Windows News and Insights | Microsoft Security Blog (original) (raw)

• The Gentlemen ransomware: Dissecting a self-propagating Go encryptor

Microsoft Threat Intelligence presents a comprehensive analysis of The Gentlemen, a Go-based ransomware deployed by affiliates of Storm-2697 that combines per-file ephemeral key encryption with an aggressive self-propagation module to deploy itself across an entire network using series of simultaneous lateral movement techniques per target.

• Undermining the trust boundary: Investigating a stealthy intrusion through third-party compromise

Microsoft Incident Response investigated an attack operated through legitimate and trusted administrative mechanisms to blend seamlessly into routine operations and remain undetected demonstrating that intrusions have increasingly avoided using noisy exploits, obvious malware, or custom tooling, instead leveraging systems that organizations already trust within their environments.

• Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages for version updates to download from command and control (C2) that Microsoft Threat Intelligence has attributed to the North Korean state actor Sapphire Sleet.

• WhatsApp malware campaign delivers VBScript and MSI backdoors

A malware campaign uses WhatsApp messages to deliver VBS scripts that initiate a multi-stage infection chain.

• Unveiling RIFT: Enhancing Rust malware analysis through pattern matching

As threat actors are adopting Rust for malware development, RIFT, an open-source tool, helps reverse engineers analyze Rust malware, solving challenges in the security industry.

• Cyber Signals Issue 9 | AI-powered deception: Emerging fraud threats and countermeasures

Microsoft maintains a continuous effort to protect its platforms and customers from fraud and abuse.

• Threat actors misuse Node.js to deliver malware and other malicious payloads

Since October 2024, Microsoft Defender Experts has observed and helped multiple customers address campaigns leveraging Node.

• Analyzing open-source bootloaders: Finding vulnerabilities faster with AI

Using Microsoft Security Copilot to expedite the discovery process, Microsoft has uncovered several vulnerabilities in multiple open-source bootloaders impacting all operating systems relying on Unified Extensible Firmware Interface (UEFI) Secure Boot.

• Malvertising campaign leads to info stealers hosted on GitHub

Microsoft detected a large-scale malvertising campaign in early December 2024 that impacted nearly one million devices globally.

• Microsoft’s guidance to help mitigate Kerberoasting

Kerberoasting, a well-known Active Directory (AD) attack vector, enables threat actors to steal credentials and navigate through devices and networks.

• Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE

Microsoft researchers found multiple vulnerabilities in OpenVPN that could lead to an attack chain allowing remote code execution and local privilege escalation.

• New Windows 11 features strengthen security to address evolving cyberthreat landscape

Today, ahead of the Microsoft Build 2024 conference, we announced a new class of Windows computers, Copilot+ PC.