Microsoft Archives

Feds quash widespread Russia-backed espionage network spanning 18,000 devices

Forest Blizzard, a threat group attributed to Russia’s GRU, hijacked network traffic to steal credentials and tokens for Microsoft accounts and other services.

23 hours ago By Matt Kapko

Project Glasswing, named after the Greta oto butterfly, aims to secure open-source software with the use of a new frontier model. (Getty Images)

Tech giants launch AI-powered ‘Project Glasswing’ to identify critical software vulnerabilities

The program comes as the tech industry races to secure software before similar AI-powered offensive capabilities become too much for defenders to handle.

1 day ago By Greg Otto

CISA acting director nick andersen — Acting CISA Director Nick Andersen speaks at an Auburn University event on March 17 in Washington, D.C. (Tim Starks/Scoop News Group)

CISA official advises agencies not to get too hung up on who takes lead in critical infrastructure sectors

Acting director Nick Andersen said relationships, not actor risk management agency designations, should guide which agency is at the forefront.

Mar 17, 2026 By Tim Starks

A corporate logo for Microsoft hangs above the door to its office building on 8th Avenue on June 24, 2025, in New York City. (Photo by Gary Hershorn/Getty Images)

Microsoft’s monthly Patch Tuesday is first in 6 months with no actively exploited zero-days

The vendor said six of the 83 vulnerabilities it addressed this month are more likely to be exploited.

Mar 10, 2026 By Matt Kapko

Microsoft warns North Korean threat groups are scaling up fake worker schemes with generative AI

Attackers have turned AI into a “force multiplier” for the country’s expansive scheme to get and keep operatives hired at global companies, researchers said.

Mar 6, 2026 By Matt Kapko

Microsoft and authorities dismantled Tycoon 2FA's infrastructure. A seizure notice is displayed on of the phishing platform's domains March 4, 2026. (Microsoft) — Microsoft and authorities dismantled Tycoon 2FA’s infrastructure. A seizure notice is displayed on of the phishing platform’s domains March 4, 2026. (Microsoft)

Global coalition dismantles Tycoon 2FA phishing kit

Microsoft, which led the effort, said it seized 330 domains that powered the phishing platform’s core infrastructure. The alleged creator was also named in a civil complaint.

Mar 4, 2026 By Matt Kapko

Creeping plant growing on a brick wall. (Getty Images)

Vulnerabilities grew like weeds in 2025, but only 1% were weaponized in attacks

Too many defenders and researchers are paying attention to defects and unsubstantiated exploit concepts that aren’t worth their time, VulnCheck’s Caitlin Condon said.

Feb 25, 2026 By Matt Kapko

(Photo by John Smith/VIEWpress/Getty Images)

Microsoft Patch Tuesday matches last year’s zero-day high with six actively exploited vulnerabilities

Microsoft said three of the exploited vulnerabilities were publicly known, suggesting attackers already had details about the defects prior to Tuesday’s release.

Feb 10, 2026 By Matt Kapko

The ‘staggering’ cybersecurity weakness that isn’t getting enough focus, according to a top Secret Service official

It stems from how the Internet Assigned Numbers Authority functions, the official said.

Jan 29, 2026 By Tim Starks

If you don’t control your keys, you don’t control your data

The Microsoft-BitLocker episode highlights a larger design problem: when providers retain recovery keys, encryption becomes conditional.

Jan 28, 2026 By John Ackerly