惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
人人都是产品经理
人人都是产品经理
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
T
The Exploit Database - CXSecurity.com
N
News and Events Feed by Topic
Latest news
Latest news
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
C
CXSECURITY Database RSS Feed - CXSecurity.com
IT之家
IT之家
V
V2EX
WordPress大学
WordPress大学
Apple Machine Learning Research
Apple Machine Learning Research
Cisco Talos Blog
Cisco Talos Blog
K
Kaspersky official blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
S
SegmentFault 最新的问题
小众软件
小众软件
A
Arctic Wolf
酷 壳 – CoolShell
酷 壳 – CoolShell
腾讯CDC
宝玉的分享
宝玉的分享
Last Week in AI
Last Week in AI
G
GRAHAM CLULEY
罗磊的独立博客
T
Tor Project blog
C
Cisco Blogs
美团技术团队
博客园 - Franky
月光博客
月光博客
博客园 - 三生石上(FineUI控件)
T
Threat Research - Cisco Blogs
Cyberwarzone
Cyberwarzone
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
有赞技术团队
有赞技术团队
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Security Latest
Security Latest
博客园 - 司徒正美
Hugging Face - Blog
Hugging Face - Blog
Spread Privacy
Spread Privacy
J
Java Code Geeks
C
CERT Recently Published Vulnerability Notes
大猫的无限游戏
大猫的无限游戏
S
Securelist
The Cloudflare Blog
博客园 - 叶小钗
D
Darknet – Hacking Tools, Hacker News & Cyber Security
阮一峰的网络日志
阮一峰的网络日志
雷峰网
雷峰网
Project Zero
Project Zero

Microsoft Security Blog

Microsoft at Black Hat USA 2026: Defending trust in the age of AI and supply chain attacks | Microsoft Security Blog ACR Stealer: Two observed intrusion chains amid increased threat activity | Microsoft Security Blog Least privilege for AI agents: Identity, access, and tool binding | Microsoft Security Blog Unpacking the AsyncAPI npm supply chain compromise and import-time payload delivery | Microsoft Security Blog Defending SaaS-based applications against ShinyHunters OAuth abuse | Microsoft Security Blog Microsoft Entra ID security updates: Passkeys are the default authentication method in Entra ID | Microsoft Security Blog Securing our future: July 2026 progress report on Microsoft's Secure Future Initiative | Microsoft Security Blog GigaWiper: Anatomy of a destructive backdoor assembled from multiple malware | Microsoft Security Blog Protecting Microsoft at AI speed: How SFI proactively hardens our cloud   | Microsoft Security Blog 5 insights from Frost & Sullivan’s 2025 Frost Radar™ for Cloud Security Posture Management | Microsoft Security Blog Improving security posture across the Microsoft partner ecosystem | Microsoft Security Blog Microsoft named a leader in the Frost Radar for cloud and application runtime security | Microsoft Security Blog Accelerating the quantum-safe timeline | Microsoft Security Blog ​​What’s new in Microsoft Security: June 2026 | Microsoft Security Blog Securing AI agents: When AI tools move from reading to acting | Microsoft Security Blog Chromium extension uses AI‑related branding to redirect browser search | Microsoft Security Blog Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access | Microsoft Security Blog Microsoft a Leader in The Forrester Wave™ for Endpoint Management Platforms | Microsoft Security Blog CNAPP evolution: How Microsoft aligns with leading cloud risk management platforms | Microsoft Security Blog StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them | Microsoft Security Blog Guarding AI memory | Microsoft Security Blog One intrusion, two cyberattackers: Uncovering parallel threat activity | Microsoft Security Blog AutoJack: How a single page can RCE the host running your AI agent  | Microsoft Security Blog New Forrester study shows customers who unified with Microsoft Security benefited from 124% ROI | Microsoft Security Blog From package to postinstall payload: Inside the Mastra npm supply chain compromise | Microsoft Security Blog Crypto Clipper uses Tor and worm-like propagation for persistence and control | Microsoft Security Blog Beyond the benchmark: Advancing security at AI speed  | Microsoft Security Blog ​​Forrester names Microsoft a Leader in the 2026 Extended Detection and Response Platforms Wave™ report | Microsoft Security Blog AI is accelerating cyberattacks—here’s how to stay ahead Microsoft Defender email security benchmarking: Key insights from one year of data | Microsoft Security Blog Reconstructing AI activity in investigations AI brands as bait: How threat actors are using the AI hype in social engineering Securing CI/CD in an agentic world: Claude Code Github action case Updating the taxonomy of failure modes in agentic AI systems: What a year of red teaming taught us Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign Turn specs into evals for any agent with ASSERT Microsoft Build 2026: Securing code, agents, and models across the development lifecycle Malicious npm packages abuse dependency confusion to profile developer environments Microsoft is named a Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection Typosquatted npm packages used to steal cloud and CI/CD secrets The Gentlemen ransomware: Dissecting a self-propagating Go encryptor From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities Microsoft recognized as a Leader in The Forrester Wave™ for Workforce Identity Security Platforms From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence Microsoft Security success stories: How St. Luke’s and ManpowerGroup are securing AI foundations What’s new in Microsoft Security: May 2026 Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft Securing the gaming culture of cultures Introducing RAMPART and Clarity: Open source tools to bring safety into Agent development workflow Exposing Fox Tempest: A malware-signing service operation How Storm-2949 turned a compromised identity into a cloud-wide breach How to better protect your growing business in an AI-powered world Defense in depth for autonomous AI agents When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps Accelerating detection engineering using AI-assisted synthetic attack logs generation Defending consumer web properties against modern DDoS attacks Undermining the trust boundary: Investigating a stealthy intrusion through third-party compromise Active attack: Dirty Frag Linux vulnerability expands post-compromise risk When prompts become shells: RCE vulnerabilities in AI agent frameworks World Passkey Day: Advancing passwordless authentication ​​Microsoft named an overall leader in KuppingerCole Analyst’s 2026 Emerging AI Security Operations Center (SOC) report ​​ ClickFix campaign uses fake macOS utilities lures to deliver infostealers Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise CVE-2026-31431: Copy Fail vulnerability enables Linux root privilege escalation across cloud environments Microsoft Agent 365, now generally available, expands capabilities and integrations What’s new, updated, or recently released in Microsoft Security Email threat landscape: Q1 2026 trends and insights 8 best practices for CISOs conducting risk reviews Simplifying AWS defense with Microsoft Sentinel UEBA AI-powered defense for an AI-accelerated threat landscape Detection strategies across cloud and identities against infiltrating IT workers Making opportunistic cyberattacks harder by design Cross‑tenant helpdesk impersonation to data exfiltration: A human-operated intrusion playbook Containing a domain compromise: How predictive shielding shut down lateral movement Building your cryptographic inventory: A customer strategy for cryptographic posture management Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise Incident response for AI: Same fire, different fuel The agentic SOC—Rethinking SecOps for the next decade Investigating Storm-2755: “Payroll pirate” attacks targeting Canadian employees Intent redirection vulnerability in third-party SDK exposed millions of Android wallets to potential risk Inside an AI‑enabled device code phishing campaign Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations Threat actor abuse of AI accelerates from tool to cyberattack surface Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments Mitigating the Axios npm supply chain compromise Critical Infrastructure at Risk | Security Insider
Turning threat intelligence into decisive action with Defender Experts | Microsoft Security Blog
Aarti Borkar · 2026-07-16 · via Microsoft Security Blog

Security teams have never had more visibility, yet rarely have they felt more uncertain. Signal pours in from endpoints, identities, cloud workloads, and a sprawling mix of third-party tools. Dashboards are full, alerts keep coming, but the hardest question of the day remains unanswered: of everything happening right now, what actually matters to us, and what do we do about it?

That space between knowing a threat exists and acting on it is the intelligence-to-action gap, and it’s where most breaches are won or lost. It doesn’t close with another feed or another dashboard. It closes with expertise: seasoned defenders who know your environment, interpret what global signal means for your risk, and stay with you from the first indicator to the final response.

Today we’re announcing a new service, Microsoft Defender Experts Threat Intelligence, and we are expanding Microsoft Defender Experts MDR to include new third-party and multi-cloud coverage. Together, these human-led offerings are designed to close the intelligence-to-action gap at the two moments that decide the outcome: before a campaign reaches you, and as it moves through your environment.

Upstream: See the campaign before it reaches you

The earlier you see a campaign forming, the more options you have, and the cheaper every decision becomes. Yet most threat intelligence still arrives as raw feeds or static reports: high in volume, low in context, and disconnected from what’s exposed in your estate. Teams end up with more to read and no more clarity on what to do about it.

Microsoft Defender Experts Threat Intelligence is a new, expert-delivered service that closes that distance. Built on Microsoft’s visibility across endpoints, identity, cloud, and evolving attacker activity, it gives your team periodic, curated insight into the threats most likely to target you. Designated Microsoft experts interpret the global landscape through the lens of your industry, geography, and environment, then translate it into clear, prioritized guidance your team can act on.

As campaigns evolve, experts continuously refine that guidance with newly observed infrastructure, tactics, and targeting patterns, helping your team adjust hunting, hardening, and response activities. The insight is tailored for both leadership and defenders, providing executive-ready context alongside technical recommendations so the entire organization can act from a shared understanding of the threat landscape. The goal is simple: help you reduce risk before an attack reaches your environment, not explain what happened after the fact.

In practice, your team receives:

  • Early-warning alerts on emerging campaigns relevant to you
  • Campaign-evolution updates as activity unfolds
  • Contextualized intelligence tied to your risk profile
  • Recurring briefings from your designated expert, rotating across geopolitical, industry, and global perspectives, on a scheduled basis

Microsoft Defender Threat Intelligence Now Integrated into Defender

While this new expert-delivered service helps customers turn threat intelligence into action through direct engagement with Microsoft analysts, we’re also continuing to bring that same type of insight closer to defenders’ day-to-day workflows. Today we’re announcing that Microsoft Defender Threat Intelligence (MDTI) capabilities are now fully converged into the Defender portal. Intelligence is available real-time across detection, investigation, response, hunting, and automation, reducing context switching and helping teams move more quickly from signal to action within a unified SecOps experience.

In your environment: Follow the threat everywhere it moves

Modern attacks rarely stay in one place. They cross from email to endpoint to identity to cloud, and increasingly traverse disparate security tools. Even when organizations have visibility into those environments, connecting multi-vendor and multi-domain signals into a coherent attack story remains a challenge.

That’s the gap we’re closing on the response side: Microsoft Defender Experts MDR (formerly Microsoft Defender Experts for XDR) is expanding with new third-party and multi-cloud coverage powered by Microsoft Sentinel. Defender Experts MDR provides a fully managed detection and response service that reduces noise, adds expert context, and drives action. With support for leading non-Microsoft sources across cloud, identity, email, network, and endpoint environments, our experts can follow attacks wherever they move, not just where Microsoft products operate.

The service is backed by Microsoft’s vast threat intelligence, and combines expert-authored detections and analytics, investigation and response automation, and ongoing operational guidance to help customers strengthen security outcomes across their environment.

In practice, customers gain:

  • 24/7 monitoring and investigation by Microsoft experts who distil high‑volume telemetry into high‑confidence, prioritized incidents that dramatically reduce analyst fatigue and accelerate response.
  • Cross-platform threat analysis that correlates signals across Microsoft and non-Microsoft environments to deliver a single incident narrative with actionable, vendor‑aware guidance.
  • Ongoing recommendations to optimize security operations, from detection tuning and data integration to content management in Sentinel.
  • Business-aligned summaries of top risks, posture gaps, and recommended improvements across the security estate.

This expanded coverage is available through Microsoft Defender Experts MDR Plan 2. Everything available today as Defender Experts for XDR carries forward unchanged as Microsoft Defender Experts MDR Plan 1, while Plan 2 extends that same expert-led triage, investigation, and response beyond Microsoft’s own estate.

See it live at Black Hat USA

Every one of today’s announcements aims at the same outcome: shrinking the distance between a signal arriving and a decision being made. That’s the measure that matters in the end—not alerts triaged, but decisions made faster and with more confidence.

Come see it at Black Hat. Join our session Mind the Gap: Turning Threat Intelligence into Decisive Action with Expert-Led Defense, where Wes Malaby, General Manager of Customer Success at Microsoft Security, will demonstrate how expert-led intelligence and defense can change the trajectory of a threat campaign from the earliest warning signs through response and remediation. After the session, stop by the Microsoft Security booth to connect with our experts and learn how these services fit into your broader security strategy, or attend our reception on August 5 for a more conversational environment.