Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2025-07-08Koi SecurityIdan Dardikman
Google and Microsoft Trusted Them. 2.3 Million Users Installed Them. They Were Malware.
2025-06-30MicrosoftMicrosoft Threat Intelligence
Jasper Sleet: North Korean remote IT workers’ evolving tactics to infiltrate organizations
2025-05-27MicrosoftMicrosoft Threat Intelligence
New Russia-affiliated actor Void Blizzard targets critical sectors for espionage
Void Blizzard
2025-05-21MicrosoftSteven Masada
Disrupting Lumma Stealer: Microsoft leads global action against favored cybercrime tool
Lumma Stealer
2025-05-20EuropolEuropol
Europol and Microsoft disrupt world’s largest infostealer Lumma
Lumma Stealer
2025-05-19CSAAhmad Abdillah
Reversing a Microsoft-Signed Rootkit: The Netfilter Driver
NetfilterRootkit
2025-04-23MicrosoftMicrosoft Threat Intelligence
Understanding the threat landscape for Kubernetes and containerized assets
Storm-1977
2025-04-22VolexityCharlie Gardner, Josh Duke, Matthew Meltzer, Sean Koessel, Steven Adair, Tom Lancaster
Phishing for Codes: Russian Threat Actors Target Microsoft 365 OAuth Workflows
UTA0352 UTA0355
2025-04-08MicrosoftMicrosoft Threat Intelligence
Exploitation of CLFS zero-day leads to ransomware activity
RansomEXX Storm-2460
2025-04-03MicrosoftMicrosoft Threat Intelligence
Threat actors leverage tax season to deploy tax-themed phishing campaigns
Brute Ratel C4 CloudEyE Latrodectus Remcos Storm-0249
2025-03-06Twitter (@MsftSecIntel)Microsoft Threat Intelligence
Tweet about Moonstone Sleet dropping Qilin ransomware
Qilin
2025-03-05MicrosoftMicrosoft Threat Intelligence
Silk Typhoon targeting IT supply chain
2025-02-27MicrosoftSteven Masada
Disrupting a global cybercrime network abusing generative AI
Storm-2139
2025-02-13MicrosoftMicrosoft Threat Intelligence
Storm-2372 conducts device code phishing campaign
Storm-2372
2025-02-13VolexityCharlie Gardner, Steven Adair, Tom Lancaster
Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication
2025-02-12MicrosoftMicrosoft Threat Intelligence
The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation
LocalOlive
2025-02-11EclecticIQArda Büyükkaya
Sandworm APT Targets Ukrainian Users with Trojanized Microsoft KMS Activation Tools in Cyber Espionage Campaigns
Kalambur BACKORDER DCRat
2025-02-11Twitter (@MsftSecIntel)Microsoft Threat Intelligence
Twitter Thread on a new Kimsuky tactic inciting admins to paste powershell
2025-02-06MicrosoftMicrosoft Threat Intelligence
Code injection attacks using publicly disclosed ASP.NET machine keys
2025-01-31ConnectWiseBlake Eakin
Attackers Leveraging Microsoft Teams Defaults and Quick Assist for Social Engineering Attacks
Black Basta Black Basta ReedBed