Content by Microsoft Threat Intelligence and Microsoft Defender Security Research Team (4)

Microsoft Threat Intelligence and Microsoft Defender Security Research Team summarizes Q1 2026 email threat trends, including the scale of phishing, the surge in QR code and CAPTCHA-gated campaigns, and how the Tycoon2FA disruption shifted attacker infrastructure. It also lists concrete Defender/EOP mitigations and relevant detections.

Microsoft Threat Intelligence and the Microsoft Defender Security Research Team break down a Sapphire Sleet macOS intrusion chain that relies on social engineering and user-initiated AppleScript execution, and provide Defender detections, KQL hunting queries, and IOCs to help security teams spot and stop similar activity.

Microsoft Threat Intelligence and Microsoft Defender Security Research Team details how malicious Axios npm releases (1.14.1 and 0.30.4) pulled second-stage RAT payloads from Sapphire Sleet infrastructure, and provides concrete mitigation steps plus Defender/Sentinel hunting guidance to detect and contain impacted developer machines and CI/CD systems.

The Microsoft Threat Intelligence and Defender Security Research Team provide a comprehensive overview of Tycoon2FA, a sophisticated phishing-as-a-service platform. This resource offers technical breakdowns, impact analysis, and Microsoft-centric defense recommendations for security professionals.