threat detection

Microsoft’s wording for CVE-2026-35388 is a strong hint that the issue is not a simple one-shot remote exploit. By saying a successful attack depends on conditions beyond the attacker’s control, Microsoft is signaling that exploitation may require prior reconnaissance, environment shaping, or...

Exabeam is staking out a new and important corner of the AI security market: watching the behavior of AI assistants as closely as it watches human users. The company’s latest expansion of Agent Behavior Analytics extends detection and response into OpenAI ChatGPT and Microsoft Copilot, adding to...

Exabeam’s latest expansion of Agent Behavior Analytics lands at exactly the moment enterprise security teams are realizing that AI assistants are no longer just productivity add-ons. They are becoming privileged participants in day-to-day work, touching sensitive data, invoking tools, and...

Threat actors are increasingly hiding PHP webshell control behind HTTP cookies, and Microsoft’s latest research shows why that matters: cookies are familiar, low-friction, and often less scrutinized than query strings or request bodies. In Linux hosting environments, that makes them an ideal...

Remote Desktop Protocol (RDP) remains one of the most productive—and most abused—paths into Windows systems, and a recent deep-dive about Brutus’s use of WebAssembly to detect and interact with sticky‑keys backdoors highlights a practical shift in both red-team tooling and defender automation...

Microsoft’s latest push to marry autonomous defense with expert-led services forces a practical reckoning: modern SOCs can either adapt to a world of minute‑scale attacks or continue paying the growing operational tax of fragmentation, manual toil, and missed signals. Background / Overview...

Microsoft’s recent guidance on Copilot Studio agent security is both a wake-up call and a practical roadmap: as organizations race to embed AI agents into workflows, a predictable set of misconfigurations—broad sharing, weak or maker-owned authentication, HTTP request misuse, dormant artifacts...

Microsoft liefert mit den neuesten Insider‑Builds nicht nur lang erwartete Stabilitätsverbesserungen für den File Explorer, sondern nimmt mit einer nativen Integration von Sysmon auch einen strategisch wichtigen Schritt in der Windows‑Sicherheitsarchitektur vor — ein Schritt, der die...

Microsoft’s move to inspect and control AI agent actions at runtime marks a practical shift in enterprise defensive strategy: instead of relying solely on build‑time policies, organizations can now interpose a real time gate that inspects every planned tool invocation and decides — in...

Microsoft is rolling out a new shield for Microsoft Teams calls that will warn users when an incoming external caller may be impersonating a well‑known brand, marking a significant escalation in the platform’s defenses against collaboration‑centric social engineering. Background Brand spoofing...

Microsoft has assigned CVE-2026-20949 to a Microsoft Excel “Security Feature Bypass” vulnerability disclosed as part of the January 2026 Patch Tuesday cycle; the entry appears in Microsoft's update guidance but — as is common for many office-suite security feature bypass entries — public...

Microsoft’s update guide lists CVE‑2026‑20947 as a remote code execution (RCE) vulnerability affecting Microsoft SharePoint Server, but public technical detail is deliberately sparse—putting this advisory squarely into the “vendor‑acknowledged but opaque” category of risk where urgency is high...

Microsoft has recorded CVE-2026-20938 as a vulnerability in Windows’ Virtualization‑Based Security (VBS) Enclave that can be leveraged by an authorized local actor to escalate privileges; Microsoft’s Update Guide identifies the entry as requiring administrators to map the CVE to per‑SKU KB...

Microsoft’s new Security Copilot Dynamic Threat Detection Agent is now running in the Defender backend and promises to find the threats that traditional rules and signatures miss by continuously correlating telemetry from Microsoft Defender and Microsoft Sentinel, producing explainable...

Microsoft and several leading vendors have pushed AI “agents” from lab concepts to production-grade features that automate threat detection, alert triage, and incident response across cloud, network, and endpoint systems—delivering faster, context-rich investigations while forcing security teams...

Microsoft’s new Security Copilot Dynamic Threat Detection Agent has moved out of the keynote and into customers’ consoles: the agent is now available in public preview and is positioned as a zero‑touch, AI‑driven layer that hunts for false negatives and coverage gaps across Microsoft Defender...

Microsoft’s recent security push for Windows 11 stitches together long‑running platform hardening with a clear push toward crypto‑agility, improved telemetry for defenders, and tighter controls over drivers, apps and networking — a package aimed at reducing catastrophic outages while preparing...

Microsoft’s Security Update Guide has assigned CVE-2025-60703 to a vulnerability in Windows Remote Desktop Services (RDS) categorized as an Elevation of Privilege issue, and the vendor’s public entry emphasizes a “confidence” metric that describes how certain Microsoft is about the...

Cayosoft’s new Guardian Protector is a free, always-on identity threat detection tool designed to provide continuous, real-time monitoring and alerts across hybrid Microsoft identity environments including Active Directory (AD) and Entra ID (formerly Azure AD), giving organizations a...

Microsoft’s latest security briefing makes a blunt point: Azure Blob Storage is no longer just a convenient object store — it is an active battleground, and defenders need to treat it as such now that adversaries are weaponizing cloud-native scale, features, and orchestration to probe, persist...