CVE-2022-0492 has been known since 2022 and is already catalogued in the CISA KEV; this alert repeats an established patching obligation without new exploit data or contextual information.
Gamaredon employs a multi-stage exploitation chain leveraging the WinRAR vulnerability to establish system fingerprinting and remote payload delivery, indicating escalation of Russian APT activity targeting Eastern Europe.
A memory corruption vulnerability in Windows drivers can be triggered via malformed trusted application requests, potentially enabling local privilege escalation.
Critical
CVSS
6.7
EPSS
0%
NEW lwxat (Chinese-speaking cybercriminal collective)
Organized Chinese-speaking cybercriminals operate BadIIS as a Malware-as-a-Service since at least 2021 with continuous evasion updates targeting security products such as Norton,a systemic threat to Windows Server environments in European manufacturing firms.
AI-driven ransomware toolkits with automated EDR evasion and AD reconnaissance represent a new class of threats capable of rendering traditional defenses obsolete through machine-learning-based evasion techniques.
BSI alerts to an RCE vulnerability in Microsoft SharePoint Server; as no CVE is specified, this may be a not-yet-publicly-disclosed or aggregated advisory.
An npm-based infostealer with over 100,000 downloads demonstrates active supply-chain risk through manipulated open-source packages that exfiltrate credentials and environment data from developers.
Kali365 operators have expanded their attack capabilities from pure Microsoft 365 phishing to AWS, Okta, and Russian platforms, using device-code phishing to bypass MFA.
BSI warns of a kernel vulnerability with local exploitability and potential arbitrary code execution that poses a risk to systems with uncontrolled local access.
Copy Fail enables local privilege escalation by manipulating the in-memory cache of privileged binaries without modifying on-disk files, bypassing integrity checks.
The vulnerability requires only minimal Site Member permissions and can be exploited by internal or compromised accounts without elevated administrator rights , a risk for manufacturing environments with many SharePoint users.
The vulnerability enables arbitrary code execution through maliciously crafted TIF files in Autodesk 3ds Max, which poses a risk to organizations with design workflows.
The vulnerability enables code execution through maliciously crafted WRL files in a 3D CAD application commonly integrated into design workflows, creating supply-chain integrity risks for SolidWorks/AutoCAD-based processes.
A memory corruption vulnerability in Autodesk 3ds Max enables arbitrary code execution through malicious WRL files , relevant for manufacturing environments where 3D design software processes CAD files from potentially untrusted sources.
Insufficient length validation in IKE packets with NAT-T can cause VPN service crashes; relevant for manufacturing companies that rely on stable VPN access for remote maintenance and secure remote operations.
Dutch authorities dismantle parts of Russian cyber infrastructure used for attacks and disinformation against the West,an indicator of ongoing Russian operations targeting DACH and the EU.
A vulnerability in Fortinet's Identity Awareness blade allows unauthenticated users to read internal files on the Security Gateway when browser-based authentication is enabled.
Iranian APT Nimbus Manticore continues operations with updated tools targeting critical sectors such as aviation and software,evidence of sustained state-sponsored cyber-warfare with potential implications for European supply chains.
MuddyWater actively exploits legitimate software binaries (Fortemedia, SentinelOne) for DLL side-loading attacks targeting industrial manufacturers, airports, and financial services across nine countries,a direct threat to European manufacturing enterprises.
Investigators disrupted a Russian cyber attack and disinformation infrastructure in the EU , signal of continued state-sponsored operations against Western Europe.
Nimbus Manticore uses targeted phishing and SEO poisoning campaigns to distribute custom malware variants against European aviation and software organizations as a direct response to geopolitical escalation.
The dismantling of bulletproof hosting services in the Netherlands signals intensified European action against Russian threat-actor cyber infrastructure and may impact the availability of hosting resources for APT campaigns targeting DACH enterprises.
German infrastructure is again heavily affected by cyber extortion in 2025 , ransomware groups have reactivated their focus on the DACH region, matching peaks from 2022,2023.
Unauthenticated remote code execution without authentication on Canon multifunction printers via BJNP protocol with CVSS 8.8 , immediate threat to enterprise printer fleets.
Unauthenticated remote code execution in Canon MFP devices used for document scanning and network printing creates a direct entry point for lateral network movement without requiring user credentials.
Newly discovered vulnerability in Canon imageCLASS MF654Cdw with high CVSS rating (8.8), exploitable by network-adjacent attackers without authentication.
This Pwn2Own exploit demonstrates a critical vulnerability in Canon printers exploitable without authentication by network-adjacent attackers, enabling direct access to a widespread peripheral device on the corporate network.
Although 3ds Max is not used, the vulnerability demonstrates a pattern across the Autodesk product family that could also affect AutoCAD and other design tools.
BSI has warned of a critical code execution vulnerability in SharePoint Server 2016/2019 that can be exploited by authenticated remote attackers and requires immediate patching.
A BSI warning regarding privilege escalation in Entra ID and Azure Resource Manager signals one or more critical vulnerabilities in core Microsoft cloud identity services that directly impact enterprise IT environments with hybrid AD/Entra integration.
AI assistants with access to enterprise-wide data repositories are attractive targets for state-sponsored actors who could use RCE to gain access to sensitive information or systems.
Local privilege escalation in Windows win32kfull requires prior code execution on the target system; patch prioritization necessary for all Windows servers and endpoints.
Race condition in afd.sys enables local privilege escalation with CVSS 7.8; affects Windows Server 2022 and 2019 systems critical for Active Directory and domain authentication.
Local privilege escalation in Windows win32full with CVSS 7.8 requires prior low-privileged code execution; relevant for manufacturing environments with client and server endpoints.
Local privilege escalation in win32kfull requires prior code execution with low privilege; patching is necessary to prevent lateral movement after local compromise.
A state-validation vulnerability enables attackers to bypass two-factor authentication, representing a critical risk for all AD/Entra-ID-based systems.
The compromise of multiple versions of a popular PHP package indicates a targeted supply-chain attack in which infostealer malware is distributed via dependency management.
Attackers with valid credentials can coerce users to accept MFA push notifications through repeated bombardment, bypassing the second factor without needing to compromise it.
BSI warning of a privilege-escalation vulnerability in TeamViewer affects a critical remote-access tool in the company's manufacturing IT infrastructure.
The vulnerability allows non-privileged authenticated users to execute remote code without administrator rights, making SharePoint an exponentially riskier target for insider threats and APTs.
Previously undocumented Pheno plugin abuses Windows Phone Link to intercept OTPs and SMS directly from the PC without deploying malware to the smartphone,a novel MFA-bypass technique.
Microsoft is expanding Defender for Endpoint with automated isolation of compromised endpoints to contain lateral movement attacks,a defensive capability improvement without a new vulnerability or active attack.