NATO Admiralty (AJP-2.1) grades confidence, independent of the risk score. Cross-source corroboration isn't tracked for non-CVE news, so single-source items are capped at a lower credibility number; a low number does not imply low quality.
Unknown threat actors are actively exploiting an authentication bypass in Palo Alto VPN gateways to gain unauthorized access , a critical risk for networked manufacturing organizations in the DACH region whose partners or suppliers operate such systems.
Critical
CVSS
7.8
EPSS
60%
NEW Contagious Interview (aka Famous Chollima, HexagonalRodent, Void Dokkaebi) C3
North Korean APT groups exploit developer recruitment and code review themes to compromise developers and deploy malware through trusted development tools.
A China-linked APT group employs a novel technique: manipulating Google Workspace rules on compromised systems to auto-forward emails rather than direct exfiltration,this evades detection and could be replicated against European research and industrial networks.
Chinese espionage group operates persistent backdoor infrastructure in critical systems since at least 2023, targeting data theft with national security implications.
The vulnerability allows attackers to bypass the PDF sandbox via crafted documents with embedded JavaScript and execute arbitrary code , a significant risk for PDF processing in production environments.
Year-long undetected Chinese APT campaign systematically targets research institutions to exfiltrate data on AI, cyber-offensive capabilities, and defense technology,a pattern that should alert European research and technology organizations to similar targeting risk.
The BSI warning documents multiple security vulnerabilities in both browsers used in the company without specific CVE references; this suggests a vulnerability aggregation warning that is regularly updated.
Three chained bugs enabled attackers to exfiltrate emails, calendar entries, and indexed files from Microsoft 365 Copilot Enterprise Search via a single click on a trusted Microsoft link, bypassing standard anti-phishing filters.
Weekly summary of multiple unrelated vulnerabilities without description of a coordinated campaign; UniFi exploits and Chrome 0-day are relevant to the company, but the article provides no new attack scenarios or attribution intelligence.
High
lwxat (Chinese-speaking cybercrime groups operating under MaaS model) B3
A long-maintained BadIIS variant is distributed as commodity malware among Chinese-speaking cybercrime groups, with evasion updates targeting specific security vendors such as Norton.