Threat Actors Use AI Agents and Cursor IDE to Automate Active Directory Attacks and Beat EDR
Sophos has uncovered a Russian-speaking threat actor using AI-assisted tools, Cobalt Strike, and a purpose-built automated lab to develop EDR bypass malware targeting Active Directory environments — with...
CVE-2026-41089: Windows Netlogon 0-Click RCE Now Actively Exploited — Patch Domain Controllers Immediately
Microsoft’s May 2026 Patch Tuesday addressed CVE-2026-41089, a critical Windows Netlogon 0-click RCE — now actively exploited in the wild. Domain controllers running unpatched Windows Server face complete...
Hackers Exploit End-of-Life F5 BIG-IP as Enterprise Entry Point, Pivoting to Active Directory via Confluence RCE
Microsoft Defender researchers document a multi-stage intrusion where threat actors exploited an end-of-life F5 BIG-IP appliance to gain SSH access, then pivoted through an unpatched Confluence server to...
Microsoft Confirms Windows Server 2025 Domain Controllers Enter Reboot Loops After April 2026 Patch
Microsoft has confirmed that the April 2026 cumulative update KB5082063 causes Windows Server 2025 domain controllers to enter reboot loops, with some systems also failing to install the...