Skip to main content
Microsoft Security

Microsoft Security Blog

Retain Microsoft Security Experts

Microsoft Security Experts are now available to strengthen your team with managed security services. Learn how to defend against threats with security experts.

Practitioner and CISO collaboration in a security operations center.

​​7 cybersecurity trends and tips for small and medium businesses to stay protected 

The challenges that small and midsize businesses (SMBs) face when it comes to security continue to increase as it becomes more difficult to keep up with sophisticated cyberthreats with limited resources or security expertise. Research conducted highlights the top seven SMB cybersecurity trends and steps that can be taken to stay protected.​

Midnight Blizzard icon

Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files 

Since October 22, 2024, Microsoft Threat Intelligence has observed Russian threat actor Midnight Blizzard sending a series of highly targeted spear-phishing emails to individuals in government, academia, defense, non-governmental organizations, and other sectors. This activity is ongoing, and Microsoft will continue to investigate and provide updates as available. Based on our investigation of previous Midnight […]

Three professionals, a woman and two men, collaborating

New macOS vulnerability, “HM Surf”, could lead to unauthorized data access 

Microsoft Threat Intelligence uncovered a macOS vulnerability that could potentially allow an attacker to bypass the operating system’s Transparency, Consent, and Control (TCC) technology and gain unauthorized access to a user’s protected data. The vulnerability, which we refer to as “HM Surf”, involves removing the TCC protection for the Safari browser directory and modifying a […]

Decorative image of a pixelated ball in pink and orange with Microsoft logo in the top left corner and text banner in the bottom left corner
Published
5 min read

Escalating cyber threats demand stronger global defense and cooperation 

We must find a way to stem the tide of this malicious cyber activity. That includes continuing to harden our digital domains to protect our networks, data, and people at all levels. However, this challenge will not be accomplished solely by executing a checklist of cyber hygiene measures but only through a focus on and commitment to the foundations of cyber defense from the individual user to the corporate executive and to government leaders.