Vergleich von 27. April 2026 mit dem Vortag 20. April 2026.
Describes an active campaign using help desk impersonation via Teams to deploy SNOW malware, with detailed TTPs including LSASS extraction, Pass-The-Hash, and lateral movement to domain controllers.
Microsoft is rolling out passkey support for Entra ID on Windows, enhancing phishing resistance for the company's authentication infrastructure.
Describes a new privilege escalation technique in Windows RPC that could allow attackers to gain SYSTEM privileges on fully patched systems, increasing risk of lateral movement and domain compromise.
This alert describes a novel social engineering technique using Microsoft Teams to bypass MFA and gain initial access, which is directly applicable to the company's tech stack.
Keine Änderungen in dieser Kategorie.
Keine Änderungen in dieser Kategorie.
Multiple zero-days (BlueHammer, RedSun, UnDefend) in Microsoft Defender are being actively exploited, requiring immediate patching.
The vulnerability can be triggered by an unprivileged user via the keyrings API, enabling local privilege escalation.
Describes active exploitation of multiple unpatched Windows zero-days (RedSun, UnDefend, BlueHammer) in the wild, indicating immediate risk beyond a standard patch advisory.
Describes an active attack campaign exploiting zero-day vulnerabilities in Windows systems, indicating immediate defensive action is required.
Describes an active campaign where attackers are specifically abusing external Teams access for helpdesk impersonation, a novel social engineering vector.
Highlights emergency, out-of-band updates to resolve critical stability or security issues introduced by a recent patch cycle.
Provides insight into the TTPs of a threat actor using SystemBC malware for C2 and lateral movement within a Windows domain environment.