{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/netntlm/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["credential-access","netntlm","phishing","windows"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA vulnerability, tracked as CVE-2025-59284, enables attackers to capture NetNTLM hashes from Windows systems through a specially crafted archive file. This technique exploits how Windows handles file extraction, potentially forcing authentication requests to a malicious server controlled by the attacker. The vulnerability was presented at BsidesLjubljana in March 2026, suggesting recent active research and potential exploitation. The original Reddit post indicates that the Microsoft patch might…\u003c/p\u003e\n","date_modified":"2026-03-18T12:00:00Z","date_published":"2026-03-18T12:00:00Z","id":"/briefs/2026-03-netntlm-phishing/","summary":"A phishing technique, potentially still viable due to incomplete patching, allows attackers to obtain NetNTLM hashes from archive extraction on Windows systems (CVE-2025-59284).","title":"NetNTLM Hash Phishing via Archive Extraction (CVE-2025-59284)","url":"https://feed.craftedsignal.io/briefs/2026-03-netntlm-phishing/"}],"language":"en","title":"CraftedSignal Threat Feed — Netntlm","version":"https://jsonfeed.org/version/1.1"}