Microsoft Threat Intelligence
@threatintel.microsoft.com
We are Microsoft's global network of security experts. Follow for security research and threat intelligence. https://aka.ms/threatintelblog
Dive into the heart of threat intelligence as Principal Security Researcher Jonathan Bar Or reveals how proactive security research powers Microsoft’s defenses. msft.it/63325tJxpx
November 7, 2025 at 4:45 PM
Dive into the heart of threat intelligence as Principal Security Researcher Jonathan Bar Or reveals how proactive security research powers Microsoft’s defenses. msft.it/63325tJxpx
Microsoft’s threat hunters are transforming cyber defense by seeking out emerging threats before they strike. Instead of waiting for alerts, these experts combine human intuition with AI-powered analysis to uncover malicious activity that others miss. msft.it/63321tBQRR
October 27, 2025 at 5:00 PM
Microsoft’s threat hunters are transforming cyber defense by seeking out emerging threats before they strike. Instead of waiting for alerts, these experts combine human intuition with AI-powered analysis to uncover malicious activity that others miss. msft.it/63321tBQRR
In early October 2025, Microsoft disrupted a Vanilla Tempest campaign by revoking over 200 certificates that the threat actor had fraudulently signed and used in fake Teams setup files to deliver the Oyster backdoor and ultimately deploy Rhysida ransomware.
October 15, 2025 at 10:46 PM
In early October 2025, Microsoft disrupted a Vanilla Tempest campaign by revoking over 200 certificates that the threat actor had fraudulently signed and used in fake Teams setup files to deliver the Oyster backdoor and ultimately deploy Rhysida ransomware.
The October 2025 security updates are available: msft.it/6018SZEg0.
#PatchTuesday #SecurityUpdateGuide
#PatchTuesday #SecurityUpdateGuide
October 14, 2025 at 5:16 PM
The October 2025 security updates are available: msft.it/6018SZEg0.
#PatchTuesday #SecurityUpdateGuide
#PatchTuesday #SecurityUpdateGuide
The nature of incident response is its chaos, and the second chapter of our four-part Inside Microsoft Threat Intelligence miniseries displays how Microsoft’s IR team thrives amid disorder, stepping in when environments are compromised and confidence is shaken: msft.it/63322svfky
October 1, 2025 at 7:29 PM
The nature of incident response is its chaos, and the second chapter of our four-part Inside Microsoft Threat Intelligence miniseries displays how Microsoft’s IR team thrives amid disorder, stepping in when environments are compromised and confidence is shaken: msft.it/63322svfky
"Microsoft Threat Intelligence is fully focused on disrupting threat actor activity."
The first of a four-part Inside Microsoft Threat Intelligence miniseries gives behind-the-scenes look at how Microsoft's Digital Crimes Unit disrupted Storm-1152: msft.it/63327sWnGF
The first of a four-part Inside Microsoft Threat Intelligence miniseries gives behind-the-scenes look at how Microsoft's Digital Crimes Unit disrupted Storm-1152: msft.it/63327sWnGF
September 17, 2025 at 10:38 PM
"Microsoft Threat Intelligence is fully focused on disrupting threat actor activity."
The first of a four-part Inside Microsoft Threat Intelligence miniseries gives behind-the-scenes look at how Microsoft's Digital Crimes Unit disrupted Storm-1152: msft.it/63327sWnGF
The first of a four-part Inside Microsoft Threat Intelligence miniseries gives behind-the-scenes look at how Microsoft's Digital Crimes Unit disrupted Storm-1152: msft.it/63327sWnGF
The September 2025 security updates are available: msft.it/6018SZEg0
September 9, 2025 at 5:16 PM
The September 2025 security updates are available: msft.it/6018SZEg0
The August 2025 security updates are available: msft.it/6018SZEg0
August 12, 2025 at 5:31 PM
The August 2025 security updates are available: msft.it/6018SZEg0
Microsoft has continuously observed hybrid attacks leading to espionage, business interruption, and ransomware deployment that involve threat actors moving from on-premises environments to the cloud.
June 20, 2025 at 4:00 PM
Microsoft has continuously observed hybrid attacks leading to espionage, business interruption, and ransomware deployment that involve threat actors moving from on-premises environments to the cloud.
While Golden SAML (Security Assertion Markup Language) attacks are less frequently observed than others, their impact can be huge. Whereas an adversary-in-the-middle (AiTM) attack only affects the account that got phished, a successful Golden SAML attack could compromise every account in an org.
June 18, 2025 at 4:00 PM
While Golden SAML (Security Assertion Markup Language) attacks are less frequently observed than others, their impact can be huge. Whereas an adversary-in-the-middle (AiTM) attack only affects the account that got phished, a successful Golden SAML attack could compromise every account in an org.