Ubiquiti UniFi OS Vulnerabilities Are Being Attacked
Active attacks on critical UniFi OS vulnerabilities confirmed since late May 2026, but no details on attack scope or indicators of compromise available.
Comparing 5 July 2026 with the previous day 4 July 2026.
Active attacks on critical UniFi OS vulnerabilities confirmed since late May 2026, but no details on attack scope or indicators of compromise available.
No changes in this category.
No changes in this category.
North Korean actors are conducting an active supply-chain campaign with 108 malicious packages across multiple popular package repositories, indicating a strategic shift toward dependency-chain compromise as a vector for network infiltration.
Local escalation in optional Narrator Braille feature requires already having low-privilege code execution on the target system.
A use-after-free in Adobe Acrobat Reader DC enables RCE with CVSS 7.8 via visiting a malicious page or opening a crafted file.
A use-after-free vulnerability in Adobe Acrobat Reader DC enables remote code execution through file or web interaction with CVSS 7.8 severity.
A use-after-free RCE in Adobe Acrobat Pro DC with CVSS 7.8 requires user interaction but poses significant risk to organizations using PDF editing.
Use-After-Free vulnerability in Adobe Acrobat Pro DC enables remote code execution when a user interacts with a malicious file or webpage.
A use-after-free vulnerability in Adobe Acrobat Reader DC enables remote code execution with medium-to-high severity; user interaction required.
A use-after-free vulnerability in Adobe Acrobat Reader DC enables remote code execution via malicious documents, posing significant risk in manufacturing environments where PDF file exchange is routine.
An integer overflow vulnerability in Adobe Acrobat Reader DC's TIF file parsing enables remote code execution with CVSS 7.8 requiring user interaction.
FortiBleed goes beyond a simple credential leak and has deeper security implications for FortiGate/FortiClient deployments; however, the bulletin aggregates multiple unrelated incidents without strategic focus.
The vulnerability requires user interaction (opening malicious files) and has low-to-medium risk with CVSS 3.3, but affects widely deployed software in manufacturing enterprises.
BSI warns of multiple vulnerabilities in Adobe Creative Cloud without specific CVE details; the required user interaction limits immediate attack risk but requires patch management and user awareness.
The BSI warns of multiple not-yet-fully-disclosed vulnerabilities in Edge; details on exploitability and attack vector are still missing, complicating timely patch management.
A previously undocumented malware family (SharkLoader) is being deployed in a multinational campaign targeting government and diplomatic organizations to deliver Cobalt Strike Beacon; the threat actor leverages publicly available exploits against internet-facing applications such as Microsoft Exchange and SharePoint.