Over the past year, Microsoft Threat Intelligence observed the persistent growth and operational sophistication of Lumma Stealer, an info-stealing malware used by multiple financially motivated threat actors to target various industries. Microsoft, partnering with others across industry and international law…
Tag: Microsoft Security Blog
Microsoft extends Zero Trust to secure the agentic workforce
At Microsoft Build 2025, we’re taking important steps to secure the agentic workforce. We are excited to introduce Microsoft Entra Agent ID which extends industry-leading identity management and access capabilities to AI agents. The post Microsoft extends Zero Trust to…
How the Microsoft Secure Future Initiative brings Zero Trust to life
Read how you can improve your security posture by applying Zero Trust framework and principles based on learnings from the April 2025 Secure Future Initiative progress report. The post How the Microsoft Secure Future Initiative brings Zero Trust to life…
Marbled Dust leverages zero-day in Output Messenger for regional espionage
Since April 2024, the threat actor that Microsoft Threat Intelligence tracks as Marbled Dust has been observed exploiting user accounts that have not applied fixes to a zero-day vulnerability (CVE-2025-27920) in the messaging app Output Messenger, a multiplatform chat software.…
Marbled Dust leverages zero-day in Output Messenger for regional espionage
Since April 2024, the threat actor that Microsoft Threat Intelligence tracks as Marbled Dust has been observed exploiting user accounts that have not applied fixes to a zero-day vulnerability (CVE-2025-27920) in the messaging app Output Messenger, a multiplatform chat software.…
Meet the Deputy CISOs who help shape Microsoft’s approach to cybersecurity: Part 2
Meet the minds behind how Microsoft prioritizes cybersecurity across every team and employee. Three deputy chief information security officers share their experiences in cybersecurity and how they are redefining protection. The post Meet the Deputy CISOs who help shape Microsoft’s…
Microsoft partners with Global Anti-Scam Alliance to fight cybercrime
In 2024 alone, scammers drained the global economy of more than $1.03 trillion. Together, Microsoft and the other members of GASA hope to stem these losses going forward. The post Microsoft partners with Global Anti-Scam Alliance to fight cybercrime appeared…
Analyzing CVE-2025-31191: A macOS security-scoped bookmarks-based sandbox escape
Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. We shared our findings with Apple and a fix was released for this vulnerability, now identified as…
Pushing passkeys forward: Microsoft’s latest updates for simpler, safer sign-ins
Celebrate World Passkey Day with Microsoft! Join us in embracing passkeys for secure, passwordless sign-ins. Learn more about our commitment to a safer digital future. The post Pushing passkeys forward: Microsoft’s latest updates for simpler, safer sign-ins appeared first on…
14 secure coding tips: Learn from the experts at Microsoft Build
At Microsoft Build 2025, we’re bringing together security engineers, researchers, and developers to share practical tips and modern best practices to help you ship secure code faster. The post 14 secure coding tips: Learn from the experts at Microsoft Build…