Microsoft Security Blog

The ClickFix social engineering technique has been growing in popularity, with campaigns targeting thousands of enterprise and end-user devices daily. This technique exploits users’ tendency to resolve technical issues by tricking them into running malicious commands. These commands, in turn, deliver payloads that ultimately lead to information theft and exfiltration. The post Think before you Click(Fix): Analyzing the ClickFix social engineering technique appeared first on Microsoft Security Blog.

Microsoft is proactively leading the transition to quantum-safe security by advancing post-quantum cryptography, collaborating with global standards bodies, and helping organizations prepare for the coming quantum era. The post Quantum-safe security: Progress towards next-generation cryptography appeared first on Microsoft Security Blog.

A comprehensive technical deep dive on PipeMagic, a highly modular backdoor used by Storm-2460 masquerading as a legitimate open-source ChatGPT Desktop Application. Beneath its disguise, PipeMagic is a sophisticated malware framework designed for flexibility and persistence. Once deployed, it can dynamically execute payloads while maintaining robust command and control (C2) communication via a dedicated networking module. The post Dissecting PipeMagic: Inside the architecture of a modular backdoor framework appeared first on Microsoft Security Blog.

Join us at Microsoft Ignite 2025 for a week of immersive learning, hands-on experiences, and strategic insights tailored for security leaders, practitioners, and innovators. The post Connect with the security community at Microsoft Ignite 2025 appeared first on Microsoft Security Blog.

Microsoft recently spoke with Mario Ferket, Chief Information Security Officer for Dow, about the company’s approach to AI in security. The post Dow’s 125-year legacy: Innovating with AI to secure a long future appeared first on Microsoft Security Blog.