CRITICALAdvisoryJul 05, 2026
Action required
Hunt for multi-stage phishing campaigns in email logs and monitor for lateral movement using stolen credentials. Block known Avalon IOCs at network perimeter and scan endpoints for CrownX artifacts. Check for suspicious remote access tool installations on critical systems.
Affected products
MicrosoftMSBuildProton DriveBlackpoint Cyber