// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-wedgDTG 0600Z
ColdRecon / Breach Radar / Microsoft
Breach Record

Microsoft

DISCLOSED 2026-03-26 · STOLEN CREDS

A malvertising campaign since January 2026 uses fraudulent Google ads to deliver a kernel-mode EDR terminator named HwAudKiller. It exploits a previously undocumented vulnerability in the signed Huawei driver HWAuidoOs2Ec.sys to terminate 23 security products from ring-0, bypassing user-mode protections. The campaign has compromised over 60 victims, enabling credential...

The record

What we know

Disclosed
2026-03-26
Attack vector
Stolen Creds
Sources

Cited reporting

Similar vector · recent

Other stolen creds breaches on file

This page is the permanent ColdRecon entry for the Microsoft disclosure. It updates if new public reporting emerges. All tracked breaches →

Microsoft just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →