North Korean state-sponsored cyber actor, TA406, is carrying out phishing attacks and credential-stealing operations against Ukrainian government entities to gather intelligence on the Russian invasion, according to Proofpoint. The group’s tactics involve deploying emails impersonating staff from non-existent organizations and directing recipients to download malicious files. Some of the data collected includes system information and antivirus software details.
Microsoft Defender Vulnerability Allows Attackers to Elevate Privileges
A newly revealed flaw in Microsoft Defender for Endpoint (CVE-2025-26684) allows local attackers to escalate privileges to SYSTEM level, gaining complete control of affected systems.
