Microsoft appears in two non-CVE items this cycle. In SCC-CAM-2026-0378, Kimsuky is actively abusing the Microsoft VS Code Remote Tunneling feature as a covert C2 channel to route adversary traffic through trusted Microsoft infrastructure, making detection significantly harder with standard network controls. In SCC-DBR-2026-0142, the ShinyHunters breach of Charter Communications leveraged compromised Microsoft Entra credentials (obtained via vishing) to authenticate to a third-party SaaS platform and exfiltrate 4.9 million customer records. Neither item involves a Microsoft software vulnerability; both exploit gaps in how Microsoft’s legitimate infrastructure and identity platform are governed.