The vulnerability is a race condition in the Malware Protection Engine that grants SYSTEM-level privileges regardless of real-time protection status and has already been publicly exploited by a security researcher.
GitHub platform flaws are actively exploited by Shai-Hulud variants to compromise hundreds of software packages and developer accounts; GitHub dismissed formal security reports, amplifying fundamental supply-chain risk for all software developers.
The threat is driven by the Nightmare Eclipse group as part of a targeted campaign against Microsoft, with multiple zero-days (BlueHammer, RedSun, UnDefend) already exploited in the wild.
Three critical Fortinet FortiSandbox vulnerabilities (CVE-2026-39808, CVE-2026-39813, CVE-2026-25089) are currently under active exploitation, with honeypots and threat intelligence sources reporting attacks since June 2026.
Mass theft of admin credentials from 75,000 Fortinet devices via exported configuration files , an active, ongoing threat scenario without a published vulnerability.
Critical Fortinet vulnerabilities are being actively exploited by multiple independent attackers, not just a single campaign,indicating widespread opportunistic exploitation.
Russian-speaking threat actors are conducting an active large-scale campaign against Fortinet devices worldwide, having already compromised 30,000+ Internet-facing firewalls and VPN gateways and harvested credentials.
The FortiBleed campaign actively targets Internet-exposed Fortinet devices and has already compromised credentials for over 30,000 devices; threat actors with suspected Russian background have been identified.
BSI warns of multiple critical vulnerabilities in Firefox/Firefox ESR/Thunderbird enabling code execution and sandbox escape; user interaction required but can be triggered by opening a malicious file or website.
The BSI has issued a warning on a critical OpenSSL vulnerability with code execution and data leak potential; the status (CVE-ID, CVSS score, KEV listing) is not specified in this summary, so the official BSI advisory and CVSS rating should be consulted.
A coordinated malware campaign exploits trusted developer IDE marketplaces to distribute credential stealers specifically targeting AI API keys and developer authentication.
Attackers abuse Microsoft Teams relay servers as a command-and-control channel for a new Go-based backdoor, demonstrating the difficulty of monitoring and blocking Teams traffic for malicious purposes.
A local privilege escalation in Microsoft Defender weakens endpoint defense effectiveness and allows attackers with initial system access to escalate to administrative rights.
The BSI is tightening enforcement of NIS2 implementation with a new registration deadline by end of July, as registration rates have been disappointing.
The FortiBleed leak demonstrates that thousands of Fortinet devices globally have already been compromised and their VPN credentials are publicly available,an active, ongoing attack scenario, not merely a vulnerability.
All three critical flaws (CVE-2026-39813, CVE-2026-39808, CVE-2026-25089) are being actively exploited; working exploits exist for at least two vulnerabilities, making immediate patching a priority for organizations running FortiSandbox.
APT37 deploys a new RAT malware (NarwhalRAT) featuring multi-stage Python loaders, pCloud as a secondary C2 channel, and advanced information collection capabilities,a sophisticated upgrade from previous RokRAT operations.
Critical
NEW China-linked (unattributed to specific APT group) C3
A previously Linux-only, China-linked backdoor is now expanding to Windows with two new variants (WIN_DRV and WIN_PLUS) leveraging kernel drivers for stealth and C&C communication over TCP/UDP.
Chinese state-sponsored actors are conducting coordinated dual-layer phishing campaigns against European targets, demonstrating increased operationalization of supply-chain attack patterns in countries adjacent to the DACH region.
An elevation-of-privilege flaw in the Microsoft Malware Protection Engine could allow attackers to escalate their privileges on affected systems, undermining Defender's effectiveness as a protective layer.
Critical vulnerabilities in Fortinet FortiSandbox are being actively exploited in attack campaigns, posing immediate risk to organizations deploying this solution.
Dirty Frag chains two kernel vulnerabilities (xfrm-ESP and RxRPC) into a local privilege-escalation flaw, but requires prior network access or system compromise, making it lower-priority for secured production environments.
The BSI warns of multiple privilege escalation vulnerabilities in core Microsoft Cloud services that can enable code execution and information disclosure , a strategic update for organizations with heavy Microsoft footprint.
Three of the patched vulnerabilities are already being actively exploited for malicious code execution, posing an immediate risk to systems running outdated Firefox or Thunderbird versions.
A mistakenly enabled debug flag in production Microsoft 365 Android builds allowed attackers to steal authentication tokens and compromise user accounts.
The Kali365 phishing platform has expanded its targets from Microsoft 365 to AWS, Okta, and Russian services, using device code phishing to bypass multi-factor authentication.
Large-scale npm supply-chain attack compromises 32 packages under the @redhat-cloud-services scope through CI/CD pipeline manipulation; malware leverages preinstall hooks for automatic execution and multi-layer obfuscation to evade detection.
The BSI advisory contains no CVE number and no technical details about the vulnerability; the specific weakness and affected kernel versions cannot be identified.
BSI warns of multiple vulnerabilities in Microsoft Defender and Malware Protection Engine enabling privilege escalation, code execution, and denial of service , core security components require timely patching.
Copilot in Microsoft 365 enables data theft through simple interaction without advanced technical knowledge, presenting immediate risk to organizations with Copilot features enabled.
Remcos RAT campaign employs VHDX containers and multi-layered obfuscation to evade EDR solutions and process-monitoring rules; email-delivered ZIP vector remains largely undetected.
BSI update on multiple vulnerabilities in FortiSandbox with variable exploitability , patches should be applied promptly given the product's position in the security perimeter.
GhostTree uses recursive NTFS junctions to force Microsoft Defender scans into infinite loops, hiding malware from detection,an active evasion technique against production-critical security tools.
Ransomware operators exploit legitimate Microsoft Teams relay infrastructure to obfuscate command-and-control communications, bypassing traditional network-based security controls.