Active exploitation of an unpatched Microsoft Exchange zero-day without available patch indicates coordinated nation-state or APT campaign and requires immediate mitigation measures for affected production environments.
A security vulnerability in Microsoft Authenticator allows attackers to hijack user accounts and steal sensitive data,directly relevant for organisations relying on Entra ID and MFA-based authentication like Joel Traber AG.
Fox Tempest operation exposes state-sponsored malware-signing infrastructure used to bypass security controls and deploy ransomware,critical threat to Windows-based manufacturing environments.
Storm-2949 demonstrates how attackers leverage compromised identities for lateral movement across cloud-wide systems,a critical risk for organizations dependent on Microsoft 365 and Entra ID, especially in the DACH region facing elevated APT pressure.
The attack bypasses MFA not through technical vulnerabilities, but via social engineering of fake device-login prompts that trick users into OAuth consent, exfiltrating tokens , a paradigm shift from technical to social attack patterns.
Attackers abuse Self-Service Password Reset as an entry point into Azure environments to compromise admin accounts and exfiltrate sensitive data,a tactic particularly effective against organizations with weak multi-factor authentication controls.