to submit your talk to BlueHat Redmond. The Call for Papers is open now. No paper required, just a great idea and a detailed abstract.
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...
Submit your abstract here: aka.ms/BH26CFP
It’s the perfect time to submit your talk to BlueHat Redmond. The Call for Papers is open now. No paper required, just a great idea and a detailed abstract.
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...
Submit your abstract here: aka.ms/BH26CFP
XSS persists not because it’s misunderstood, but because mitigations often miss where execution actually happens. In this post, we share what’s proven effective in practice, why common fixes fail, and how to move toward sustainable XSS defense: www.microsoft.com/en-us/msrc/b...
February 12, 2026 at 6:32 PM
XSS persists not because it’s misunderstood, but because mitigations often miss where execution actually happens. In this post, we share what’s proven effective in practice, why common fixes fail, and how to move toward sustainable XSS defense: www.microsoft.com/en-us/msrc/b...
Security updates for February 2026 are now available. Details are here: msft.it/6018SZEg0
#PatchTuesday #SecurityUpdateGuide
#PatchTuesday #SecurityUpdateGuide
February 10, 2026 at 5:55 PM
Security updates for February 2026 are now available. Details are here: msft.it/6018SZEg0
#PatchTuesday #SecurityUpdateGuide
#PatchTuesday #SecurityUpdateGuide
We’re evolving how researcher impact is recognized. Beginning with the July 2026 MVR leaderboard, rankings will reflect bounty award amounts, and all valid reports will be acknowledged with honorable mentions. Details: www.microsoft.com/en-us/msrc/b...
February 6, 2026 at 6:11 PM
We’re evolving how researcher impact is recognized. Beginning with the July 2026 MVR leaderboard, rankings will reflect bounty award amounts, and all valid reports will be acknowledged with honorable mentions. Details: www.microsoft.com/en-us/msrc/b...
CI/CD pipelines are a high‑value target. At BlueHat Asia, Harish Poornachander breaks down how real‑world DevSecOps missteps lead to pipeline poisoning, secret exfiltration, and privilege escalation and how to stop them.
Watch the talk on YouTube: www.youtube.com/watch?v=eZhk...
Watch the talk on YouTube: www.youtube.com/watch?v=eZhk...
BlueHat Asia: Exploiting the pipeline: Real-world CI/CD vulnerabilities and how to secure them
YouTube video by Microsoft Security Response Center (MSRC)
www.youtube.com
February 1, 2026 at 1:39 AM
CI/CD pipelines are a high‑value target. At BlueHat Asia, Harish Poornachander breaks down how real‑world DevSecOps missteps lead to pipeline poisoning, secret exfiltration, and privilege escalation and how to stop them.
Watch the talk on YouTube: www.youtube.com/watch?v=eZhk...
Watch the talk on YouTube: www.youtube.com/watch?v=eZhk...
In her BlueHat Asia keynote, Dr. Abhilasha Bhargav-Spantzel shared a grounded take on AI-era security. She focused on building systems that hold up under pressure without leading from fear, and on the importance of strong architecture, trust, and accountability: www.youtube.com/watch?v=IVN-...
BlueHat Asia keynote: Where the mind is without fear: Building a secure, AI-powered world
YouTube video by Microsoft Security Response Center (MSRC)
www.youtube.com
January 30, 2026 at 7:08 PM
In her BlueHat Asia keynote, Dr. Abhilasha Bhargav-Spantzel shared a grounded take on AI-era security. She focused on building systems that hold up under pressure without leading from fear, and on the importance of strong architecture, trust, and accountability: www.youtube.com/watch?v=IVN-...
You don’t pick the bugs. The bugs pick you.”
Meet Wouter, Microsoft MVR and Zero Day Quest 2026 qualifier, and read his security research journey: www.microsoft.com/en-us/msrc/b...
#ZeroDayQuest
Meet Wouter, Microsoft MVR and Zero Day Quest 2026 qualifier, and read his security research journey: www.microsoft.com/en-us/msrc/b...
#ZeroDayQuest
January 29, 2026 at 7:11 PM
You don’t pick the bugs. The bugs pick you.”
Meet Wouter, Microsoft MVR and Zero Day Quest 2026 qualifier, and read his security research journey: www.microsoft.com/en-us/msrc/b...
#ZeroDayQuest
Meet Wouter, Microsoft MVR and Zero Day Quest 2026 qualifier, and read his security research journey: www.microsoft.com/en-us/msrc/b...
#ZeroDayQuest
Kicking off the Call for Papers for BlueHat Redmond ⚽️
BlueHat brings together security researchers and responders to exchange ideas, experiences, and best practices.
Bring your best ideas, because security is a team sport.
Submit your paper by February 28, 2026: aka.ms/BH26CFP
BlueHat brings together security researchers and responders to exchange ideas, experiences, and best practices.
Bring your best ideas, because security is a team sport.
Submit your paper by February 28, 2026: aka.ms/BH26CFP
January 23, 2026 at 5:17 PM
Kicking off the Call for Papers for BlueHat Redmond ⚽️
BlueHat brings together security researchers and responders to exchange ideas, experiences, and best practices.
Bring your best ideas, because security is a team sport.
Submit your paper by February 28, 2026: aka.ms/BH26CFP
BlueHat brings together security researchers and responders to exchange ideas, experiences, and best practices.
Bring your best ideas, because security is a team sport.
Submit your paper by February 28, 2026: aka.ms/BH26CFP
Save the date. Score a spot at BlueHat Redmond ⚽️
BlueHat Redmond is back and takes place May 5–6, 2026. Watch this space for details as we get closer to kickoff.
BlueHat Redmond is back and takes place May 5–6, 2026. Watch this space for details as we get closer to kickoff.
January 21, 2026 at 8:36 PM
Save the date. Score a spot at BlueHat Redmond ⚽️
BlueHat Redmond is back and takes place May 5–6, 2026. Watch this space for details as we get closer to kickoff.
BlueHat Redmond is back and takes place May 5–6, 2026. Watch this space for details as we get closer to kickoff.
Security updates for January 2026 are now available. Details are here: msft.it/6018SZEg0
#PatchTuesday #SecurityUpdateGuide
#PatchTuesday #SecurityUpdateGuide
January 13, 2026 at 6:03 PM
Security updates for January 2026 are now available. Details are here: msft.it/6018SZEg0
#PatchTuesday #SecurityUpdateGuide
#PatchTuesday #SecurityUpdateGuide
Congratulations to all the researchers recognized in this quarter’s MSRC 2025 Q4 Security Researcher Leaderboard! Thanks to all the researchers who partnered with us for your hard work and continued dedication to securing our customers.
Learn more in our blog post: msft.it/6012tFEZs
Learn more in our blog post: msft.it/6012tFEZs
January 5, 2026 at 7:02 PM
Congratulations to all the researchers recognized in this quarter’s MSRC 2025 Q4 Security Researcher Leaderboard! Thanks to all the researchers who partnered with us for your hard work and continued dedication to securing our customers.
Learn more in our blog post: msft.it/6012tFEZs
Learn more in our blog post: msft.it/6012tFEZs
We’re excited to highlight Brad Schlintz's incredible journey in security research! From transitioning out of a traditional 9‑to‑5 to becoming a world‑class vulnerability researcher, Brad has carved out a life defined by curiosity, freedom, and impact. Learn more: www.microsoft.com/en-us/msrc/b...
December 16, 2025 at 8:03 PM
We’re excited to highlight Brad Schlintz's incredible journey in security research! From transitioning out of a traditional 9‑to‑5 to becoming a world‑class vulnerability researcher, Brad has carved out a life defined by curiosity, freedom, and impact. Learn more: www.microsoft.com/en-us/msrc/b...
As shared by Tom Gallagher, VP of Engineering, MSRC, we’re expanding our bug bounty program to include Microsoft online services in scope by default. Researchers will now be rewarded for vulnerabilities impacting these services, even when the root cause lies in open-source or third-party components.
December 14, 2025 at 8:49 PM
As shared by Tom Gallagher, VP of Engineering, MSRC, we’re expanding our bug bounty program to include Microsoft online services in scope by default. Researchers will now be rewarded for vulnerabilities impacting these services, even when the root cause lies in open-source or third-party components.
Thank you to everyone who joined us for the MSRC Researcher Celebration at Black Hat Europe. It was wonderful to spend an evening with so many members of the security research community sharing conversations, ideas, and a lot of fun.
#BHEU
#BHEU
December 12, 2025 at 11:31 AM
Thank you to everyone who joined us for the MSRC Researcher Celebration at Black Hat Europe. It was wonderful to spend an evening with so many members of the security research community sharing conversations, ideas, and a lot of fun.
#BHEU
#BHEU
As announced by Tom Gallagher, VP of Engineering, MSRC, on stage at Black Hat EU, we’re evolving our bug bounty program. Now, high-severity vulnerabilities that directly impact Microsoft online services are eligible for bounty awards, whether the code is Microsoft-owned, third-party, or open source.
December 11, 2025 at 12:46 PM
As announced by Tom Gallagher, VP of Engineering, MSRC, on stage at Black Hat EU, we’re evolving our bug bounty program. Now, high-severity vulnerabilities that directly impact Microsoft online services are eligible for bounty awards, whether the code is Microsoft-owned, third-party, or open source.
Good morning, Black Hat Europe! The MSRC team is here and ready to meet you. Spot someone in an MSRC shirt? Come say hi!
#BHEU #MSFTBlackHat
#BHEU #MSFTBlackHat
December 10, 2025 at 9:51 AM
Good morning, Black Hat Europe! The MSRC team is here and ready to meet you. Spot someone in an MSRC shirt? Come say hi!
#BHEU #MSFTBlackHat
#BHEU #MSFTBlackHat
Security updates for December 2025 are now available. Details are here: msft.it/6018SZEg0
#PatchTuesday #SecurityUpdateGuide
#PatchTuesday #SecurityUpdateGuide
December 9, 2025 at 6:02 PM
Security updates for December 2025 are now available. Details are here: msft.it/6018SZEg0
#PatchTuesday #SecurityUpdateGuide
#PatchTuesday #SecurityUpdateGuide
Tom Gallagher, VP Engineering, MSRC, will be on stage at Black Hat Europe on Thursday, December 11, at 12:15 PM GMT. In his talk, he'll share how decades of lessons have shaped Microsoft’s vulnerability management and response.
December 9, 2025 at 1:54 PM
Tom Gallagher, VP Engineering, MSRC, will be on stage at Black Hat Europe on Thursday, December 11, at 12:15 PM GMT. In his talk, he'll share how decades of lessons have shaped Microsoft’s vulnerability management and response.
Join the Microsoft Security Response Center in London for our Researcher Celebration on Wednesday, December 10, from 4:30 – 9:00 PM.
You don’t have to be attending Black Hat Europe to participate. This event is open to all security researchers!
Apply now: microsoft.eventsair.com/msrcbh25/reg...
You don’t have to be attending Black Hat Europe to participate. This event is open to all security researchers!
Apply now: microsoft.eventsair.com/msrcbh25/reg...
November 26, 2025 at 4:56 PM
Join the Microsoft Security Response Center in London for our Researcher Celebration on Wednesday, December 10, from 4:30 – 9:00 PM.
You don’t have to be attending Black Hat Europe to participate. This event is open to all security researchers!
Apply now: microsoft.eventsair.com/msrcbh25/reg...
You don’t have to be attending Black Hat Europe to participate. This event is open to all security researchers!
Apply now: microsoft.eventsair.com/msrcbh25/reg...
We're proud to highlight the outstanding work of Cato and the partnership with Microsoft that made this research possible. Together, we've strengthened security for everyone, showing how collaboration leads to real-world impact.
🚨 Meet “HashJack” – a new AI browser assistant exploit discovered by Cato CTRL.
Hidden prompts after the “#” in URLs can hijack top industry trusted AI browser assistants to conduct malicious activities (see use cases below👇)
Read more: www.catonetworks.com/blog/cato-ct...
Hidden prompts after the “#” in URLs can hijack top industry trusted AI browser assistants to conduct malicious activities (see use cases below👇)
Read more: www.catonetworks.com/blog/cato-ct...
November 25, 2025 at 4:21 PM
We're proud to highlight the outstanding work of Cato and the partnership with Microsoft that made this research possible. Together, we've strengthened security for everyone, showing how collaboration leads to real-world impact.
Part 2 of our 3-part XSS series is live! Discover how XSS can be weaponized when chained with other vulnerabilities, turning a simple flaw into a gateway for serious exploits like token theft and remote code execution: msft.it/6015trH8L
November 18, 2025 at 9:44 PM
Part 2 of our 3-part XSS series is live! Discover how XSS can be weaponized when chained with other vulnerabilities, turning a simple flaw into a gateway for serious exploits like token theft and remote code execution: msft.it/6015trH8L
Security updates for November 2025 are now available! Details are here: msft.it/6018SZEg0
#PatchTuesday #SecurityUpdateGuide
#PatchTuesday #SecurityUpdateGuide
November 11, 2025 at 6:09 PM
Security updates for November 2025 are now available! Details are here: msft.it/6018SZEg0
#PatchTuesday #SecurityUpdateGuide
#PatchTuesday #SecurityUpdateGuide
During his BlueHat Asia opening remarks, Tom Gallagher, VP of Engineering, MSRC discussed how Asia is home to some of the world’s top security researchers, and we’re proud to recognize those who contribute to Microsoft products and services. We have over 40 MVRs past and present MVRs in attendance.
November 5, 2025 at 5:09 AM
During his BlueHat Asia opening remarks, Tom Gallagher, VP of Engineering, MSRC discussed how Asia is home to some of the world’s top security researchers, and we’re proud to recognize those who contribute to Microsoft products and services. We have over 40 MVRs past and present MVRs in attendance.
We hosted a pre-BlueHat Asia welcome reception this evening, giving our speakers, MSRC MVRs, and Microsoft team members a great opportunity to connect. A huge thank you to our presenters and MVRs for their role in making #BlueHatAsia a success!
November 4, 2025 at 5:03 PM
We hosted a pre-BlueHat Asia welcome reception this evening, giving our speakers, MSRC MVRs, and Microsoft team members a great opportunity to connect. A huge thank you to our presenters and MVRs for their role in making #BlueHatAsia a success!
At the Microsoft Security Response Center (MSRC), your feedback drives our innovation. Based on your input, we’ve introduced three new features designed to make your experience more efficient, transparent, and user-friendly.
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...
October 31, 2025 at 2:16 PM
At the Microsoft Security Response Center (MSRC), your feedback drives our innovation. Based on your input, we’ve introduced three new features designed to make your experience more efficient, transparent, and user-friendly.
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...