As menace actors operationalize AI to speed up assaults, they’re additionally leveraging the broader international curiosity round AI itself as a social engineering lure. In current months, Microsoft Risk Intelligence has noticed a rising variety of campaigns that impersonate the branding of widespread AI platforms similar to ChatGPT, Microsoft Copilot, DeepSeek, and Anthropic’s Claude as lures. These campaigns, which don’t characterize compromise of providers, span phishing, malvertising, and search engine marketing (Web optimization)-driven assaults that finally result in credential theft, monetary fraud, or malware an infection.
Risk actors are fast to capitalize on extremely anticipated launches or rising traits, leveraging trusted branding and exploiting consumer curiosity to enhance the success charges of their campaigns. Regardless of the AI-themed lures, nevertheless, these campaigns mix longstanding ways, similar to urgency-driven messaging, abuse of trusted providers, and multi-stage redirection chains that require consumer interplay to evade detection.
Whereas conventional lures like invoices, cost notifications, or supply alerts stay efficient and proceed to be broadly used, AI-themed lures mirror a shift in social engineering that’s more likely to persist as a long-term tactic utilized by menace actors, from cybercriminal teams to nation states. Notably, Microsoft Risk Intelligence has noticed the preliminary entry dealer Storm-3075 using AI-themed malvertising to ship payloads, together with malware signed by the malware-signing-as-a-service (MSaaS) providing attributed to the financially motivated menace actor Fox Tempest, on behalf of a number of downstream actors.
This weblog particulars a number of of the campaigns noticed by Microsoft Risk Intelligence prior to now few months that used AI manufacturers and references as lures, and supplies steerage to assist customers and organizations detect, mitigate, and reply to those threats. Importantly, Microsoft believes that the exercise famous on this weblog is solely abuse of AI model names as lures, not reflecting a compromise of any referenced vendor. As menace actors scale their operations with AI, organizations ought to leverage AI-powered safety capabilities to reinforce visibility, automate detection, and speed up response throughout electronic mail, identification, and endpoint surfaces.
ChatGPT-themed lure results in phishing equipment gathering bank card knowledge
On Might 5, 2026, Microsoft detected a ChatGPT-themed phishing assault that delivered malicious URLs resulting in phishing pages that collected bank card and private info similar to names and addresses. This phishing exercise, which consisted of 4,500 emails despatched to targets in South Africa (97%), was a part of a broader marketing campaign utilizing related themes and infrastructure. We additionally noticed this marketing campaign delivering as a lot as 100,000 emails on a single day to targets in Switzerland, Austria, and South Africa affecting a broad vary of industries, together with increased training {and professional} providers.
The emails used the sender show identify ChatGPT and the topic “To make sure your ChatGPT Plus continues to work – please replace your cost technique”. The emails posed as an pressing request to replace the ChatGPT Plus subscription cost technique. They warned the recipient that if a brand new cost technique was not offered inside seven days, the account can be downgraded to a free plan. A ChatGPT emblem was prominently displayed on the prime of the e-mail physique.
The phishing electronic mail contained a clickable Replace cost technique button, which didn’t straight ship customers to the attacker-controlled web site. As a substitute, customers had been redirected by way of a sequence of reputable and abused redirector hops. This can be a frequent approach utilized by menace actors to use the status of trusted domains and bypass electronic mail filters, evade detection, and monitor sufferer engagement.
Targets had been first directed to grupoconstat[.]bitrix24[.]com[.]br (a reputable buyer relationship administration (CRM) service), which redirected to awstrack[.]me (an Amazon area used for monitoring electronic mail opens and clicks), which in flip redirected to a Rebrandly URL (a reputable however usually abused URL shortener service). Targets had been lastly despatched to a probable reputable however compromised area legendarytrendsbay[.]store the place the menace actor had positioned the phishing web page within the /ChatGPT/ folder.
The touchdown web page didn’t instantly show the phishing content material. It first required guests to move a customized CAPTCHA, which was a easy Replace cost button. In the event that they clicked this button, customers had been despatched to the following web page the place private info, together with first identify, final identify, and tackle was collected. The ultimate web page then collected the identify, bank card quantity, expiration date, and card verification code.
Claude-themed phishing marketing campaign collected credentials and entry tokens
From April 20 to 22, 2026, Microsoft noticed a phishing marketing campaign impersonating Anthropic-branded providers to focus on customers with account-related lures tied to the Claude AI platform. The marketing campaign despatched phishing emails to targets throughout greater than 2,000 organizations, primarily in america (62%), the UK (18%), and India (9%). Whereas this marketing campaign impacted a broad vary of industries, it was most notably targeted on info expertise (56%), different enterprise entities (21%), and monetary providers (8%).
The marketing campaign used enforcement-themed messaging claiming that the recipient’s account was in violation of acceptable use insurance policies and required instant motion. The emails impersonated Anthropic’s widespread AI service Claude utilizing the show names Anthropic Groups and Anthropic PBC, masquerading as reputable account-related communications. Topic traces adopted a constant construction of “Claude Attraction Request” mixed with date components.
The e-mail physique was delivered as HTML and included Anthropic and Claude branding. The message knowledgeable recipients that their account was violating “AUP (Account Utilization Coverage)” and that Anthropic had “initiated an attraction process”. The message instructed recipients to assessment the connected materials to entry their attraction and indicated that Claude options can be restricted pending assessment.
The e-mail attachment was a PDF named Fill and Signal Claude Attraction Type.pdf, which was designed to resemble an official course of tied to Claude account enforcement. The doc introduced an attraction workflow, prompting customers to repeat an attraction ID and click on the “Claude Attraction” hyperlink, which initiated the credential harvesting course of.
When clicked, the hyperlink embedded within the PDF directed customers to an attacker-controlled area, sprint.awaydouble[.]org. The preliminary touchdown web page displayed a Cloudflare verification immediate, introduced as confirming the consumer was arriving from a “reputable session”. This step doubtless served as a gating mechanism to impede automated evaluation and sandbox detonation.
Customers who accomplished the verification had been redirected to a different Claude-themed touchdown web page hosted on servicing.pureplantcravings[.]com. This web page was named “Account Attraction Discover” and contained “Account Safety & Compliance” message informing customers that their account had been flagged for repeated violations of utilization insurance policies. The web page offered a reference date and a one-time entry code, prompting customers to repeat the code and proceed.
Clicking “Proceed” redirected customers to the ultimate web page, which was not obtainable on the time of study. Supply code revealed conditional redirect logic that routed customers to certainly one of two closing touchdown pages, relying on whether or not the location was accessed by way of cell machine or a desktop system.
Whereas the ultimate redirect vacation spot was not lively on the time of study, infrastructure overlap, together with shared intermediate domains and constant redirect logic, strongly urged that customers had been finally introduced with a Microsoft sign-in expertise. This closing stage is in keeping with adversary-in-the-middle (AiTM) ways designed to intercept authentication tokens and facilitate account compromise.
“Superior AI Home windows Plugin” malvertising deploys Vidar stealer
Since at the very least early 2026, Microsoft Risk Intelligence has noticed malvertising campaigns that use AI-themed phrases similar to “Superior AI Home windows Plugin” and “Flux Professional AI” in social engineering lures in malicious popups, in malware executable names, and GitHub repository and folder names all through the assault chain. These campaigns are notable for his or her scale and velocity, shifting from launch to mass impression inside hours and infecting tens to tons of of hundreds of endpoints. The malware delivered in these campaigns is continuously code-signed, lending an extra layer of perceived belief to each the working system and the consumer.
Microsoft attributes this malvertising exercise to an preliminary entry dealer and malware distributor tracked as Storm-3075. We assess that Storm-3075 delivers closing payloads on behalf of a number of downstream actors. Whereas the instance marketing campaign described on this part delivered Vidar Stealer, we have now additionally noticed this marketing campaign distributing Lumma Stealer, Hijack Loader, and Oyster.
On March 13, 2026, a single marketing campaign run focused over 66,000 units. Microsoft has revoked the associated signing certificates and GitHub has taken down the related repository, serving to to stop tens of hundreds of extra infections. Given the character of the assault supply, majority of impacted units had been doubtless shopper fairly than enterprise endpoints. Telemetry confirmed international distribution, with the highest affected international locations being Japan, South Africa, america, and France.
Evaluation of the redirection chain decided that the assault doubtless originated from free film streaming websites. Infections on such websites sometimes start when customers work together with embedded film gamers or click on popups. Malvertising embedded in such websites can redirect customers to a variety of undesirable content material, together with malware. On this marketing campaign, customers had been redirected to a web page promoting a obtain for an “Superior AI Home windows plugin”, a fictitious product identify. The plugin purported to assist customers watch free, high-quality movies, a lure aligned with the context of customers already streaming free or pirated content material.
Clicking the obtain button retrieved an executable named ProFluxeFlowAi-win-Setup.exe, which the consumer then needed to manually launch. The file identify mimicked a reputable product with an identical identify, Flux Professional AI, which helps textual content, picture, and video creation. This lure strengthened the perceived legitimacy of the executable inside the streaming of free motion pictures context. The executable itself was hosted on GitHub in a repository named shippingtechnologymovie beneath a folder named AI-techVideos, each tailor-made to the AI video helper narrative.
The malware executable was signed with a fraudulently obtained Microsoft-issued code-signing certificates obtained by way of Artifact Signing (certificates thumbprint: 4f5c5b3ef45cfff7721754487a86aeff9a2e6e32). Microsoft attributes the signing service utilized by the menace actor to Fox Tempest, a financially motivated menace actor working a malware-signing-as-a-service (MSaaS) providing utilized by different menace actors. Microsoft has revoked over one thousand code signing certificates attributed to Fox Tempest. In Might 2026, Microsoft’s Digital Crimes Unit (DCU), in partnership with Resecurity, facilitated a disruption of Fox Tempest infrastructure and entry mannequin.
Signing malware by way of such a service is dear; nevertheless, for a menace actor focusing on tens or tons of of hundreds of infections, the associated fee might be justified by the extra stage of belief signed binaries indicate to each the working system and the consumer. Signed malware additionally tends to exhibit decrease detection charges early within the an infection lifecycle, extending the window of efficient distribution.
One other notable characteristic of the malware is that, instantly after launch, it shows a window with a “Proceed” checkmark and doesn’t proceed till the field is clicked. This further consumer interplay step is rare. We assess that this method is meant to cover the malicious performance from sandboxes and automatic evaluation environments that can’t dynamically carry out the press. Till the consumer clicks “Proceed,” the malware performs no suspicious exercise on the working system. This system is functionally analogous to the CAPTCHAs continuously seen in phishing assaults.
As soon as the consumer clicks “Proceed”, the executable drops and runs a malicious Python-based downloader. Each the Python interpreter and the downloader script are saved within the AppDataLocal folder as pythonw.exe and LICENSE.txt, respectively. The malicious script runs shellcode that masses the next-stage malware from the command-and-control (C2) area brokeapt[.]com. The ultimate payload noticed on this marketing campaign was Vidar infostealer.
Pretend DeepSeek V4 installers on GitHub delivered Vidar Stealer
In April 2026, Microsoft recognized a social engineering marketing campaignsocial-engineering marketing campaign that leveraged curiosity within the newly launched DeepSeek V4 by impersonating it by way of a fraudulent GitHub repository and group. The marketing campaign abused GitHub’s release-asset infrastructure to ship information-stealing malware similar to Vidar stealer. Engines like google elevated the publicity of the malicious repository, exacerbated by the truth that DeepSeek didn’t publish an official V4 repository on GitHub.
Our investigation exhibits the DeepSeek lure is one identification in a broader rotating brand-abuse ecosystem that recycles whichever AI software is trending right into a recent malware obtain expertise. After discovering this exercise, Microsoft shared the main points with GitHub, and GitHub has since taken down the malicious group, repository, and operator account.
On April 24, 2026, inside hours of DeepSeek formally previewing its new V4 frontier mannequin, a menace actor initiated the assault chain that may be summarized as:
- Useful resource growth on GitHub, all inside roughly 45 minutes: A brand new GitHub group (DeepSeek-V4), a single repository (deepseek-V4), and a launch tag (deepseek-V4). The repository was adorned with stolen DeepSeek branding, actual benchmark knowledge, and Web optimization-optimized subjects.
- Search-driven discovery: Customers discovered the repository by way of GitHub repository search, serps, social sharing, and AI-assisted search outcomes pointing to the lure web page. The repository’s llms.txt and subject taxonomy had been designed to be found by each classical serps and large-language-model-powered search; noticed top-rank outcomes on serps are in keeping with that design, although we didn’t observe paid promoting and subsequently don’t assess this as malvertising.
- Archive obtain from GitHub’s release-asset CDN: The discharge web page hosted two archives, deepseek-v4-pro_x64.7z and deepseek-v4-flash_x64.7z.
- Consumer extraction: Customers wanted to extract the executable from the archive utilizing frequent Home windows archive instruments.
- Payload execution: The archives contained a heavyweight Win32 PE that masqueraded because the DeepSeek installer. At the least one confirmed sufferer endpoint revealed the extracted payload landed at: C:Customers
DownloadsProgramsIA DeepSeek-V4deepseek-v4-flash_x64.exe . - Lively payload rotation: The menace actor actively rotated archive content material whereas preserving file names and the discharge web page. We noticed at the very least three distinct archive hash generations in three days.
Microsoft Defender telemetry noticed the primary sufferer obtain roughly 4 hours later. The menace actor’s operational tempo on April 24, 2026, is in keeping with a ready, rehearsed workflow. The repository was designed to be convincing at a look. It gathered 91 stars and 27 forks inside 4 days, although the proportion of natural versus inflated engagement isn’t independently confirmed. The attacker invested in a number of credibility-building components:
- Stolen branding: The repository’s README and property folder embedded the reputable DeepSeek whale emblem, copied from the actual deepseek-ai/DeepSeek-V2 repository.
- Actual benchmark knowledge as lure: The discharge notes displayed genuine DeepSeek V4 benchmark scores towards Claude Opus 4.6, GPT-5.4, and Gemini 3.1 Professional, copied from the official launch announcement.
- Motion-oriented Web optimization subjects: The repository was tagged with deepseek-v4, deepseek-v4-download, deepseek-v4-downloader, deepseek-v4-install, and deepseek-v4-installer, that are queries customers are anticipated to make use of when intent-shopping for an installer.
- LLM-aware discoverability: A top-level llms.txt file repeated the identical Web optimization copy in a format aimed toward AI-assisted serps.
On nearer inspection, the staging provides the operation away: the repository contained solely a README, LICENSE, llms.txt, and stub property/ and inference/ directories with no actual mannequin code; all 9 commits had been made in a single burst on April 24, 2026 by a single writer; the README claimed an MIT license whereas repository metadata specified Apache 2.0.
As soon as the lure was reside, serps elevated the publicity of the malicious repository. We examined the queries an consumer would naturally strive when on the lookout for DeepSeek V4 on GitHub or the open net. In a snapshot captured on April 28, 2026, the outcomes had been as follows (search outcomes are risky and will differ on the time of studying):
| Platform | Question | End result |
| GitHub | DeepSeek-V4 installer | 1 end result — the malicious repository (solely end result on GitHub) |
| GitHub | DeepSeek V4 set up | 1 end result — the malicious repository (solely end result on GitHub) |
| GitHub | DeepSeek V4 | The malicious repository ranked #2 of 169 outcomes |
| Bing | Deepseek v4 weights github | The malicious repository ranked #1, above the official Hugging Face web page |
| DeepSeek v4 weights github | The malicious repository and two of its forks occupied three of the highest 4 positions, together with a prime end result with wealthy sitelinks |
The 7z archives hosted on GitHub contained a loader executable similar to SHA-256: 5455341ed1bbe75a664fca2dd0794c508e1874f75360253a7ff5bc119bc92d80. The loader was noticed downloading and putting in Vidar stealer and probably extra malware.
Lastly, Microsoft noticed that the DeepSeek-themed payloads share infrastructure with a a lot bigger rotating fake-AI / fake-tool ecosystem. The identical shared loader hash (SHA-256 5455341…) appeared beneath file names impersonating GPT-5.5, Claude Code, Kimi, Seedance, Gemma, GrokCLI, Manus AI, FraudGPT, and others (see desk under). Public analysis from Development Micro, Zscaler ThreatLabz, and Huntress describe the identical broader ecosystem, with TradeAI.exe, OpenClaw_x64.7z, WormGPT_x64.7z, and DeepSeekAI_agent_x64.7z showing as sibling lures and the downstream payload set documented as Vidar plus GhostSocks.
| Lure identify | Pretend GitHub group (noticed or sibling sample) |
| deepseek-v4-pro_x64.exe, deepseek-v4-flash_x64.exe | DeepSeek-V4 |
| Manus_AI_Desktop_x64.exe | ManusAI-agent |
| seedance_x64.exe | bytedance-seedance |
| gpt-5.5-Pro_x64.exe, gpt-5.5-Thinking_x64.exe | Numerous burner organizations |
| Kimi-Swarm-Station_x64.exe | Numerous burner organizations |
| fraudGPT_x64.exe | Numerous burner organizations |
| GrokCLI_x64.exe, gemma-4-omni_x64.exe, LTX-2.3_x64.exe | Numerous burner organizations |
Mitigation and safety steerage
To defend towards social engineering campaigns that leverage AI manufacturers as lures, Microsoft recommends the next mitigation measures:
- Configure computerized assault disruption in Microsoft Defender XDR. Automated assault disruption is designed to comprise assaults in progress, restrict the impression on a corporation’s property, and supply extra time for safety groups to remediate the assault absolutely.
- Implement multifactor authentication (MFA) on all accounts, take away customers excluded from MFA, and strictly require MFA from all units in all places always.
- Use the Microsoft Authenticator app for passkeys and MFA, and complement MFA with conditional entry insurance policies, the place sign-in requests are evaluated utilizing extra identity-driven indicators.
- Conditional entry insurance policies can be scoped to strengthen privileged accounts with phishing resistant MFA.
- Allow Zero-hour auto purge (ZAP) in Workplace 365 to quarantine despatched mail in response to newly acquired menace intelligence and retroactively neutralize malicious phishing, spam, or malware messages which have already been delivered to mailboxes.
- Configure Microsoft Defender for Workplace 365 Protected Hyperlinks to recheck hyperlinks on click on. Protected Hyperlinks supplies URL scanning and rewriting of inbound electronic mail messages in mail movement and time-of-click verification of URLs and hyperlinks in electronic mail messages, different Microsoft Workplace purposes similar to Groups, and different places similar to SharePoint On-line. Protected Hyperlinks scanning happens along with the common anti-spam and anti-malware safety in inbound electronic mail messages in Microsoft Trade On-line Safety (EOP). Protected Hyperlinks scanning might help shield your group from malicious hyperlinks which can be utilized in phishing and different assaults.
- Spend money on superior anti-phishing options that monitor and scan incoming emails and visited web sites. For instance, organizations can leverage net browsers like Microsoft Edge that mechanically establish and block malicious web sites, together with these used on this phishing marketing campaign, and options that detect and block malicious emails, hyperlinks, and recordsdata.
- Encourage customers to make use of Microsoft Edge and different net browsers that assist Microsoft Defender SmartScreen, which identifies and blocks malicious web sites, together with phishing websites, rip-off websites, and websites that host malware.
- Allow community safety to stop purposes or customers from accessing malicious domains and different malicious content material on the web.
Microsoft Defender detections
Microsoft Defender prospects can consult with the listing of relevant detections under. Microsoft Defender coordinates detection, prevention, investigation, and response throughout endpoints, identities, electronic mail, apps to offer built-in safety towards assaults just like the menace mentioned on this weblog.
| Tactic | Noticed exercise | Microsoft Defender protection |
| Preliminary entry | Phishing emails | Microsoft Defender for Workplace 365 – A probably malicious URL click on was detected – E-mail messages containing malicious URL eliminated after supply – E-mail messages eliminated after supply – A consumer clicked by way of to a probably malicious URL – Suspicious electronic mail sending patterns detected E-mail reported by consumer as malware or phish |
| Persistence | Risk actors distribute malware Risk actors register with stolen legitimate entities | Microsoft Defender for Antivirus – Trojan:Win32/Vidar – Trojan:Win32/Malgent – Trojan:Win32/Malcert Microsoft Defender for Endpoint Microsoft Entra ID Safety Microsoft Defender for Cloud Apps |
Microsoft Safety Copilot
Microsoft Safety Copilot is embedded in Microsoft Defender and supplies safety groups with AI-powered capabilities to summarize incidents, analyze recordsdata and scripts, summarize identities, use guided responses, and generate machine summaries, searching queries, and incident experiences.
Prospects can even deploy AI brokers, together with the next Microsoft Safety Copilot brokers, to carry out safety duties effectively:
Safety Copilot can be obtainable as a standalone expertise the place prospects can carry out particular security-related duties, similar to incident investigation, consumer evaluation, and vulnerability impression evaluation. As well as, Safety Copilot affords developer eventualities that permit prospects to construct, take a look at, publish, and combine AI brokers and plugins to satisfy distinctive safety wants.
Risk intelligence experiences
Microsoft Defender XDR prospects can use the next menace analytics experiences within the Defender portal (requires license for at the very least one Defender XDR product) to get probably the most up-to-date details about the menace actor, malicious exercise, and methods mentioned on this weblog. These experiences present the intelligence, safety info, and really helpful actions to stop, mitigate, or reply to related threats present in buyer environments.
Microsoft Safety Copilot prospects can even use the Microsoft Safety Copilot integration in Microsoft Defender Risk Intelligence, both within the Safety Copilot standalone portal or within the embedded expertise within the Microsoft Defender portal to get extra details about this menace actor.
Indicators of compromise
| Indicator | Sort | Description | First seen | Final seen |
| 791efb555eefb7215e96659a1353a97416743b66bdd72705493129c64057d40e | SHA-256 | File hash for attachment Fill and Signal Claude Attraction Type.pdf | 2026-04-20 | 2026-04-20 |
| hxxp://sprint.awaydouble[.]org/0v2auth | URL | URL contained in the PDF attachment | 2026-04-20 | 2026-04-20 |
| hxxps://github[.]com/shippingtechnologymovie/AI-techVideos/releases/obtain/13123/ProFluxeFlowAi-win-Setup.exe | URL | Fraudulent GitHub repository (taken down) internet hosting malware executable | 2026-03-13 | 2026-03-14 |
| c7c5072df9f83f4c440a5c3bb4be1d5f6c67bbf78f196406ca20d27b43b975b8 | SHA-256 | File hash for ProFluxeFlowAi-win-Setup.exe | 2026-03-13 | 2026-03-14 |
| 4f5c5b3ef45cfff7721754487a86aeff9a2e6e32 | SignerSha-1 | Certificates | 2026-03-13 | 2026-03-14 |
| brokeapt[.]com | Area | Attacker-controlled C2 area for Python loader | 2026-03-10 | 2026-05-20 |
| pan.ssffaa19[.]xyz | Area | Vidar C2 | 2026-03-13 | 2026-03-14 |
| pan.rongtv[.]xyz | Area | Vidar C2 | 2026-03-13 | 2026-03-14 |
| hxxps://github[.]com/DeepSeek-V4/deepseek-V4/releases/obtain/deepseek-V4/deepseek-v4-pro_x64.7z | URL | Fraudulent GitHub repository (taken down) internet hosting malware executable | 2026-04-24 | 2026-04-28 |
| 0a26238f6c516de5885457c93042531aa59bc206a9537cebf5267cedc6c68531 | SHA-256 | deepseek-v4-pro_x64.7z (v1) | 2026-04-24 | 2026-05-18 |
| 8610d4fb0ec5b525071c2aaec4df0f8fcbb3673aba58a7e1959fc44e83c0e2ca | SHA-256 | deepseek-v4-flash_x64.7z (v1) | 2026-04-24 | 2026-04-28 |
| 99231deb373997364381d1eb513d2d42231d418c3a2db9007c5af9bd56ab9371 | SHA-256 | deepseek-v4-flash_x64.7z (v2) | 2026-04-26 | 2026-04-28 |
| 25270cc429ada8028b5b33220ed412c47907ecceea7377d608fac5af01bed56a | SHA-256 | deepseek-v4-pro_x64.7z (v2) | 2026-04-26 | 2026-04-28 |
| 56d722b0331bf0aaa86bb37483486c6dff6ad9427fc473ed7c3226c21a9bdd23 | SHA-256 | DeepSeek-specific extracted PE (deepseek-v4-pro_x64.exe, deepseek-v4-flash_x64.exe, VectorEngine.exe) | 2026-04-26 | 2026-04-28 |
| 5455341ed1bbe75a664fca2dd0794c508e1874f75360253a7ff5bc119bc92d80 | SHA-256 | Shared loader, noticed beneath a number of AI-brand lure names | 2026-04-12 | 2026-05-21 |
Be taught extra
For the newest safety analysis from the Microsoft Risk Intelligence group, take a look at the Microsoft Risk Intelligence Weblog.
To get notified about new publications and to affix discussions on social media, comply with us on LinkedIn, X (previously Twitter), and Bluesky.
To listen to tales and insights from the Microsoft Risk Intelligence group in regards to the ever-evolving menace panorama, take heed to the Microsoft Risk Intelligence podcast.
