In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠⁠Sherrod DeGrippo⁠ is joined by Tori Murphy, Anna Seitz, and Chuong Dong to break down two threats: the modular backdoor PipeMagic and Medusa ransomware. They discuss how PipeMagic disguises itself as a ChatGPT desktop app to deliver malware, its sophisticated modular design, and what defenders can do to detect it. The team also explores Medusa’s evolution into a ransomware-as-a-service model, its use of double extortion tactics, and the broader threat landscape shaped by ransomware groups, social engineering, and the abuse of legitimate tools.

Threat actors seek to abuse Microsoft Teams features and capabilities across the attack chain, underscoring the importance for defenders to proactively monitor, detect, and respond effectively. In this blog, we recommend countermeasures and optimal controls across identity, endpoints, data apps, and network layers to help strengthen protection for enterprise Teams users.

Storm-1175, a financially motivated actor known for deploying Medusa ransomware and exploiting public-facing applications for initial access, was observed exploiting the deserialization vulnerability in GoAnywhere MFT's License Servlet, tracked as CVE-2025-10035. We are publishing this blog post to increase awareness of this threat and to share end-to-end protection coverage details across Microsoft Defender.

Microsoft Security Copilot is redefining how security and IT teams operate. Today at Microsoft Secure, we’re unveiling powerful updates that put genAI and...

Microsoft unveils a new wave of security innovation-delivering an agentic platform to protect organizations at scale. Learn more.

Microsoft Threat Intelligence has uncovered a new variant of the XCSSET malware, which is designed to infect Xcode projects, typically used by software developers building Apple or macOS-related applications.

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠⁠Sherrod DeGrippo⁠ is joined by Kelly Bissell, Corporate Vice President at Microsoft, to explore how domain impersonation and typosquatting are changing in the age of AI. They discuss how attackers are increasingly using AI and bots to scale online deception, why this tactic is so effective, and how Microsoft is countering cutting-edge defenses like Siamese neural networks to detect fraudulent domains in real time. Kelly shares insights on the massive scale of these threats, the shift toward defender advantage, and the broader implications for securing organizations worldwide.

Microsoft Threat Intelligence recently detected and blocked a credential phishing campaign that likely used AI-generated code to obfuscate its payload and evade traditional defenses, demonstrating a broader trend of attackers leveraging AI to increase the effectiveness of their operations and underscoring the need for defenders to understand and anticipate AI-driven threats.

GitHub is strengthening npm's security with stricter authentication, granular tokens, and enhanced trusted publishing.