The Miasma worm campaign demonstrates active exploitation of Microsoft development infrastructure, suggesting targeted attacks on software suppliers that could directly affect manufacturing organisations dependent on Microsoft technologies.
An integer overflow vulnerability in Canon printers discovered at Pwn2Own enables unauthenticated network-adjacent remote code execution with high severity (CVSS 8.8).
An unauthenticated stack-based buffer overflow in Canon printers enables direct remote code execution with high CVSS (8.8), requiring no user interaction.
Unauthenticated remote code execution on Canon MFP devices is possible; devices are typically network-accessible and could serve as a lateral-movement vector.
Local privilege escalation in Windows Secure Kernel requires prior code-execution capability; relevant for internal threat models involving compromised local accounts.
A use-after-free vulnerability in the Windows NDIS driver allows local attackers to escalate privileges, but requires prior ability to execute low-privileged code on the target system.
Local privilege escalation in win32kfull (CVSS 7.8) requires prior code execution on the target system but presents a critical escalation path for attackers who have already compromised the system.
A local privilege escalation vulnerability in Windows requires prior low-privileged code execution on the target system as a prerequisite for exploitation.
A local privilege escalation vulnerability in the Windows win32kfull component with CVSS 8.8 requires an attacker to first execute low-privileged code to escalate to higher privilege levels.
A one-click vulnerability in VS Code/GitHub.dev allows attackers to steal GitHub OAuth tokens that grant read and write access to private repositories.
The group UNC3753 exploits social engineering and physical access (posing as fake IT technicians) for direct data exfiltration via USB drives, a high-risk attack pattern against organizations with weak physical access controls.
Autonomous AI agents significantly accelerate zero-day discovery; this creates pressure on patch cycles and requires robust dependency-management processes.
The out-of-band patch prioritization underscores that Microsoft considers the vulnerability time-critical; despite the absence of public exploits and in-the-wild exploitation, rapid deployment is recommended given SharePoint's history as a high-value target.
An actively exploited authentication bypass in PAN-OS GlobalProtect enables unauthorized VPN access; while Palo Alto is not in Joel Traber's stated stack, any manufacturing company using Palo Alto firewalls for remote access must treat this as an immediate remediation priority.
Russian intelligence services are establishing shell companies and recruiting intermediaries to systematically acquire Western manufacturing equipment, machine tools, and dual-use technology,a direct threat to European industrial enterprises and their supply chains.
UNC6671 uses vishing and adversary-in-the-middle techniques to bypass MFA, compromise Microsoft 365 and Okta, and exfiltrate data for extortion; the recent shutdown of their data leak site may signal a rebranding rather than cessation of operations.