Iran Signed a Ceasefire , Its Hackers Didn't
Iranian state actors continue cyber operations despite diplomatic ceasefires, exposing a loophole in international conflict law regarding cyberwarfare under ceasefire conditions.
Comparing 21 June 2026 with the previous day 20 June 2026.
Iranian state actors continue cyber operations despite diplomatic ceasefires, exposing a loophole in international conflict law regarding cyberwarfare under ceasefire conditions.
An authentication bypass in Check Point VPN solutions is actively exploited in the wild, enabling unauthorized access without credentials , BSI alert signals urgent remediation.
APT29 (Cloaked Ursa) and UNC6692 exploit compromised accounts to send phishing links via Microsoft Teams messages redirecting to credential harvesting pages mimicking legitimate Microsoft login portals.
BSI advisory on multiple Chrome vulnerabilities without specific CVE numbers; details not yet published, but code execution and security bypass possible.
No changes in this category.
No changes in this category.
Unidentified threat actor actively exploiting PAN-OS authentication bypass to access GlobalProtect VPN,organizations must hunt for indicators and review mitigations immediately.
The vulnerability enables session data disclosure across cross-origin boundaries in the Chrome extension; a patch is available but is not driven by active exploitation.
A critical use-after-free vulnerability in Google's Web Authentication API allows remote code execution via crafted HTML pages and requires immediate updating of all Chrome installations.
A Path Traversal vulnerability in SOLIDWORKS Visualize allows attackers to write arbitrary files to the server,a critical risk for design and manufacturing operations that rely on secure CAD workflows.
This is a standard patch advisory with no indication of active attack campaigns or targeted exploitation.
The vulnerability enables remote code execution within Chrome sandbox context via a crafted HTML page, requiring only that a user opens the page.
A critical use-after-free vulnerability in Google's Digital Credentials feature enables heap corruption and potential remote code execution via a crafted HTML page without requiring user interaction.
A use-after-free vulnerability in Google's DigitalCredentials component enables sandbox escape on Windows, representing a critical remote code execution risk.
A critical use-after-free vulnerability in Chrome's file input handling enables heap corruption via crafted HTML pages , no evidence of active exploitation in the wild is documented, but the high criticality level demands rapid patching.
This vulnerability enables sandbox escape through renderer process compromise and could allow remote code execution on Windows systems.
An attacker with access to the renderer process can perform a sandbox escape , threat is relevant for browsing untrusted content or compromised websites.
The vulnerability requires specific UI gestures and a malicious HTML page; the risk is limited to users who perform such interactions.
The vulnerability requires an already-compromised renderer process, which reduces immediate exploitability in typical network attack scenarios, but still represents a significant privilege-escalation risk.
The vulnerability allows an attacker with a compromised renderer process to perform a sandbox escape, enabling local privilege escalation and system compromise via a crafted HTML page.
An authentication bypass in M365 Copilot permits unauthorized access to sensitive information over the network without legitimate credentials.
The vulnerability requires authentication and enables only spoofing, not remote code execution, limiting the attack risk.
An authentication flaw in Azure AD enables remote privilege escalation; this affects organizations relying on Microsoft Entra ID for identity management, especially in distributed access scenarios (RDP, VPN, cloud services).
An open redirect vulnerability in Microsoft 365 Copilot allows an attacker to elevate user privileges after authentication by redirecting users to seemingly trusted sites.
This vulnerability enables code execution within the Chrome sandbox following renderer process compromise and is classified as High severity, but requires a prerequisite condition (compromised renderer).
Nation-state actors have operationalized ROADtools to attack Microsoft Entra ID, manipulating tokens to gain access to cloud infrastructure; this represents an immediate threat to organizations using Microsoft identity systems.
An authentication gap in Microsoft Exchange Online allows authorized attackers to escalate privileges over the network, with no prior disclosure or active exploitation reported.
A memory corruption vulnerability in Xen shadow paging can lead to mapcache inconsistencies when vCPU references are not updated after page-table switches.
Sapphire Sleet (North Korean APT) compromised npm infrastructure and poisoned 140+ packages with malicious dependencies,a mass supply-chain poisoning campaign affecting developers and CI/CD pipelines.
Iranian APT Screening Serpens deploys updated MiniJunk V2 malware with advanced defense evasion techniques (.NET AppDomainManager) for espionage against European targets, signaling elevated activity against EU/DACH infrastructure.
Microsoft confirms North Korea as the source of an active supply-chain attack targeting the Mastra AI library; this signals state-sponsored focus on software dependencies in development and cloud environments.
The vulnerability represents a regression in the CVE-2025-66471 mitigation, as three independent code paths in urllib3 2.6.3 bypass the max_length protection measure and can lead to uncontrolled memory consumption.
Cloud Atlas employs new post-exploitation techniques (registry Run-key persistence, SAM file exfiltration via Volume Shadow Copy) combined with classic malicious document exploits, indicating professionalization and adaptation to defensive measures.
The vulnerability enables information disclosure from process memory via crafted HTML pages, indicating potential phishing or drive-by-download scenarios.
Two actively exploited Windows Defender flaws (privilege escalation and denial of service) are being weaponized in the wild, coinciding with a documented 124% surge in hacktivism and ransomware targeting DACH organizations in 2025.
Iranian IRGC-affiliated APT group Nimbus Manticore employed SEO poisoning for the first time as an additional malware delivery method and continued leveraging AppDomain Hijacking across initial and final backdoor deployment stages.
Local privilege escalation via malicious file requires prior system access but allows attackers to escalate from restricted user accounts to administrative privileges.
An unauthenticated RCE vulnerability in Canon printers (CVSS 8.8) allows network-adjacent attackers to execute code; this poses a direct network-security risk.
A critical type confusion vulnerability in the IonMonkey JIT engine enables remote code execution through visiting a malicious webpage without elevated user interaction via plugins.
Local privilege escalation in Windows Secure Kernel requires pre-existing high-privileged code execution capability; threat is limited to scenarios with local system access.
A critical vulnerability in Fortinet FortiWeb enables authenticated remote code execution with high CVSS score; the company uses FortiGate rather than FortiWeb, so direct impact is limited, but Fortinet dependencies should be verified.
Local privilege escalation in critical Windows kernel driver with CVSS 7.8; attacker must first obtain low-privileged code execution on the target system.
A local privilege escalation in win32kfull requires prior code execution capability and poses risk to multi-user systems and RDP access scenarios.
A NULL pointer dereference in Revit's RFA-to-FormIt conversion can cause application crashes, but impacts only availability, not data integrity or code execution.
A zero-day RCE requiring no authentication in Microsoft Azure with maximum CVSS rating jeopardizes cloud infrastructure and hybrid environments integrating Azure/Entra across DACH.
BSI warns of critical vulnerability in Windows IKE (Internet Key Exchange) that endangers VPN connections on Windows servers; exact CVE and technical details are not provided in the advisory.
BSI warns of multiple vulnerabilities in GNU libc without specific CVE numbers, suggesting a summary of multiple patches.
BSI warns of multiple vulnerabilities in UniFi OS Server without specific CVE details; exploitability and patch status unclear.
BSI warning regarding multiple vulnerabilities in Adobe Acrobat/Reader via prototype pollution with code execution potential; CVE references and patch status should be verified from Adobe or BSI.
BSI advisory on multiple Synology DSM vulnerabilities without specific CVE disclosure; exploitation of some requires elevated privileges or user interaction.
BSI warns of multiple vulnerabilities in Firefox, Firefox ESR and Thunderbird that can be exploited by opening malicious emails or web pages.
The BSI warns of multiple unspecified vulnerabilities in Adobe Creative Cloud without naming individual CVEs or version numbers; this indicates an aggregated security notice but requires cross-reference with Adobe security bulletins for specific affected versions.
BSI warns of multiple vulnerabilities in Foxit products that enable code execution when opening malicious PDF files.
The vulnerability requires user interaction (click on malicious URL) and affects a commonly deployed browser product in standard enterprise environments.
The vulnerability requires social engineering (malicious link click) for exploitation, but fundamentally weakens authentication security through improper input validation.
BSI warns of multiple OpenSSL vulnerabilities with varying impacts (DoS, information disclosure); specific CVE numbers and CVSS scores are required for prioritization.
A code-execution vulnerability in 7-Zip affecting NTFS archive processing requires user interaction for exploitation; this poses a risk to systems where 7-Zip is deployed for file management.
Unit 42 documents an active large-scale campaign using password spraying attacks against Fortinet, Sophos, and MSSQL services for initial access; threat actors extract configurations and target authentication mechanisms.
BSI warns of multiple Go vulnerabilities; without specific CVE details, a risk assessment for Go-based systems is necessary.
BSI warns of multiple unspecified vulnerabilities in widely deployed browsers; details are not yet public, monitoring and timely patching are required.
Routine BSI patch advisory without specific CVE details or active exploitation; requires standard patch process.
BSI advisory on multiple kernel vulnerabilities without specific CVE details; monitoring of active exploitation and patch availability required.