TL;DR — This Week's Key Takeaways
NTLM relay attacks are surging — disable NTLM where possible. CMMC 2.0 Level 2 assessments are now required for DoD contractors. Google patched a critical Chrome zero-day being used in targeted attacks.
CRITICALTHREAT5 min
NTLM Relay Attacks Surge 300% — Microsoft Issues Urgent Guidance
Microsoft's threat intelligence team reported a 300% increase in NTLM relay attacks targeting Windows environments in Q1 2026. SMBs using on-premises Active Directory are particularly at risk.
Action Items
›Disable NTLM authentication where possible — use Kerberos instead
›Enable Extended Protection for Authentication (EPA) on all IIS and Exchange servers
›Enable SMB signing on all Windows systems to prevent relay attacks
+2 more at segler.net/security-news
Affected Systems
Windows Active DirectoryWindows Server 2019/2022Windows 10/11 domain-joined systemsSMB file shares
HIGHCOMPLIANCE6 min
CMMC 2.0 Level 2 Assessments Now Required for DoD Contractors
The Department of Defense has begun requiring CMMC 2.0 Level 2 third-party assessments for contractors handling Controlled Unclassified Information (CUI). Self-attestation is no longer sufficient for Level 2.
Action Items
›If you handle CUI and have DoD contracts, you must now have a C3PAO-conducted CMMC Level 2 assessment
›Self-attestation is no longer accepted for Level 2 — third-party assessment is mandatory
›Begin your C3PAO assessment process immediately — wait times are currently 6-9 months
+2 more at segler.net/security-news
CRITICALPATCH3 min
CVE-2026-1891
Google Chrome Emergency Patch: CVE-2026-1891 Zero-Day Used in Targeted Attacks
Google released an emergency update for Chrome addressing CVE-2026-1891, a type confusion vulnerability in the V8 JavaScript engine being actively exploited in targeted attacks. Update to version 134.0.6998.177 or later immediately.
Action Items
›Update Chrome to version 134.0.6998.177 or later immediately
›Enable automatic updates in Chrome settings to prevent future delays
›Other Chromium-based browsers (Edge, Brave) will also need updates — check for updates in those browsers too
+2 more at segler.net/security-news
Affected Systems
Google Chrome (all versions prior to 134.0.6998.177)Microsoft Edge (Chromium-based)Brave BrowserOther Chromium-based browsers
MEDIUMADVISORY5 min
NSA & CISA Release Top 10 Cybersecurity Misconfigurations Found in SMB Environments
The NSA and CISA jointly published a report detailing the top 10 cybersecurity misconfigurations most commonly found during red team assessments of small business environments, with remediation guidance.
Action Items
›Change all default credentials on network devices, printers, and software immediately
›Enable MFA on all email accounts — this is the #1 most impactful control you can implement
›Patch all internet-facing systems within 48 hours of critical patch release
+2 more at segler.net/security-news
HIGHBREACH4 min
Law Firm Data Breach: Ransomware via Phishing Email Exposes Client Records
A mid-sized law firm suffered a ransomware attack that encrypted client files and exfiltrated sensitive legal documents. The attack originated from a phishing email that bypassed legacy email filters.
Action Items
›Upgrade from legacy email filtering to AI-powered email security that can detect sophisticated phishing
›Implement immutable, air-gapped backups that cannot be encrypted by ransomware
›Conduct regular phishing simulation training for all employees
+2 more at segler.net/security-news