A self-propagating worm (Mini Shai-Hulud) by TeamPCP has compromised over 170 npm and PyPI packages while defeating SLSA provenance attestation, representing a critical threat to any software development relying on dependencies from these ecosystems.
Pwn2Own vulnerability in Microsoft Edge allows bypass of origin validation; attackers can access restricted functionality if users visit a malicious page.
ZDI Pwn2Own vulnerability in Microsoft Edge allows cross-origin XSS execution upon user interaction; CVSS 5.0 rating for newly published CVE-2026-45494.
A hacker group (TeamPCP) is exploiting vulnerabilities in development tools and cloud misconfigurations at scale to steal credentials and propagate through supply-chain ecosystems via worms,a new escalation in attacks on open-source infrastructure.
Iranian ransomware actors use cryptocurrency exchanges for money laundering; OFAC sanctions against Nobitex signal escalated financial control and elevated risk for European organizations targeted by Iran-backed ransomware campaigns.
Targeted espionage against financial sector executives exploits normal cloud services to disguise data exfiltration , indicating state-sponsored or well-resourced threat actors focused on strategic intelligence.
A Chinese hacking group focused on remote access and data theft is expanding its attacks specifically to Germany and other EU countries; the malware arsenal can also be used for espionage purposes.
Critical
NEW TA4922 (China-linked, possible overlap with Silver Fox) C3
Chinese threat actor TA4922 is intensifying attacks on European organizations including Germany with new and known RAT malware variants, combined with phishing campaigns and rapid operational tempo.
Chaining of two Linux kernel fragmentation-related vulnerabilities enables memory corruption and local privilege escalation through crafted network packets.
The vulnerability enables extraction of unencrypted SMTP authentication credentials directly from system log files , a frequently overlooked attack vector for lateral movement and account compromise.
The researcher published a working proof-of-concept without prior notification to Microsoft, meaning the vulnerability is immediately exploitable and attacker code is now available.
The debugging flag was not disabled in production, allowing attackers to actively compromise user accounts , suggesting active exploitation in the wild.
Local code execution vulnerability in Synology Active Backup for Business requires patching to version 2.5.0-2081 or later to mitigate risks from local attackers.
New Atlas RAT malware demonstrates targeted adaptation by Chinese APT groups toward European infrastructure and signals escalation of DACH-region targeting.
The vulnerability exploits URI handler mechanisms to force network authentication, enabling passive capture of NTLMv2 hashes without requiring user interaction.
A debugging error in Microsoft 365 Android apps (Excel, Word, PowerPoint, OneNote, Loop, Copilot) disabled a critical security setting for token protection validation in production releases, allowing attackers to steal authentication tokens and take over accounts.
A large-scale npm supply chain attack compromises 32 packages under the @redhat-cloud-services scope via CI/CD pipeline infiltration, where attackers abused legitimate GitHub Actions OIDC workflows to publish trojanized packages with authentic signatures.
A path-traversal vulnerability in Synology Hyper Backup before version 4.1.2-4036 allows authenticated users to write arbitrary files and potentially compromise the integrity of backup systems.
Path-traversal vulnerability in Hyper Backup allows authenticated administrators to write non-sensitive files via unspecified vectors , requires admin privileges and is already fixed in version 4.1.2-4036.
BSI warns of multiple vulnerabilities in Microsoft Defender and Malware Protection Engine that enable attackers to achieve local privilege escalation, code execution, and denial of service.
The vulnerability affects HTTP/2 default configurations across multiple web server vendors and enables unauthenticated remote DoS , a newly discovered classification issue, not merely a patch.
A novel attack combination exploits HTTP/2 compression bombs and Slowloris-style techniques to incapacitate web servers without requiring specific patches.
An authenticated user can inject persistent JavaScript into a customer record and compromise every POS operator in the organization who retrieves that record.
Attackers are using AI-driven automation to systematically test and refine evasion techniques against EDR solutions , signaling a professionalization of attack preparation workflows.
A zero-day vulnerability in VS Code enables attackers to exfiltrate GitHub tokens with minimal user interaction, potentially compromising access to code repositories and CI/CD pipelines.
BSI advisory on Intel processor vulnerabilities without CVE identifiers; specific versions and affected processor generations must be retrieved from the complete BSI publication.