CISA has added CVE-2026-33825, a Microsoft Defender Insufficient Granularity of Access Control Vulnerability, to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation. This vulnerability type is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. CISA urges all organizations to prioritize remediation of KEV Catalog vulnerabilities as part of their vulnerability management practices.

A newly disclosed Linux vulnerability called Dirty Frag allows attackers with unprivileged access to escalate privileges to root by exploiting kernel networking and memory-fragmentation handling. Microsoft Defender has detected limited active exploitation in the wild, and the flaw can be leveraged after initial compromise through SSH, web shells, containers, or low-privileged accounts.

Microsoft Sentinel UEBA (User and Entity Behavior Analytics) helps security defenders identify malicious AWS activity by analyzing CloudTrail logs against established baseline patterns of normal user, peer, and device behavior. The capability generates behavioral signals to distinguish legitimate cloud operations from potential attacker actions.