The vulnerability is already tracked in CISA's KEV catalogue and subject to BOD 26-04 requirements; no novel attack data or TTPs are disclosed beyond standard patching guidance.
The vulnerability enables unauthenticated or low-privilege access to system files and configurations via path traversal, potentially compromising the entire UniFi infrastructure.
The vulnerability enables unauthorized access to UniFi OS systems without authentication and is already listed in CISA's catalog of critical, actively exploited vulnerabilities.
The vulnerability is actively exploited and demonstrates a typical gap between patch availability and user configuration; exploitation waves in July-August 2025 indicate ransomware campaigns (including Akira) combining a firewall vulnerability with weak configuration practices.
Russian threat actors are actively exploiting a known WinRAR vulnerability (patched in July) for targeted cyberespionage against Ukrainian military and government targets, signaling sustained cyber-warfare in the region.
The vulnerability allows attackers to predict SSO tickets and perform account takeover without authentication, posing a critical risk to AD-based environments.
The vulnerability allows attackers to bypass PolymorphicTypeValidator allow-list mechanisms by placing denied classes as generic type parameters inside allow-listed container types via the type ID.
The vulnerability permits bypassing type validation when arrays with non-allowlisted component types are used, enabling arbitrary code execution during deserialization.
A Russian initial-access broker is running the FortiBleed campaign to harvest credentials at scale (110+ million since February 2026) via network sniffers and may sell acquired access to state-sponsored groups or ransomware gangs.
The Miasma worm demonstrates that publicly released supply-chain toolchains can now be replicated by any operator, and that stolen developer credentials traded in underground markets enable attackers to inject malicious packages with valid SLSA Build Level 3 attestations into production repositories.
Vulnerability allows bypass of @JsonIgnoreProperties filters by exploiting case-insensitivity processing in jackson-databind, making supposedly ignored properties writable again.
FortiBleed campaign uses Golang-based sniffer to compromise over 430,000 FortiGate firewalls and harvest 110 million credentials; attackers have already breached NATO-aligned defense contractors and leverage stolen credentials for distributed GPU-based hash cracking.
This 2020 CVE is long patched and remains relevant only if outdated Acrobat versions are still in productive use in the organisation; no current threat.
An extremely small attack vector (50 KByte) makes this vulnerability particularly dangerous for automated video recognition and media acquisition over network channels.
BSI advisory without explicit CVE numbers suggests coordinated disclosure or not-yet-fully-disclosed vulnerabilities; priority depends on CVE details and patch availability.
All three critical flaws (CVE-2026-39813, CVE-2026-39808, CVE-2026-25089) are being actively exploited; working exploits exist for at least two vulnerabilities, making immediate patching a priority for organizations running FortiSandbox.
APT37 deploys a new RAT malware (NarwhalRAT) featuring multi-stage Python loaders, pCloud as a secondary C2 channel, and advanced information collection capabilities,a sophisticated upgrade from previous RokRAT operations.
Critical
NEW China-linked (unattributed to specific APT group) C3
A previously Linux-only, China-linked backdoor is now expanding to Windows with two new variants (WIN_DRV and WIN_PLUS) leveraging kernel drivers for stealth and C&C communication over TCP/UDP.
Chinese state-sponsored actors are conducting coordinated dual-layer phishing campaigns against European targets, demonstrating increased operationalization of supply-chain attack patterns in countries adjacent to the DACH region.
An elevation-of-privilege flaw in the Microsoft Malware Protection Engine could allow attackers to escalate their privileges on affected systems, undermining Defender's effectiveness as a protective layer.
Critical vulnerabilities in Fortinet FortiSandbox are being actively exploited in attack campaigns, posing immediate risk to organizations deploying this solution.
Dirty Frag chains two kernel vulnerabilities (xfrm-ESP and RxRPC) into a local privilege-escalation flaw, but requires prior network access or system compromise, making it lower-priority for secured production environments.
The BSI warns of multiple privilege escalation vulnerabilities in core Microsoft Cloud services that can enable code execution and information disclosure , a strategic update for organizations with heavy Microsoft footprint.
Three of the patched vulnerabilities are already being actively exploited for malicious code execution, posing an immediate risk to systems running outdated Firefox or Thunderbird versions.
A mistakenly enabled debug flag in production Microsoft 365 Android builds allowed attackers to steal authentication tokens and compromise user accounts.
The Kali365 phishing platform has expanded its targets from Microsoft 365 to AWS, Okta, and Russian services, using device code phishing to bypass multi-factor authentication.
Large-scale npm supply-chain attack compromises 32 packages under the @redhat-cloud-services scope through CI/CD pipeline manipulation; malware leverages preinstall hooks for automatic execution and multi-layer obfuscation to evade detection.
The BSI advisory contains no CVE number and no technical details about the vulnerability; the specific weakness and affected kernel versions cannot be identified.
BSI warns of multiple vulnerabilities in Microsoft Defender and Malware Protection Engine enabling privilege escalation, code execution, and denial of service , core security components require timely patching.
Copilot in Microsoft 365 enables data theft through simple interaction without advanced technical knowledge, presenting immediate risk to organizations with Copilot features enabled.
Remcos RAT campaign employs VHDX containers and multi-layered obfuscation to evade EDR solutions and process-monitoring rules; email-delivered ZIP vector remains largely undetected.
BSI update on multiple vulnerabilities in FortiSandbox with variable exploitability , patches should be applied promptly given the product's position in the security perimeter.
GhostTree uses recursive NTFS junctions to force Microsoft Defender scans into infinite loops, hiding malware from detection,an active evasion technique against production-critical security tools.
Ransomware operators exploit legitimate Microsoft Teams relay infrastructure to obfuscate command-and-control communications, bypassing traditional network-based security controls.