Our latest blog has our analysis of the attack, additional mitigation recommendations, and Microsoft Defender detection and hunting guidance.

Organizations affected by this attack are urged to roll back to safe versions (1.14.0 or 0.30.3 or earlier), rotate secrets and credentials that are exposed to compromised systems, and disable auto-updates.

Mitigating the Axios npm supply chain compromise | Microsoft Security Blog On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages for version updates (1.14.1 and 0.30.4) to download from command and contro...

Microsoft Threat Intelligence has attributed the Axios npm supply chain attack to North Korean state actor Sapphire Sleet. Malicious npm packages for updated versions of Axios (1.14.1 and 0.30.4) downloaded payloads from command and control attributed to Sapphire Sleet. msft.it/6018QLPF6

Effective defense includes monitoring prompt activity, investigating anomalous AI behavior, and applying governance/access controls. Threat actors operationalize AI across the attack lifecycle—see how prompt abuse fits into a wider pattern of AI-enabled tradecraft: msft.it/63325Qv9bd

Incident response investigations highlight how hidden instructions embedded in content such as URLs, documents, or messages can bias outputs, alter summaries, or expose sensitive context—often without the user doing anything unsafe.

Detecting and analyzing prompt abuse in AI tools | Microsoft Security Blog Hidden instructions in content can subtly bias AI, and our scenario shows how prompt injection works, highlighting the need for oversight and a structured response playbook.

Prompt abuse is a critical security concern, with threat actors increasingly manipulating AI systems through carefully crafted inputs that push models beyond their intended boundaries. msft.it/63324Qv9Ts

To learn how Microsoft is supporting Operation Winter Shield, read: msft.it/63328QQ0KA.

At its core, Operation Winter Shield reinforces a strong call to focus on prevention. Small, consistent improvements in foundational controls compound into real resilience.

To learn more about Operation Winter Shield, visit msft.it/63321QQ0JS.

“We are uniquely situated, given the optics and the information that we have through our investigations, to empower the public to protect themselves and to be that catalyst for positive change,” Jarrod said.

They talk in depth about Operation Winter Shield, which aims to turn law enforcement visibility from real investigations into simple, actionable defensive steps that organizations can take to create barriers for adversaries.

Winter SHIELD: Closing the Security Control Gap In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠⁠Sherrod DeGrippo⁠ speaks with Jarrod Forgues Schlenker of the FBI’s Cyber Division about the pattern's investigators see in cyber incidents and how initiatives like Operation Winter Shield aim to close the gap between knowing what to do and actually implementing it. They discuss the importance of foundational controls like phishing-resistant authentication, secure logging, and strong identity protection, as well as the role threat intelligence and prevention play in strengthening organizational defenses. The conversation highlights how small, practical security improvements can significantly disrupt attackers and help organizations reduce risk before an incident occurs.

In the latest Microsoft Threat Intelligence Podcast episode, Microsoft’s Sherrod DeGrippo and the FBI Cyber Division’s Jarrod Forgues Schlenker discuss what actually reduces breaches: consistent execution of foundational controls. msft.it/63324QQ08C.

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise | Microsoft Security Blog Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide. This analysis walks through the Trivy supply‑chain compromise, attacker techniques, and concrete steps security teams can take to detect and defend against similar attacks.

The Microsoft Defender Research team has published guidance on detecting, investigating, and defending against the sophisticated CI/CD-focused supply chain compromise involving the widely used open-source vulnerability scanner Trivy: msft.it/63322QQ6dn

Understand how threat actors are operationalizing AI and get mitigation guidance from this Microsoft Threat Intelligence blog post: msft.it/63323Qs9B9

AI guardrails have become dynamic surfaces that attackers test and manipulate to sustain operational advantage. As AI becomes more deeply embedded in enterprise workflows, understanding how attackers test and manipulate these guardrails is critical for defenders.

These techniques demonstrate how generative AI models are probed, shaped, and redirected to support reconnaissance, malware development, and social engineering while minimizing friction from moderation.

By reframing malicious requests, chaining instructions across multiple interactions, and misusing system‑ or developer‑style prompts, threat actors can coerce models into generating restricted content that bypasses built‑in safeguards.

Azure AI Foundry: Securing generative AI models with Microsoft Security | Microsoft Security Blog Discover how Microsoft secures AI models on Azure AI Foundry, ensuring robust security and trustworthy deployments for your AI systems.

Microsoft Threat Intelligence has observed threat actors actively experimenting with techniques to bypass or “jailbreak” AI safety controls. Learn more about securing generative AI models on Azure AI Foundry: msft.it/63327Qs5Y1

Our latest blog has details from our analysis of several campaigns leveraging the tax season for social engineering, as well as Microsoft Defender protection, detection, and hunting guidance.

Many campaigns target individuals but others specifically target accountants and other professionals who handle sensitive documents, have access to financial data, and are accustomed to receiving tax-related emails during this period.

Microsoft Threat Intelligence has observed campaigns themed around W-2 and other tax documents that impersonate gov't agencies, tax services firms, and financial institutions, which aim to steal personal and financial data, harvest credentials through PhaaS platforms, or deliver malware.

When tax season becomes cyberattack season: Phishing and malware campaigns using tax-related lures | Microsoft Security Blog In recent months, Microsoft Threat Intelligence identified email campaigns using lures around W-2, tax forms, or similar themes, or posing as government tax agencies, tax services firms, and relevant financial institutions, with many campaigns targeting individuals for personal and financial data theft, but others specifically targeting accountants and other professionals who handle sensitive documents, have access to financial data, and are accustomed to receiving tax-related emails during this period.

During tax season, threat actors exploit the urgency and familiarity of time-sensitive emails like refund notices, filing reminders, and requests from tax professionals to push malicious attachments, QR codes, and multi-step link chains. msft.it/63325QUfax

Organizations can defend against this threat by monitoring developer endpoints and build tools, and by hunting for suspicious repository activity and dependency execution patterns. Read the blog to get the full attack chain analysis, as well as protection, detection, and hunting guidance.

The modular backdoor then enables theft of sensitive information like API tokens, cloud credentials, signing keys, cryptocurrency wallets, and password manager artifacts, and also leads to follow-on malicious activity and other payloads.

They pose as recruiters from cryptocurrency trading firms or AI-based solution providers and achieve initial access through a convincingly staged recruitment process that mirrors legitimate interviews but leads to a backdoor.

Threat actors target developers to attempt to compromise developer endpoints with access to source code, CI/CD pipelines, and production infrastructure.

Contagious Interview: Malware delivered through fake developer job interviews | Microsoft Security Blog The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and FlexibleFerret through fake coding assessments. The malware then steals API tokens, cloud credentials, crypto wallets, and source code.

Microsoft Defender Experts is sharing an investigation into the sophisticated social engineering operation known as Contagious Interview, which targets software developers and continues to be prevalent. msft.it/63329QmHSf

Read the full Microsoft Defender Experts analysis of the tactics, techniques, and procedures (TTPs) and indicators of compromise of this Storm-2561 campaign, and get protection, detection, and hunting guidance.

The ZIP file contains a malicious, digitally signed installer that masquerade as a trusted VPN client. The attack chain ultimately loads a variant of Hyrax infostealer that captures VPN sign-in credentials and configuration data, and exfiltrates it to attacker infrastructure.

Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft | Microsoft Security Blog Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials. Active since 2025, Storm-2561 mimics trusted brands and abuses legitimate services. This post reviews TTPs, IOCs, and mitigation guidance.

The cybercriminal threat actor tracked by Microsoft Threat Intelligence as Storm-2561 is running an SEO-poisoning campaign that redirects people searching for enterprise VPN software to spoofed sites and malicious ZIP downloads leading to credential theft. msft.it/63325Qly9f

Learn how defenders must think about detection and response from Greg Schlomer and Vlad H. on this episode of the Microsoft Threat Intelligence Podcast, hosted by Sherrod DeGrippo. For more info on how threat actors are operationalizing AI: msft.it/63324QYV4u