Russian intelligence services are conducting a targeted campaign using fake SMS messages to steal credentials from Ukrainian and European government officials, military personnel, and activists , a strategic threat pattern for DACH organizations in government and critical infrastructure sectors.
Russian intelligence services are expanding their Signal-targeted phishing campaigns to extract Backup Recovery Keys, enabling access to historical messages and compromising the security of encrypted communications within organizations.
Monthly patch roundup focused on Adobe and Microsoft; particular priority given to an active Reader exploit and multiple elevation-of-privilege vulnerabilities in Windows components and SQL Server.
First documented exploitation of CVE-2026-12569 in Windchill demonstrates that threat actors are operationalizing PTC products as targets immediately after patches became available,German authorities have also previously warned about this vulnerability and a related CVE-2026-4681.
DirtyClone is the third variant in a series of Linux kernel flaws in the DirtyFrag family caused by incomplete flag propagation during packet cloning; each patch closed one code path while leaving others open.
Authenticated users with limited permissions can remove Admin accounts from an organization through a missing role hierarchy check in the bulk-delete API.
Turla continuously develops new .NET backdoors such as STOCKSTAY for targeted state-sponsored espionage against Ukraine and entities with Italy-related interests , signals escalating Russian-Ukrainian cyber-warfare with relevance to European critical infrastructure.
Russian state actors are conducting systematic social-engineering campaigns against messaging services, indicating operationalization of credential-harvesting as a geopolitical weapon.
Russian intelligence expands its Signal phishing campaign to specifically target backup recovery keys, which provide unlimited access to restored accounts and complete message history.
The vulnerability allows authenticated users to retrieve billing data from any organization without explicit authorization,a control loss over sensitive business data in the multi-organization model.
The vulnerability is already actively exploited for web shell deployment; it is the first PTC product vulnerability added to CISA's KEV catalog and signals rapid weaponization of newly disclosed flaws by threat actors.
May release covers 52 Adobe CVEs and numerous Microsoft patches with Adobe Commerce and Connect highest priority; no active wild exploitations reported.
The vulnerability allows authenticated users to inject arbitrary key-value pairs into webhook and SIEM payloads, undermining the reliability of security events and their interpretation in downstream systems.
An obsolete but still-signed Windows kernel driver can be abused as an attack vector in BYOVD scenarios to manipulate privileged processes like lsass.exe and extract credentials.
Node.js ignores CWE-427 risks on Windows systems through flawed module resolution logic that allows non-admin users to plant malicious modules under C:\node_modules, compromising installed applications.
HTML content in PDF rendering contexts can leak information about the rendering server via <img> tags with remote URLs or be exploited as an SSRF vector in the local network.
The vulnerability enables denial-of-service attacks against HMI and configuration functions via malformed network requests over exposed interfaces, causing critical downtime in production environments.
A vulnerability in PKCS#7 signature verification allows forged digital signatures to be accepted by failing to correctly bind the signer identity to the signature, affecting trust chains in Windows, Active Directory, and Office environments.
BSI warns of multiple critical vulnerabilities in Microsoft Edge enabling remote code execution and security bypass; specific CVE numbers not provided.
The BSI warning indicates multiple patchable vulnerabilities, but without specific CVE numbers or exploit status this is a generic browser security notice without immediate escalation potential.
The Miasma campaign demonstrates a new escalation: attackers abuse compromised developer credentials to inject malware-laden packages via trusted npm registry and GitHub workflows, compromising downstream developers.
A popular Chrome extension with ten million installations was potentially compromised with a backdoor, pointing to an active supply-chain attack scenario.
BSI warning on multiple unspecified vulnerabilities in Chrome/Edge without concrete CVE numbers or exploitation details , typically aggregation of multiple CVEs from regular browser updates.