New hunting query helps identify the actual user who reported a phishing message when recipients and actors differ in delegate or shared mailbox scenarios. Read More →
New PowerShell assessment tool identifies migration blockers for Sentinel-to-Defender portal transitions. Read More →
Two new hunting queries detect Teams phishing campaigns that lure victims into launching remote access tools, addressing the Storm-1811 / Black Basta cross-tenant attack pattern. Read More →
New SAP playbook enables automated user blocking via Teams adaptive cards with enhanced support for complex multi-alert incidents from Microsoft Defender XDR. Read More →
Critical data fidelity fix restores missing AlertOriginalStatus field in Microsoft Defender XDR ASIM AlertEvent parser, resolving alert status visibility gap. Read More →
Microsoft Defender XDR solution v3.0.14 adds hunting query targeting Punycode character abuse in lookalike domain attacks. Read More →
Microsoft Defender XDR AlertEvent parsers updated with optimized KQL logic, corrected field mappings, and enhanced IP address collection. Read More →
Advanced hunting query detects punycode domains using Cyrillic, Greek, and fullwidth ASCII characters to visually impersonate legitimate domains in email and Teams. Read More →
Updated SUNSPOT malware detection rule with corrected reference link formatting and MITRE technique mapping fixes across multiple solutions. Read More →
Corrected malformed version numbers in Microsoft Teams threat hunting queries from invalid “l.0.0” to proper “1.0.0” format. Read More →
Updated outdated links and corrected MITRE ATT&CK technique mapping in detection rules across Microsoft Business Applications, Microsoft Defender XDR, and Windows Security Events solutions. Read More →
ZeroFox CCF connector receives missing KQL query fixes alongside packaging updates across 8+ solutions. Read More →
Updated Microsoft Defender for Office 365 workbook to version 3 with new visuals and improved insights based on user feedback. Read More →
Extended Teams protection hunting coverage with queries for partner impersonation, admin submissions, and external sender analysis. Read More →
Open Systems connector updated aiohttp dependency addressing potential security vulnerabilities, bundled with extensive solution packaging updates. Read More →
New hunting queries added to detect malicious URL clicks, ZAP events, and user submissions in Microsoft Teams. Read More →
New VMware ESXi detection for multiple failed SSH login attempts, plus comprehensive solution updates across 15+ vendor solutions. Read More →
Critical security update for CyberArk Audit requests library addressing credential leak vulnerability, plus comprehensive updates across 8 solutions. Read More →