NATO Admiralty (AJP-2.1) grades confidence, independent of the risk score. Cross-source corroboration isn't tracked for non-CVE news, so single-source items are capped at a lower credibility number; a low number does not imply low quality.
Active attack campaign exploits authentication bypass in RMM tools to gain admin access and deploy credential-stealing malware in enterprise environments , an attack pattern enabling widespread compromise.
A critical remote-access vulnerability in SimpleHelp is being actively exploited to deploy a new information stealer , a risk for organizations using this tool for technical support.
Russian intelligence services impersonate messenger support to steal backup recovery keys and gain access to high-value targets (government officials, military, journalists) , a new tactic in the phishing context.
Critical
NEW CyberAv3ngers, IRGC-linked groups, Russian state actors, Chinese state actors C3
State-sponsored actors from Iran, Russia, and China exploit basic attack vectors such as weak passwords and exposed PLCs rather than sophisticated malware to sabotage critical infrastructure.
Russian state-sponsored groups are conducting active campaigns against Western government and military personnel, indicating targeted cyber-warfare activity with potential spillover effects on European critical infrastructure and supply chains.
Kaspersky documents new tactics and custom backdoors deployed by an established APT group targeting Western infrastructure, relevant to DACH manufacturing and industrial sectors.
Gamaredon is intensifying attacks against Ukraine with 35 new spear-phishing campaigns in 2025 and increasing abuse of cloud services for obfuscation; this signals an escalation of Russian cyber operations in the European context.
The Interior Ministry's clarification of Cyberdome signals strengthened government coordination against cyberattacks in the DACH region and may require IT vendors to achieve 'Cyberdome-ready' certification.
A directory-traversal vulnerability in Microsoft Edge enables remote code execution through visiting a malicious web page, was demonstrated at Pwn2Own, and has been assigned CVSS 7.5.
Chaining of two previously known kernel vulnerabilities enables memory corruption and local privilege escalation on Linux 4.10+; public PoC available since May 2026.
The authentication vulnerability allows unauthorized access to GSSAPI-authenticated systems without valid credentials, but primarily affects environments with explicitly configured JNDIRealm.
Leaked exploits for a Linux kernel vulnerability signal immediate attack readiness for any Ubuntu/Linux environment and significantly elevate the risk of local compromise.
The vulnerability was discovered at Pwn2Own and enables arbitrary cross-origin script execution, but requires active user interaction with a malicious page or file.
75,000 Fortinet devices have been compromised with exported admin passwords; the data is recent and may already be circulating in eCrime networks with structured victim profiling.
BSI warning of multiple critical vulnerabilities in Firefox/Thunderbird without specific CVE references or version details,organizational patching required.
Attackers are actively exploiting two critical RCE vulnerabilities (CVE-2026-39808 and CVE-2026-25089) in FortiSandbox over the internet without prior authentication.
A coordinated campaign since at least 2021 exploited 119 malicious Edge extensions to hide malware in image and font files, stealing credentials and conducting ad fraud days after installation.
The BSI advisory indicates a vulnerability in RHEL that can be exploited by an authenticated attacker to achieve code execution , the absence of CVE numbers and PoC status makes technical triage impossible without further details.
BSI alerts to multiple Chrome vulnerabilities; without specific CVE numbers, this is a generic warning category but requires immediate patch verification.
119 malicious browser extensions with 2.6 million installations were discovered in Microsoft Edge despite obfuscation techniques , an active supply-chain risk for enterprise endpoints.
An unnamed vulnerability in 7-Zip allows attackers to bypass security mechanisms and manipulate files, which is critical in environments with data protection requirements.
The vulnerability requires authentication and low privileges, which limits immediate risk but still poses high exploitability for insider-based or locally-triggered attacks.
DirtyClone (CVE-2026-43503, CVSS 8.8) is a new Linux kernel variant of DirtyFrag with active abuse by groups like ShinyHunters, enabling immediate root privilege escalation on unpatched or incompletely patched systems.
An established MaaS campaign for Chinese-speaking cybercriminal groups leverages BadIIS to compromise IIS servers for SEO fraud and traffic redirection, with multi-year development history and persistent mechanisms.
Report aggregates multiple unrelated attacks and vulnerabilities (Polymarket supply-chain attack, KDDI breach, Cisco zero-day, Fortinet vulnerabilities) without focus on a single active campaign; serves as a weekly threat intelligence digest.