Skip to main content
Microsoft Security

Microsoft Security Blog

A man sitting in front of a computer screen

Microsoft is named a Leader in the 2025 Gartner® Magic Quadrant™ for cyber-physical systems protection platforms​​ 

We are excited to announce that Gartner has named  Microsoft a Leader in the 2024 Gartner® Magic Quadrant™ for Cyber Physical Systems Protection Platforms. Gartner defines Cyber-physical systems (CPS) as "engineered systems that orchestrate sensing, computation, control, networking and analytics" that connect the digital and physical worlds. They span industrial control systems (ICS), OT devices, Internet of Things (IoT) devices, and more.   

A city skyline at night

The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation 

Microsoft is publishing for the first time our research into a subgroup within the Russian state actor Seashell Blizzard and its multiyear initial access operation, tracked by Microsoft Threat Intelligence as the “BadPilot campaign”. This subgroup has conducted globally diverse compromises of Internet-facing infrastructure to enable Seashell Blizzard to persist on high-value targets and support tailored network operations.

Retain Microsoft Security Experts

Microsoft Security Experts are now available to strengthen your team with managed security services. Learn how to defend against threats with security experts.

Photo of a developer coding her workspace in an enterprise office, using Visual Studio on a multi-monitor set up.

Code injection attacks using publicly disclosed ASP.NET machine keys 

Microsoft Threat Intelligence observed limited activity by an unattributed threat actor using a publicly available, static ASP.NET machine key to inject malicious code and deliver the Godzilla post-exploitation framework. In the course of investigating, remediating, and building protections against this activity, we observed an insecure practice whereby developers have incorporated various publicly disclosed ASP.NET machine keys from publicly accessible resources, such as code documentation and repositories, which threat actors have used to launch ViewState code injection attacks and perform malicious actions on target servers.

A woman using a tablet

New Star Blizzard spear-phishing campaign targets WhatsApp accounts 

In mid-November 2024, Microsoft Threat Intelligence observed the Russian threat actor we track as Star Blizzard sending their typical targets spear-phishing messages, this time offering the supposed opportunity to join a WhatsApp group. This is the first time we have identified a shift in Star Blizzard’s longstanding tactics, techniques, and procedures (TTPs) to leverage a […]

Building with windows and pillars on top of decorative background
Published
7 min read

Innovating in line with the European Union’s AI Act  

As our Microsoft AI Tour reached Brussels, Paris, and Berlin recently, we met with European organizations that were energized by the possibilities of our latest AI technologies and engaged in deployment projects. They were also alert to the fact that 2025 is the year that key obligations under the European Union’s AI Act come into effect, opening a new chapter in digital regulation as the world’s first, comprehensive AI law becomes a reality.

Woman with glasses at a laptop in an office

Analyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensions 

Microsoft discovered a macOS vulnerability allowing attackers to bypass System Integrity Protection (SIP) by loading third party kernel extensions, which could lead to serious consequences, such as allowing attackers to install rootkits, create persistent malware, bypass Transparency, Consent, and Control (TCC), and expand the attack surface to perform other unauthorized operations.