One index
Public work
Everything published in one place — Microsoft security articles, Microsoft Community Hub posts, conference talks, GitHub repositories, merged pull requests, and Medium posts. No more checking five different sites.
PublicationMicrosoft Defender Experts· 2025
Active Exploitation Hunt — CVE-2025-30406
Microsoft Defender Experts (DEX) threat hunt into in-the-wild exploitation of CVE-2025-30406 (CVSS 9.8), an unauthenticated RCE in Gladinet CentreStack and Triofox driven by a hardcoded cryptographic key. Tracked hands-on-keyboard intrusion, backdoor persistence, and post-exploitation activity following the vendor patch (Apr 3, 2025) and CISA KEV listing (Apr 8, 2025) — turning findings into deployable detections. Internal customer hunt report; not publicly published.
Threat HuntingThreat Intelligence