Microsoft Secure

Microsoft Secure

Securing our future: April 2025 progress report on Microsoft’s Secure Future Initiative

The Microsoft Secure Future Initiative (SFI) stands as the largest cybersecurity engineering project in history and most extensive effort of its kind at Microsoft. Now, we are sharing the second SFI progress report, which highlights progress made in our multi-year journey to improve the security posture of Microsoft, our customers, and the industry at large.
The post Securing our future: April 2025 progress report on Microsoft’s Secure Future Initiative appeared first on Microsoft Security Blog. READ MORE HERE…

Read More
Microsoft Secure

Cyber Signals Issue 9 | AI-powered deception: Emerging fraud threats and countermeasures

Microsoft maintains a continuous effort to protect its platforms and customers from fraud and abuse. This edition of Cyber Signals takes you inside the work underway and important milestones achieved that protect customers.
The post Cyber Signals Issue 9 | AI-powered deception: Emerging fraud threats and countermeasures appeared first on Microsoft Security Blog. READ MORE HERE…

Read More
Microsoft Secure

Threat actors misuse Node.js to deliver malware and other malicious payloads

Since October 2024, Microsoft Defender Experts has observed and helped multiple customers address campaigns leveraging Node.js to deliver malware and other payloads that ultimately lead to information theft and data exfiltration.
The post Threat actors misuse Node.js to deliver malware and other malicious payloads appeared first on Microsoft Security Blog. READ MORE HERE…

Read More
Microsoft Secure

​​Transforming security​ with Microsoft Security Exposure Management initiatives​ 

Microsoft Secure Score is important, but the increasing sophistication of security requirements has driven the development of more comprehensive security initiatives using Microsoft Security Exposure Management.
The post ​​Transforming security​ with Microsoft Security Exposure Management initiatives​  appeared first on Microsoft Security Blog. READ MORE HERE…

Read More
Microsoft Secure

Stopping attacks against on-premises Exchange Server and SharePoint Server with AMSI

Exchange Server and SharePoint Server are business-critical assets and considered crown-jewels for many organizations, making them attractive targets for attacks. To help customers protect their environments and respond to these attacks, Exchange Server and SharePoint Server integrated Windows Antimalware Scan Interface (AMSI), providing an essential layer of protection by preventing harmful web requests from reaching backend endpoints. The blog outlines several attacks prevented by AMSI integration and highlights recent enhancements. The blog also provides protection and mitigation guidance and how defenders can respond.
The post Stopping attacks against on-premises Exchange Server and SharePoint Server with AMSI appeared first on Microsoft Security Blog. READ MORE HERE…

Read More
Microsoft Secure

Exploitation of CLFS zero-day leads to ransomware activity

Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) have discovered post-compromise exploitation of a newly discovered zero-day vulnerability in the Windows Common Log File System (CLFS) against a small number of targets. Microsoft released security updates to address the vulnerability, tracked as CVE 2025-29824, on April 8, 2025.
The post Exploitation of CLFS zero-day leads to ransomware activity appeared first on Microsoft Security Blog. READ MORE HERE…

Read More