Mandiant documents active exploitation of a Cisco SD-WAN zero-day vulnerability by a previously unidentified threat actor for full system compromise, indicating coordinated campaign activity.
Critical Cisco Unified CM vulnerability is already under active exploitation by unknown threat actors following PoC disclosure; provides path to root privileges via file-write operation.
A sandbox escape vulnerability allows an attacker with access to the Chrome renderer process to bypass sandbox isolation , a critical escalation path following successful web exploit compromise.
The vulnerability requires user interaction (installation of a malicious extension) and thus is primarily a social-engineering risk, not a critical remote-code-execution flaw.
The vulnerability enables remote code execution through a crafted HTML page with limited user interaction required and affects all Chrome versions prior to 149.0.7827.197.
Chinese state-sponsored group in 2025 leveraged AI coding assistants to autonomously execute 80,90% of attack tactics (reconnaissance, vulnerability discovery, exploit development, lateral movement), representing a new threat dimension for supply-chain security.
Germany is identified as Europe's focal point for ransomware attacks, while Russia serves as a safe haven for cybercriminals,a geopolitical pattern with direct relevance for DACH organizations.
A new class of CI/CD workflow flaws (Cordyceps) allows attackers to hijack repositories and compromise open-source supply chains entirely,a strategic risk for manufacturers that source dependencies from public repositories.
Critical Ubiquiti UniFi OS vulnerabilities are already being actively exploited in the wild despite patches being available since late May 2026; administrators who have not yet updated to version 5.1.12 or 5.0.8 are at immediate risk.
Multiple critical Ubiquiti vulnerabilities (CVE-2026-34908, -34909, -34910 with CVSS 10/10 and CVE-2025-67038 with CVSS 9.8) were already exploited in the wild as zero-days despite patches, to create rogue administrator accounts and conduct automated reconnaissance attacks.
FortiBleed is not merely a credential-leak vulnerability but enables potential persistent access and lateral network movement in enterprise infrastructure relying on Fortinet security appliances.
Attackers with renderer process access can bypass site isolation in Chrome, posing a risk for organizations relying on browser-based authentication and password management.
A use-after-free vulnerability in Adobe Acrobat Reader DC enables remote code execution when users open malicious files or visit compromised web pages.
A use-after-free vulnerability in Adobe Acrobat Reader DC enables remote code execution upon user interaction (CVSS 7.8); exploitation requires opening a malicious file or visiting a malicious webpage.
A use-after-free vulnerability in font handling enables remote code execution on systems running Adobe Acrobat Reader DC when opening malicious files or visiting compromised web pages.
An integer overflow vulnerability in Adobe Acrobat Reader DC enables remote code execution through malicious TIF files; the risk is elevated because exploitation requires user interaction.
A vulnerability in Chrome's authentication credential handling allows attackers to bypass the same-origin policy and potentially access data from other website domains.
Microsoft-signed UEFI shim bootloaders up to version 0.9 permit Secure Boot bypass via BYOVD technique and will be added to the UEFI Forbidden Signature Database; affects Windows Server, VMware ESXi, and Enterprise Linux systems in European infrastructures.
The vulnerability has a low CVSS score (3.3) and requires user interaction; risk is limited, but patch management should be monitored in environments with frequent PDF file processing.
Monthly Microsoft security updates are routine administrative tasks; the strategic value here does not extend beyond patch management, but the number and criticality (32 critical CVEs with RCE) warrant rapid assessment and prioritization.
Local privilege escalation in QEMU requires prior code execution capability on the guest system; risk is elevated in scenarios with untrusted or compromised guest workloads.
BSI advisory on multiple Adobe vulnerabilities without specific CVE numbers; indicates coordinated disclosure, requires cross-reference with Adobe security bulletins for patch prioritization.
The BSI advisory documents multiple unspecified vulnerabilities in Microsoft Edge without CVE numbers or exploitation status; details are to be provided.
The vulnerability enables out-of-bounds memory read into kernel logs via crafted AF_PACKET frames with unset MAC headers; exploitation requires local access.
BSI alert on multiple vulnerabilities in Adobe Creative Cloud without specific CVE identifiers; requires user interaction (file opening) to trigger code execution or data theft.
Malicious browser extensions can abuse Native Messaging protocol to escape the browser sandbox and deploy Python-based backdoors on Windows systems,an attack vector that bypasses traditional endpoint controls.
The BSI warns of multiple critical-severity vulnerabilities in OpenSSL (RCE, DoS, information disclosure); timely patching and specific CVE identification are required to prioritize affected systems.
BSI warns of multiple vulnerabilities in Ubiquiti UniFi OS without specific CVE numbers; technical detail level and exploitation status are currently unclear.
Woodgnat group actively uses the new Mistic RAT to distribute multiple ransomware families (Qilin, Rhysida, Akira, Black Basta), combining technical exploits with social engineering techniques like ClickFix.
StealC and Amadey are actively distributed infostealers that specifically target VPN and SSO tokens and can bypass MFA protections; detailed analysis of their backdoor command set enables improved detection of infections.
A newly documented malware family (SharkLoader) is actively deployed to install Cobalt Strike on diplomatic and government systems worldwide; threat actors leverage publicly available PoC exploits against Microsoft Exchange and SharePoint, indicating opportunistic, broad-based campaign.
An unpatched 0-Day vulnerability in Windows library-ms allows remote disclosure of NTLM responses via social engineering (viewing a malicious folder); no public exploits known, but active monitoring recommended.
BSI alert on multiple unspecified Linux Kernel vulnerabilities without CVE details complicates prioritisation; details and affected versions must be retrieved from the full BSI advisory.
The vulnerability is already tracked in CISA's KEV catalogue and subject to BOD 26-04 requirements; no novel attack data or TTPs are disclosed beyond standard patching guidance.
The vulnerability enables unauthenticated or low-privilege access to system files and configurations via path traversal, potentially compromising the entire UniFi infrastructure.
The vulnerability enables unauthorized access to UniFi OS systems without authentication and is already listed in CISA's catalog of critical, actively exploited vulnerabilities.
The vulnerability is actively exploited and demonstrates a typical gap between patch availability and user configuration; exploitation waves in July-August 2025 indicate ransomware campaigns (including Akira) combining a firewall vulnerability with weak configuration practices.
Russian threat actors are actively exploiting a known WinRAR vulnerability (patched in July) for targeted cyberespionage against Ukrainian military and government targets, signaling sustained cyber-warfare in the region.
The vulnerability allows attackers to predict SSO tickets and perform account takeover without authentication, posing a critical risk to AD-based environments.
The vulnerability allows attackers to bypass PolymorphicTypeValidator allow-list mechanisms by placing denied classes as generic type parameters inside allow-listed container types via the type ID.
The vulnerability permits bypassing type validation when arrays with non-allowlisted component types are used, enabling arbitrary code execution during deserialization.
A Russian initial-access broker is running the FortiBleed campaign to harvest credentials at scale (110+ million since February 2026) via network sniffers and may sell acquired access to state-sponsored groups or ransomware gangs.
The Miasma worm demonstrates that publicly released supply-chain toolchains can now be replicated by any operator, and that stolen developer credentials traded in underground markets enable attackers to inject malicious packages with valid SLSA Build Level 3 attestations into production repositories.
Vulnerability allows bypass of @JsonIgnoreProperties filters by exploiting case-insensitivity processing in jackson-databind, making supposedly ignored properties writable again.
FortiBleed campaign uses Golang-based sniffer to compromise over 430,000 FortiGate firewalls and harvest 110 million credentials; attackers have already breached NATO-aligned defense contractors and leverage stolen credentials for distributed GPU-based hash cracking.
This 2020 CVE is long patched and remains relevant only if outdated Acrobat versions are still in productive use in the organisation; no current threat.
An extremely small attack vector (50 KByte) makes this vulnerability particularly dangerous for automated video recognition and media acquisition over network channels.
BSI advisory without explicit CVE numbers suggests coordinated disclosure or not-yet-fully-disclosed vulnerabilities; priority depends on CVE details and patch availability.