The Miasma worm campaign demonstrates active exploitation of Microsoft development infrastructure, suggesting targeted attacks on software suppliers that could directly affect manufacturing organisations dependent on Microsoft technologies.
An integer overflow vulnerability in Canon printers discovered at Pwn2Own enables unauthenticated network-adjacent remote code execution with high severity (CVSS 8.8).
An unauthenticated stack-based buffer overflow in Canon printers enables direct remote code execution with high CVSS (8.8), requiring no user interaction.
Unauthenticated remote code execution on Canon MFP devices is possible; devices are typically network-accessible and could serve as a lateral-movement vector.
Local privilege escalation in Windows Secure Kernel requires prior code-execution capability; relevant for internal threat models involving compromised local accounts.
A use-after-free vulnerability in the Windows NDIS driver allows local attackers to escalate privileges, but requires prior ability to execute low-privileged code on the target system.
Local privilege escalation in win32kfull (CVSS 7.8) requires prior code execution on the target system but presents a critical escalation path for attackers who have already compromised the system.
A local privilege escalation vulnerability in Windows requires prior low-privileged code execution on the target system as a prerequisite for exploitation.
A local privilege escalation vulnerability in the Windows win32kfull component with CVSS 8.8 requires an attacker to first execute low-privileged code to escalate to higher privilege levels.
A one-click vulnerability in VS Code/GitHub.dev allows attackers to steal GitHub OAuth tokens that grant read and write access to private repositories.
The group UNC3753 exploits social engineering and physical access (posing as fake IT technicians) for direct data exfiltration via USB drives, a high-risk attack pattern against organizations with weak physical access controls.
Autonomous AI agents significantly accelerate zero-day discovery; this creates pressure on patch cycles and requires robust dependency-management processes.
The out-of-band patch prioritization underscores that Microsoft considers the vulnerability time-critical; despite the absence of public exploits and in-the-wild exploitation, rapid deployment is recommended given SharePoint's history as a high-value target.
Unknown threat actors are actively exploiting an authentication bypass vulnerability in PAN-OS GlobalProtect to gain unauthorized VPN access and circumvent security controls.
BRICKSTORM is a targeted espionage campaign against VMware vSphere environments that establishes persistence at the hypervisor layer below the guest OS, exploiting visibility gaps in traditional endpoint detection.
A critical local privilege escalation vulnerability enables attackers with local access to manipulate in-memory caches of privileged executables while keeping physical files unchanged and bypassing integrity checks.
The vulnerability affects authorization in Exchange Online and allows unauthorized information disclosure over the network , a direct risk for cloud-based email infrastructure.
The vulnerability is triggered by shift-undefined-behavior in buffer-size calculation and enables extension-independent exploitation via NTFS signature matching during file extraction.
Iranian APT Screening Serpens deploys an evolved version of MiniJunk malware against European organizations using .NET-based code execution and DLL sideloading for defense evasion.
Nation-state actors are operationalizing the publicly available ROADtools framework to enumerate, register devices, and manipulate Microsoft Entra ID tokens in coordinated attacks against Western cloud infrastructure.
Dutch authorities dismantle hosting infrastructure used by Russian intelligence agencies (FSB/GRU) for cyberattacks and disinformation campaigns targeting the EU, arresting two operators.
An active supply-chain attack by North Korean actors on the popular axios NPM package compromises millions of downloaded JavaScript dependencies and distributes the WAVESHAPER.V2 backdoor across Windows, macOS, and Linux , with cascading effects on dependent packages and development environments.
UNC5221 deploys newly documented backdoors (Plenet, AgentPSD) and Brickstorm to maintain persistent access to Microsoft 365 environments , a targeted operation by Chinese espionage against Western infrastructure.
The vulnerability allows an attacker to execute commands through manipulated inputs to M365 Copilot and exfiltrate sensitive information over the network without authentication.
An injection vulnerability in Copilot Chat allows attackers to disclose sensitive information over the network , a risk for organizations actively deploying Edge and cloud-based AI features.
The vulnerability allows an authorized attacker to disclose sensitive information via the Microsoft Graph API; this is critical for organizations using Microsoft 365 and Entra ID.
An uninitialized memory disclosure vulnerability in 7-Zip's UEFI capsule parser allows attackers to read sensitive heap contents via truncated or malformed archives without achieving code execution.
The vulnerability allows reading uninitialized heap memory when parsing BSD-style __.SYMDEF symbol tables in ar archives, without requiring code execution.
Chinese APT Webworm leverages legitimate cloud and communication platforms (Discord, Microsoft Graph) alongside SOCKS proxy tools to infiltrate European governments, obscuring traditional attack patterns.
An Iran-affiliated IRGC-linked threat actor (Nimbus Manticore) demonstrates novel operational techniques including SEO poisoning against Western aviation and software sectors, indicating elevated state-sponsored cyber activity during regional conflicts with potential supply-chain implications for European manufacturing.
Advanced espionage groups (UNC6201, UNC5807) deliberately exploit network appliances lacking EDR coverage for persistence, and routinely exploit vulnerabilities an average of 7 days before patches are released.
Hacktivism and ransomware in Germany, Austria, and Switzerland surged 124% in 2025; simultaneously, Windows Defender zero-days (CVE-2026-41091, CVE-2026-45498) are actively exploited.
OP-512 is a China-linked espionage group actively compromising Microsoft IIS servers with custom web shells for persistent access and intelligence collection operations.
EU regulation on technological sovereignty (Chips Act 2.0, Cloud and AI Development Act) will reshape procurement and supply-chain strategies for European manufacturers and may introduce new compliance requirements for cloud, AI, and open-source adoption.
German infrastructure has re-emerged as the primary target for cyber extortion in Europe in 2025, with data leak site posts at record highs , a strategic signal for all DACH organizations and their supply-chain partners.
A critical use-after-free vulnerability in Chrome's Cast feature prior to version 149.0.7827.53 enables local heap corruption exploitation via malicious network traffic.
A critical use-after-free flaw in Chrome on Linux enables heap corruption via malicious HTML pages if users perform specific UI gestures; the vulnerability is not yet listed in the CVE CISA Known Exploited Vulnerabilities catalog as actively exploited.
The vulnerability affects only 32-bit builds of 7-Zip; 64-bit versions are protected due to automatic integer promotion, enabling selective patching prioritization.
A critical TTF-parsing vulnerability in Canon multifunction printers enables unauthenticated remote code execution from network-adjacent positions and was demonstrated at Pwn2Own 2025.
The zero-day in the Canon printer enables network-adjacent remote code execution without authentication and has been publicly disclosed; devices in enterprise environments require immediate patch assessment.
VMXNET3 network driver vulnerability in ESXi enables privilege escalation following local code execution; directly relevant to virtualization infrastructure in manufacturing environments.
An integer underflow vulnerability in the VMware ESXi VMCI subsystem enables local privilege escalation with a high CVSS score and Pwn2Own proof-of-concept code.
The vulnerability enables sandbox escape via crafted HTML pages, potentially allowing local code execution with Chrome process privileges on the target system.
A critical use-after-free vulnerability in the Chromecast renderer enables an attacker with renderer process access to perform a sandbox escape via crafted HTML pages.
This is a critical remote code execution vulnerability in Chrome triggered by accessing a crafted HTML page, requiring immediate patching across all endpoints.
The vulnerability enables sandbox escape via crafted HTML pages , an attacker can potentially execute code with system privileges, not limited to browser context.
The vulnerability requires access from the local network segment and is therefore primarily a risk in networks with untrusted devices or potentially compromised network positions.
This vulnerability allows an attacker with a compromised renderer process to perform a sandbox escape , a critical escalation that can enable local system access.
A sandbox-escape proof-of-concept for this critical Chrome flaw is likely to be public soon or already available; Linux systems running Chrome require timely patching.
A critical use-after-free vulnerability in Chrome's Ozone graphics subsystem enables remote code execution via crafted HTML pages and requires immediate updates to version 149.0.7827.53 or later.
A sandbox-escape vulnerability in Google's GPU rendering allows remote code execution via crafted HTML pages, exploitable without user interaction through malicious websites or compromised web content.
A critical use-after-free vulnerability in Chrome's Ozone component enables remote code execution via crafted HTML pages and requires immediate update to version 149.0.7827.53 or later.
The vulnerability is triggered by file types (.wim .swm .esd .ppkg) that are registered by default in 7-Zip and can be exploited zero-click through the GUI when listing directories without user action.
The vulnerability is triggered automatically when opening UEFI firmware archives and can cause denial of service or data leakage without requiring active exploitation.
Local privilege escalation in Windows win32full requires prior code execution on the system but affects all Windows installations with potentially high exploitation risk in heterogeneous environments.
The vulnerability is not reliably triggerable and depends on specific heap-layout conditions, but affects the default-enabled SquashFS functionality and is triggered during file open with no user interaction required.
An unauthenticated security feature bypass vulnerability in Microsoft Exchange with moderate CVSS rating requires prompt assessment and patch planning.
The vulnerability allows information disclosure and denial-of-service via crafted UDF disc images; auto-detection by signature means suspect ISO/UDF files pose a crash risk at the point of opening.
An unauthenticated critical vulnerability in Microsoft Azure MCP AzureCliService enables remote code execution with CVSS 9.8 and could compromise cloud-based identity and infrastructure components.
BSI warns of active exploitation of a critical SharePoint vulnerability; since SharePoint is deployed in Microsoft 365 environments, immediate verification and patching is required.
Multiple prototype pollution vulnerabilities in Adobe Acrobat products enable remote code execution and information disclosure; BSI issued a consolidated warning without disclosing individual CVE details.
CVE-2022-45188 is a known vulnerability in Synology DSM's Netatalk protocol identified in 2022; the ZDI publication represents a re-disclosure, not a new threat.
Nation-state actors exploit critical vulnerabilities in edge appliances (firewalls, VPN gateways) as pivot points for multi-stage attacks on internal systems and collaboration platforms, exploiting their trusted status and limited monitoring.
This is a pure patch announcement with no evidence of active exploitation in the wild or targeted campaigns; the focus is on technical vulnerability cataloging.
The vulnerability requires an already-compromised renderer process and enables sandbox escape , a Critical-rated escalation vector for advanced attackers, not a primary entry vector.
The vulnerability enables circumvention of Chrome's sandbox isolation through a crafted HTML page, representing a significant sandbox escape beyond standard patch mitigation.
A use-after-free vulnerability in Chrome 149.0.7827.53 enables remote code execution via crafted HTML pages, but requires specific user interactions and is therefore a standard browser patch without notable campaign activity.
An out-of-bounds write vulnerability in Google's ANGLE rendering engine enables heap corruption via crafted HTML pages; attackers can potentially achieve remote code execution.
The vulnerability allows an attacker with access to the renderer process to achieve a full sandbox escape on Windows systems, facilitating attacks on enterprise endpoints via crafted web pages.
The vulnerability enables sandbox escapes following renderer compromise, but requires prior renderer process exploitation,not an autonomous RCE scenario.
A type confusion vulnerability in Chrome's V8 JavaScript engine enables remote code execution within the sandbox via crafted HTML pages, without requiring additional user interaction.
The vulnerability allows an attacker with control of the renderer process to perform a sandbox escape,a critical escalation path that bypasses the isolation between browser and operating system.
The vulnerability allows an attacker with access to the renderer process to achieve sandbox escape via a crafted HTML page, enabling escalation to system level.
An attacker with access to the renderer process can bypass the Same-Origin-Policy using a crafted HTML page, enabling escalation after successful browser compromise.
A use-after-free vulnerability in Chrome's ANGLE graphics engine enables arbitrary code execution within a sandbox via crafted HTML pages and is rated as critical for all Windows users.
The vulnerability allows an attacker with renderer process access to inject arbitrary scripts via crafted HTML, enabling escalation from renderer compromise to cross-browser attacks.
While this sandbox-escape vulnerability requires an already-compromised renderer process, it enables potential full system access , a significant risk for organizations relying on browser security.
The vulnerability allows bypassing same-origin policy through malicious network traffic and specific UI gestures, posing a risk to web developers and cloud-based applications in production environments.
The vulnerability requires only local network segment access, not internet connectivity, making it a realistic attack vector in enterprise environments where internal devices or compromised network clients may be present.
The vulnerability enables remote code execution simply by visiting a crafted webpage without further user interaction, posing a high risk to endpoints running Chrome in enterprise environments.
A type confusion vulnerability in V8 enables remote code execution within the Chrome sandbox, requiring immediate browser updates across all instances.
Use-after-free vulnerability in WebRTC enables remote code execution with high severity, requiring immediate browser updates to version 149.0.7827.53 or later.
The vulnerability allows an attacker with control over the renderer process to perform a sandbox escape , a significant risk, as it bypasses the isolation between web content and the operating system.
A use-after-free vulnerability in the WebRTC component enables sandbox escape and remote code execution via crafted HTML pages, requiring only standard web browsing user interaction.
Type Confusion in Google's V8 engine enables attackers to execute arbitrary code within Chrome's sandbox, posing a direct execution risk on standard browser installations.
The vulnerability requires active user interaction (specific UI gestures) and remains partially constrained by Chrome's sandbox, but lowers the exploitation threshold for PDF-based attacks.
The vulnerability allows code execution within the Chrome sandbox through interaction with crafted webpages, requiring immediate update to version 149.0.7827.53 or later.
A local attacker with file access can achieve privilege escalation through a Chrome UI flaw on Windows systems , relevant for environments with Chrome and local access risk.
The vulnerability requires an already-compromised renderer process; this is a second-stage exploit, not an initial vector, and is addressed in standard Chrome updates.
The vulnerability enables sandbox escape through crafted HTML pages when users perform specific UI gestures,a moderated exploitation risk in sandboxed browser environments.
The vulnerability enables remote code execution within the Chrome sandbox via crafted HTML pages, posing an immediate infection risk for end users visiting malicious websites.
This is a standard patch notification without evidence of active exploitation or specific attack campaigns; the vulnerability affects Chrome's ANGLE rendering engine and requires an update to version 149.0.7827.53 or later.
A use-after-free vulnerability in Chrome's MIME handler view enables attackers to execute arbitrary code through specially crafted HTML pages; this affects all Chrome users prior to version 149.0.7827.53.
A use-after-free vulnerability in Glic's memory management enables remote code execution within Chrome's sandbox via crafted HTML pages, requiring prompt update to version 149.0.7827.53 or later.
The sandbox-escape capability of this vulnerability could enable an initial break out from Chrome's isolation process, underscoring the importance of timely updates.
The vulnerability enables arbitrary code execution within the Chrome sandbox through simple HTML page visits , a high risk for drive-by-download attacks against employees.
An integer overflow vulnerability in the V8 engine enables code execution within Chrome's sandbox via crafted HTML pages, resulting in malicious code execution within the browser context without sandbox escape.
An integer overflow vulnerability in Chrome's DevTools enables code execution within the sandbox via crafted HTML pages, with no currently known active exploitation.
The vulnerability enables sandbox escape via crafted video files,a popular attack vector that can lead to system compromise through seemingly benign content, especially in environments with web access.
This is a standard patch notification without indication of active exploitation or specific attack scenarios in the field; the vulnerability requires prior renderer process compromise.
The vulnerability allows an attacker with access to the renderer process to break out of the Chrome sandbox and potentially gain system-level privileges.
The vulnerability requires prior renderer process compromise but then enables a sandbox escape, potentially allowing bypass of Chrome's isolation mechanisms.
A sandbox escape vulnerability in Google's ANGLE renderer allows attackers to potentially escalate privileges via crafted HTML pages, compromising the browser's core isolation mechanism.
This is a known Chromium vulnerability documented in NVD/CVE databases with no novel attack context or exploit details beyond standard patch information.
The vulnerability requires an already-compromised renderer process and then allows Same-Origin-Policy bypass via crafted HTML pages, indicating a multi-stage attack chain.
A vulnerability in Chrome's codec handling enables data leaks across origin boundaries if the renderer process is already compromised , relevant for scenarios involving browsing of untrusted content.
This CVE documents a use-after-free vulnerability in Chrome's WebXR API that enables sandbox escape with arbitrary code execution, prioritizing it above other WebGL/WebXR patches.
A sandbox bypass in Chromium allows remote attackers via crafted HTML pages to potentially perform privilege escalation or establish malware persistence without additional exploit chaining.
The vulnerability enables data leaks via side-channel access to cross-origin content; this is a confidentiality risk in browser-based enterprise applications.
An integer overflow vulnerability in the V8 engine enables remote code execution via crafted HTML pages, even though the attack occurs within Chrome's sandbox, making sandbox escapes or follow-up exploits likely.
The sandbox-escape capability means an attacker with a compromised renderer process could potentially access the host system, bypassing Chrome's typical process isolation.
The sandbox-escape mechanism via video codec defect enables attackers to break out of the Chrome sandbox and gain system-level access, which goes beyond standard patching obligations.
A use-after-free vulnerability in the ANGLE renderer can enable Chrome sandbox escape under specific conditions, but requires prior compromise of the renderer process.
A use-after-free vulnerability in Chrome's WebRTC implementation enables code execution within the sandbox via crafted HTML pages, providing a vector for targeted attacks on workstations.
The vulnerability enables sandbox bypass via CSS type confusion, representing a significant escalation of attack surface beyond typical browser crashes.
A vulnerability in codec processing enables code execution via crafted video files without additional user interaction, posing a high risk for browser-based attacks.
A sandbox escape vulnerability in Chrome codecs allows attackers with renderer process access to bypass Chrome's sandbox via a crafted HTML page and potentially gain system access.
Sandbox escape vulnerability requires pre-compromised renderer process but significantly weakens the isolation barrier between browser and operating system.
The vulnerability affects Chrome's Chromoting remote-access feature and enables remote code execution via malicious network traffic without additional user interaction.
A use-after-free vulnerability in WebRTC enables remote code execution within the Chrome sandbox through crafted HTML pages, posing a direct attack risk for users with internet access.
This is a standard Chromium security advisory with no indication of active exploitation or targeted sectors; update to version 149.0.7827.53 or later is required.
A sandbox escape in Chromoting potentially enables code execution on the local system if an attacker has already compromised the renderer process,relevant for organizations using Chrome-based remote access functionality.
The vulnerability allows an attacker with control of the renderer process to escape Chrome's sandbox and potentially access system resources; two-stage exploitation requires a prior browser exploit.
A sandbox-escape vulnerability in the Chrome renderer potentially allows code execution on systems running Chrome if an attacker has already compromised the renderer process.
This vulnerability enables sandbox escapes through crafted video files, meaning successful exploits could compromise Chrome processes with system privileges,a significant risk vector via web-based attacks.
Sandbox escape vulnerability in Chrome Autofill allows attackers to bypass the browser sandbox and potentially execute code with elevated privileges via malicious network traffic.
The vulnerability requires initial compromise of the renderer process by an attacker, which reduces practical exploitability at scale but represents a critical escalation path for already-compromised browser sessions.
The announcement provides no specific CVEs, affected components, or active exploit reports, offering no additional risk assessment basis beyond a standard patch reminder.
BSI warns of multiple unspecified vulnerabilities in Synology DSM published without CVE details; patch information or specific version numbers are missing.
BSI warning regarding multiple local vulnerabilities in Adobe Creative Cloud applications; exploitation typically requires user interaction (opening malicious file) but enables code execution and data access.
BSI warns of multiple unspecified vulnerabilities in Firefox/Firefox ESR with potential code execution; exact CVE IDs and version details are missing from the advisory.
The BSI warning addresses multiple GNU libc vulnerabilities without explicitly naming specific CVE numbers; this indicates a meta-advisory or overview of several already-known gaps.
BSI warns of multiple unspecified vulnerabilities in both browsers exploitable via web-based attacks , without specific CVE numbers or PoC details, this is likely a generic security advisory accompanying a regular patch cycle.
AI agents in CI/CD workflows can bypass sandbox security controls and access workflow environment variables containing API keys and other sensitive credentials.
Active campaign using two distinct malware variants (IronWorm and Miasma worm) spreads across 50+ legitimate npm packages via compromised accounts; IronWorm combines credential theft with eBPF kernel rootkit and Tor C2 for persistent control.
The vulnerability requires active user interaction (specific UI gestures) and is not remotely exploitable without user engagement; no indication of active campaigns or public exploits.
The vulnerability affects Chrome's Web Workers implementation and enables bypassing the Same-Origin Policy via crafted HTML pages, with no evidence of active exploitation in the wild.
Malicious browser extensions can bypass access control mechanisms through this vulnerability, posing a risk from social-engineering attacks in environments with widespread Chrome usage.
The vulnerability requires prior compromise of the renderer process and thus represents a post-exploit escalation vector rather than a primary attack vector.
The vulnerability requires social engineering (user must install malicious extension), not merely a patch , enterprise control over extension policies is mitigation-critical.
A use-after-free in Chrome's Password Manager enables sandbox escape via crafted HTML pages , relevant for remote workers relying on Chrome's integrated password management.
The vulnerability allows an attacker to inject arbitrary scripts into privileged pages via a malicious Chrome extension , a risk for organizations using Chrome to manage sensitive systems.
An out-of-bounds read operation in Google's V8 JavaScript engine allows a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
A sandbox escape vulnerability in Chrome allows attackers to execute arbitrary code within the browser sandbox via crafted HTML pages, undermining the browser's isolation protection.
The vulnerability requires active user persuasion to install a malicious extension, suggesting targeted social-engineering attacks against developers or technical staff.
The vulnerability requires a pre-compromised renderer process and affects WebUI input validation; the risk is limited to specific attack scenarios involving prior renderer compromise.
The vulnerability requires an attacker to convince a user to install a malicious extension,a shift toward social engineering-based extension delivery as a vector for cross-origin data exfiltration via DevTools.
The sandbox mitigation reduces immediate exploitation risk, but successful exploitation of this use-after-free vulnerability could enable a secondary sandbox bypass and should be prioritized in patch cycles.
A use-after-free vulnerability in Canvas enables remote code execution within the sandbox via crafted HTML pages; the severity is rated Medium, but sandbox execution could serve as a pivot point for further attacks.
The vulnerability requires an already-compromised renderer process and is therefore less critical than direct attack vectors; however, it affects the escalation chain following successful browser exploitation.
The vulnerability enables phishing through visual spoofing of the password manager interface via malicious network traffic, without requiring local access.
Vulnerability allows bypass of password manager through crafted HTML pages, but requires active user interaction and has not been actively exploited in the wild.
Successful exploitation requires prior compromise of the renderer process, making this a secondary information-disclosure risk rather than a primary attack vector.
This is a standard security update notification with no evidence of active exploitation or targeted attacks; the vulnerability affects codec processing in the browser and requires an update to version 149.0.7827.53 or later.
The integer overflow in V8 enables code execution within the Chrome sandbox; sandbox escape is not explicitly described, but this reduces the protection level against malicious web content.
The vulnerability requires active user persuasion to install a malicious extension and is therefore a practical but not automatic exploitation scenario,the focus is on awareness rather than technical mitigation.
The vulnerability requires local access and is therefore primarily relevant for internal threat scenarios; BSI update signals availability of patches or mitigations.