NATO Admiralty (AJP-2.1) grades confidence, independent of the risk score. Cross-source corroboration isn't tracked for non-CVE news, so single-source items are capped at a lower credibility number; a low number does not imply low quality.
National intelligence agencies warn of active global campaign targeting Fortinet infrastructure; indicates state-sponsored threat actors exploiting critical perimeter security as attack vector.
A publicly available exploit for a critical privilege escalation in Microsoft Defender enables full system takeover with SYSTEM privileges; the same researcher has submitted at least four additional Windows zero-days that have since been patched by Microsoft.
Large-scale supply-chain attack on 140+ npm packages through maintainer account takeover and distribution of malicious dayjs typosquat demonstrates vulnerability of open-source ecosystems to targeted compromise.
BSI advisory on multiple critical vulnerabilities in Firefox/ESR and Thunderbird with arbitrary code execution and sandbox escape potential; patches required.
A coordinated attack wave against tens of thousands of firewalls indicates an active, large-scale campaign possibly conducted by nation-state actors or organized cybercriminals seeking access to critical network infrastructure.
An active clipboard-stealing malware strain since February 2026 leverages Windows Script Host, hidden Tor-based C2 servers, and automatic propagation mechanisms for persistence without relying on traditional installers or exposed IP-based infrastructure.
The alert provides no CVE identifiers and no details on active exploitation or attack scenarios, making it primarily a patch announcement without strategic added value.
Attackers leverage legitimate Microsoft Teams TURN relays to conceal C2 traffic by deploying a Go-based RAT using Ghost Calls technique, remaining entirely invisible within normal Teams traffic.
UEFI firmware-level vulnerabilities require DBX updates from vendors and BIOS patches , cannot be fully remediated through operating system updates alone.
Microsoft acknowledges unintended side effects of June security updates that prevent third-party applications from launching Office apps,a regression issue affecting productivity.