GigaTap articles tagged microsoft.
- Security beyond benchmarks: Microsoft MDASH moves to production - Microsoft’s MDASH moves from benchmark success into live engineering pipelines, embedding AI-driven vulnerability discovery directly into DevSecOps workflo
- Zero-Day PoCs on GitHub Change the Defender Clock - Microsoft called the releases “never justifiable,” but the practical issue is simpler: working public PoC code changes exploitability checks and patch prio
- SharePoint RCE patch: low privilege is the real risk - Microsoft patched CVE-2026-45659, a SharePoint Server RCE reachable by authenticated Site Members. No active exploitation is confirmed, but the patch deser
- Gaming Security Is Bigger Than Player Accounts - Microsoft’s gaming security framing shows why platforms, studios, commerce, identity, player safety, and unreleased IP must be treated as one connected ris
- Microsoft’s agent safety tools move testing into CI - RAMPART and Clarity show how agent safety is becoming an engineering workflow: test scenarios, design checks, and reproducible incident handling.
- Patch Tuesday gets quieter, but the patch race speeds up - Microsoft’s May 2026 update has no cited zero-days, but 118 fixes and broader vendor patch surges show how AI-assisted bug discovery may be changing securi
- Storm-2949 shows how identity becomes the cloud perimeter - Microsoft says Storm-2949 used stolen credentials to turn identity compromise into a cloud-wide breach without malware. The lesson is narrow but important:
- AI makes basic SaaS security harder to ignore - Microsoft’s guidance for growing businesses is vendor-led, but the practical point is real: AI tools inherit your identity, access, and data-control mistak
- Microsoft flags a phishing run that stole auth tokens - Microsoft says a large phishing campaign used code-of-conduct themes and legitimate email services to steer users to attacker-controlled domains. The main
- Microsoft’s security push for AI agents is getting concrete - A Microsoft Security Blog roundup highlights preview agent workflow controls, a GA Defender-for-Cloud and GitHub integration, and a Purview investigation d