Cisco SD-WAN Zero-Day Exploited Months Before Patching
A Cisco SD-WAN zero-day was actively exploited for months prior to disclosure, with evidence of file deletion and system configuration restoration by the attacker to evade detection.
Comparing 25 June 2026 with the previous day 24 June 2026.
A Cisco SD-WAN zero-day was actively exploited for months prior to disclosure, with evidence of file deletion and system configuration restoration by the attacker to evade detection.
The official Swiss security report 2026 designates Russia as Europe's greatest threat with aggressive hybrid warfare directly targeting Switzerland in cyberspace, critical infrastructure, and espionage , a strategic signal for Swiss manufacturing SMEs.
Gamaredon is escalating its malware obfuscation and command-and-control infrastructure evasion capabilities, signalling an intensification of Russian cyber operations against European targets.
German Federal Office for the Protection of the Constitution warns of targeted Chinese espionage in academic and research institutions , a strategic risk for European technology and manufacturing industry through leakage of sensitive research findings.
After a global lull in 2024,2025, ransomware gangs have actively refocused on Europe and are deliberately targeting EU organizations and their supply chains,a strategic risk for Swiss and European manufacturing enterprises.
The BSI advisory aggregates multiple critical Exchange vulnerabilities without naming specific CVEs, indicating a regularly updated collective warning.
The BSI warns of multiple critical vulnerabilities in OpenSSL that can enable remote code execution, security bypasses, and data loss.
Race-condition vulnerability in Linux kernel memory management with potential for memory corruption under concurrent access to memcg lists.
A stack buffer overflow in the netfilter implementation allows kernel-memory corruption and potential code execution when specific nft rule combinations are processed.
More than half of the vulnerabilities are use-after-free defects that can lead to remote code execution; prompt patching is required.
Cisco Talos documents systematically how malware exploits COM interfaces for lateral movement, persistence, and evasion , a fundamental defensive competency for Windows-heavy infrastructure defenders.
The BSI has issued a security advisory on multiple vulnerabilities in Adobe Acrobat DC and Adobe Acrobat Reader DC enabling remote code execution and privilege escalation, though specific CVE identifiers are not named in this notice.
BSI warns of multiple Chrome vulnerabilities not yet fully disclosed; details remain embargoed until patches are available.
Chrome 149.0.7827.196/197 patches 18 vulnerabilities including four critical flaws; no indication of active in-the-wild exploitation yet, but Chrome zero-days have been exploited multiple times this year.
A flaw in error-handling during iptables/netfilter rule processing allows leaking internal kernel memory addresses, potentially bypassing KASLR mitigation.
The vulnerability enables a kernel crash (DoS) through missing validation before skb_pull() in GRO network processing and potentially affects all protocols handling fragmented packets via GRO.
No changes in this category.
No changes in this category.
Mandiant documents active exploitation of a Cisco SD-WAN zero-day vulnerability by a previously unidentified threat actor for full system compromise, indicating coordinated campaign activity.
Critical Cisco Unified CM vulnerability is already under active exploitation by unknown threat actors following PoC disclosure; provides path to root privileges via file-write operation.
Use-After-Free in signature field handling enables Remote Code Execution when opening crafted PDF files with CVSS 7.8; requires user interaction.
A sandbox escape vulnerability allows an attacker with access to the Chrome renderer process to bypass sandbox isolation , a critical escalation path following successful web exploit compromise.
This alert is purely patch notification information with no indication of active exploitation in the wild or specific attack campaigns.
The vulnerability requires user interaction (installation of a malicious extension) and thus is primarily a social-engineering risk, not a critical remote-code-execution flaw.
The vulnerability enables remote code execution through a crafted HTML page with limited user interaction required and affects all Chrome versions prior to 149.0.7827.197.
An out-of-bounds vulnerability in Chromium's InterestGroups implementation enables remote code execution on arbitrary websites with critical severity.
A use-after-free vulnerability enables sandbox bypass and remote code execution through crafted HTML pages, presenting immediate risk to end users.
The vulnerability is being actively exploited and requires immediate patching to Chrome 149.0.7827.197 or later for all Windows systems.
Chinese state-sponsored group in 2025 leveraged AI coding assistants to autonomously execute 80,90% of attack tactics (reconnaissance, vulnerability discovery, exploit development, lateral movement), representing a new threat dimension for supply-chain security.
Germany is identified as Europe's focal point for ransomware attacks, while Russia serves as a safe haven for cybercriminals,a geopolitical pattern with direct relevance for DACH organizations.
A new class of CI/CD workflow flaws (Cordyceps) allows attackers to hijack repositories and compromise open-source supply chains entirely,a strategic risk for manufacturers that source dependencies from public repositories.
Critical Ubiquiti UniFi OS vulnerabilities are already being actively exploited in the wild despite patches being available since late May 2026; administrators who have not yet updated to version 5.1.12 or 5.0.8 are at immediate risk.
Multiple critical Ubiquiti vulnerabilities (CVE-2026-34908, -34909, -34910 with CVSS 10/10 and CVE-2025-67038 with CVSS 9.8) were already exploited in the wild as zero-days despite patches, to create rogue administrator accounts and conduct automated reconnaissance attacks.
CISA warns of critical Ubiquiti flaws actively exploited in attacks , immediate relevance for organizations running UniFi infrastructure.
FortiBleed is not merely a credential-leak vulnerability but enables potential persistent access and lateral network movement in enterprise infrastructure relying on Fortinet security appliances.
Attackers with renderer process access can bypass site isolation in Chrome, posing a risk for organizations relying on browser-based authentication and password management.
Use-After-Free vulnerability in Adobe Acrobat Reader DC enables remote code execution when a user opens a malicious file or visits a malicious page.
A use-after-free vulnerability in Adobe Acrobat Reader DC enables remote code execution when users open malicious files or visit compromised web pages.
A use-after-free vulnerability in Adobe Acrobat Reader DC enables remote code execution upon user interaction (CVSS 7.8); exploitation requires opening a malicious file or visiting a malicious webpage.
A use-after-free vulnerability in font handling enables remote code execution on systems running Adobe Acrobat Reader DC when opening malicious files or visiting compromised web pages.
Use-After-Free vulnerability in Adobe Acrobat Pro DC enables remote code execution with medium-high severity (CVSS 7.8) requiring user interaction.
Use-After-Free in Adobe Acrobat Pro DC Annotations API enables code execution upon interaction with malicious files or web pages.
Use-after-free flaw in annotation processing enables code execution with moderate severity contingent on user interaction.
Use-after-free vulnerability in the annotation function enables remote code execution when opening malicious PDF files, rated CVSS 7.8.
An integer overflow vulnerability in Adobe Acrobat Reader DC enables remote code execution through malicious TIF files; the risk is elevated because exploitation requires user interaction.
A vulnerability in Chrome's authentication credential handling allows attackers to bypass the same-origin policy and potentially access data from other website domains.
BSI warns of multiple vulnerable versions of Ubiquiti UniFi OS Server with critical vulnerabilities exploitable for RCE and data disclosure.
Microsoft-signed UEFI shim bootloaders up to version 0.9 permit Secure Boot bypass via BYOVD technique and will be added to the UEFI Forbidden Signature Database; affects Windows Server, VMware ESXi, and Enterprise Linux systems in European infrastructures.
The vulnerability has a low CVSS score (3.3) and requires user interaction; risk is limited, but patch management should be monitored in environments with frequent PDF file processing.
Monthly Microsoft security updates are routine administrative tasks; the strategic value here does not extend beyond patch management, but the number and criticality (32 critical CVEs with RCE) warrant rapid assessment and prioritization.
Local privilege escalation in QEMU requires prior code execution capability on the guest system; risk is elevated in scenarios with untrusted or compromised guest workloads.
The BSI alert does not specify CVE numbers or affected versions, indicating a generic vulnerability announcement without concrete threat intensity.
BSI advisory on multiple Adobe vulnerabilities without specific CVE numbers; indicates coordinated disclosure, requires cross-reference with Adobe security bulletins for patch prioritization.
BSI warning regarding multiple local vulnerabilities in Intel processors; specific CVE numbers and technical details not provided in this alert.
The BSI advisory documents multiple unspecified vulnerabilities in Microsoft Edge without CVE numbers or exploitation status; details are to be provided.
The vulnerability enables out-of-bounds memory read into kernel logs via crafted AF_PACKET frames with unset MAC headers; exploitation requires local access.
BSI warns of multiple active vulnerabilities in widely-deployed Adobe software enabling code execution with elevated privileges , apply patch updates promptly.
BSI alert on multiple vulnerabilities in Adobe Creative Cloud without specific CVE identifiers; requires user interaction (file opening) to trigger code execution or data theft.
Malicious browser extensions can abuse Native Messaging protocol to escape the browser sandbox and deploy Python-based backdoors on Windows systems,an attack vector that bypasses traditional endpoint controls.
The BSI warns of multiple critical-severity vulnerabilities in OpenSSL (RCE, DoS, information disclosure); timely patching and specific CVE identification are required to prioritize affected systems.
BSI warns of multiple vulnerabilities in Ubiquiti UniFi OS without specific CVE numbers; technical detail level and exploitation status are currently unclear.
The BSI warns of multiple vulnerabilities in 7-Zip that can be exploited by simply opening manipulated archives and enable code execution.
BSI warning on multiple browser vulnerabilities without specific CVE numbers; requires timely patching of Chrome and Edge.
Woodgnat group actively uses the new Mistic RAT to distribute multiple ransomware families (Qilin, Rhysida, Akira, Black Basta), combining technical exploits with social engineering techniques like ClickFix.
StealC and Amadey are actively distributed infostealers that specifically target VPN and SSO tokens and can bypass MFA protections; detailed analysis of their backdoor command set enables improved detection of infections.
A newly documented malware family (SharkLoader) is actively deployed to install Cobalt Strike on diplomatic and government systems worldwide; threat actors leverage publicly available PoC exploits against Microsoft Exchange and SharePoint, indicating opportunistic, broad-based campaign.
An unpatched 0-Day vulnerability in Windows library-ms allows remote disclosure of NTLM responses via social engineering (viewing a malicious folder); no public exploits known, but active monitoring recommended.
BSI alert on multiple unspecified Linux Kernel vulnerabilities without CVE details complicates prioritisation; details and affected versions must be retrieved from the full BSI advisory.
Monthly patch summary without specification of individual CVEs or active exploits , routine update announcement.