CVE-2022-0492 has been known since 2022 and is already catalogued in the CISA KEV; this alert repeats an established patching obligation without new exploit data or contextual information.
Gamaredon employs a multi-stage exploitation chain leveraging the WinRAR vulnerability to establish system fingerprinting and remote payload delivery, indicating escalation of Russian APT activity targeting Eastern Europe.
A memory corruption vulnerability in Windows drivers can be triggered via malformed trusted application requests, potentially enabling local privilege escalation.
Critical
CVSS
6.7
EPSS
0%
NEW lwxat (Chinese-speaking cybercriminal collective)
Organized Chinese-speaking cybercriminals operate BadIIS as a Malware-as-a-Service since at least 2021 with continuous evasion updates targeting security products such as Norton,a systemic threat to Windows Server environments in European manufacturing firms.
AI-driven ransomware toolkits with automated EDR evasion and AD reconnaissance represent a new class of threats capable of rendering traditional defenses obsolete through machine-learning-based evasion techniques.
BSI alerts to an RCE vulnerability in Microsoft SharePoint Server; as no CVE is specified, this may be a not-yet-publicly-disclosed or aggregated advisory.
An npm-based infostealer with over 100,000 downloads demonstrates active supply-chain risk through manipulated open-source packages that exfiltrate credentials and environment data from developers.
Kali365 operators have expanded their attack capabilities from pure Microsoft 365 phishing to AWS, Okta, and Russian platforms, using device-code phishing to bypass MFA.
BSI warns of a kernel vulnerability with local exploitability and potential arbitrary code execution that poses a risk to systems with uncontrolled local access.
Attackers are actively exploiting CVE-2026-0257 in PAN-OS just four days after public disclosure, indicating targeted attacks on firewall products in critical enterprise networks.
Threat actors are actively exploiting the vulnerability; the Centre for Cybersecurity Belgium warns of ongoing exploitation, although Microsoft has not yet confirmed active abuse in the wild.
A state-sponsored Chinese campaign is deliberately targeting European and Taiwanese government and technology institutions, signaling heightened espionage activity against Western targets in critical sectors.
APT group TeamPCP compromised Checkmarx KICS via Docker Hub repository poisoning to steal Kubernetes secrets , demonstrates multi-stage supply-chain attacks on container infrastructure as an established threat pattern.
Active exploitation of a critical Netlogon RCE in Windows servers requires immediate patching, as the vulnerability is already being weaponized in attacks.
The vulnerability is already actively exploited in the wild, even though the public PoC only demonstrates a crash , code execution is possible according to Microsoft and CVSS 9.8 warrants immediate action.
A memory-safety bug (double-free) in the Windows IKEv2 service enables unauthenticated remote attackers to achieve code execution by sending specially crafted packets.
An authentication bypass vulnerability in Palo Alto PAN-OS GlobalProtect VPN already being exploited in two attack waves since mid-May represents an immediate VPN security threat.
A systemic design flaw in Node.js module resolution on Windows enables privilege escalation through local filesystem manipulation, yet remains unpatched by both Discord and Node.js maintainers.
SmartApeSG ClickFix campaign employs multi-stage infection chains: unidentified RAT delivers NetSupport Manager RAT with C2 communication over TCP 443 and daily-changing indicators.
BSI warning for multiple critical vulnerabilities in widely-deployed browsers without specific CVE identifiers or PoC status , requires immediate patch-deployment planning.
Publicly available proof-of-concept code for a 19-year-old kernel vulnerability enables immediate practical exploitation and requires rapid patch verification in Ubuntu systems.
A deprecated but still-signed driver from a product discontinued in 2013 enables attackers with local access to perform privileged kernel operations and credential theft via BYOVD techniques.
BSI alerts to multiple vulnerabilities in both leading browsers without specific CVE numbers; immediate patch management and update prioritization required.