A critical vulnerability in Microsoft Defender for Identity (CVE-2025-26685) allows unauthenticated attackers to escalate privileges and access Active Directory by exploiting the Lateral Movement Paths feature in MDI sensors. Attackers can capture authentication credentials via a downgraded authentication process, enabling significant reconnaissance and privilege escalation. Mitigations include migrating to unified XDR sensors and monitoring authentication events for anomalies.
Threat Actors Attacking Cryptocurrency and Blockchain Developers with Weaponized npm and PyPI Packages
The cryptocurrency and blockchain ecosystem faces a surge in sophisticated malware targeting open-source supply chains, with 75% of malicious packages found on npm. Attackers exploit
