So CVE-2026-41089 (CVSS 9.8) in Windows Netlogon can be triggered by sending a username that is AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA...
@nprofile1q... there are reports of active exploitation in the wild but when I tried to track them back to a source it seems to be Belgium's CCB saying "source: trust me bro". which, y'know, it's Belgium's CCB, so maybe? but also zero actual proof, TTPs, IoCs, or useful info about the claimed exploitation, soooooo
1