ACR Stealer: Two observed intrusion chains amid increased threat activity 

SecurityVendor

From late April 2026 to mid-June 2026, Microsoft Defender Experts observed increased ACR Stealer activity across customer environments. These campaigns are successfully using ClickFix lures to steal browser credentials, authentication tokens, and sensitive documents from enterprise environments.
The post ACR Stealer: Two observed intrusion chains amid increased threat activity appeared first on Microsoft Security Blog.Microsoft Security BlogRead More