The vulnerability enables remote code execution via maliciously crafted webpages when Autodesk Fusion Desktop is open with the MCP extension enabled,a direct attack vector against design workstations in manufacturing environments.
The vulnerability allows a network-positioned attacker to intercept HTTP AD CS certificate requests and inject a malicious Root CA certificate into the system trust store, compromising all subsequent TLS connections system-wide.
The vulnerability combines multiple critical OAuth 2.0 implementation flaws (insecure state parameter, missing session rotation, unencrypted redirect URIs) in Azure AD that enable session hijacking, session fixation, and token exfiltration.
BSI warns of multiple vulnerabilities in core Azure components (AI Bot Service, AD, Synapse) enabling privilege escalation and information disclosure; no CVE numbers specified in this alert.
BSI alert regarding an authentication-requiring privilege escalation in Exchange Online without a CVE number suggests an as-yet incompletely documented or coordinated vulnerability disclosure.
Attackers compromised the official build and distribution pipeline of a WordPress plugin vendor and distributed backdoor code through legitimate licensed update channels, demonstrating that trusted sources can be weaponized for malware delivery.
Unknown threat actors are actively exploiting an authentication bypass in Palo Alto VPN gateways to gain unauthorized access , a critical risk for networked manufacturing organizations in the DACH region whose partners or suppliers operate such systems.
Critical
CVSS
7.8
EPSS
60%
NEW Contagious Interview (aka Famous Chollima, HexagonalRodent, Void Dokkaebi) C3
North Korean APT groups exploit developer recruitment and code review themes to compromise developers and deploy malware through trusted development tools.
A China-linked APT group employs a novel technique: manipulating Google Workspace rules on compromised systems to auto-forward emails rather than direct exfiltration,this evades detection and could be replicated against European research and industrial networks.
Chinese espionage group operates persistent backdoor infrastructure in critical systems since at least 2023, targeting data theft with national security implications.
The vulnerability allows attackers to bypass the PDF sandbox via crafted documents with embedded JavaScript and execute arbitrary code , a significant risk for PDF processing in production environments.
Year-long undetected Chinese APT campaign systematically targets research institutions to exfiltrate data on AI, cyber-offensive capabilities, and defense technology,a pattern that should alert European research and technology organizations to similar targeting risk.
The BSI warning documents multiple security vulnerabilities in both browsers used in the company without specific CVE references; this suggests a vulnerability aggregation warning that is regularly updated.
Three chained bugs enabled attackers to exfiltrate emails, calendar entries, and indexed files from Microsoft 365 Copilot Enterprise Search via a single click on a trusted Microsoft link, bypassing standard anti-phishing filters.
Weekly summary of multiple unrelated vulnerabilities without description of a coordinated campaign; UniFi exploits and Chrome 0-day are relevant to the company, but the article provides no new attack scenarios or attribution intelligence.
High
lwxat (Chinese-speaking cybercrime groups operating under MaaS model) B3
A long-maintained BadIIS variant is distributed as commodity malware among Chinese-speaking cybercrime groups, with evasion updates targeting specific security vendors such as Norton.