CVE-2026-58525
This is a standard NVD patch notice without active campaign or in-the-wild exploitation details; likely already covered by BSI/CISA advisories.
Comparing 8 July 2026 with the previous day 7 July 2026.
This is a standard NVD patch notice without active campaign or in-the-wild exploitation details; likely already covered by BSI/CISA advisories.
Russian state-sponsored threat actors have already compromised Ubiquiti Edge OS routers into botnets for malware traffic proxying; three of the now-patched UniFi OS vulnerabilities have been flagged by CISA as actively exploited.
GhostLock is a 15-year-old Linux kernel flaw now publicly disclosed with working exploit code offering 97% reliability for local privilege escalation and container escape.
The vulnerability allows low-privileged organization members to impersonate other users and steal their vault keys, enabling complete account takeover and database access.
Swiss Federal Council warns of escalating Russian hybrid warfare against Switzerland and Europe; cyberspace and critical infrastructure identified as primary targets for espionage and attack activities.
The Russian FSB is actively improving its malware delivery chains and server concealment techniques, indicating an escalated threat to European industrial networks.
Ransomware-as-a-Service ecosystems are strategically shifting focus toward European organizations and their supply chains, signaling a deliberate repositioning of ransomware campaigns after a global lull.
A China-linked APT group is actively expanding its arsenal with new proprietary backdoor variants (LongLeash, DogLeash, JarLeash) for SOHO routers, signalling sustained investment in infrastructure compromise in the context of geopolitical tensions.
Chinese APT UAT-7810 is actively developing custom malware (ShortLeash/LONGLEASH) to establish Operational Relay Box networks positioned as infrastructure provider for downstream threat actors,a strategic escalation pattern targeting high-value victims.
Volt Typhoon is portrayed as a persistent China-backed threat to Western critical infrastructure, signaling geopolitical cyber-warfare scenarios that indirectly threaten European supply chains and industrial operations.
A JavaScript-based field traversal vulnerability in PDF applications can cause application crash through invalid pointer dereference when a corrupted field form is opened.
A memory-corruption flaw in PDF applications can be triggered by malicious JavaScript in form fields, leading to application crashes; remote code execution potential is unclear from the advisory.
The vulnerability causes DoS through invalid object access after JavaScript deletion of form fields in PDF documents; no remote code execution.
The vulnerability enables a heap corruption condition through improper validation of PDF annotation relationships, potentially leading to crashes or code execution.
A flaw in PDF applications enables crash-through-service via malformed JavaScript form fields without validation checks.
The vulnerability enables PDF application crashes through manipulated JavaScript code during page deletion and annotation removal, with no remote code execution or data loss documented.
A validation failure in PDF form objects during JavaScript execution leads to invalid pointer access and application crash, potentially exploitable for denial-of-service.
A maximum-severity vulnerability in Ubiquiti UniFi OS requires immediate attention as this component is central to network management and segmentation.
The vulnerability allows local users to escalate privileges to NT AUTHORITY\SYSTEM level via user-controllable executable files; however, the vendor, PoC status, and active exploitation details remain unclear.
Memory vulnerability in PDF rendering enables remote denial-of-service through malformed color spaces; attack vectors via email attachments or SharePoint documents are likely.
The vulnerability documents an undocumented security behavior in OpenSSH within Windows AD environments where GSSAPI strict checks fail to activate , a previously undisclosed configuration edge case with potential authentication bypass implications.
BSI warning on log4j vulnerability underscores persistent risk posed by ubiquitous component in European production environments.
Researchers systematically document how malware abuses COM interfaces for lateral movement, persistence, and Windows automation, with Qakbot presented as a case study and reverse-engineering tools discussed.
The BSI advisory covers multiple OpenSSH vulnerabilities without naming CVE numbers or specific version details,a typical aggregated advisory lacking clarity on exploit status.
BSI warns of multiple Chrome vulnerabilities without published details; this suggests embargoed or yet-to-be-disclosed security flaws that may be patched imminently.
Attackers use social engineering tactics to trick users into registering passkeys in Entra ID, thereby bypassing multifactor authentication.
Unattributed active campaign since April 2026 uses deceptive photo archives as entry point for multi-stage intrusion with persistent Node.js implant and obfuscated PowerShell.
The BSI warning is a collection advisory covering multiple browser vulnerabilities without specific CVE identification; prioritizing patches requires identifying the specific CVEs affecting Chrome and Edge versions in use.
EvilTokens uses AES-GCM-encrypted HTML payloads that decrypt only in the browser to bypass traditional email security inspections and conduct device-code phishing attacks against Microsoft 365 accounts.
No changes in this category.
No changes in this category.
Prior BeyondTrust flaws have been actively exploited for web shell and backdoor deployment, justifying urgent patch prioritization for these critical authentication bypass vulnerabilities.
ToddyCat APT exploits OAuth token hijacking against Gmail and targets corporate email; spyware remains second-most common threat category in ICS environments.
The alert mentions critical flaws in BeyondTrust software but provides no details on CVE numbers, attack scenarios, or active exploitation , the article appears incomplete or is a preview lacking substantive technical information.
A use-after-free vulnerability in Adobe Acrobat Reader DC enables remote code execution upon user interaction with CVSS 7.8; no public exploitation known, but timely patching required.
A use-after-free vulnerability in Adobe Acrobat Reader DC enables remote code execution when a user interacts with malicious documents or web pages.
The BSI warns of multiple unspecified vulnerabilities in Chrome and Edge; without CVE numbers, precise risk assessment is currently not possible.
BSI warning on critical vulnerabilities in Ubiquiti UniFi OS with RCE and privilege escalation potential requires prompt patch review in network infrastructure.
BSI warns of multiple unspecified vulnerabilities in 7-Zip with code execution potential; specific CVE numbers and technical details are missing from this advisory.
A long-overlooked KVM vulnerability allows attackers within virtual machines to escape their isolated environment and gain kernel privileges on the host system.
The BSI warns of multiple OpenSSL vulnerabilities without specific CVE references in this notice; this indicates a summary or update of multiple already-known vulnerabilities.
The campaign abuses legitimate Microsoft authentication mechanisms instead of fake login pages, combining collaboration-themed lures with OAuth Device-Flow exploitation to bypass MFA and gain persistent account access.
Januscape is the first known KVM vulnerability that can be exploited on both Intel and AMD architectures, enabling direct guest-to-host escape.
BSI advisory on multiple Linux Kernel DoS vulnerabilities without specific CVE references or exploitation details; urgency and affected versions remain unclear.