惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

K
Kaspersky official blog
Martin Fowler
Martin Fowler
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
V
Visual Studio Blog
博客园_首页
Engineering at Meta
Engineering at Meta
The Cloudflare Blog
MongoDB | Blog
MongoDB | Blog
Blog — PlanetScale
Blog — PlanetScale
T
The Blog of Author Tim Ferriss
雷峰网
雷峰网
D
Docker
博客园 - 司徒正美
S
SegmentFault 最新的问题
M
MIT News - Artificial intelligence
博客园 - 叶小钗
博客园 - 三生石上(FineUI控件)
U
Unit 42
J
Java Code Geeks
A
About on SuperTechFans
N
Netflix TechBlog - Medium
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
S
Security Affairs
I
Intezer
Cisco Talos Blog
Cisco Talos Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
B
Blog RSS Feed
P
Privacy & Cybersecurity Law Blog
T
Tenable Blog
T
Threatpost
H
Hacker News: Front Page
G
Google Developers Blog
博客园 - 【当耐特】
Hugging Face - Blog
Hugging Face - Blog
Apple Machine Learning Research
Apple Machine Learning Research
L
Lohrmann on Cybersecurity
大猫的无限游戏
大猫的无限游戏
Google DeepMind News
Google DeepMind News
A
Arctic Wolf
S
Secure Thoughts
GbyAI
GbyAI
NISL@THU
NISL@THU
S
Security @ Cisco Blogs
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Webroot Blog
Webroot Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
O
OpenAI News
Spread Privacy
Spread Privacy
Application and Cybersecurity Blog
Application and Cybersecurity Blog

Microsoft Security Blog

Accelerating the quantum-safe timeline | Microsoft Security Blog Securing AI agents: When AI tools move from reading to acting | Microsoft Security Blog Chromium extension uses AI‑related branding to redirect browser search | Microsoft Security Blog Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access | Microsoft Security Blog Microsoft a Leader in The Forrester Wave™ for Endpoint Management Platforms | Microsoft Security Blog CNAPP evolution: How Microsoft aligns with leading cloud risk management platforms | Microsoft Security Blog StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them | Microsoft Security Blog Guarding AI memory | Microsoft Security Blog One intrusion, two cyberattackers: Uncovering parallel threat activity | Microsoft Security Blog AutoJack: How a single page can RCE the host running your AI agent  | Microsoft Security Blog New Forrester study shows customers who unified with Microsoft Security benefited from 124% ROI | Microsoft Security Blog From package to postinstall payload: Inside the Mastra npm supply chain compromise | Microsoft Security Blog Crypto Clipper uses Tor and worm-like propagation for persistence and control | Microsoft Security Blog Beyond the benchmark: Advancing security at AI speed  | Microsoft Security Blog ​​Forrester names Microsoft a Leader in the 2026 Extended Detection and Response Platforms Wave™ report | Microsoft Security Blog AI is accelerating cyberattacks—here’s how to stay ahead Microsoft Defender email security benchmarking: Key insights from one year of data | Microsoft Security Blog Reconstructing AI activity in investigations AI brands as bait: How threat actors are using the AI hype in social engineering Securing CI/CD in an agentic world: Claude Code Github action case Updating the taxonomy of failure modes in agentic AI systems: What a year of red teaming taught us Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign Turn specs into evals for any agent with ASSERT Microsoft Build 2026: Securing code, agents, and models across the development lifecycle Malicious npm packages abuse dependency confusion to profile developer environments Microsoft is named a Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection Typosquatted npm packages used to steal cloud and CI/CD secrets The Gentlemen ransomware: Dissecting a self-propagating Go encryptor From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities Microsoft recognized as a Leader in The Forrester Wave™ for Workforce Identity Security Platforms From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence Microsoft Security success stories: How St. Luke’s and ManpowerGroup are securing AI foundations What’s new in Microsoft Security: May 2026 Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft Securing the gaming culture of cultures Introducing RAMPART and Clarity: Open source tools to bring safety into Agent development workflow Exposing Fox Tempest: A malware-signing service operation How Storm-2949 turned a compromised identity into a cloud-wide breach How to better protect your growing business in an AI-powered world Defense in depth for autonomous AI agents When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps Accelerating detection engineering using AI-assisted synthetic attack logs generation Defending consumer web properties against modern DDoS attacks Undermining the trust boundary: Investigating a stealthy intrusion through third-party compromise Active attack: Dirty Frag Linux vulnerability expands post-compromise risk When prompts become shells: RCE vulnerabilities in AI agent frameworks World Passkey Day: Advancing passwordless authentication ​​Microsoft named an overall leader in KuppingerCole Analyst’s 2026 Emerging AI Security Operations Center (SOC) report ​​ ClickFix campaign uses fake macOS utilities lures to deliver infostealers Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise CVE-2026-31431: Copy Fail vulnerability enables Linux root privilege escalation across cloud environments Microsoft Agent 365, now generally available, expands capabilities and integrations What’s new, updated, or recently released in Microsoft Security Email threat landscape: Q1 2026 trends and insights 8 best practices for CISOs conducting risk reviews Simplifying AWS defense with Microsoft Sentinel UEBA AI-powered defense for an AI-accelerated threat landscape Detection strategies across cloud and identities against infiltrating IT workers Making opportunistic cyberattacks harder by design Cross‑tenant helpdesk impersonation to data exfiltration: A human-operated intrusion playbook Containing a domain compromise: How predictive shielding shut down lateral movement Building your cryptographic inventory: A customer strategy for cryptographic posture management Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise Incident response for AI: Same fire, different fuel The agentic SOC—Rethinking SecOps for the next decade Investigating Storm-2755: “Payroll pirate” attacks targeting Canadian employees Intent redirection vulnerability in third-party SDK exposed millions of Android wallets to potential risk Inside an AI‑enabled device code phishing campaign Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations Threat actor abuse of AI accelerates from tool to cyberattack surface Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments Mitigating the Axios npm supply chain compromise Critical Infrastructure at Risk | Security Insider
​​What’s new in Microsoft Security: June 2026 | Microsoft Security Blog
Alym Rayani · 2026-07-01 · via Microsoft Security Blog

As organizations scale AI and agents across environments, security teams need protection that covers every surface. The Microsoft vision is simple: security should be ambient and autonomous, just like the AI it protects. This month’s updates help security and IT teams strengthen identity and multicloud foundations, protect data wherever it lives, and secure the developer workflows powering AI innovation. Here’s what’s new:

Codename MDASH is a multi-model agentic scanning system designed to discover, validate, and help remediate software vulnerabilities across complex environments. MDASH orchestrates a panel of specialized AI agents that reason through proprietary code and systems, helping security teams surface elusive vulnerabilities quickly and systematically. For example, when security teams use MDASH to scan a complex application, it can identify and validate a previously undetected vulnerability in the underlying code and systems, and route it into Microsoft Defender workflows and engineering pipelines for remediation. This closed loop connects discovery, validation, and remediation across the Microsoft stack. Sign up to follow codename MDASH and join the private preview to surface and validate hard-to-find vulnerabilities with multi-model AI.

Flowchart diagram illustrating Codename MDASH Execution Lifecycle with six main stages: Prepare, Scan, Validate, Dedup, Prove, and Patch. Each stage contains specific tasks like recon, discovery, bug triage, and patch validation, with additional notes on tools, voting, and autosuggestions, highlighting a structured process for bug detection and resolution.

Microsoft Defender extends endpoint protection to local AI agents

Microsoft Defender now discovers more than 25 types of local AI agents and Model Context Protocol (MCP) servers across managed Windows and macOS devices. Defender also protects at runtime: if a developer using a popular coding agent like GitHub Copilot Command-Line Interface (CLI) or Claude Code is targeted by a prompt injection attempts, Defender detects and blocks it before the malicious action executes. From there, security teams can investigate agent exposure across their environment with Advanced Hunting. These capabilities are now in preview.

Screenshot of a network map from Microsoft Defender showing interconnected nodes representing devices, services, and agents within a security environment. Nodes are labeled with names and icons, with ChatGPT Desktop highlighted in blue, and a detailed pane on the right displays specific information about ChatGPT Desktop, including type, last update, and discovery source.

Microsoft Entra Backup and Recovery restores critical identity data

Microsoft Entra Backup and Recovery is now generally available, delivering Microsoft-managed, always-on backups native to your environment that are protected from deletion or modification. Security teams gain clear visibility into what changed across their tenant and can back up core directory objects, compare and restore to previous timestamps, and configure Conditional Access policies to protect against permanent deletion. Together, these capabilities protect your tenant, helping you minimize downtime and recover quickly from accidental changes and security compromises. Strengthen identity resilience with rapid recovery capabilities in Microsoft Entra.

Microsoft Defender protects open-source relational databases on AWS RDS

Microsoft Defender for Cloud now extends database threat protection to open-source relational databases on Amazon Web Services (AWS) Relational Database Service (RDS). Now generally available, built-in threat detection identifies anomalous access patterns and brute-force attempts, while automated sensitive data discovery helps teams understand where high-risk data resides. These insights, combined with integrated investigation across Microsoft Defender, help teams prioritize and respond to database risks more effectively. Detect threats and discover sensitive data across Azure and AWS with Microsoft Defender.

Screenshot of a cybersecurity dashboard showing a critical vulnerability in an AWS RDS database exposed to the internet with basic authentication. Diagram highlights attack path from internet to database, risk factors like weak authentication, and resource types with labeled nodes and connecting arrows.

Greater flexibility over data security insights with Microsoft Purview customizable reports

Microsoft Purview customizable reports, now generally available in Data Security Posture Management (DSPM), give teams greater control and flexibility to tailor reporting views, analyze trends, and quickly surface the insights that enable faster, more informed decisions. Choose from out-of-the-box reports or create custom reports tailored to your organization’s specific needs, with easy options to export and share insights across teams and stakeholders. For example, security teams can create role-specific reports that highlight high-risk data exposure trends to guide policy decisions. Learn how to customize reporting experiences to uncover your critical data security insights.

Broader visibility with expanded multi-cloud coverage in Defender for Cloud

Microsoft Defender for Cloud is expanding multicloud coverage and visibility across AWS and Google Cloud, adding support for approximately 90 additional resource types and more than 200 new security recommendations. Security teams can better understand their attack surface with broader visibility across cloud-native applications, identities, data services, and workloads. Across multicloud environments, teams can better assess security posture and prioritize remediation based on exposure context, compliance posture, and business criticality to reduce risk more effectively. Gain broader visibility and prioritize risk across multicloud environments with Defender for Cloud.

Screenshot of a cloud security dashboard showing recommendations summary and risk assessment for misconfigurations. Key elements include a green circular chart indicating 88.2% cloud secure score, a line graph tracking score history over 14 days, and a risk level section highlighting 17 critical issues with detailed recommendations and asset information.

Prioritize risk with unified identity risk score

A new unified identity risk score combines signals from across Microsoft Security into a single, explainable measure of an identity’s risk. It brings together behavior, access patterns, and threat intelligence for all related accounts, sessions, and applications to provide a complete view of risk. The moment an identity acts suspiciously, the score helps your team cut through the noise, prioritize what’s urgent, and can automatically trigger Conditional Access policies to enforce protection at the point of access. Prioritize identity risk and enforce protection in real time with the new unified identity risk score.

Security innovations purpose built for developers

To help developers secure code, agents, and models while giving security teams consistent visibility and control from development through runtime, Microsoft is integrating security into the tools and platforms developers already use. Organizations can use the new security tools and capabilities announced at Microsoft Build 2026 to innovate faster and scale AI adoption without sacrificing security. Read more about the Build 2026 security announcements.

Stay In the Loop

Microsoft Security continually ships meaningful innovations across our portfolio and research-driven insights and reports for the security community. In the Loop posts are your reliable source of what’s new across Microsoft Security and what it means for your security strategy. Check back for the next drop.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.