![[FORECAST] CoPhish: The Microsoft Copilot Link That Hands Over Your OAuth Tokens](/content/images/size/w600/2026/01/z-1.png)
forecasts
[FORECAST] CoPhish: The Microsoft Copilot Link That Hands Over Your OAuth Tokens
Will at least one publicly disclosed enterprise breach be confirmed where attackers used a Microsoft Copilot Studio..
microsoft
weekly
SIGNALS WEEKLY: Keys & Gates — Windows kernel EoP; Cisco RA VPN reloads
Keys. Gates. Windows. Actively exploited Win kernel EoP ✅ (CVE-2025-62215). Cisco RA-VPN bugs can reload unpatched edges. LANDFALL used Samsung’s image bug (CVE-2025-21042). Which breaks first in your shop?
weekly
Signals Weekly: Active WSUS Exploits and Ransomware Shifts
WSUS RCE is live—patch OOB now + watch 8530/8531. Payments fell to 23% in Q3 as crews pivot to insider bribes; Qilin doubles down on ESXi + EDR tamper.
storm-2603
Storm-2603: SharePoint Zero-Day Exploitation and Warlock Ransomware—A Hybrid Financial and Espionage Threat
Storm-2603 is a China-based, financially motivated threat actor first identified in early 2025, responsible for a global campaign exploiting critical Microsoft SharePoint zero-day vulnerabilities (CVE-2025-53770, CVE-2025-49706, CVE-2025-49704).
edr
AI-Driven EDR Showdown: Comparative Analysis and Strategic Forecast for US Enterprises in 2026
This analysis delivers a comprehensive, data-driven comparison of the top five Endpoint Detection and Response (EDR) platforms in the US market for 2026: CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne Singularity, Palo Alto Cortex XDR, and Bitdefender GravityZone.
vulns
Exploiting Zero-Days: APT34, APT28, and APT29 in Focus
Microsoft's January 2025 Patch Tuesday release addressed 159 vulnerabilities, including eight zero-day vulnerabilities, with three actively exploited in the wild.