Over the past year, Microsoft Threat Intelligence and Microsoft Defender Experts have observed the ClickFix social engineering technique growing in popularity, with campaigns targeting thousands of enterprise and end-user devices daily. This technique.

PipeMagic is a sophisticated malware framework with a modular, stealthy, and highly extensible architecture, giving threat actors granular control over code execution and making detection and analysis challenging. . Microsoft Threat Intelligence has.

What do you want to know?.

The August 2025 security updates are available:.

@sherrod_im Also hear from Snow, co-founder of the Social Engineering Community Village at DEF CON, who shares her journey from special effects makeup to elite social engineer. Learn more about how organizations of any size can build resilience against evolving threats.

In this Microsoft Threat Intelligence Podcast episode, hosted by @sherrod_im, Aarti Borkar, Simeon Kakpovi, and Andrew Rapp discuss how timely threat intel, rapid attacker analysis, and clear risk communication help organizations make informed decisions during security incidents.

Per Andrew Rapp, “data is everything. Information is informing all of our decisions from where we go investigate, as well as the tactical containment steps we’re going to immediately take." This approach enables teams to respond efficiently and help customers recover quickly.

Real-time collaboration between incident response and threat intelligence teams is critical for mounting an effective defense against today’s cyber threats. The process relies on actionable intel to guide every step, from initial investigation to containment.

Project Ire, an autonomous AI agent, automates what’s considered the gold standard in malware classification: fully reverse engineering a software file without any clues about its origin or purpose: . To identify malware at scale, Project Ire uses.

RT @msftsecresponse: Microsoft’s Zero Day Quest is back and bigger than ever. Last year, we launched the largest public hacking event in hi….

As a result, diplomatic personnel using local ISP or telecommunications services in Russia are highly likely targets of Secret Blizzard. Get guidance for how orgs can defend against this campaign along with indicators of compromise (IOCs) and detection details in our blog post.

While we previously assessed with low confidence that the actor conducts cyberespionage activities within Russian borders against foreign and domestic entities, this is the first confirmation of the actor’s ability to do so at the Internet Service Provider (ISP) level.

ApolloShadow installs a trusted root certificate, letting Secret Blizzard persist on diplomatic devices, likely for intelligence collection. This campaign, ongoing since 2024, poses high risk to embassies and sensitive groups operating in Moscow using local internet providers.

Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard targeting embassies in Moscow using an adversary-in-the-middle (AiTM) position to deploy their custom ApolloShadow malware.

RT @msftsecresponse: As enterprises adopt large language models (LLMs), a new class of threats has emerged: indirect prompt injection. Thi….

Have fun learning and connecting at Black Hat!.

Finally, the Microsoft Threat Intelligence Podcast will be recording live from Black Hat, so watch for that episode. Meanwhile, listen to Black Hat NOC lead Grifter & Hacker Jeopardy host Lintile share insights and tips on exploring the hacker community:

In the briefing “BitUnlocker: Leveraging Windows Recovery to Extract BitLocker Secrets” Microsoft security researchers share how their research into attack surfaces led to hardening and further securing Windows Recovery Environment (WinRE).

At our VIP Mixer, hosted by Microsoft Incident Response, you can connect with our threat intelligence, incident response, and Security Copilot teams, alongside peers from the security community. Register here:

At Booth 2246, expert meetups, live threat briefings, red teaming deep dives, and insider’s view of real incident response provide attendees the opportunity to hear directly from Microsoft experts, ask questions, get a clearer view end-to-end security:

Here are the ways you can interact with Microsoft at #BHUSA 2025:. On the main stage, Microsoft Threat Intelligence experts share behind-the-scenes insights in “Unmasking Cyber Villains: How Microsoft Stays Ahead of the World's Most Dangerous Hackers”: