Windows NTLM Relay Attacks Resurge, CMMC 2.0 Updates & Google Chrome Emergency Patch
End of Q1 brings a wave of critical security events. Here's your essential briefing.
NTLM relay attacks are surging — disable NTLM where possible. CMMC 2.0 Level 2 assessments are now required for DoD contractors. Google patched a critical Chrome zero-day being used in targeted attacks.
CLICK ANY ARTICLE TO READ THE FULL STORY
NTLM Relay Attacks Surge 300% — Microsoft Issues Urgent Guidance
Microsoft's threat intelligence team reported a 300% increase in NTLM relay attacks targeting Windows environments in Q1 2026. SMBs using on-premises Active Directory are particularly at risk.
CMMC 2.0 Level 2 Assessments Now Required for DoD Contractors
The Department of Defense has begun requiring CMMC 2.0 Level 2 third-party assessments for contractors handling Controlled Unclassified Information (CUI). Self-attestation is no longer sufficient for Level 2.
Google Chrome Emergency Patch: CVE-2026-1891 Zero-Day Used in Targeted Attacks
Google released an emergency update for Chrome addressing CVE-2026-1891, a type confusion vulnerability in the V8 JavaScript engine being actively exploited in targeted attacks. Update to version 134.0.6998.177 or later immediately.
NSA & CISA Release Top 10 Cybersecurity Misconfigurations Found in SMB Environments
The NSA and CISA jointly published a report detailing the top 10 cybersecurity misconfigurations most commonly found during red team assessments of small business environments, with remediation guidance.
Law Firm Data Breach: Ransomware via Phishing Email Exposes Client Records
A mid-sized law firm suffered a ransomware attack that encrypted client files and exfiltrated sensitive legal documents. The attack originated from a phishing email that bypassed legacy email filters.
Need Help Addressing These Threats?
Our team monitors these vulnerabilities and can help you patch, assess, and protect your business before attackers strike.