CTI Status
Stand:
Letzter Pipeline-Run:
This alert confirms active exploitation beyond patch availability, indicating real-world attacks targeting Windows systems, likely including credential theft via NTLM relay.
Describes a new ransomware variant that can accidentally act as a wiper, posing a dual threat of data encryption and destruction.
The vulnerability in Entra ID could allow attackers to compromise multiple Microsoft services, posing a severe risk to the company's entire Microsoft 365 and Azure AD environment.
This alert confirms a critical-risk vulnerability in Entra ID has been patched, but provides no details on active exploitation or specific attack campaigns.
This alert describes an active ransomware campaign that irreversibly destroys files over 131KB, posing a severe data loss risk beyond typical encryption.
This alert describes a newly discovered privilege escalation path via the Agent ID Administrator role in Entra ID, which could allow attackers to take over service principals, going beyond a simple patch reminder.