Microsoft Threat Intelligence has uncovered a new variant of XCSSET, a sophisticated modular macOS malware that infects Xcode projects, in the wild. msft.it/6018q3Ywj

Microsoft Incident Response researchers uncovered a novel remote access trojan (RAT) that demonstrates sophisticated techniques to evade detection, persist in the target environment, and exfiltrate sensitive data. msft.it/6013qVXAl

Exchange Server and SharePoint Server now integrate with the Windows Antimalware Scan Interface (AMSI), providing an essential layer of protection by preventing harmful web requests from reaching backend endpoints. msft.it/6017qLUyJ

Come help me create mechanical advantage in defense. If you love threat hunting, learning from incidents, building new ways to find attackers, and empowering others, this may be the perfect job for you. Help expand defense from the relational world of hunting to graphs,

The threat actor that Microsoft Threat Intelligence tracks as Marbled Dust has been observed exploiting a zero-day vulnerability in the messaging app Output Messenger to collect data from targets in Iraq. msft.it/6017SkVcc

Microsoft has discovered worldwide cloud abuse activity by new Russia-affiliated threat actor Void Blizzard (LAUNDRY BEAR), whose cyberespionage activity targets gov't, defense, transportation, media, NGO, and healthcare in Europe and North America. msft.it/6011S9JpN

Microsoft and CrowdStrike are teaming up to create alignment across our threat actor taxonomies, mapping where knowledge of these actors align to enable security professionals to connect insights faster and make decisions with greater confidence. msft.it/6011SlOZ9

Microsoft and CrowdStrike are publishing the first version of our joint threat actor mapping, which includes a list of common actors tracked by Microsoft and CrowdStrike and corresponding aliases from each group’s taxonomy. msft.it/6012SlOZi

In collaboration with Microsoft Threat Intelligence (MSTIC), SonicWall has identified a deceptive campaign to distribute a modified/patched version of SonicWall’s SSL VPN NetExtender application (dubbed #SilentRoute by MSTIC) that closely resembles the official SonicWall

Goodbye #BSOD…Hello #BSOD. theverge.com/news/692648/mi…

Do you find analyzing Rust binaries/malware tedious and unpleasant? You’re not alone! If you’re attending #REcon this year, our own Andreas Klopsch will be unveiling #RIFT today at 2PM EST (not at REcon? We got you covered, stay tuned). We have been using RIFT internally for some

Today, Microsoft Threat Intelligence Center (#MSTIC) is excited to announce the release of #RIFT, a tool designed to assist software/malware analysts automate the identification of attacker-written code within Rust binaries. Blog: microsoft.com/en-us/security… Tool:

🚨 RIFT Update: We’ve boosted our compiler detection! 🛠️ Now with sharper insights into binaries built using GNU, MinGW, and MSVC toolchains. More enhancements are on the way—stay tuned! 🔍✨ #ReverseEngineering #MalwareAnalysis #RIFT #malware #msft github.com/microsoft/RIFT

Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard that has been targeting embassies located in Moscow using an adversary-in-the-middle (AiTM) position to deploy their custom #ApolloShadow malware.

#PipeMagic is a highly modular backdoor used by the financially motivated threat actor Storm-2460. It masquerades as a legitimate open-source ChatGPT Desktop Application. Microsoft Threat Intelligence encountered PipeMagic as part of research on an attack chain involving the

Microsoft Threat Intelligence has uncovered a new variant of the XCSSET malware, which is designed to infect Xcode projects, typically used by software developers building Apple or macOS-related applications. msft.it/6019sS0yx This new XCSSET variant improves browser