Recent Palo Alto Networks Vulnerability Exploited for Weeks
Attackers are actively exploiting CVE-2026-0257 in PAN-OS just four days after public disclosure, indicating targeted attacks on firewall products in critical enterprise networks.
Comparing 1 June 2026 with the previous day 25 May 2026.
Attackers are actively exploiting CVE-2026-0257 in PAN-OS just four days after public disclosure, indicating targeted attacks on firewall products in critical enterprise networks.
Threat actors are actively exploiting the vulnerability; the Centre for Cybersecurity Belgium warns of ongoing exploitation, although Microsoft has not yet confirmed active abuse in the wild.
The vulnerability requires an authorized user account and enables network-based code execution, not unauthenticated remote exploitation.
A state-sponsored Chinese campaign is deliberately targeting European and Taiwanese government and technology institutions, signaling heightened espionage activity against Western targets in critical sectors.
APT group TeamPCP compromised Checkmarx KICS via Docker Hub repository poisoning to steal Kubernetes secrets , demonstrates multi-stage supply-chain attacks on container infrastructure as an established threat pattern.
Active exploitation of a critical Netlogon RCE in Windows servers requires immediate patching, as the vulnerability is already being weaponized in attacks.
The vulnerability is already actively exploited in the wild, even though the public PoC only demonstrates a crash , code execution is possible according to Microsoft and CVSS 9.8 warrants immediate action.
A memory-safety bug (double-free) in the Windows IKEv2 service enables unauthenticated remote attackers to achieve code execution by sending specially crafted packets.
An authentication bypass vulnerability in Palo Alto PAN-OS GlobalProtect VPN already being exploited in two attack waves since mid-May represents an immediate VPN security threat.
A systemic design flaw in Node.js module resolution on Windows enables privilege escalation through local filesystem manipulation, yet remains unpatched by both Discord and Node.js maintainers.
SmartApeSG ClickFix campaign employs multi-stage infection chains: unidentified RAT delivers NetSupport Manager RAT with C2 communication over TCP 443 and daily-changing indicators.
BSI advisory on Linux Kernel vulnerability requiring physical access as prerequisite; unclear if CVE number or PoC is publicly available.
BSI warning for multiple critical vulnerabilities in widely-deployed browsers without specific CVE identifiers or PoC status , requires immediate patch-deployment planning.
Publicly available proof-of-concept code for a 19-year-old kernel vulnerability enables immediate practical exploitation and requires rapid patch verification in Ubuntu systems.
A deprecated but still-signed driver from a product discontinued in 2013 enables attackers with local access to perform privileged kernel operations and credential theft via BYOVD techniques.
BSI alerts to multiple vulnerabilities in both leading browsers without specific CVE numbers; immediate patch management and update prioritization required.
BSI alert on multiple unspecified Edge vulnerabilities without specific CVE numbers or exploit status; likely a patch roundup or generic advisory.
No changes in this category.
No changes in this category.
Dutch authorities dismantled a hosting infrastructure (Stark Industries) used by Russian intelligence for DDoS attacks, influence operations, and disinformation campaigns against EU targets , evidence of enforcement of EU sanctions and ongoing Russian cyber threat to the DACH region.
Lazarus develops and deploys specialized cross-platform in-memory malware to compromise financial and crypto firms,evidence of the North Korean APT's focus on high-value financial and digital assets.
Check Point Research documents a 124% surge in hacktivism and ransomware attacks across Germany, Austria, and Switzerland in 2025 , a significant escalation of regional cyber threat to Swiss manufacturing enterprises.
The 'Megalodon' campaign demonstrates that attackers are leveraging GitHub Actions to mass-compromise developer secrets and CI/CD tokens,a direct risk to manufacturing companies using modern DevOps pipelines.
Active, multi-vector supply-chain campaign targeting the developer ecosystem compromised both open-source repositories and Microsoft-published Python SDKs; GitHub, OpenAI, Grafana, and Mistral AI named as downstream victims.
TeamPCP compromised three critical supply-chain tiers (VS Code extension, Python SDK, npm packages) in a single week and reached GitHub's internal repositories; downstream victims include OpenAI, Grafana Labs, and Mistral AI.
Kali365 is an operational phishing-as-a-service offering that specifically targets Microsoft 365 accounts and employs mechanisms to bypass authentication,a direct threat to organizations dependent on M365.
Fox Tempest operated a central supply-chain node for malware distribution, including a fraudulent code-signing service that enabled Rhysida ransomware and other malware for multiple threat actors.