Mandiant documents active exploitation of a Cisco SD-WAN zero-day vulnerability by a previously unidentified threat actor for full system compromise, indicating coordinated campaign activity.
Critical Cisco Unified CM vulnerability is already under active exploitation by unknown threat actors following PoC disclosure; provides path to root privileges via file-write operation.
A sandbox escape vulnerability allows an attacker with access to the Chrome renderer process to bypass sandbox isolation , a critical escalation path following successful web exploit compromise.
The vulnerability requires user interaction (installation of a malicious extension) and thus is primarily a social-engineering risk, not a critical remote-code-execution flaw.
The vulnerability enables remote code execution through a crafted HTML page with limited user interaction required and affects all Chrome versions prior to 149.0.7827.197.
Chinese state-sponsored group in 2025 leveraged AI coding assistants to autonomously execute 80,90% of attack tactics (reconnaissance, vulnerability discovery, exploit development, lateral movement), representing a new threat dimension for supply-chain security.
Germany is identified as Europe's focal point for ransomware attacks, while Russia serves as a safe haven for cybercriminals,a geopolitical pattern with direct relevance for DACH organizations.
A new class of CI/CD workflow flaws (Cordyceps) allows attackers to hijack repositories and compromise open-source supply chains entirely,a strategic risk for manufacturers that source dependencies from public repositories.
Critical Ubiquiti UniFi OS vulnerabilities are already being actively exploited in the wild despite patches being available since late May 2026; administrators who have not yet updated to version 5.1.12 or 5.0.8 are at immediate risk.
Multiple critical Ubiquiti vulnerabilities (CVE-2026-34908, -34909, -34910 with CVSS 10/10 and CVE-2025-67038 with CVSS 9.8) were already exploited in the wild as zero-days despite patches, to create rogue administrator accounts and conduct automated reconnaissance attacks.
FortiBleed is not merely a credential-leak vulnerability but enables potential persistent access and lateral network movement in enterprise infrastructure relying on Fortinet security appliances.
Attackers with renderer process access can bypass site isolation in Chrome, posing a risk for organizations relying on browser-based authentication and password management.
A use-after-free vulnerability in Adobe Acrobat Reader DC enables remote code execution when users open malicious files or visit compromised web pages.
A use-after-free vulnerability in Adobe Acrobat Reader DC enables remote code execution upon user interaction (CVSS 7.8); exploitation requires opening a malicious file or visiting a malicious webpage.
A use-after-free vulnerability in font handling enables remote code execution on systems running Adobe Acrobat Reader DC when opening malicious files or visiting compromised web pages.
An integer overflow vulnerability in Adobe Acrobat Reader DC enables remote code execution through malicious TIF files; the risk is elevated because exploitation requires user interaction.
A vulnerability in Chrome's authentication credential handling allows attackers to bypass the same-origin policy and potentially access data from other website domains.
Microsoft-signed UEFI shim bootloaders up to version 0.9 permit Secure Boot bypass via BYOVD technique and will be added to the UEFI Forbidden Signature Database; affects Windows Server, VMware ESXi, and Enterprise Linux systems in European infrastructures.
The vulnerability has a low CVSS score (3.3) and requires user interaction; risk is limited, but patch management should be monitored in environments with frequent PDF file processing.
Monthly Microsoft security updates are routine administrative tasks; the strategic value here does not extend beyond patch management, but the number and criticality (32 critical CVEs with RCE) warrant rapid assessment and prioritization.
Local privilege escalation in QEMU requires prior code execution capability on the guest system; risk is elevated in scenarios with untrusted or compromised guest workloads.
BSI advisory on multiple Adobe vulnerabilities without specific CVE numbers; indicates coordinated disclosure, requires cross-reference with Adobe security bulletins for patch prioritization.
The BSI advisory documents multiple unspecified vulnerabilities in Microsoft Edge without CVE numbers or exploitation status; details are to be provided.
The vulnerability enables out-of-bounds memory read into kernel logs via crafted AF_PACKET frames with unset MAC headers; exploitation requires local access.
BSI alert on multiple vulnerabilities in Adobe Creative Cloud without specific CVE identifiers; requires user interaction (file opening) to trigger code execution or data theft.
Malicious browser extensions can abuse Native Messaging protocol to escape the browser sandbox and deploy Python-based backdoors on Windows systems,an attack vector that bypasses traditional endpoint controls.
The BSI warns of multiple critical-severity vulnerabilities in OpenSSL (RCE, DoS, information disclosure); timely patching and specific CVE identification are required to prioritize affected systems.
BSI warns of multiple vulnerabilities in Ubiquiti UniFi OS without specific CVE numbers; technical detail level and exploitation status are currently unclear.
Woodgnat group actively uses the new Mistic RAT to distribute multiple ransomware families (Qilin, Rhysida, Akira, Black Basta), combining technical exploits with social engineering techniques like ClickFix.
StealC and Amadey are actively distributed infostealers that specifically target VPN and SSO tokens and can bypass MFA protections; detailed analysis of their backdoor command set enables improved detection of infections.
A newly documented malware family (SharkLoader) is actively deployed to install Cobalt Strike on diplomatic and government systems worldwide; threat actors leverage publicly available PoC exploits against Microsoft Exchange and SharePoint, indicating opportunistic, broad-based campaign.
An unpatched 0-Day vulnerability in Windows library-ms allows remote disclosure of NTLM responses via social engineering (viewing a malicious folder); no public exploits known, but active monitoring recommended.
BSI alert on multiple unspecified Linux Kernel vulnerabilities without CVE details complicates prioritisation; details and affected versions must be retrieved from the full BSI advisory.
The vulnerability is a race condition in the Malware Protection Engine that grants SYSTEM-level privileges regardless of real-time protection status and has already been publicly exploited by a security researcher.
GitHub platform flaws are actively exploited by Shai-Hulud variants to compromise hundreds of software packages and developer accounts; GitHub dismissed formal security reports, amplifying fundamental supply-chain risk for all software developers.
The threat is driven by the Nightmare Eclipse group as part of a targeted campaign against Microsoft, with multiple zero-days (BlueHammer, RedSun, UnDefend) already exploited in the wild.
Three critical Fortinet FortiSandbox vulnerabilities (CVE-2026-39808, CVE-2026-39813, CVE-2026-25089) are currently under active exploitation, with honeypots and threat intelligence sources reporting attacks since June 2026.
Mass theft of admin credentials from 75,000 Fortinet devices via exported configuration files , an active, ongoing threat scenario without a published vulnerability.
Critical Fortinet vulnerabilities are being actively exploited by multiple independent attackers, not just a single campaign,indicating widespread opportunistic exploitation.
Russian-speaking threat actors are conducting an active large-scale campaign against Fortinet devices worldwide, having already compromised 30,000+ Internet-facing firewalls and VPN gateways and harvested credentials.
The FortiBleed campaign actively targets Internet-exposed Fortinet devices and has already compromised credentials for over 30,000 devices; threat actors with suspected Russian background have been identified.
BSI warns of multiple critical vulnerabilities in Firefox/Firefox ESR/Thunderbird enabling code execution and sandbox escape; user interaction required but can be triggered by opening a malicious file or website.
The BSI has issued a warning on a critical OpenSSL vulnerability with code execution and data leak potential; the status (CVE-ID, CVSS score, KEV listing) is not specified in this summary, so the official BSI advisory and CVSS rating should be consulted.
A coordinated malware campaign exploits trusted developer IDE marketplaces to distribute credential stealers specifically targeting AI API keys and developer authentication.
Attackers abuse Microsoft Teams relay servers as a command-and-control channel for a new Go-based backdoor, demonstrating the difficulty of monitoring and blocking Teams traffic for malicious purposes.
A local privilege escalation in Microsoft Defender weakens endpoint defense effectiveness and allows attackers with initial system access to escalate to administrative rights.
The BSI is tightening enforcement of NIS2 implementation with a new registration deadline by end of July, as registration rates have been disappointing.
The FortiBleed leak demonstrates that thousands of Fortinet devices globally have already been compromised and their VPN credentials are publicly available,an active, ongoing attack scenario, not merely a vulnerability.