Content by Microsoft Defender Security Research Team (23)

The Microsoft Defender Security Research Team analyzes a severe Android intent-redirection flaw in the EngageSDK that could let a malicious app abuse another app’s identity to reach protected components and data, and explains what developers should update and review to avoid similar SDK-driven risks.

The Microsoft Defender Security Research Team breaks down an AI-enabled device code phishing campaign abusing the OAuth device code flow to steal tokens at scale, then using Microsoft Graph for reconnaissance and inbox rules for persistence. It includes a phase-by-phase attack chain plus concrete mitigations across Entra ID, Defender, and Sentinel.

The Microsoft Defender Security Research Team breaks down a stealthy PHP webshell technique where HTTP cookies act as the control channel, enabling dormant execution and cron-based persistence in Linux hosting environments, and maps practical hunting and mitigation guidance to Microsoft Defender capabilities.

The Microsoft Defender Security Research Team breaks down a WhatsApp-delivered VBScript campaign that renames legitimate Windows tools, pulls next-stage payloads from cloud storage, tampers with UAC for persistence, and finishes by deploying unsigned MSI installers; the post includes mitigations, Defender detections, and hunting queries.

The Microsoft Defender Security Research Team explains how Microsoft Defender uses high-value asset (HVA) context and Microsoft Security Exposure Management to improve detection and prevention, illustrated with real-world scenarios like domain controller credential theft and Exchange/IIS webshell remediation.

The Microsoft Defender Security Research Team breaks down the Trivy supply-chain compromise affecting GitHub Actions and official binaries, explains how credentials were harvested from CI/CD runners, and provides concrete Microsoft Defender detections plus hardening steps (like pinning actions to commit SHAs) to reduce repeat incidents.

The Microsoft Defender Security Research Team walks through a real human-operated ransomware case where attackers abused Group Policy Objects (GPOs) to disable defenses and distribute payloads, and shows how Defender predictive shielding (GPO hardening + attack disruption) proactively blocked the GPO-based encryption path across ~700 devices.

The Microsoft Defender Security Research Team analyzes how malicious AI-themed browser extensions harvest LLM chat histories and enterprise data, highlighting significant security risks.

Microsoft Defender Security Research Team explores how attackers are abusing stolen EV certificates and trusted workplace app branding to deliver RMM backdoors via phishing. The article details infection chains, hunting, mitigations, and provides practical security guidance.

Authored by the Microsoft Defender Security Research Team, this article explores how OAuth redirection mechanisms are exploited to deliver phishing and malware, offering technical insight and actionable defense strategies.

The Microsoft Defender Security Research Team examines the unique security risks of self-hosted agents like OpenClaw, detailing how identity, isolation, and runtime controls are critical for safe deployment.

Microsoft Defender Security Research Team provides a detailed overview of the top 10 security risks in Copilot Studio agent deployments, offering practical detection and mitigation strategies for secure use of AI-powered business workflows.

Microsoft Defender Security Research Team explores how AI systems, including Microsoft 365 Copilot, are vulnerable to AI memory poisoning attacks—where malicious prompts manipulate AI recommendations. The article details attack vectors, detection methods, and defenses against this growing threat.

Microsoft Defender Security Research Team presents a technical walkthrough of a multi-stage attack exploiting SolarWinds Web Help Desk, with actionable defensive guidance and hunting tips.

The Microsoft Defender Security Research Team dissects the CrashFix variant of ClickFix, revealing how it combines malicious browser extensions, PowerShell obfuscation, and a portable Python-based RAT to compromise and persist on high-value Windows systems.

The Microsoft Defender Security Research Team analyzes how modern infostealer malware campaigns, including those targeting macOS and Python-based attacks, are evolving. This piece provides actionable security insights and is essential reading for security professionals.

The Microsoft Defender Security Research Team details the LangGrinch (CVE-2025-68664) vulnerability affecting AI supply chains, with actionable guidance for enterprise security using Microsoft Defender tools.

The Microsoft Defender Security Research Team explains how security analysts can use AI to extract and validate TTPs from threat reports. Authored by the Defender Research Team, this workflow streamlines detection analysis while keeping experts in the loop.

The Microsoft Defender Security Research Team shares in-depth guidance on securing Microsoft Copilot Studio AI agents at runtime, demonstrating how Defender’s real-time protection thwarts malicious prompt injections and data exfiltration attempts.

Microsoft Defender Security Research Team investigates a sophisticated AiTM phishing and BEC attack campaign leveraging SharePoint, providing in-depth insights, detection analytics, and actionable defense strategies for security practitioners.