Remote access infrastructure
CriticalIvanti VPN appliances under active exploitation
Patch Ivanti appliances immediately, restrict external management access, and hunt for web shell indicators.
Reference documentationActive exploitation alerts
Exploitation activity watchlist
High-signal exploitation patterns that should drive patching, logging, and incident triage.
Cloud identity and enterprise email
HighCredential phishing campaigns targeting Microsoft 365 tenants
Enforce phishing-resistant MFA, revoke suspicious sessions, and review risky sign-ins and OAuth app consent grants.
Reference documentationWindows servers and enterprise endpoints
HighRansomware affiliates exploiting exposed RDP services
Disable public RDP exposure, enforce VPN-only access, enable account lockout policies, and monitor brute-force activity.
Reference documentationPerimeter security appliances
CriticalActive exploitation of edge firewall and gateway devices
Patch internet-facing devices, review administrative logins, rotate credentials, and validate firmware integrity.
Reference documentationCorporate workstations and user credentials
HighInfostealer malware campaigns targeting browser credentials
Reset compromised credentials, enable endpoint detection, monitor browser credential theft alerts, and enforce MFA.
Reference documentation