CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalogue and mandates patching by 4 July 2026 for US federal agencies, signalling active or imminent exploitation.
An unidentified threat actor is actively exploiting CVE-2026-0257 to bypass authentication on PAN-OS GlobalProtect gateways and establish unauthorized VPN connections.
Iranian state-affiliated APT Nimbus Manticore demonstrates newly adopted techniques including SEO poisoning and enhanced capabilities during active geopolitical conflict, targeting European entities.
Check Point documents a 124% surge in hacktivism and ransomware across Germany, Austria, and Switzerland in 2025,a strategically significant shift in the DACH threat landscape for manufacturing organizations.
A use-after-free vulnerability in Google's Views component enables heap corruption via crafted HTML pages when users perform specific UI gestures; critical CVSS score requires immediate update to version 150.0.7871.47 or later.
Critical heap-corruption vulnerability in Chrome requires user interaction (specific UI gestures) for exploitation and is therefore not remotely exploitable without user engagement.
This is the RAR5 sibling of CVE-2023-40477 (fixed only in the RAR3 path through version 6.23); the new vulnerability affects recovery files and requires only that the user perform a test/repair operation on the crafted .rev files.
Local privilege escalation in Windows Secure Kernel requires already-elevated code execution rights; relevant for systems with compromised privileged user or process accounts.
The vulnerability enables arbitrary code execution through malicious Chrome extensions and requires user interaction to install the malicious extension.
A use-after-free vulnerability in GPU processing allows an attacker with renderer access to achieve full sandbox escape,critical for browser security in production environments.
The vulnerability enables an attacker with renderer-process access to escape the Chrome sandbox and execute arbitrary code,a critical escalation across browser security boundaries.
Critical RCE vulnerability in Chrome Chromoting component requires immediate patching; the flaw is triggered via malicious network packets and affects remote desktop usage.
The vulnerability requires an already-compromised renderer process and thus represents the second stage of a multi-stage attack chain rather than a direct remote code execution vector.
A sandbox-escape vulnerability in Chromium allows an attacker with renderer-process access to break browser isolation and execute arbitrary code on the host system,a critical risk for endpoints running Chrome or Chromium-based browsers.
A critical use-after-free vulnerability in the Chrome renderer enables sandbox escape under certain conditions, potentially leading to complete system compromise.
A critical use-after-free vulnerability in the Ozone rendering engine enables remote code execution via crafted HTML pages without requiring user interaction.
A critical use-after-free vulnerability in Chrome's Chromoting component enables remote code execution via malicious network traffic and requires immediate patching on Windows systems using Chrome remote access.
An authenticated RCE vulnerability in Fortinet FortiWeb with high CVSS score enables arbitrary code execution and requires prompt patch prioritization in network security infrastructure.
A kernel vulnerability in win32kfull allows local attackers with low-privilege access to escalate privileges on Windows systems; CVSS 7.8 and active tracking by ZDI.
The vulnerability allows attackers to deceive authenticated users, steal their session tokens, or generate persistent access tokens to inject malicious extension versions into the Open VSX supply chain.
The vulnerability requires active user interaction (installation of a malicious extension) and thus presents a moderate, not critical, risk if user security training is effective.
A side-channel vulnerability in Chrome's Scroll mechanism allows attackers to leak confidential cross-origin data through a crafted HTML page, raising concerns about browser security against subtle timing-based exploits.
For Windows systems with Chrome: High-severity RCE through WebApp installation manipulation requires user interaction but poses elevated risk for industrial workstations.
The vulnerability enables sandbox escape after renderer process compromise, but requires prior compromise and is primarily a browser risk with no known active exploitation reported.
The vulnerability in the Chrome Updater enables local privilege escalation on Windows systems, but requires system access and a malicious file to exploit.
The vulnerability requires specifically manipulated UI gestures from the user, which limits the risk of opportunistic remote exploitation but enables targeted attacks against known users.
The vulnerability requires a successfully compromised renderer process as a prerequisite; it is thus relevant for multi-stage exploitation attacks but is addressed in isolation through browser updates.
The vulnerability allows an attacker with control over the renderer process to bypass site isolation, demonstrating that isolation between websites is not guaranteed when the renderer is compromised.
The vulnerability requires a pre-compromised renderer process and then enables sandbox escape , a two-stage exploitation scenario that underscores the importance of browser isolation and defense-in-depth measures.
High-severity RCE vulnerability in Blink requires immediate Chrome update to version 150.0.7871.47 or later to prevent sandbox escapes via crafted HTML pages.
A sandbox escape vulnerability in Google Chrome allows attackers to potentially break out of the browser sandbox via crafted HTML pages, enabling arbitrary code execution.
Sandbox-escape potential through use-after-free in Chrome renderer enables an attacker with a compromised renderer process to break out of the browser sandbox , threat to endpoint security in web-based attack scenarios.
The vulnerability enables privilege escalation via crafted HTML pages once the renderer process is compromised, which is relevant for multi-stage attack chains.
Heap-corruption vulnerability in Chromium's Dawn graphics engine enables potential remote code execution via crafted HTML pages without additional user interaction.
An implementation vulnerability in Google Chrome allows remote attackers to obtain potentially sensitive information from process memory via crafted HTML pages.
A sandbox escape vulnerability in the Chrome renderer allows an attacker with control over the renderer process to break security boundaries and potentially execute system code.
A use-after-free vulnerability in Chromoting enables remote code execution via malicious network traffic, affecting Linux systems running Chrome versions prior to 150.0.7871.47.
The vulnerability requires a pre-compromised renderer process and is primarily relevant in multi-stage attack chains rather than standalone exploitation.
The vulnerability requires prior compromise of the renderer process and enables a sandbox escape , an escalation scenario relevant in targeted attacks.
This is a standard patch notice from the NVD with no indication of active exploitation or specific attack scenarios beyond the basic vulnerability description.
This vulnerability allows an attacker with a compromised renderer process to escape the sandbox via crafted HTML content, requiring timely updates of Chrome installations.
The vulnerability enables remote injection of arbitrary scripts via crafted HTML pages with high severity, posing significant risk to web-based applications and cloud services used by organizations.
A CSS implementation flaw in Chrome allows attackers to bypass the same-origin policy,a fundamental browser security model,which significantly simplifies phishing, credential harvesting, and malware vectors against end users.
A local vulnerability in the Chrome Updater enables privilege escalation on Windows systems, which is relevant for organizations with local security models, as attackers with user access can gain OS-level privileges.
A flaw in Canvas policy enforcement enables attackers to extract sensitive cross-origin data through crafted web pages, posing elevated risk to users operating across multiple web contexts.
The vulnerability allows an attacker to execute code within Chrome's sandbox; a sandbox escape is possible if combined with additional vulnerabilities.
The vulnerability requires local access and file-system interaction, limiting risk in typical enterprise environments where desktop isolation and endpoint detection mechanisms are active.
This is an active, critical security flaw in a widely-used browser that can be exploited on Linux systems through minimal user-interaction social engineering.
This vulnerability enables sandbox escape following renderer compromise , a multi-stage attack posing elevated risk to Linux systems within manufacturing environments.
The vulnerability requires prior compromise of the renderer process, which restricts the practical exploitation chain and is primarily relevant in targeted attacks following initial access.
The exploit requires a previously compromised renderer process, which limits immediate exploitability but remains relevant as a second-stage attack following initial compromise.
The vulnerability requires user interaction but enables arbitrary code execution within the browser context, posing significant risk to manufacturing organizations deploying Chrome on Windows endpoints.
The sandbox escape via a heap buffer overflow in V8 enables attackers to break out of the Chrome sandbox and execute arbitrary code with user privileges.
The vulnerability requires specific UI gestures and a malicious file delivery, limiting real-world attack risk in production environments; however, prompt update to version 150.0.7871.47 or later is necessary.
A sandbox escape vulnerability in the renderer process allows an attacker with a compromised renderer to break out of browser isolation and potentially gain system-level access , a critical risk beyond mere information disclosure.
BSI alert on multiple GNU libc vulnerabilities with broad impact on all Linux systems in production environments; urgency and details depend on the severity level of the underlying CVEs.
The BSI warns of multiple vulnerabilities in Chrome and Edge browsers without citing specific CVE IDs, suggesting this is a summary advisory covering already-known or imminent patches.
BSI warns of multiple critical vulnerabilities in Ubiquiti UniFi OS Server enabling remote code execution and data compromise , a direct threat to network infrastructure requiring urgent patching.
The BSI alert addresses local code execution in a widely deployed PDF reader commonly used for document handling in production environments; specific CVE identifiers and patch status are needed for prioritization.
An aggregation report covering ~382 partly critical CVEs in Chromium-based browsers without describing an active exploitation campaign or specific attack patterns.
BSI warns of multiple Apache vulnerabilities enabling DoS and security bypasses; without specific CVE details, this is a generic warning without immediate tactical novelty.
The BSI warns of multiple unspecified vulnerabilities in Google Chrome whose details have not yet been publicly disclosed; exact CVE numbers and patches are pending.
The BSI advisory addresses multiple vulnerabilities in widely-used Mozilla products without specifics on CVE numbers or CVSS scores; details are required for patch prioritization.
BSI warns of multiple vulnerabilities in Synology DSM without naming specific CVE identifiers; details on exact impact and patch status are not clear from this advisory.
BSI warning for multiple vulnerabilities in Adobe Creative Cloud with code-execution potential; no specific CVE IDs or PoC status mentioned in this alert.
Threat actors distribute manipulated ScreenConnect archives disguised as legitimate freeware utilities (OBS Studio, DS4Windows, DNS Jumper, Glary Utilities) to gain access to enterprise-wide systems.
A campaign with 81 million Microsoft 365 login attempts indicates large-scale, automated attacks likely exploiting stolen or weak credentials and potentially bypassing multi-factor authentication.
The BSI warning describes multiple OpenSSL vulnerabilities without specific CVE designations or severity levels , a typical aggregated security alert for critical infrastructure, but requires clarification for prioritization.
A newly discovered RCE vulnerability in 7-Zip when processing NTFS archives requires user interaction but poses significant risk in manufacturing environments where archives are frequently exchanged.
The vulnerability requires an already-compromised renderer process and is therefore primarily an escalation mechanism after initial compromise, not a primary attack vector.
Monthly patch announcement for Chrome with 382 security fixes, of which 15 are rated critical and could allow arbitrary code execution outside the browser sandbox.
FortiBleed is actively being exploited by the Lynx ransomware group for credential theft prior to ransomware deployment, indicating coordinated attack-chain coordination.
ARToken is a fully automated PhaaS panel with 80+ API endpoints for targeted Microsoft 365 phishing, including persistent token acquisition via Microsoft Authentication Broker and SharePoint exfiltration , an escalated threat model compared to earlier EvilTokens reporting.
An out-of-bounds read vulnerability in FFmpeg within Chrome enables attackers to extract potentially sensitive data from process memory via a crafted video file.
UI spoofing vulnerability in Chrome allows attackers to impersonate browser interface via crafted HTML pages, potentially enhancing phishing campaigns.
A sandbox escape vulnerability allows an attacker with renderer process access to break out of the Chrome sandbox, enabling privilege escalation on Windows systems.
A race condition in the DataTransfer mechanism allows attackers to extract sensitive data from browser process memory via a crafted HTML page,relevant for all employees who handle confidential content in Chrome.
The CVE affects a validation flaw in Chrome's ANGLE component that allows an attacker with renderer process access to leak sensitive memory contents,a relatively low risk in stable enterprise environments.
A vulnerability in Google Chrome's WebUI allows attackers to leak cross-origin data through malicious network traffic , relevant for organizations relying on Chrome for sensitive business applications.
This is a pure patch notification without reports of active exploitation or targeted campaigns; strategic relevance falls below management escalation threshold.
The vulnerability allows an attacker to bypass the same-origin policy via a crafted HTML page, potentially compromising sessions across different origins.
A side-channel vulnerability in Chromium's ComputePressure API enables exfiltration of cross-origin data through crafted HTML pages under specific conditions.
The vulnerability requires prior compromise of the renderer process; for attackers this constitutes a two-stage exploit (web-RCE + sandbox-escape) and is thus further limited in practice by modern browser isolation (e.g., Windows Sandbox, separate processes).
The vulnerability allows attackers to exfiltrate cross-origin data via malicious HTML pages,a direct threat to multi-tab and cloud-based workflows in enterprises.
The vulnerability requires deliberate user interaction (specific UI gestures) and access to a crafted HTML page, limiting attack risk to advanced social-engineering scenarios.
Although the vulnerability is rated Medium severity, it enables code execution within the browser sandbox and should be patched promptly, but is not currently documented as actively exploited.
This is a standard Chromium security update with no indication of active exploitation; the UI-spoofing vulnerability requires prior renderer-process compromise.
The vulnerability requires already-compromised renderer processes and is not known to be actively exploited; this is a standard browser patch without geopolitical or campaign implications.
Vulnerability enables bypass of same-origin policy via crafted HTML page without authentication, potentially allowing web-based attacks on locally trusted content.
A privilege escalation vulnerability in Chromoting requires a local attacker to already have file access on the system , typical of insider or post-compromise scenarios following initial compromise.
The BSI has published an update warning on multiple unspecified vulnerabilities in Firefox, Firefox ESR and Thunderbird; specific CVE identifiers and exploitation reports are not provided in this notice.
BSI alert on Linux Kernel vulnerabilities lacks CVE details, complicating prioritization for Ubuntu deployments; specific CVEs needed for patch management.
A BSI notification regarding a vague TeamViewer vulnerability without CVE assignment and lacking detailed attack scenarios suggests preventive awareness rather than active exploitation.
Mandiant documents active exploitation of a Cisco SD-WAN zero-day vulnerability by a previously unidentified threat actor for full system compromise, indicating coordinated campaign activity.
Critical Cisco Unified CM vulnerability is already under active exploitation by unknown threat actors following PoC disclosure; provides path to root privileges via file-write operation.
A sandbox escape vulnerability allows an attacker with access to the Chrome renderer process to bypass sandbox isolation , a critical escalation path following successful web exploit compromise.
The vulnerability requires user interaction (installation of a malicious extension) and thus is primarily a social-engineering risk, not a critical remote-code-execution flaw.
The vulnerability enables remote code execution through a crafted HTML page with limited user interaction required and affects all Chrome versions prior to 149.0.7827.197.
Chinese state-sponsored group in 2025 leveraged AI coding assistants to autonomously execute 80,90% of attack tactics (reconnaissance, vulnerability discovery, exploit development, lateral movement), representing a new threat dimension for supply-chain security.
Germany is identified as Europe's focal point for ransomware attacks, while Russia serves as a safe haven for cybercriminals,a geopolitical pattern with direct relevance for DACH organizations.
A new class of CI/CD workflow flaws (Cordyceps) allows attackers to hijack repositories and compromise open-source supply chains entirely,a strategic risk for manufacturers that source dependencies from public repositories.
Critical Ubiquiti UniFi OS vulnerabilities are already being actively exploited in the wild despite patches being available since late May 2026; administrators who have not yet updated to version 5.1.12 or 5.0.8 are at immediate risk.
Multiple critical Ubiquiti vulnerabilities (CVE-2026-34908, -34909, -34910 with CVSS 10/10 and CVE-2025-67038 with CVSS 9.8) were already exploited in the wild as zero-days despite patches, to create rogue administrator accounts and conduct automated reconnaissance attacks.
FortiBleed is not merely a credential-leak vulnerability but enables potential persistent access and lateral network movement in enterprise infrastructure relying on Fortinet security appliances.
Attackers with renderer process access can bypass site isolation in Chrome, posing a risk for organizations relying on browser-based authentication and password management.
A use-after-free vulnerability in Adobe Acrobat Reader DC enables remote code execution when users open malicious files or visit compromised web pages.
A use-after-free vulnerability in Adobe Acrobat Reader DC enables remote code execution upon user interaction (CVSS 7.8); exploitation requires opening a malicious file or visiting a malicious webpage.
A use-after-free vulnerability in font handling enables remote code execution on systems running Adobe Acrobat Reader DC when opening malicious files or visiting compromised web pages.
An integer overflow vulnerability in Adobe Acrobat Reader DC enables remote code execution through malicious TIF files; the risk is elevated because exploitation requires user interaction.
A vulnerability in Chrome's authentication credential handling allows attackers to bypass the same-origin policy and potentially access data from other website domains.
Microsoft-signed UEFI shim bootloaders up to version 0.9 permit Secure Boot bypass via BYOVD technique and will be added to the UEFI Forbidden Signature Database; affects Windows Server, VMware ESXi, and Enterprise Linux systems in European infrastructures.
The vulnerability has a low CVSS score (3.3) and requires user interaction; risk is limited, but patch management should be monitored in environments with frequent PDF file processing.
Monthly Microsoft security updates are routine administrative tasks; the strategic value here does not extend beyond patch management, but the number and criticality (32 critical CVEs with RCE) warrant rapid assessment and prioritization.
Local privilege escalation in QEMU requires prior code execution capability on the guest system; risk is elevated in scenarios with untrusted or compromised guest workloads.
BSI advisory on multiple Adobe vulnerabilities without specific CVE numbers; indicates coordinated disclosure, requires cross-reference with Adobe security bulletins for patch prioritization.
The BSI advisory documents multiple unspecified vulnerabilities in Microsoft Edge without CVE numbers or exploitation status; details are to be provided.
The vulnerability enables out-of-bounds memory read into kernel logs via crafted AF_PACKET frames with unset MAC headers; exploitation requires local access.
BSI alert on multiple vulnerabilities in Adobe Creative Cloud without specific CVE identifiers; requires user interaction (file opening) to trigger code execution or data theft.
Malicious browser extensions can abuse Native Messaging protocol to escape the browser sandbox and deploy Python-based backdoors on Windows systems,an attack vector that bypasses traditional endpoint controls.
The BSI warns of multiple critical-severity vulnerabilities in OpenSSL (RCE, DoS, information disclosure); timely patching and specific CVE identification are required to prioritize affected systems.
BSI warns of multiple vulnerabilities in Ubiquiti UniFi OS without specific CVE numbers; technical detail level and exploitation status are currently unclear.
Woodgnat group actively uses the new Mistic RAT to distribute multiple ransomware families (Qilin, Rhysida, Akira, Black Basta), combining technical exploits with social engineering techniques like ClickFix.
StealC and Amadey are actively distributed infostealers that specifically target VPN and SSO tokens and can bypass MFA protections; detailed analysis of their backdoor command set enables improved detection of infections.
A newly documented malware family (SharkLoader) is actively deployed to install Cobalt Strike on diplomatic and government systems worldwide; threat actors leverage publicly available PoC exploits against Microsoft Exchange and SharePoint, indicating opportunistic, broad-based campaign.
An unpatched 0-Day vulnerability in Windows library-ms allows remote disclosure of NTLM responses via social engineering (viewing a malicious folder); no public exploits known, but active monitoring recommended.
BSI alert on multiple unspecified Linux Kernel vulnerabilities without CVE details complicates prioritisation; details and affected versions must be retrieved from the full BSI advisory.