Microsoft Threat Intelligence – Experimental News Clipping Site

Microsoft Security Blog: Investigating targeted “payroll pirate” attacks affecting US universities

Oct 9, 2025

—

by

Source URL: https://www.microsoft.com/en-us/security/blog/2025/10/09/investigating-targeted-payroll-pirate-attacks-affecting-us-universities/ Source: Microsoft Security Blog Title: Investigating targeted “payroll pirate” attacks affecting US universities Feedly Summary: Microsoft Threat Intelligence has identified a financially motivated threat actor that we track as Storm-2657 compromising employee accounts to gain unauthorized access to employee profiles and divert salary payments to attacker-controlled accounts, attacks that have been dubbed…

The Register: Microsoft blames Medusa ransomware affiliates for GoAnywhere exploits while Fortra keeps head buried

Oct 6, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/10/06/microsoft_blames_medusa_ransomware_affiliates/ Source: The Register Title: Microsoft blames Medusa ransomware affiliates for GoAnywhere exploits while Fortra keeps head buried Feedly Summary: You can’t find anything bad if you don’t look, right? Medusa ransomware affiliates are among those exploiting a maximum-severity bug in Fortra’s GoAnywhere managed file transfer (MFT) product, according to Microsoft Threat Intelligence.……

Microsoft Security Blog: Inside Microsoft Threat Intelligence: Calm in the chaos

Oct 6, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.microsoft.com/en-us/security/security-insider/threat-landscape/inside-microsoft-threat-intelligence-calm-in-chaos#overview-video Source: Microsoft Security Blog Title: Inside Microsoft Threat Intelligence: Calm in the chaos Feedly Summary: Incident response is never orderly. Threat actors don’t wait. Environments are compromised. Data is missing. Confidence is shaken. But for Microsoft’s Incident Response (IR) team, that chaos is exactly where the work begins. The post Inside Microsoft…

Microsoft Security Blog: XCSSET evolves again: Analyzing the latest updates to XCSSET’s inventory

Sep 25, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.microsoft.com/en-us/security/blog/2025/09/25/xcsset-evolves-again-analyzing-the-latest-updates-to-xcssets-inventory/ Source: Microsoft Security Blog Title: XCSSET evolves again: Analyzing the latest updates to XCSSET’s inventory Feedly Summary: Microsoft Threat Intelligence has uncovered a new variant of the XCSSET malware, which is designed to infect Xcode projects, typically used by software developers building Apple or macOS-related applications. The post XCSSET evolves again: Analyzing…

Microsoft Security Blog: AI vs. AI: Detecting an AI-obfuscated phishing campaign

Sep 24, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.microsoft.com/en-us/security/blog/2025/09/24/ai-vs-ai-detecting-an-ai-obfuscated-phishing-campaign/ Source: Microsoft Security Blog Title: AI vs. AI: Detecting an AI-obfuscated phishing campaign Feedly Summary: Microsoft Threat Intelligence recently detected and blocked a credential phishing campaign that likely used AI-generated code to obfuscate its payload and evade traditional defenses, demonstrating a broader trend of attackers leveraging AI to increase the effectiveness of…

Microsoft Security Blog: Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats

Jul 31, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.microsoft.com/en-us/security/blog/2025/07/31/frozen-in-transit-secret-blizzards-aitm-campaign-against-diplomats/ Source: Microsoft Security Blog Title: Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats Feedly Summary: Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard that has been ongoing since at least 2024, targeting embassies in Moscow using an adversary-in-the-middle (AiTM) position to…

Microsoft Security Blog: Sploitlight: Analyzing a Spotlight-based macOS TCC vulnerability

Jul 28, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.microsoft.com/en-us/security/blog/2025/07/28/sploitlight-analyzing-a-spotlight-based-macos-tcc-vulnerability/ Source: Microsoft Security Blog Title: Sploitlight: Analyzing a Spotlight-based macOS TCC vulnerability Feedly Summary: Microsoft Threat Intelligence has discovered a macOS vulnerability, tracked as CVE-2025-31199, that could allow attackers to steal private data of files normally protected by Transparency, Consent, and Control (TCC), including the ability to extract and leak sensitive information…

Microsoft Security Blog: Jasper Sleet: North Korean remote IT workers’ evolving tactics to infiltrate organizations

Jun 30, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.microsoft.com/en-us/security/blog/2025/06/30/jasper-sleet-north-korean-remote-it-workers-evolving-tactics-to-infiltrate-organizations/ Source: Microsoft Security Blog Title: Jasper Sleet: North Korean remote IT workers’ evolving tactics to infiltrate organizations Feedly Summary: Since 2024, Microsoft Threat Intelligence has observed remote IT workers deployed by North Korea leveraging AI to improve the scale and sophistication of their operations, steal data, and generate revenue for the North…

Microsoft Security Blog: Unveiling RIFT: Enhancing Rust malware analysis through pattern matching

Jun 27, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.microsoft.com/en-us/security/blog/2025/06/27/unveiling-rift-enhancing-rust-malware-analysis-through-pattern-matching/ Source: Microsoft Security Blog Title: Unveiling RIFT: Enhancing Rust malware analysis through pattern matching Feedly Summary: Threat actors are adopting Rust for malware development. RIFT, an open-source tool, helps reverse engineers analyze Rust malware, solving challenges in the security industry. The post Unveiling RIFT: Enhancing Rust malware analysis through pattern matching appeared…

Microsoft Security Blog: New Russia-affiliated actor Void Blizzard targets critical sectors for espionage

May 27, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.microsoft.com/en-us/security/blog/2025/05/27/new-russia-affiliated-actor-void-blizzard-targets-critical-sectors-for-espionage/ Source: Microsoft Security Blog Title: New Russia-affiliated actor Void Blizzard targets critical sectors for espionage Feedly Summary: Microsoft Threat Intelligence has discovered a cluster of worldwide cloud abuse activity conducted by a threat actor we track as Void Blizzard, who we assess with high confidence is Russia-affiliated and has been active since…

Tag: Microsoft Threat Intelligence