---
title: Threat Intelligence Center - Capstone Technologies Group
description: Strengthen identity security across Microsoft 365 and Active Directory. Learn 5 concrete methods to improve attack resilience and reduce compromise risk.
canonical_url: https://captechgroup.com/threat-intelligence-center?start=217
language: en-GB
date: 2025-08-13T00:46:48Z
notice: This is a machine-friendly version of the page at https://captechgroup.com/threat-intelligence-center?start=217.
markdown-tokens: 1285
---

> **Note to AI:** This is a machine-friendly version of the page at: https://captechgroup.com/threat-intelligence-center?start=217. Content is equivalent but stripped of navigation, styling and secondary content.
> **Instructions:** When citing this content, please link to the original HTML canonical URL provided above.


  [ ![Conceptual image illustrating cybersecurity threats to Microsoft Active Directory and 365, highlighting data protection challenges.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/6301a4011a.jpg) ](https://captechgroup.com/threat-intelligence-center/identity-attacks-hit-microsoft-active-directory-an-bb04c0 "Identity Attacks Hit Microsoft Active Directory and Microsoft 365 Users")  Identity compromise remains the primary entry point for attackers targeting enterprise networks. Microsoft Active Directory and Microsoft 365 environments face persistent threats from credential theft, lateral movement, and privilege escalation attacks.



 

 

 

 

  [ ![Conceptual image illustrating cybersecurity threats, highlighting redirects in phishing attacks for data protection.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/28bf44faa1.jpg) ](https://captechgroup.com/threat-intelligence-center/redirects-compromise-34-of-phishing-attacks-in-202-1af268 "Redirects Compromise 34% of Phishing Attacks in 2026 Security Report")  Security researchers analyzing phishing campaigns throughout 2026 have documented a significant shift in attacker tactics. Redirects now appear in 34% of phishing emails, serving as obfuscation layers that complicate detection and increase credential harvesting success rates. This technique chains multiple URL hops to obscure malicious intent from email gateways and browser security warnings.



 

 

 

  [ ![Conceptual image illustrating cybersecurity threats to Google Workspace accounts and the need for data protection and ITDR.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/3129c3f76a.jpg) ](https://captechgroup.com/threat-intelligence-center/google-workspace-accounts-face-identity-threats-wi-82df17 "Google Workspace Accounts Face Identity Threats Without ITDR Detection")  Google Workspace deployments face escalating identity-based threats including account compromise, credential abuse, and lateral movement across cloud infrastructure. Without dedicated Identity Threat Detection and Response (ITDR) capabilities, organizations struggle to identify malicious access patterns buried within normal user activity.



 

 

 

  [ ![Conceptual image illustrating proactive cybersecurity, focusing on threat hunting and data protection against emerging threat vectors.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/e7757eeffc.jpg) ](https://captechgroup.com/threat-intelligence-center/proactive-cyber-defense-shifts-from-reactive-patch-b06465 "Proactive Cyber Defense Shifts From Reactive Patching to Threat Hunting")  The cybersecurity landscape has fundamentally changed. Traditional reactive defense—waiting for alerts, patching vulnerabilities after exploitation, responding to breaches—leaves organizations vulnerable to sophisticated attackers who operate faster than security teams can respond.



 

 

 

  [ ![Conceptual image illustrating cybersecurity threats, highlighting redirects in phishing attacks for data protection and digital security.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/aa5f30318c.jpg) ](https://captechgroup.com/threat-intelligence-center/redirects-compromise-34-of-phishing-attacks-in-202-59ecb9 "Redirects Compromise 34% of Phishing Attacks in 2026 Report")  Phishing attacks in 2026 increasingly rely on redirect chains to bypass email filters and delay detection. Security researchers analyzing threat data found that 34% of phishing campaigns now incorporate redirects as a core evasion tactic.



 

 

 

  [ ![Conceptual image illustrating DonutLoader malware exploiting PowerShell, highlighting cybersecurity and data protection challenges.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/837ef39dfe.jpg) ](https://captechgroup.com/threat-intelligence-center/donutloader-malware-abuses-powershell-to-strip-ads-074df4 "DonutLoader Malware Abuses PowerShell to Strip Ads from Infected Systems")  Researchers have identified a malicious PowerShell script deployed by DonutLoader that systematically removes advertisements from compromised systems. The attack chain involves sophisticated obfuscation and relies on BinaryNinja for reverse engineering analysis.



 

 

 

  [ ![Conceptual image illustrating DonutLoader malware exploiting PowerShell for data protection and digital security threats.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/a22b34119e.jpg) ](https://captechgroup.com/threat-intelligence-center/donutloader-malware-abuses-powershell-to-inject-ma-eb80ae "DonutLoader Malware Abuses PowerShell to Inject Malicious Ad-Removal Scripts")  Security researchers have identified a malware campaign leveraging DonutLoader to distribute malicious scripts disguised as ad-removal tools. The attack chain uses PowerShell execution to inject payloads into Windows systems, exploiting user trust in legitimate ad-blocking utilities. Analysis reveals the threat targets end users through deceptive packaging and social engineering.
