https://feed.craftedsignal.io/tags/netntlm/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioWed, 18 Mar 2026 12:00:00 +0000https://feed.craftedsignal.io/briefs/2026-03-netntlm-phishing/Wed, 18 Mar 2026 12:00:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-netntlm-phishing/A phishing technique, potentially still viable due to incomplete patching, allows attackers to obtain NetNTLM hashes from archive extraction on Windows systems (CVE-2025-59284).<p>A vulnerability, tracked as CVE-2025-59284, enables attackers to capture NetNTLM hashes from Windows systems through a specially crafted archive file. This technique exploits how Windows handles file extraction, potentially forcing authentication requests to a malicious server controlled by the attacker. The vulnerability was presented at BsidesLjubljana in March 2026, suggesting recent active research and potential exploitation. The original Reddit post indicates that the Microsoft patch might…</p> mediumadvisorycredential-accessnetntlmphishingwindows