Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202
This alert confirms active exploitation beyond patch availability, indicating real-world attacks targeting Windows systems, likely including credential theft via NTLM relay.
Comparing 28 April 2026 with the previous day 21 April 2026.
This alert confirms active exploitation beyond patch availability, indicating real-world attacks targeting Windows systems, likely including credential theft via NTLM relay.
Describes a new ransomware variant that can accidentally act as a wiper, posing a dual threat of data encryption and destruction.
The vulnerability in Entra ID could allow attackers to compromise multiple Microsoft services, posing a severe risk to the company's entire Microsoft 365 and Azure AD environment.
This alert confirms a critical-risk vulnerability in Entra ID has been patched, but provides no details on active exploitation or specific attack campaigns.
This alert describes an active ransomware campaign that irreversibly destroys files over 131KB, posing a severe data loss risk beyond typical encryption.
This alert describes a newly discovered privilege escalation path via the Agent ID Administrator role in Entra ID, which could allow attackers to take over service principals, going beyond a simple patch reminder.
No changes in this category.
No changes in this category.
Describes an active ransomware campaign using a SystemBC botnet for command and control, indicating a shift to more resilient, bot-powered attacks against corporate networks.