Copy Fail: What You Need to Know About the Most Severe Linux Threat in Years
Copy Fail enables local privilege escalation by manipulating the in-memory cache of privileged binaries without modifying on-disk files, bypassing integrity checks.
Comparing 26 May 2026 with the previous day 19 May 2026.
Copy Fail enables local privilege escalation by manipulating the in-memory cache of privileged binaries without modifying on-disk files, bypassing integrity checks.
The vulnerability requires only minimal Site Member permissions and can be exploited by internal or compromised accounts without elevated administrator rights , a risk for manufacturing environments with many SharePoint users.
The vulnerability enables arbitrary code execution through maliciously crafted TIF files in Autodesk 3ds Max, which poses a risk to organizations with design workflows.
The vulnerability enables code execution through maliciously crafted WRL files in a 3D CAD application commonly integrated into design workflows, creating supply-chain integrity risks for SolidWorks/AutoCAD-based processes.
A memory corruption vulnerability in Autodesk 3ds Max enables arbitrary code execution through malicious WRL files , relevant for manufacturing environments where 3D design software processes CAD files from potentially untrusted sources.
Insufficient length validation in IKE packets with NAT-T can cause VPN service crashes; relevant for manufacturing companies that rely on stable VPN access for remote maintenance and secure remote operations.
Dutch authorities dismantle parts of Russian cyber infrastructure used for attacks and disinformation against the West,an indicator of ongoing Russian operations targeting DACH and the EU.
A vulnerability in Fortinet's Identity Awareness blade allows unauthenticated users to read internal files on the Security Gateway when browser-based authentication is enabled.
Iranian APT Nimbus Manticore continues operations with updated tools targeting critical sectors such as aviation and software,evidence of sustained state-sponsored cyber-warfare with potential implications for European supply chains.
MuddyWater actively exploits legitimate software binaries (Fortemedia, SentinelOne) for DLL side-loading attacks targeting industrial manufacturers, airports, and financial services across nine countries,a direct threat to European manufacturing enterprises.
Investigators disrupted a Russian cyber attack and disinformation infrastructure in the EU , signal of continued state-sponsored operations against Western Europe.
Nimbus Manticore uses targeted phishing and SEO poisoning campaigns to distribute custom malware variants against European aviation and software organizations as a direct response to geopolitical escalation.
The dismantling of bulletproof hosting services in the Netherlands signals intensified European action against Russian threat-actor cyber infrastructure and may impact the availability of hosting resources for APT campaigns targeting DACH enterprises.
German infrastructure is again heavily affected by cyber extortion in 2025 , ransomware groups have reactivated their focus on the DACH region, matching peaks from 2022,2023.
Unauthenticated remote code execution without authentication on Canon multifunction printers via BJNP protocol with CVSS 8.8 , immediate threat to enterprise printer fleets.
Unauthenticated remote code execution in Canon MFP devices used for document scanning and network printing creates a direct entry point for lateral network movement without requiring user credentials.
Newly discovered vulnerability in Canon imageCLASS MF654Cdw with high CVSS rating (8.8), exploitable by network-adjacent attackers without authentication.
Unauthenticated remote code execution possible on Canon multi-function printer; patch required.
This Pwn2Own exploit demonstrates a critical vulnerability in Canon printers exploitable without authentication by network-adjacent attackers, enabling direct access to a widespread peripheral device on the corporate network.
Although 3ds Max is not used, the vulnerability demonstrates a pattern across the Autodesk product family that could also affect AutoCAD and other design tools.
Use-after-free in Windows NDIS driver enables local privilege escalation with CVSS 7.8 on systems where code execution is already possible.
Local privilege escalation in FortiClient requires prior low-privilege code execution and affects a core security infrastructure product.
A CVSS-8.8 RCE vulnerability in FortiWeb requires authentication and should be prioritized once a fix is available.
BSI has warned of a critical code execution vulnerability in SharePoint Server 2016/2019 that can be exploited by authenticated remote attackers and requires immediate patching.
A BSI warning regarding privilege escalation in Entra ID and Azure Resource Manager signals one or more critical vulnerabilities in core Microsoft cloud identity services that directly impact enterprise IT environments with hybrid AD/Entra integration.
AI assistants with access to enterprise-wide data repositories are attractive targets for state-sponsored actors who could use RCE to gain access to sensitive information or systems.
Local privilege escalation in Windows win32kfull requires prior code execution on the target system; patch prioritization necessary for all Windows servers and endpoints.
Race condition in afd.sys enables local privilege escalation with CVSS 7.8; affects Windows Server 2022 and 2019 systems critical for Active Directory and domain authentication.
Local privilege escalation in Windows kernel component win32full requires prior low-privileged code execution as a precondition for exploitation.
Local privilege escalation in Windows win32full with CVSS 7.8 requires prior low-privileged code execution; relevant for manufacturing environments with client and server endpoints.
Local privilege escalation in win32kfull requires prior code execution with low privilege; patching is necessary to prevent lateral movement after local compromise.
A state-validation vulnerability enables attackers to bypass two-factor authentication, representing a critical risk for all AD/Entra-ID-based systems.
A state-management vulnerability enables bypass of two-factor authentication,potentially a target for nation-state actors to gain initial access.
BSI warning of critical IKE vulnerability in Windows VPN infrastructure requires immediate attention for VPN gateways and remote access systems.
The compromise of multiple versions of a popular PHP package indicates a targeted supply-chain attack in which infostealer malware is distributed via dependency management.
Attackers with valid credentials can coerce users to accept MFA push notifications through repeated bombardment, bypassing the second factor without needing to compromise it.
BSI warning of a privilege-escalation vulnerability in TeamViewer affects a critical remote-access tool in the company's manufacturing IT infrastructure.
The vulnerability allows non-privileged authenticated users to execute remote code without administrator rights, making SharePoint an exponentially riskier target for insider threats and APTs.
Previously undocumented Pheno plugin abuses Windows Phone Link to intercept OTPs and SMS directly from the PC without deploying malware to the smartphone,a novel MFA-bypass technique.
Microsoft is expanding Defender for Endpoint with automated isolation of compromised endpoints to contain lateral movement attacks,a defensive capability improvement without a new vulnerability or active attack.
No changes in this category.
No changes in this category.
Active exploitation of an unpatched Microsoft Exchange zero-day without available patch indicates coordinated nation-state or APT campaign and requires immediate mitigation measures for affected production environments.
A security vulnerability in Microsoft Authenticator allows attackers to hijack user accounts and steal sensitive data,directly relevant for organisations relying on Entra ID and MFA-based authentication like Joel Traber AG.
Fox Tempest operation exposes state-sponsored malware-signing infrastructure used to bypass security controls and deploy ransomware,critical threat to Windows-based manufacturing environments.
Storm-2949 demonstrates how attackers leverage compromised identities for lateral movement across cloud-wide systems,a critical risk for organizations dependent on Microsoft 365 and Entra ID, especially in the DACH region facing elevated APT pressure.
BSI warning on multiple Edge vulnerabilities without specific CVE numbers or patch details; update status and exploitation reality remain unclear.
The attack bypasses MFA not through technical vulnerabilities, but via social engineering of fake device-login prompts that trick users into OAuth consent, exfiltrating tokens , a paradigm shift from technical to social attack patterns.
Attackers abuse Self-Service Password Reset as an entry point into Azure environments to compromise admin accounts and exfiltrate sensitive data,a tactic particularly effective against organizations with weak multi-factor authentication controls.