← Back to home
DE

Defender Daily Hub

Microsoft Defender and security blog — threat intelligence, new features and security alerts.

Updated daily · 6 July 2026 at 19:48 UTC
Visit official portal ↗

Latest Articles (70 today)

📰 Read the weekly newsletter →
Defender 6 July 2026
Vietnam arrests suspects behind HiAnime anime piracy service
​Vietnamese authorities have arrested and are prosecuting seven suspects believed to have run HiAnime, the largest anime piracy streaming service before its shutdown in June. [...]
Read more →
Defender 6 July 2026
5 insights from Frost & Sullivan’s 2025 Frost Radar™ for Cloud Security Posture Management
Read five key learnings from the Frost & Sullivan 2025 Frost Radar™ for CSPM to learn how CSPM is evolving from point-in-time compliance to continuous risk management. The post 5 insights from Frost…
Read more →
Defender 6 July 2026
Software Is Now Written at the Speed of Thought. Security Isn't.
Every evolution in software development has reduced the friction between an idea and a deployable application. AI may remove the final barrier, but it also removes many of the moments where security…
Read more →
Defender 6 July 2026
Max severity Adobe ColdFusion flaw now exploited in attacks
Attackers are now exploiting a maximum-severity Adobe ColdFusion vulnerability tracked as CVE-2026-48282, according to vulnerability intelligence company KEVIntel. [...]
Read more →
Defender 5 July 2026
Flipper Zero firmware development continues with community help
Flipper Devices says development of the Flipper Zero firmware will continue, albeit with a smaller internal team and greater reliance on community contributions. [...]
Read more →
Defender 4 July 2026
JadePuffer ransomware used AI agent to automate entire attack
Researchers identified what they believe is the first documented case of a ransomware operation, JadePuffer, conducted entirely by a large language model (LLM) agent. [...]
Read more →
Defender 3 July 2026
NetNut proxy network disrupted, 2 million infected devices cut off
A joint operation involving Google has disrupted NetNut, a residential proxy network that gave access to millions of compromised Android devices, including smart TVs and streaming boxes. [...]
Read more →
Defender 3 July 2026
ARToken PhaaS exposes EvilTokens' Microsoft 365 phishing toolkit
A new phishing-as-a-service (PhaaS) platform dubbed "ARToken" appears to operate as an affiliate of the EvilTokens phishing platform, giving researchers a glimpse into an extensive toolkit designed…
Read more →
Defender 3 July 2026
Claude Fable 5 isn’t permanently leaving subscriptions, Anthropic says
Anthropic says Claude Fable 5 won't be accessible via Claude subscriptions after July 7, but it's not a permanent change, and the company expects the model to return outside the usage-based plan…
Read more →
Defender 3 July 2026
Claude Fable relaunch disappoints users with nerfed performance
Claude Fable, the company's most powerful model, is now available to all users, but early impressions are disappointing, as it appears to be nowhere near the original release. [...]
Read more →
Defender 2 July 2026
Improving security posture across the Microsoft partner ecosystem
Read how Microsoft strengthens partner ecosystem security with CSP vetting, least privilege access, monitoring, and risk management best practices. The post Improving security posture across the…
Read more →
Defender 2 July 2026
Google loses final appeal to overturn €4.1 billion EU fine
Court of Justice of the European Union (CJEU) has dismissed Google's final appeal against a €4.1 billion ($4.7 billion) antitrust fine over the company's use of Android to promote its Chrome browser…
Read more →
Defender 2 July 2026
ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds
ConsentFix and ClickFix attacks steal Microsoft 365 tokens in seconds using fake prompts and OAuth flows. Learn how these MFA bypass tactics work and how to defend against them. [...]
Read more →
Defender 2 July 2026
Microsoft fixes bug that removed Copilot buttons in Outlook
Microsoft has fixed a known issue causing the Copilot Chat or Copilot buttons in Classic Outlook to disappear for Windows users with the Copilot Chat (Basic) license. [...]
Read more →
Defender 2 July 2026
Cisco finally confirms attackers exploiting Unified CM flaw
Cisco confirmed that attackers are now exploiting a Unified Communications Manager (Unified CM) vulnerability patched in early June. [...]
Read more →
Defender 2 July 2026
CISA: Microsoft SharePoint RCE flaw now actively exploited
CISA warned on Wednesday that attackers have begun exploiting a high-severity Microsoft SharePoint remote code execution vulnerability patched in May. [...]
Read more →
Defender 2 July 2026
Opera rolls out Paste Protect feature to fight ClickFix attacks
Opera has introduced Paste Protect, a security feature designed to block ClickFix-style attacks that trick users into executing malicious commands through social engineering. [...]
Read more →
Defender 2 July 2026
Alleged Scattered Spider hacker extradited to the United States
A dual United States and Estonian citizen has been extradited to the U.S. to face charges alleging he was a member of the Scattered Spider hacking collective. [...]
Read more →
Defender 2 July 2026
Medtronic notifies customers impacted by ShinyHunters data breach
Healthcare device firm Medtronic is notifying affected customers about a data breach that exposed their personal data to an unauthorized third party. [...]
Read more →
Defender 1 July 2026
FortiBleed credential-theft campaign linked to Lynx ransomware
The massive FortiBleed credential theft campaign has been linked to the INC and Lynx ransomware operations, suggesting the stolen Fortinet credentials were intended to fuel future network intrusions.…
Read more →
Defender 1 July 2026
Kubota says hackers had month-long access to network systems
Kubota North America Corporation disclosed that hackers had access to some of its network systems for more than a month earlier this year. [...]
Read more →
Defender 1 July 2026
New ChocoPoC malware targets researchers via trojanized PoC exploits
Multiple weaponized proof-of-concept (PoC) exploits on GitHub were found delivering a Python-based remote access trojan (RAT) named ChocoPoC that can execute commands and steal sensitive data in a…
Read more →
Defender 1 July 2026
DHS confirms hackers breached HSIN info-sharing platform
The Department of Homeland Security is investigating a cyberattack that compromised the Homeland Security Information Network (HSIN), a sensitive information-sharing platform used by federal, state,…
Read more →
Defender 1 July 2026
Webinar: Why traditional email security is no longer enough
Modern phishing, business email compromise, and account takeover attacks increasingly exploit trusted identities and legitimate business workflows, making them harder for traditional email defenses…
Read more →
Defender 1 July 2026
Hackers target Microsoft 365 accounts with 81 million login attempts
An aggressive password-spraying campaign targeting Microsoft 365 environments generated more than 81 million login attempts over a two-week period. [...]
Read more →
Defender 1 July 2026
Microsoft named a leader in the Frost Radar for cloud and application runtime security
Frost & Sullivan names Microsoft a leader as cloud and application security converge into unified, runtime risk reduction. The post Microsoft named a leader in the Frost Radar for cloud and…
Read more →
Defender 1 July 2026
Turning Indicators into Intelligence in OpenCTI with Criminal IP
Threat intelligence is only as useful as the context behind it. Criminal IP explains how its integration enriches threat indicators in OpenCTI with risk scoring, infrastructure intelligence, and…
Read more →
Defender 1 July 2026
Over 900 Oracle E-Business instances exposed to ongoing attacks
Over 900 Oracle E-Business Suite (EBS) instances have been found exposed online amid ongoing attacks exploiting a critical security flaw. [...]
Read more →
Defender 1 July 2026
Microsoft fixes GIF functionality in the Windows Emoji Panel
Microsoft has fixed the GIF functionality in the Emoji Panel for Windows 11 users after the provider shut down its service. [...]
Read more →
Defender 1 July 2026
Amazon fined $2.25M for withholding evidence from fraud victims
The U.S. Federal Trade Commission (FTC) says Amazon will pay a $2.25 million civil penalty to settle charges that it blocked identity theft victims' access to transaction records. [...]
Read more →
Defender 1 July 2026
Monthly news - July 2026
Microsoft DefenderMonthly news - July 2026 Edition This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender…
Read more →
Defender 1 July 2026
Adobe patches seven max severity ColdFusion, Campaign flaws
Adobe has released security patches for seven maximum-severity vulnerabilities in the ColdFusion web app development platform and the Campaign Classic marketing automation platform. [...]
Read more →
Defender 1 July 2026
Anthropic to restore Claude Fable access on Wednesday
Anthropic has confirmed that the Department of Commerce has lifted export controls on Claude's two most powerful models, Fable 5 and Mythos 5. [...]
Read more →
Defender 30 June 2026
Anthropic rolls out Sonnet 5 with near-Opus 4.8 performance at a lower price
Anthropic is now rolling out Sonnet 5, and it's almost as good as the Opus range, but it is designed to be cheaper than the company's flagship model. [...]
Read more →
Defender 30 June 2026
New BioShocking attack manipulates AI browser into data theft
A new prompt injection attack dubbed "BioShocking" could trick AI-powered browsers into treating real-world risky actions as part of a fictional scenario, causing them to ignore any safety…
Read more →
Defender 30 June 2026
Microsoft accelerates quantum-safe roadmap as risks grow
Microsoft announced today that it is accelerating its quantum-safe security roadmap, saying advances in quantum computing are bringing the need to replace today's encryption standards sooner than…
Read more →
Defender 30 June 2026
Malicious PyPI packages give hackers control of Telegram bot servers
A campaign active since last November has been targeting Python developers building Telegram bots with trojanized Pyrogram forks that allow attackers to read arbitrary files on compromised servers.…
Read more →
Defender 30 June 2026
Accelerating the quantum-safe timeline
We’re accelerating quantum-safe readiness—and sharing what organizations can do now to transition earlier and with confidence. The post Accelerating the quantum-safe timeline appeared first on…
Read more →
Defender 30 June 2026
​​What’s new in Microsoft Security: June 2026
This month’s updates help security and IT teams strengthen identity and multicloud foundations, protect data wherever it lives, and secure the developer workflows powering AI innovation. The post…
Read more →
Defender 30 June 2026
Securing AI agents: When AI tools move from reading to acting
MCP tool poisoning turns trusted AI agents into a control plane for data loss. Learn how threat actors manipulate tool descriptions to trigger unauthorized actions, and how to detect, contain, and…
Read more →
Defender 30 June 2026
Fake Perplexity extension on Chrome Web Store tracked searches
A malicious extension in the Chrome Web Store is masquerading as the Perplexity AI answer engine, intercepting search traffic and collecting browsing information. [...]
Read more →
Defender 30 June 2026
Lessons from the Underground: How to Combat Business Email Compromise
Business Email Compromise is more than an email scam. It's a coordinated operation involving compromised accounts, financial research, and cash-out networks. Flare explores how underground forums…
Read more →
Defender 30 June 2026
Insurance giant Aflac discloses data breach after subsidiary hack
American insurance giant Aflac has disclosed a new data breach after attackers breached its Japan subsidiary's systems and stole personal and bank account information of 4.38 million customers. [...]
Read more →
Defender 30 June 2026
Microsoft adds smarter bot protection to Teams meetings
Microsoft has introduced a new Teams admin policy that allows organizers to prevent third-party bots from joining meetings without approval. [...]
Read more →
Defender 30 June 2026
Microsoft adds smarter bot protection to Teams meetings
Microsoft has introduced a new Teams admin policy that allows organizers to prevent third-party bots from joining meetings without approval. [...]
Read more →
Defender 30 June 2026
Kali Linux 2026.2 released with 9 new tools, NetHunter updates
Kali Linux 2026.2, the second release of the year, is now available for download, featuring 9 new tools and numerous Kali NetHunter improvements. [...]
Read more →
Defender 30 June 2026
Blackfield ransomware asks Nidec Corporation for $2 million ransom
The Blackfield ransomware gang is asking for a $2 million ransom from Nidec Corporation, a large Japanese manufacturer of electronic components for automotive and computing applications. [...]
Read more →
Defender 30 June 2026
CISA: Windows BlueHammer flaw now exploited by ransomware gangs
CISA confirmed on Monday that ransomware gangs are now exploiting a Microsoft Defender privilege escalation vulnerability, dubbed BlueHammer, that has previously been abused in zero-day attacks. [...]
Read more →
Defender 30 June 2026
The next frontier in endpoint security: Securing local AI agents with Microsoft Defender
AI agents are now doing real work on the endpoint — reading files, running commands, browsing the web, and acting on behalf of the users they run under. That same power is also what makes them…
Read more →
Defender 29 June 2026
Nissan discloses employee data breach linked to Oracle zero-day attacks
Nissan is warning that it suffered a data breach affecting current and former employees after threat actors exploited an Oracle PeopleSoft vulnerability in data theft attacks previously linked to the…
Read more →
Defender 29 June 2026
NAIC says public data stolen in ShinyHunters' PeopleSoft breach
The National Association of Insurance Commissioners (NAIC) says the ShinyHunters extortion group stole only publicly available data, outdated logs, and configuration files after breaching its systems…
Read more →
Defender 29 June 2026
WhatsApp rolls out usernames to help users hide their phone number
WhatsApp is finally allowing users to reserve usernames, a privacy feature that lets them hide their phone numbers from people not in their contact list. [...]
Read more →
Defender 29 June 2026
Microsoft extends Windows Server 2022 hotpatching until October 2027
Microsoft has extended Windows Server 2022 hotpatching until October 2027, one year after the mainstream end date of October 2026. [...]
Read more →
Defender 29 June 2026
Chromium extension uses AI‑related branding to redirect browser search
A malicious Chromium-based extension that spoofs the AI-powered answer engine Perplexity AI redirects browser search traffic using MV3 APIs and intermediary infrastructure. The post Chromium…
Read more →
Defender 29 June 2026
U.S. offers $10 million for hackers targeting WhatsApp, Signal users
The U.S. Department of State is offering up to $10 million for information that helps identify or locate members of the UNC5792 and UNC4221 hacker groups, which are linked to Russia's intelligence…
Read more →
Defender 29 June 2026
Agentic AI Has an Identity Problem and Attackers Know It
AI agents can access data, trigger workflows, and take action across enterprise systems. Token Security explains why governing these privileged identities is becoming essential for enterprise…
Read more →
Defender 29 June 2026
Critical SimpleHelp flaw exploited to deploy new stealer malware
Hackers are exploiting a recently disclosed critical vulnerability (CVE-2026-48558) in SimpleHelp to deploy Djinn Stealer, a previously undocumented cross-platform information stealer targeting…
Read more →
Defender 29 June 2026
Hackers now exploit critical Oracle E-Business flaw in attacks
Attackers have begun exploiting a critical vulnerability (CVE-2026-46817) in the Oracle E-Business Suite (EBS) financial application, according to threat intelligence company Defused. [...]
Read more →
Defender 29 June 2026
Webinar: Why business email compromise attacks keep succeeding
Business email compromise attacks increasingly rely on convincing impersonation rather than malware, making them harder for employees and traditional email defenses to detect. This webinar explores…
Read more →
Defender 29 June 2026
US seizes hundreds of FIFA World Cup illegal streaming domains
The U.S. Justice Department's Criminal Division has seized nearly 400 web domains used for illegally streaming matches at the FIFA World Cup. [...]
Read more →
Defender 25 June 2026
Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access
Microsoft Threat Intelligence identified an active multi-stage intrusion campaign targeting hospitality organizations in Europe and Asia. The campaign uses photo-themed ZIP archives and fake image…
Read more →
Defender 25 June 2026
Microsoft a Leader in The Forrester Wave™ for Endpoint Management Platforms
Microsoft named a Leader in the Forrester Wave™: Endpoint Management Platforms, Q2 2026, with the highest scores in the current offering and strategy categories. The post Microsoft a Leader in The…
Read more →
Defender 24 June 2026
CNAPP evolution: How Microsoft aligns with leading cloud risk management platforms
Learn how CNAPP platforms are helping organizations prioritize exploitable risks, reduce exposure, and operationalize security across the application lifecycle. The post CNAPP evolution: How…
Read more →
Defender 24 June 2026
StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them
On June 24, 2026, Microsoft’s Digital Crimes Unit (DCU) facilitated the takedown, suspension, and blocking of domains that formed the backbone of the StealC and Amadey infrastructure. This blog is a…
Read more →
Defender 22 June 2026
Guarding AI memory
What happens when threat actors target what AI remembers? Microsoft breaks down the risks and the defenses. The post Guarding AI memory appeared first on Microsoft Security Blog.
Read more →
Defender 22 June 2026
One intrusion, two cyberattackers: Uncovering parallel threat activity
Ransomware case reveals two parallel threat actors, blending tactics and evasion—showing why isolated signals can often miss modern, overlapping cyberattacks. The post One intrusion, two…
Read more →
Defender 19 June 2026
AutoJack: How a single page can RCE the host running your AI agent
AutoJack is a novel exploit chain showing how a single malicious webpage can turn an AI browsing agent into a remote code execution vector on the host machine. By abusing trust in localhost, missing…
Read more →
Defender 18 June 2026
New Forrester Total Economic Impact™ study projects a 124% ROI from unifying with Microsoft Security
New Forrester Total Economic Impact™ study shows Microsoft Security consolidation delivers ROI, lowers risk, and prepares organizations to secure AI. The post New Forrester Total Economic Impact™…
Read more →
Defender 18 June 2026
From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet
A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend against supply chain attacks using Microsoft Defender and actionable threat…
Read more →
Defender 17 June 2026
Securing the invisible workforce
Non-human identities are now the majority of the identity estate in most enterprises. Service principals access organizational resources across SharePoint, Azure, and Microsoft 365, Service accounts…
Read more →

Want the full curated IT newsletter every Friday?

Subscribe free — EndpointWeekly