A Microsoft Defender vulnerability is being actively exploited by ransomware groups, yet CISA does not proactively notify users when KEV-listed vulnerabilities enter active exploitation by ransomware campaigns.
North Korean APT Sapphire Sleet executed targeted supply-chain attack against npm ecosystem, compromising 140+ packages with malicious dependencies for automatic injection into developer environments.
The USA has announced a reward for information about Russian hackers behind organized phishing attacks against Signal users,a sign of escalating state-sponsored cyber operations targeting Western communications infrastructure.
CISA has added the SimpleHelp vulnerability to its Known Exploited Vulnerabilities catalog, and multiple malware families (TaskWeaver, Djinn Stealer) are being deployed post-exploitation,indicating coordinated, active attack campaigns.
Attackers actively exploit an authentication bypass in SimpleHelp to deliver malware that specifically targets developer credentials, SSH keys, and cryptocurrency wallets,suggesting supply-chain and development-pipeline targeting.
BSI warns of multiple critical vulnerabilities in Firefox, Firefox ESR and Thunderbird enabling code execution, sandbox escape and memory corruption , specific CVEs and patch status required for priority assessment.
The BSI called Windchill administrators at night to warn of a critical, actively exploited vulnerability,a sign of serious ongoing compromises in the manufacturing sector.
Critical
Russian ransomware group (identity unclear, but linked to eCrime operations) C3
A significant number of Fortigate customers are already compromised via dormant admin accounts planted by ransomware groups , strategic backdoor infrastructure for future attacks.
CISA warns of credential exposure in Fortinet devices, indicating active exploitation or threats that extend beyond generic security updates and require targeted hardening measures.
BSI alert on multiple critical vulnerabilities in 7-Zip enabling local and remote code execution; patch status and affected versions should be verified.
The BSI warns of multiple privilege escalation vulnerabilities in sudo; without CVE numbers, it remains unclear whether these are already-known or newly disclosed flaws.
BSI issues warning on multiple Chrome/Edge vulnerabilities without specific CVE numbers; incomplete details suggest a coordination or staged-update scenario.
The BlueHammer vulnerability is already being exploited by ransomware groups in active attacks, not merely in theoretical scenarios; this indicates an immediate threat to unpatched Windows systems.
Multiple vendor-signed UEFI applications enable Secure Boot bypass via BYOVD-style attacks, allowing arbitrary code execution during the firmware phase before OS initialization.
Threat actors abuse ClickOnce applications to establish persistent remote access and update malware via the built-in update mechanism without requiring new user interaction.
Microsoft introduces agent-based AI systems (MDASH) for automated vulnerability discovery and extends threat protection to AWS databases alongside enhanced identity backup capabilities.
The vulnerability is already tracked in CISA's KEV catalogue and subject to BOD 26-04 requirements; no novel attack data or TTPs are disclosed beyond standard patching guidance.
The vulnerability enables unauthenticated or low-privilege access to system files and configurations via path traversal, potentially compromising the entire UniFi infrastructure.
The vulnerability enables unauthorized access to UniFi OS systems without authentication and is already listed in CISA's catalog of critical, actively exploited vulnerabilities.
The vulnerability is actively exploited and demonstrates a typical gap between patch availability and user configuration; exploitation waves in July-August 2025 indicate ransomware campaigns (including Akira) combining a firewall vulnerability with weak configuration practices.
Russian threat actors are actively exploiting a known WinRAR vulnerability (patched in July) for targeted cyberespionage against Ukrainian military and government targets, signaling sustained cyber-warfare in the region.
The vulnerability allows attackers to predict SSO tickets and perform account takeover without authentication, posing a critical risk to AD-based environments.
The vulnerability allows attackers to bypass PolymorphicTypeValidator allow-list mechanisms by placing denied classes as generic type parameters inside allow-listed container types via the type ID.
The vulnerability permits bypassing type validation when arrays with non-allowlisted component types are used, enabling arbitrary code execution during deserialization.
A Russian initial-access broker is running the FortiBleed campaign to harvest credentials at scale (110+ million since February 2026) via network sniffers and may sell acquired access to state-sponsored groups or ransomware gangs.
The Miasma worm demonstrates that publicly released supply-chain toolchains can now be replicated by any operator, and that stolen developer credentials traded in underground markets enable attackers to inject malicious packages with valid SLSA Build Level 3 attestations into production repositories.
Vulnerability allows bypass of @JsonIgnoreProperties filters by exploiting case-insensitivity processing in jackson-databind, making supposedly ignored properties writable again.
FortiBleed campaign uses Golang-based sniffer to compromise over 430,000 FortiGate firewalls and harvest 110 million credentials; attackers have already breached NATO-aligned defense contractors and leverage stolen credentials for distributed GPU-based hash cracking.
This 2020 CVE is long patched and remains relevant only if outdated Acrobat versions are still in productive use in the organisation; no current threat.
An extremely small attack vector (50 KByte) makes this vulnerability particularly dangerous for automated video recognition and media acquisition over network channels.
BSI advisory without explicit CVE numbers suggests coordinated disclosure or not-yet-fully-disclosed vulnerabilities; priority depends on CVE details and patch availability.