Research

Explore in-depth research on the latest cybersecurity threats, trends, and defense strategies. Get insights from Microsoft that’ll help you better understand and respond to today’s challenges.

Refine Results

Filtered by

Clear All

Research

Refine results

Sort By

Content Type

Topic

Products and services

Publish date

Start Date

End Date

Simplify endpoint management with Microsoft Intune

Microsoft Intune is a cloud-based unified endpoint management platform that empowers IT to manage, assess, and protect apps and devices.

Learn more
January 6

16 min read

Phishing actors exploit complex routing and misconfigurations to spoof domains

Threat actors are exploiting complex routing scenarios and misconfigured spoof protections to send spoofed phishing emails, crafted to appear as internally sent messages.
December 15, 2025

16 min read

Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components

CVE-2025-55182 (also referred to as React2Shell and includes CVE-2025-66478, which was merged into it) is a critical pre-authentication remote code execution (RCE) vulnerability affecting React Server Components and related frameworks.
December 11, 2025

3 min read

Imposter for hire: How fake people can gain very real access

Fake employees are an emerging cybersecurity threat.
December 9, 2025

10 min read

Shai-Hulud 2.0: Guidance for detecting, investigating, and defending against the supply chain attack

The Shai‑Hulud 2.0 supply chain attack represents one of the most significant cloud-native ecosystem compromises observed recently.
Secure and verify every identity with Microsoft Entra

Microsoft Entra expands beyond identity and access management with new product categories such as cloud infrastructure entitlement management (CIEM) and decentralized identity.

Learn more
November 6, 2025

4 min read

New IDC research highlights a major cloud security shift

New IDC research shows why CISOs must move toward AI-powered, integrated platforms like CNAPP, XDR, and SIEM to reduce risk, cut complexity, and strengthen resilience.
November 3, 2025

10 min read

SesameOp: Novel backdoor uses OpenAI Assistants API for command and control

Microsoft Incident Response – Detection and Response Team (DART) researchers uncovered a new backdoor that is notable for its novel use of the OpenAI Assistants Application Programming Interface (API) as a mechanism for command-and-control (C2) communications.
October 20, 2025

20 min read

Inside the attack chain: Threat activity targeting Azure Blob Storage

Azure Blob Storage is a high-value target for threat actors due to its critical role in storing and managing massive amounts of unstructured data at scale across diverse workloads and is increasingly targeted through sophisticated attack chains that exploit misconfigurations, exposed credentials, and evolving cloud tactics.
October 9, 2025

12 min read

Investigating targeted “payroll pirate” attacks affecting US universities

Microsoft Threat Intelligence has identified a financially motivated threat actor that we track as Storm-2657 compromising employee accounts to gain unauthorized access to employee profiles and divert salary payments to attacker-controlled accounts, attacks that have been dubbed “payroll pirate”.
Prevent threats with Microsoft Defender

The Microsoft Defender family offers comprehensive threat prevention, detection, and response capabilities for everyone—from individuals looking to protect their family to the world’s largest enterprises.

Explore products
October 7, 2025

23 min read

Disrupting threats targeting Microsoft Teams

Threat actors seek to abuse Microsoft Teams features and capabilities across the attack chain, underscoring the importance for defenders to proactively monitor, detect, and respond effectively.
October 6, 2025

8 min read

Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability

Storm-1175, a financially motivated actor known for deploying Medusa ransomware and exploiting public-facing applications for initial access, was observed exploiting the deserialization vulnerability in GoAnywhere MFT’s License Servlet, tracked as CVE-2025-10035.
September 25, 2025

13 min read

XCSSET evolves again: Analyzing the latest updates to XCSSET’s inventory

Microsoft Threat Intelligence has uncovered a new variant of the XCSSET malware, which is designed to infect Xcode projects, typically used by software developers building Apple or macOS-related applications.
September 24, 2025

10 min read

AI vs. AI: Detecting an AI-obfuscated phishing campaign

Microsoft Threat Intelligence recently detected and blocked a credential phishing campaign that likely used AI-generated code to obfuscate its payload and evade traditional defenses, demonstrating a broader trend of attackers leveraging AI to increase the effectiveness of their operations and underscoring the need for defenders to understand and anticipate AI-driven threats.