threat detection

Remote Desktop Protocol (RDP) remains one of the most productive—and most abused—paths into Windows systems, and a recent deep-dive about Brutus’s use of WebAssembly to detect and interact with sticky‑keys backdoors highlights a practical shift in both red-team tooling and defender automation...

Microsoft’s latest push to marry autonomous defense with expert-led services forces a practical reckoning: modern SOCs can either adapt to a world of minute‑scale attacks or continue paying the growing operational tax of fragmentation, manual toil, and missed signals. Background / Overview...

Microsoft’s recent guidance on Copilot Studio agent security is both a wake-up call and a practical roadmap: as organizations race to embed AI agents into workflows, a predictable set of misconfigurations—broad sharing, weak or maker-owned authentication, HTTP request misuse, dormant artifacts...

Microsoft liefert mit den neuesten Insider‑Builds nicht nur lang erwartete Stabilitätsverbesserungen für den File Explorer, sondern nimmt mit einer nativen Integration von Sysmon auch einen strategisch wichtigen Schritt in der Windows‑Sicherheitsarchitektur vor — ein Schritt, der die...

Microsoft’s move to inspect and control AI agent actions at runtime marks a practical shift in enterprise defensive strategy: instead of relying solely on build‑time policies, organizations can now interpose a real time gate that inspects every planned tool invocation and decides — in...

Microsoft is rolling out a new shield for Microsoft Teams calls that will warn users when an incoming external caller may be impersonating a well‑known brand, marking a significant escalation in the platform’s defenses against collaboration‑centric social engineering. Background Brand spoofing...

Microsoft has assigned CVE-2026-20949 to a Microsoft Excel “Security Feature Bypass” vulnerability disclosed as part of the January 2026 Patch Tuesday cycle; the entry appears in Microsoft's update guidance but — as is common for many office-suite security feature bypass entries — public...

Microsoft’s update guide lists CVE‑2026‑20947 as a remote code execution (RCE) vulnerability affecting Microsoft SharePoint Server, but public technical detail is deliberately sparse—putting this advisory squarely into the “vendor‑acknowledged but opaque” category of risk where urgency is high...

Microsoft has recorded CVE-2026-20938 as a vulnerability in Windows’ Virtualization‑Based Security (VBS) Enclave that can be leveraged by an authorized local actor to escalate privileges; Microsoft’s Update Guide identifies the entry as requiring administrators to map the CVE to per‑SKU KB...

Microsoft’s new Security Copilot Dynamic Threat Detection Agent is now running in the Defender backend and promises to find the threats that traditional rules and signatures miss by continuously correlating telemetry from Microsoft Defender and Microsoft Sentinel, producing explainable...

Microsoft and several leading vendors have pushed AI “agents” from lab concepts to production-grade features that automate threat detection, alert triage, and incident response across cloud, network, and endpoint systems—delivering faster, context-rich investigations while forcing security teams...

Microsoft’s new Security Copilot Dynamic Threat Detection Agent has moved out of the keynote and into customers’ consoles: the agent is now available in public preview and is positioned as a zero‑touch, AI‑driven layer that hunts for false negatives and coverage gaps across Microsoft Defender...

Microsoft’s recent security push for Windows 11 stitches together long‑running platform hardening with a clear push toward crypto‑agility, improved telemetry for defenders, and tighter controls over drivers, apps and networking — a package aimed at reducing catastrophic outages while preparing...

Microsoft’s Security Update Guide has assigned CVE-2025-60703 to a vulnerability in Windows Remote Desktop Services (RDS) categorized as an Elevation of Privilege issue, and the vendor’s public entry emphasizes a “confidence” metric that describes how certain Microsoft is about the...

Cayosoft’s new Guardian Protector is a free, always-on identity threat detection tool designed to provide continuous, real-time monitoring and alerts across hybrid Microsoft identity environments including Active Directory (AD) and Entra ID (formerly Azure AD), giving organizations a...

Microsoft’s latest security briefing makes a blunt point: Azure Blob Storage is no longer just a convenient object store — it is an active battleground, and defenders need to treat it as such now that adversaries are weaponizing cloud-native scale, features, and orchestration to probe, persist...

Microsoft’s advisory for CVE-2025-59243 names a memory-safety defect in Microsoft Excel that can lead to code execution when a specially crafted spreadsheet is opened, and organizations should treat the entry as a high-priority Office remediation event while applying layered mitigations and...

CVE-2025-49728 — Microsoft PC Manager: Cleartext storage of sensitive information (Security‑feature bypass, local) Summary (TL;DR) Microsoft has assigned CVE‑2025‑49728 to a vulnerability in Microsoft PC Manager where sensitive information is stored in cleartext, enabling a local, unauthorized...

Microsoft has pushed a significant upgrade to Microsoft Sentinel’s User and Entity Behavior Analytics (UEBA), embedding AI-driven behavioral detection, broader cross‑cloud data ingestion, and dynamic baselining that together aim to surface subtle account compromise and insider risk while...

Siemens has confirmed a vulnerability in its APOGEE PXC and TALON TC building automation devices that allows an unauthenticated remote actor to retrieve sensitive files — including the device’s encrypted database — over BACnet, a widely used building automation protocol, a weakness now tracked...