Two actively exploited zero-days in Microsoft Defender’s Malware Protection Engine and Antimalware Platform are CISA KEV-listed with a June 3, 2026 federal remediation deadline; one enables SYSTEM-level privilege escalation and the other silently disables endpoint protection at scale. The broader Microsoft 365 environment is simultaneously targeted by China-nexus actor MURKY PANDA via trusted third-party relationships, and by DPRK-affiliated actors conducting large-scale cryptocurrency theft — both campaigns exploiting cloud identity trust chains rather than patched vulnerabilities.