Threat Detection
The latest Threat Detection coverage — news, analysis, and updates from the WindowsNews.AI desk.
Vectra AI CEO: Why Network Telemetry Is the Missing Data Layer in Windows Threat Detection
Vectra AI President and CEO Hitesh Sheth has put network telemetry back at the center of the Windows security conversation. In a July 2026 interview with BankInfoSecurity, he argued that network data...
DragonForce Ransomware Hides C2 in Microsoft Teams Relays — Here’s How Windows Admins Can Fight Back
A brazen ransomware attack against a major U.S. services company in December 2025 has revealed a sophisticated new evasion technique: attackers hid their command-and-control (C2) infrastructure...
AI-Assisted Threat Actor Built EDR Evasion Tool in Days with Cursor, Claude
Sophos X-Ops researchers have uncovered a bold new chapter in cybercriminal innovation: threat actors turning to AI-assisted development environments to accelerate the creation of endpoint detection...
CVE-2026-35388 Analysis: Microsoft's Conditional Exploit Warning Reveals Complex Security Landscape
Microsoft's security advisory for CVE-2026-35388 contains unusual language that security researchers are calling a "strong hint" about the vulnerability's complexity. The company explicitly states...
Exabeam Expands UEBA to Monitor AI Assistants Like ChatGPT and Copilot for Insider Threats
Exabeam has extended its User and Entity Behavior Analytics (UEBA) platform to monitor AI assistants including ChatGPT and Microsoft Copilot, treating these tools as potential insider threat vectors...
Exabeam's Agent Behavior Analytics Now Monitors ChatGPT and Copilot AI Interactions
Exabeam has expanded its Agent Behavior Analytics platform to include monitoring for ChatGPT and Microsoft Copilot interactions, signaling a major shift in how enterprises approach AI security. The...
Microsoft Exposes Cookie-Based PHP Webshells Targeting Linux Hosting Environments
Microsoft's security researchers have uncovered a sophisticated persistence technique where threat actors hide PHP webshell control mechanisms within HTTP cookies. This method allows attackers to...
Microsoft Hardens RDP Security: NLA Enforcement and WASM Tools Combat Sticky Keys Backdoors
Microsoft has implemented significant security enhancements to Remote Desktop Protocol (RDP) in recent Windows updates, addressing critical vulnerabilities that have made RDP one of the most...
Microsoft's Agentic SOC: How Defender XDR and Experts Suite Unite Against Modern Threats
Microsoft is fundamentally reshaping enterprise security operations with its emerging \"Agentic SOC\" concept, which represents a strategic fusion of autonomous defense systems and expert-led human...
Copilot Studio Agent Security: Top 10 Misconfigurations and Essential Defenses
Microsoft's recent security guidance for Copilot Studio agents represents a critical turning point in enterprise AI adoption—a wake-up call that comes with a practical roadmap for organizations...
Windows 11 Build 26300 Brings Sysmon Integration and Explorer Fixes
Microsoft has released Windows 11 Insider Preview Build 26300 to the Canary Channel, introducing a significant security enhancement with the native integration of Sysmon (System Monitor) alongside...
Microsoft's Runtime Protection for AI Agents: Webhook Guardrails Explained
Microsoft's introduction of runtime protection for AI agents represents a fundamental shift in how enterprises secure their artificial intelligence deployments. While traditional security models have...