Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
TechCrunch

Microsoft probing whether DeepSeek improperly used OpenAI APIs

Just a few hours after David Sacks claimed DeepSeek used OpenAI’s models to train its own models, Bloomberg Law reports that Microsoft is investigating DeepSeek’s use of OpenAI’s application ...
Security Boulevard

Your Most Dangerous User Is Not Human: How AI Agents and MCP Servers Broke the Internal API Walled Garden

Modern Agentic AI and the Model Context Protocol (MCP) have effectively turned internal data centers inside out, making the "internal API" security model obsolete.The "Confused Deputy" Risk: ...
SecurityWeek

API Threats Grow in Scale as AI Expands the Blast Radius

Most API vulnerabilities are fast, remote, and easy to exploit. Attackers take full advantage of these attributes.
Business Wire

Contrast Security Collaborates with Microsoft Sentinel to Deliver Real-Time Application Threats Directly to the SOC

PLEASANTON, Calif.--(BUSINESS WIRE)--Contrast Security, the leader in Application Detection and Response (ADR), today announced a collaboration with Microsoft Sentinel, the AI-powered cloud SIEM from ...
SiliconANGLE

Microsoft leans hard on autonomous security for AI agents

Artificial intelligence-enabled agents are taking the enterprise by storm, and the level of autonomy they introduce brings some serious security challenges that Microsoft Corp. is doing its best to ...
Redmond Magazine

Microsoft Bolsters Defender for Office 365 with ICES Ecosystem for Integrated E-mail Security

Microsoft has introduced a new vendor ecosystem for Microsoft Defender for Office 365, expanding its Integrated Cloud Email Security (ICES) strategy through open APIs and tighter integration with ...
Dark Reading

Critical Azure Entra ID Flaw Highlights Microsoft IAM Issues

A critical Microsoft authentication vulnerability could have allowed a threat actor to compromise virtually every Entra ID tenant in the world. The elevation of privilege (EoP) vulnerability, tracked ...
Bleeping Computer

Microsoft Edge to block malicious sideloaded extensions

Microsoft is planning to introduce a new Edge security feature that will protect users against malicious extensions sideloaded into the web browser. Edge enables developers to install extensions ...
Bleeping Computer

New 'Defendnot' tool tricks Windows into disabling Microsoft Defender

A new tool called 'Defendnot' can disable Microsoft Defender on Windows devices by registering a fake antivirus product, even when no real AV is installed. The trick utilizes an undocumented Windows ...
CRN

Microsoft Ignite 2025: The Biggest Partner Program, Security News

Microsoft partner program and security news from Ignite 2025 includes Microsoft 365 Copilot Business, AI agents in Microsoft Intune and Windows kernel access updates. An upcoming Microsoft Copilot ...