Microsoft Ecosystem

Minimalist white line art on cobalt blue showing a shield containing a certificate-ribbon icon mistakenly marked with a red X, alongside a circular restoration arrow.

Vulnerabilities

Defender Quarantined DigiCert Roots Worldwide — Here's the Fix

A Defender signature update flagged DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha and quarantined them worldwide. Microsoft fixed it in 1.449.430.0. The underlying DigiCert breach is the bigger story.

04 May 2026

Cobalt blue background with a central white cloud icon linked by thin lines to a key, a sign-in window, a document folder, and a target reticle. Red-orange dots mark each focal point.

Threat Intelligence

ConsentFix v3 Runs on Cloudflare, Dropbox, and ZoomInfo

The OAuth phishing kit is plumbed end-to-end through legitimate SaaS, which is exactly the point.

03 May 2026

Vulnerabilities

CISA Adds ConnectWise ScreenConnect and Windows Shell Flaws to Known Exploited Vulnerabilities Catalog

CISA confirmed active exploitation of two vulnerabilities — a ConnectWise ScreenConnect path traversal flaw linked to Medusa ransomware and a Microsoft Windows Shell spoofing bug attributed to Russian APT28 — adding both to its Known Exploited Vulnerabilities catalog with a federal patching deadline of May 12, 2026. WASHINGTON, D.C. — The Cybersecurity

29 Apr 2026

Minimalist vector on Charcoal Grey: A white gavel icon overlaid with a red digital network map representing the U.S. and Italy connection.

Trending

Chinese Silk-Typhoon-Linked Hacker Extradited to U.S. Over COVID-19 Research Theft and Microsoft Exchange Attacks

A Chinese state-linked contract hacker, Xu Zewei, has been extradited from Italy to the United States and charged for his alleged role in the Silk-Typhoon (Hafnium) campaigns that targeted U.S. universities conducting COVID-19 vaccine research and later thousands of Microsoft Exchange email servers worldwide. WASHINGTON, D.C. — In a

28 Apr 2026

A white key icon with a red warning triangle inside the handle.

Vulnerabilities

Microsoft Patches Critical Entra ID Role Flaw That Enabled Service-Principal Takeover

Microsoft has patched a serious Entra ID (Azure AD) misconfiguration that exposed an “agent-only” role for Microsoft Graph PowerShell that was not properly restricted to Microsoft’s own internal agents. Attackers who obtained secrets for a service-principal-linked app registration could exploit this role to escalate privileges and pivot to long-term

28 Apr 2026

Minimalist white line art on slate gray showing a split chat bubble with geometric lines leading to a compromised network node, symbolizing deceptive help desk dialogue in Teams.

Microsoft Ecosystem

UNC6692 Impersonates IT Help Desk via Microsoft Teams to Deploy Snow Malware

A newly-tracked threat cluster, UNC6692, is using social-engineering-driven Teams-chats to pose as IT support, tricking employees into installing a custom modular malware toolkit called SNOW. The attack signals a shift from pure-email-phishing to "chat-based intrusion." MOUNTAIN VIEW, CALIFORNIA — A sophisticated new threat cluster, identified by the Google Threat

26 Apr 2026

A Windows server rack in an infinite reboot loop being fixed by a purple wrench.

Microsoft Ecosystem

Microsoft Issues Emergency "Fix for the Fix" to Halt Windows Server Reboot Loops

An out-of-band update arrives days after the April Patch Tuesday release triggered critical LSASS crashes and BitLocker recovery prompts across enterprise domain controllers. REDMOND, WA — Microsoft has released a series of emergency out-of-band (OOB) updates to address a cascade of failures introduced by its April 2026 "Patch Tuesday"

20 Apr 2026

A Microsoft Teams chat bubble with a fake helpdesk badge on a blue background.

Microsoft Ecosystem

Microsoft Warns of Sharp Rise in Teams-Based Helpdesk Impersonation Campaigns

A new human-operated intrusion playbook leverages cross-tenant communication to bypass traditional email security, targeting high-privilege credentials through "Helpdesk" deception. REDMOND, WA — Microsoft Threat Intelligence has issued a critical warning regarding a sophisticated surge in "Helpdesk Impersonation" attacks conducted via Microsoft Teams. The campaign, which targets enterprise

20 Apr 2026

A cracked shield on a gray background, representing the Microsoft Defender zero-day leaks.

Vulnerabilities

Defending the Defender: Three Microsoft Zero-Days Leaked and Exploited in the Wild

A disgruntled security researcher has publicly released proof-of-concept code for three critical vulnerabilities in Microsoft Defender, leaving over a billion users exposed as two flaws remain unpatched. REDMOND, WA — The global cybersecurity community is on high alert following the unauthorized leak and subsequent exploitation of three zero-day vulnerabilities within Microsoft

18 Apr 2026

Microsoft Zero Day Quest 2026 awards $2.3 million for record-breaking vulnerability research.

Microsoft Ecosystem

Microsoft Awards $2.3 Million Following Record-Breaking ‘Zero Day Quest’ 2026

The inaugural live hacking event at Microsoft’s Redmond campus resulted in the discovery of nearly 700 vulnerabilities, including over 80 high-impact flaws in Cloud and AI infrastructure. REDMOND, WA — Microsoft has officially concluded its "Zero Day Quest" 2026, awarding a total of $2.3 million to security

15 Apr 2026

A magnifying glass focusing on a red bug icon, representing the CISA KEV update.

Vulnerabilities

CISA Expands KEV Catalog with Seven Actively Exploited Flaws Across Microsoft, Adobe, and Fortinet

The addition of both legacy vulnerabilities and 2026 zero-days signals a "two-front war" for defenders: securing modern cloud-facing infrastructure while purging decade-old exploits still being used in the wild. WASHINGTON, D.C. — The Cybersecurity and Infrastructure Security Agency (CISA) has added seven new vulnerabilities to its Known Exploited

14 Apr 2026