Microsoft announces the 2025 Security Excellence Awards winners
Congratulations to the winners of the Microsoft Security Excellence Awards that recognize the innovative defenders who have gone above and beyond.
Exploitation of CLFS zero-day leads to ransomware activity
Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) have discovered post-compromise exploitation of a newly discovered zero-day vulnerability in the Windows Common Log File System (CLFS) against a small number of targets. Microsoft released security updates to address the vulnerability, tracked as CVE 2025-29824, on April 8, 2025.
Meet the Deputy CISOs who help shape Microsoft’s approach to cybersecurity
Meet the minds behind how Microsoft prioritizes cybersecurity across every team and employee. Three deputy CISOs share their experiences in cybersecurity and how they are redefining protection.
Tech Accelerator: Azure security and AI adoption
During the Tech Accelerator event on April 22, 2025, you will learn how to leverage Microsoft security guidance, products, and tooling throughout your cloud journey.
Threat actors leverage tax season to deploy tax-themed phishing campaigns
As Tax Day approaches in the United States on April 15, Microsoft has detected several tax-themed phishing campaigns employing various tactics. These campaigns use malicious hyperlinks and attachments to deliver credential phishing and malware including RaccoonO365, AHKBot, Latrodectus, BruteRatel C4 (BRc4), and Remcos.
Retain Microsoft Security Experts
Microsoft Security Experts are now available to strengthen your team with managed security services. Learn how to defend against threats with security experts.
Transforming public sector security operations in the AI era
Read how Microsoft’s unified security operations platform can use generative AI to transform cybersecurity for the public sector.
Analyzing open-source bootloaders: Finding vulnerabilities faster with AI
Using Microsoft Security Copilot to expedite the discovery process, Microsoft has uncovered several vulnerabilities in multiple open-source bootloaders impacting all operating systems relying on Unified Extensible Firmware Interface (UEFI) Secure Boot. Through a series of prompts, we identified and refined security issues, ultimately uncovering an exploitable integer overflow vulnerability in the GRUB2, U-boot, and Barebox bootloaders.
New innovations in Microsoft Purview for protected, AI-ready data
Microsoft Purview delivers a comprehensive set of solutions that help customers seamlessly secure and confidently activate data in the era of AI.
US Department of Labor’s journey to Zero Trust security with Microsoft Entra ID
Discover how the US Department of Labor enhanced security and modernized authentication with Microsoft Entra ID and phishing-resistant authentication.
Modernize your Security Operations Center with Microsoft Sentinel
Microsoft Sentinel is a cloud-native SIEM solution powered by AI and automation that delivers intelligent security analytics across your entire enterprise.
AI innovation requires AI security: Hear what’s new at Microsoft Secure
When you’re secure—innovation happens. But, the fast pace of AI often outpaces traditional security measures, leaving gaps that bad actors can take advantage of. As a security professional, you’re the hero in this battle between protecting vast amounts of data while ensuring AI systems remain transparent and compliant. What you need in this time of new threats and complexity in securing interconnected AI applications is a proactive, innovative approach to stay ahead.
StilachiRAT analysis: From system reconnaissance to cryptocurrency theft
Microsoft Incident Response uncovered a novel remote access trojan (RAT) named StilachiRAT, which demonstrates sophisticated techniques to evade detection, persist in the target environment, and exfiltrate sensitive data. This blog primarily focuses on analysis of the WWStartupCtrl64.dll module that contains the RAT capabilities and summarizes the malware’s key behaviors, capabilities, and the potential risk posed to systems and users.
How MSRC coordinates vulnerability research and disclosure while building community
Learn about the Microsoft Security Response Center, which investigates vulnerabilities and releases security updates to help protect customers from cyberthreats.
Phishing campaign impersonates Booking.com, delivers a suite of credential-stealing malware
Microsoft Threat Intelligence identified a phishing campaign that impersonates online travel agency Booking. com and targets organizations in the hospitality industry. The campaign uses a social engineering technique called ClickFix to deliver multiple credential-stealing malware in order to conduct financial fraud and theft.