A self-propagating worm (Mini Shai-Hulud) by TeamPCP has compromised over 170 npm and PyPI packages while defeating SLSA provenance attestation, representing a critical threat to any software development relying on dependencies from these ecosystems.
Pwn2Own vulnerability in Microsoft Edge allows bypass of origin validation; attackers can access restricted functionality if users visit a malicious page.
ZDI Pwn2Own vulnerability in Microsoft Edge allows cross-origin XSS execution upon user interaction; CVSS 5.0 rating for newly published CVE-2026-45494.
A hacker group (TeamPCP) is exploiting vulnerabilities in development tools and cloud misconfigurations at scale to steal credentials and propagate through supply-chain ecosystems via worms,a new escalation in attacks on open-source infrastructure.
Iranian ransomware actors use cryptocurrency exchanges for money laundering; OFAC sanctions against Nobitex signal escalated financial control and elevated risk for European organizations targeted by Iran-backed ransomware campaigns.
Targeted espionage against financial sector executives exploits normal cloud services to disguise data exfiltration , indicating state-sponsored or well-resourced threat actors focused on strategic intelligence.
A Chinese hacking group focused on remote access and data theft is expanding its attacks specifically to Germany and other EU countries; the malware arsenal can also be used for espionage purposes.
Critical
NEW TA4922 (China-linked, possible overlap with Silver Fox) C3
Chinese threat actor TA4922 is intensifying attacks on European organizations including Germany with new and known RAT malware variants, combined with phishing campaigns and rapid operational tempo.
Chaining of two Linux kernel fragmentation-related vulnerabilities enables memory corruption and local privilege escalation through crafted network packets.
The vulnerability enables extraction of unencrypted SMTP authentication credentials directly from system log files , a frequently overlooked attack vector for lateral movement and account compromise.
The researcher published a working proof-of-concept without prior notification to Microsoft, meaning the vulnerability is immediately exploitable and attacker code is now available.
The debugging flag was not disabled in production, allowing attackers to actively compromise user accounts , suggesting active exploitation in the wild.
The vulnerability is being actively exploited to deliver credential-stealing malware disguised as legitimate Fortinet updates through VPN scripting workflows.
ModeloRAT campaign exploits trusted Microsoft Teams as delivery vector for multi-stage attack with privilege escalation via CVE-2023-36036 to domain compromise, demonstrating that internal communication channels can be weaponized despite authentication mechanisms.
An unprivileged local user can exploit a race condition in AppArmor SAUCE patches to achieve arbitrary code execution, which is particularly relevant for multi-tenant environments.
An unprivileged local user can bypass AppArmor security policy enforcement through a heap overflow in notification handling code, posing a security risk on systems with AppArmor mandatory access control policies.
GreyVibe demonstrates a new attack model where Russia-linked threat actors systematically leverage AI tools to automate and escalate cyberoperations against Western targets.
GCHQ director confirms Russian daily operations against UK critical infrastructure (subsea cables, energy pipelines) and sanctions-evasion networks , signals escalated hybrid-warfare tactics with potential spillover effects on DACH energy and supply chains.
Critical
NEW Chinese state-sponsored group (Anthropic disclosure, September 2025)
Chinese state-sponsored actors are using AI-driven automation to execute supply chain attacks in real time with minimal human involvement,a new escalation pattern for European manufacturing firms.
Attackers abuse the trust relationship of endpoint management infrastructure to deliver malware directly to all managed endpoints via seemingly legitimate patches, enabling MFA bypass through stolen session cookies.
An unprivileged local user can trigger a memory-management bug in the kernel via AppArmor SAUCE patches, leading to slab metadata corruption and resource exhaustion.
The vulnerability allows an unprivileged local user to read sensitive information from kernel memory and can serve as a stepping stone for privilege-escalation attacks.
A privilege escalation vulnerability in the Linux kernel (AppArmor SAUCE patches) allows an unprivileged local user to trigger kernel panic or deadlock, causing system unavailability.
A locally-exploitable kernel panic in AppArmor requires a security update for Ubuntu production systems to maintain availability, but cannot be exploited remotely.
A remote code execution in Veeam Service Provider Console enables unauthorized access to backup infrastructure and potential compromise of business-critical data.
The vulnerability requires local access and causes kernel crash (DoS) but does not pose an immediate remote exploitation risk; patches for Ubuntu 6.8, 6.17, and 7.0 should be scheduled.
UNC6692 employs targeted social engineering via Teams fake invitations to deploy a modular custom malware suite,a tactic equally applicable to manufacturing environments.
The alert confirms a new Microsoft security update without details on active exploitation or campaigns; patch information should be validated via MSRC or BSI advisories.
Exploitation of this vulnerability allows local attackers to gain administrative privileges on Windows systems, potentially compromising backup integrity and enabling data exfiltration.
A critical vulnerability in Veeam allows authenticated Backup Administrators to write arbitrary files on Linux systems, potentially compromising the integrity of the backup infrastructure.
BSI update on multiple Intel processor vulnerabilities with privilege escalation and DoS potential requires patch management across all affected systems.
A BSI warning regarding multiple vulnerabilities in Veeam Backup & Replication signals elevated priority for patching, as this solution is central to the company's data protection and recovery strategy.
BSI advisory without specific CVE numbers or technical details; typical pattern of generic security warnings without documented active exploits in the wild.
BSI warns of multiple unspecified vulnerabilities in Adobe Creative Cloud applications without concrete CVE numbers or patching information; the advisory is generic and requires clarification of affected versions and available patches.
CISA warns of currently active supply-chain attacks on multiple popular developer tools, with 42 TanStack packages comprising 84 versions compromised within 6,20 minutes; affected organizations should immediately reset credentials and audit installations.
Unpatched 0day in Windows library-ms with low CVSS (3.5) and user-interaction requirement; enables NTLM-response disclosure when viewing malicious folder content.
A yet-unpatched (0-day) Microsoft Office vulnerability enables disclosure of NTLM responses when exploited through user interaction, potentially laying groundwork for credential harvesting or follow-up attacks.
The BSI warning covers multiple unspecified kernel vulnerabilities but requires CVE details and kernel version information for concrete patching priorities.