It’s go time. ⏰
Submit your BlueHat Redmond CFP by midnight PT tonight.
06.03.2026 17:10
👍 0
🔁 0
💬 0
📌 0
It’s go time. ⏰
Submit your BlueHat Redmond CFP by midnight PT tonight.
Phishing‑as‑a‑service continues to lower the bar for attackers. New analysis from Microsoft Threat Intelligence breaks down Tycoon2FA, its AiTM capabilities, and how Microsoft, working with partners, disrupted the service, along with recommended detection and defense actions.
Zhiniang Peng, Microsoft MVR and Zero Day Quest qualifier
Security research never stops. Meet Zhiniang Peng, Microsoft MVR and two‑time Zero Day Quest Qualifier, whose persistence and curiosity continue to push security research forward.
👉 Read his story on the MSRC blog: www.microsoft.com/en-us/msrc/b...
⏰ Just 3 days left to submit to the BlueHat Redmond CFP!
Don’t miss the chance to share your work with the security community. Submit your abstract: aka.ms/BH26CFP
#BlueHat
Still thinking about submitting to BlueHat Redmond? We're opening a final Call for Papers submission windows through Friday, March 6.
Submit your abstract here: aka.ms/BH26CFP
🚨 Last call 🚨
The BlueHat Call for Papers closes Feb 28.
If you have original security research, hard won lessons, or insights the community can learn from, now’s the time to submit.
Submit before the CFP closes tomorrow: aka.ms/BH26CFP
Only 4 more days to submit your BlueHat Redmond CFP. We can’t wait to see what you share with the community.
Submit your paper by February 28, 2026: aka.ms/BH26CFP
Only 5 more days to submit your BlueHat Redmond CFP.
We can’t wait to see what you share with the community.
#BlueHat
Felix (security researcher) artwork
Every security researcher starts somewhere. For Felix, it began with arcades and led all the way to Azure.
Now a Microsoft MVR and Zero Day Quest qualifier, Felix shares the persistence and mindset that shaped his path into security research in our latest blog: msft.it/63323Qn7BN
Inspired to share your own research? The BlueHat Redmond Call for Papers is open through February 28. Submit your talk: aka.ms/BH26CFP
From Microsoft Purview and integration runtimes to Azure Synapse and Data Factory, this talk highlights how shared compute, connector design, and fragile mitigations can quietly create powerful attack paths.
Watch the full talk on YouTube: www.youtube.com/watch?v=cYCj...
What does cross-tenant RCE at scale actually look like in the cloud?
In this BlueHat Asia talk, Microsoft MVR Tzah Pahima walks through real-world research into Azure shared infrastructure, from an initial signal to cross tenant remote code execution (and a very real “getting caught” moment).
🎉 BlueHat Redmond registration is officially open! 🎉
We’re excited to welcome the security community back to Microsoft’s Redmond campus for BlueHat 2026, taking place May 5–6, 2026. Don’t miss your chance to connect, learn, and share with the community.
➡️Register now: aka.ms/bluehatreg
Mark previously delivered a keynote at BlueHat 2023, and we’re excited to welcome him back.
A frequent speaker at Microsoft Ignite, Microsoft Build, and RSA Conference, Mark is also the author of Windows Internals, Troubleshooting with the Sysinternals Tools, and the cyber‑thriller novels Zero Day, Trojan Horse, and Rogue Code.
Mark is CTO, Deputy CISO, and Technical Fellow for Microsoft Azure. A widely recognized expert in distributed systems, operating systems, and cybersecurity, Mark holds a Ph.D. in computer engineering from Carnegie Mellon University and co‑founded Winternals Software before joining Microsoft in 2006.
We’re excited to announce @markrussinovich.bsky.social as a keynote speaker at BlueHat Redmond, from May 5-6, 2026.
Mark is CTO, Deputy CISO, and Technical Fellow for Microsoft Azure. A widely recognized expert in distributed systems, operating systems, and cybersecurity, Mark holds a Ph.D. in computer engineering from Carnegie Mellon University and co‑founded Winternals Software before joining Microsoft in 2006.
Got some downtime this weekend?
It’s the perfect time to submit your talk to BlueHat Redmond. The Call for Papers is open now. No paper required, just a great idea and a detailed abstract.
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...
Submit your abstract here: aka.ms/BH26CFP
Fixing the script: Journey to reduce XSS exposure
XSS persists not because it’s misunderstood, but because mitigations often miss where execution actually happens. In this post, we share what’s proven effective in practice, why common fixes fail, and how to move toward sustainable XSS defense: www.microsoft.com/en-us/msrc/b...
Patch Tuesday February 2026
Security updates for February 2026 are now available. Details are here: msft.it/6018SZEg0
#PatchTuesday #SecurityUpdateGuide
The evolution of the Microsoft security researcher leaderboard
We’re evolving how researcher impact is recognized. Beginning with the July 2026 MVR leaderboard, rankings will reflect bounty award amounts, and all valid reports will be acknowledged with honorable mentions. Details: www.microsoft.com/en-us/msrc/b...
CI/CD pipelines are a high‑value target. At BlueHat Asia, Harish Poornachander breaks down how real‑world DevSecOps missteps lead to pipeline poisoning, secret exfiltration, and privilege escalation and how to stop them.
Watch the talk on YouTube: www.youtube.com/watch?v=eZhk...
In her BlueHat Asia keynote, Dr. Abhilasha Bhargav-Spantzel shared a grounded take on AI-era security. She focused on building systems that hold up under pressure without leading from fear, and on the importance of strong architecture, trust, and accountability: www.youtube.com/watch?v=IVN-...
Wouter wtm
You don’t pick the bugs. The bugs pick you.”
Meet Wouter, Microsoft MVR and Zero Day Quest 2026 qualifier, and read his security research journey: www.microsoft.com/en-us/msrc/b...
#ZeroDayQuest
Kicking off the Call for Papers for BlueHat Redmond ⚽️
BlueHat brings together security researchers and responders to exchange ideas, experiences, and best practices.
Bring your best ideas, because security is a team sport.
Submit your paper by February 28, 2026: aka.ms/BH26CFP
Save the date. Score a spot at BlueHat Redmond ⚽️
BlueHat Redmond is back and takes place May 5–6, 2026. Watch this space for details as we get closer to kickoff.
January 2026 Patch Tuesday
Security updates for January 2026 are now available. Details are here: msft.it/6018SZEg0
#PatchTuesday #SecurityUpdateGuide
MSRC Q4 2025 leaderboard 🥇Vaisha Bernard of Eye Security (https://msft.it/6013tFEZt) 🥈Lakshmi Vignesh S 🥉Anonymous 4. Shrinivasan Sekar 5. Matthew Jensen 6. P1hcn 7. Jianyang Song 8. wh1tc@Kunlun lab& devoke & Zhiniang Peng with HUST 9. Anonymous 10. Boolgombear
Congratulations to all the researchers recognized in this quarter’s MSRC 2025 Q4 Security Researcher Leaderboard! Thanks to all the researchers who partnered with us for your hard work and continued dedication to securing our customers.
Learn more in our blog post: msft.it/6012tFEZs
