Most Windows versions are at risk of remote, unprivileged attackers abusing RDP from the inside to hijack smart cards and get unauthorized file system access.
https://threatpost.com/windows-bug-rdp-exploit-unprivileged-users/177599/
Widespread Brute-Force Attacks Tied to Russia’s APT28
-
The ongoing attacks are targeting cloud services such as Office 365 to steal passwords and password-spray a vast range of targets, including in U.S. and European governments and military.
https://threatpost.com/kubernetes-brute-force-attacks-russia-apt28/167518/