Coercion

2026-05-17
NTLM Coercion's Quiet Resurgence: Why 2026's Zero-Click Attacks Look Like 2021
Two unrelated bugs in the last month — an incomplete APT28 patch and an unpatched RPC defect — both hand attackers a 1990s-era credential primitive. The fact that NTLM coercion still works in 2026 is not a series of accidents. It is the model.
ntlm coercion windows active-directory relay kerberos rpc trend-analysis opinion

NTLM Coercion's Quiet Resurgence: Why 2026's Zero-Click Attacks Look Like 2021