CVE-2026-58525
This is a standard NVD patch notice without active campaign or in-the-wild exploitation details; likely already covered by BSI/CISA advisories.
Comparing 8 July 2026 with the previous day 1 July 2026.
This is a standard NVD patch notice without active campaign or in-the-wild exploitation details; likely already covered by BSI/CISA advisories.
Russian state-sponsored threat actors have already compromised Ubiquiti Edge OS routers into botnets for malware traffic proxying; three of the now-patched UniFi OS vulnerabilities have been flagged by CISA as actively exploited.
GhostLock is a 15-year-old Linux kernel flaw now publicly disclosed with working exploit code offering 97% reliability for local privilege escalation and container escape.
The vulnerability allows low-privileged organization members to impersonate other users and steal their vault keys, enabling complete account takeover and database access.
Swiss Federal Council warns of escalating Russian hybrid warfare against Switzerland and Europe; cyberspace and critical infrastructure identified as primary targets for espionage and attack activities.
The Russian FSB is actively improving its malware delivery chains and server concealment techniques, indicating an escalated threat to European industrial networks.
Ransomware-as-a-Service ecosystems are strategically shifting focus toward European organizations and their supply chains, signaling a deliberate repositioning of ransomware campaigns after a global lull.
A China-linked APT group is actively expanding its arsenal with new proprietary backdoor variants (LongLeash, DogLeash, JarLeash) for SOHO routers, signalling sustained investment in infrastructure compromise in the context of geopolitical tensions.
Chinese APT UAT-7810 is actively developing custom malware (ShortLeash/LONGLEASH) to establish Operational Relay Box networks positioned as infrastructure provider for downstream threat actors,a strategic escalation pattern targeting high-value victims.
Volt Typhoon is portrayed as a persistent China-backed threat to Western critical infrastructure, signaling geopolitical cyber-warfare scenarios that indirectly threaten European supply chains and industrial operations.
A JavaScript-based field traversal vulnerability in PDF applications can cause application crash through invalid pointer dereference when a corrupted field form is opened.
A memory-corruption flaw in PDF applications can be triggered by malicious JavaScript in form fields, leading to application crashes; remote code execution potential is unclear from the advisory.
The vulnerability causes DoS through invalid object access after JavaScript deletion of form fields in PDF documents; no remote code execution.
The vulnerability enables a heap corruption condition through improper validation of PDF annotation relationships, potentially leading to crashes or code execution.
A flaw in PDF applications enables crash-through-service via malformed JavaScript form fields without validation checks.
The vulnerability enables PDF application crashes through manipulated JavaScript code during page deletion and annotation removal, with no remote code execution or data loss documented.
A validation failure in PDF form objects during JavaScript execution leads to invalid pointer access and application crash, potentially exploitable for denial-of-service.
A maximum-severity vulnerability in Ubiquiti UniFi OS requires immediate attention as this component is central to network management and segmentation.
The vulnerability allows local users to escalate privileges to NT AUTHORITY\SYSTEM level via user-controllable executable files; however, the vendor, PoC status, and active exploitation details remain unclear.
Memory vulnerability in PDF rendering enables remote denial-of-service through malformed color spaces; attack vectors via email attachments or SharePoint documents are likely.
The vulnerability documents an undocumented security behavior in OpenSSH within Windows AD environments where GSSAPI strict checks fail to activate , a previously undisclosed configuration edge case with potential authentication bypass implications.
BSI warning on log4j vulnerability underscores persistent risk posed by ubiquitous component in European production environments.
Researchers systematically document how malware abuses COM interfaces for lateral movement, persistence, and Windows automation, with Qakbot presented as a case study and reverse-engineering tools discussed.
The BSI advisory covers multiple OpenSSH vulnerabilities without naming CVE numbers or specific version details,a typical aggregated advisory lacking clarity on exploit status.
BSI warns of multiple Chrome vulnerabilities without published details; this suggests embargoed or yet-to-be-disclosed security flaws that may be patched imminently.
Attackers use social engineering tactics to trick users into registering passkeys in Entra ID, thereby bypassing multifactor authentication.
Unattributed active campaign since April 2026 uses deceptive photo archives as entry point for multi-stage intrusion with persistent Node.js implant and obfuscated PowerShell.
The BSI warning is a collection advisory covering multiple browser vulnerabilities without specific CVE identification; prioritizing patches requires identifying the specific CVEs affecting Chrome and Edge versions in use.
EvilTokens uses AES-GCM-encrypted HTML payloads that decrypt only in the browser to bypass traditional email security inspections and conduct device-code phishing attacks against Microsoft 365 accounts.
No changes in this category.
No changes in this category.
CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalogue and mandates patching by 4 July 2026 for US federal agencies, signalling active or imminent exploitation.
An unidentified threat actor is actively exploiting CVE-2026-0257 to bypass authentication on PAN-OS GlobalProtect gateways and establish unauthorized VPN connections.
The vulnerability requires prior network authorization and is covered by standard NVD reporting without active exploitation or geopolitical dimension.
Iranian state-affiliated APT Nimbus Manticore demonstrates newly adopted techniques including SEO poisoning and enhanced capabilities during active geopolitical conflict, targeting European entities.
Check Point documents a 124% surge in hacktivism and ransomware across Germany, Austria, and Switzerland in 2025,a strategically significant shift in the DACH threat landscape for manufacturing organizations.
A use-after-free vulnerability in Google's Views component enables heap corruption via crafted HTML pages when users perform specific UI gestures; critical CVSS score requires immediate update to version 150.0.7871.47 or later.
Critical heap-corruption vulnerability in Chrome requires user interaction (specific UI gestures) for exploitation and is therefore not remotely exploitable without user engagement.
This is the RAR5 sibling of CVE-2023-40477 (fixed only in the RAR3 path through version 6.23); the new vulnerability affects recovery files and requires only that the user perform a test/repair operation on the crafted .rev files.
Local privilege escalation in Windows Secure Kernel requires already-elevated code execution rights; relevant for systems with compromised privileged user or process accounts.
The vulnerability enables arbitrary code execution through malicious Chrome extensions and requires user interaction to install the malicious extension.
A use-after-free vulnerability in GPU processing allows an attacker with renderer access to achieve full sandbox escape,critical for browser security in production environments.
The vulnerability enables an attacker with renderer-process access to escape the Chrome sandbox and execute arbitrary code,a critical escalation across browser security boundaries.
Critical RCE vulnerability in Chrome Chromoting component requires immediate patching; the flaw is triggered via malicious network packets and affects remote desktop usage.
The vulnerability requires an already-compromised renderer process and thus represents the second stage of a multi-stage attack chain rather than a direct remote code execution vector.
A sandbox-escape vulnerability in Chromium allows an attacker with renderer-process access to break browser isolation and execute arbitrary code on the host system,a critical risk for endpoints running Chrome or Chromium-based browsers.
A critical use-after-free vulnerability in the Chrome renderer enables sandbox escape under certain conditions, potentially leading to complete system compromise.
A critical use-after-free vulnerability in the Ozone rendering engine enables remote code execution via crafted HTML pages without requiring user interaction.
A critical use-after-free vulnerability in Chrome's Chromoting component enables remote code execution via malicious network traffic and requires immediate patching on Windows systems using Chrome remote access.
An authenticated RCE vulnerability in Fortinet FortiWeb with high CVSS score enables arbitrary code execution and requires prompt patch prioritization in network security infrastructure.
A kernel vulnerability in win32kfull allows local attackers with low-privilege access to escalate privileges on Windows systems; CVSS 7.8 and active tracking by ZDI.
The vulnerability allows attackers to deceive authenticated users, steal their session tokens, or generate persistent access tokens to inject malicious extension versions into the Open VSX supply chain.
Critical IKE vulnerability in Windows Server affects VPN infrastructure and requires immediate attention for remote-access scenarios.
A sandbox-escape vulnerability in GPU processing allows an attacker with access to the renderer process to bypass security isolation.
The vulnerability requires active user interaction (installation of a malicious extension) and thus presents a moderate, not critical, risk if user security training is effective.
A side-channel vulnerability in Chrome's Scroll mechanism allows attackers to leak confidential cross-origin data through a crafted HTML page, raising concerns about browser security against subtle timing-based exploits.
For Windows systems with Chrome: High-severity RCE through WebApp installation manipulation requires user interaction but poses elevated risk for industrial workstations.
The vulnerability enables sandbox escape after renderer process compromise, but requires prior compromise and is primarily a browser risk with no known active exploitation reported.
A use-after-free vulnerability in the QUIC protocol enables heap corruption through malicious network traffic without user interaction.
The vulnerability in the Chrome Updater enables local privilege escalation on Windows systems, but requires system access and a malicious file to exploit.
The vulnerability requires specifically manipulated UI gestures from the user, which limits the risk of opportunistic remote exploitation but enables targeted attacks against known users.
The vulnerability requires a successfully compromised renderer process as a prerequisite; it is thus relevant for multi-stage exploitation attacks but is addressed in isolation through browser updates.
The vulnerability allows an attacker with control over the renderer process to bypass site isolation, demonstrating that isolation between websites is not guaranteed when the renderer is compromised.
The vulnerability requires a pre-compromised renderer process and then enables sandbox escape , a two-stage exploitation scenario that underscores the importance of browser isolation and defense-in-depth measures.
Use-after-free in Chrome IME enables code execution within sandbox context; requires prompt patching to version 150.0.7871.47 or later.
This is a standard patch advisory for a high-severity Chrome vulnerability with no evidence of active exploitation or targeted campaigns.
High-severity RCE vulnerability in Blink requires immediate Chrome update to version 150.0.7871.47 or later to prevent sandbox escapes via crafted HTML pages.
A sandbox escape vulnerability in Google Chrome allows attackers to potentially break out of the browser sandbox via crafted HTML pages, enabling arbitrary code execution.
This is a standard patch advisory with no indication of active exploitation or specific attack campaigns.
Sandbox-escape potential through use-after-free in Chrome renderer enables an attacker with a compromised renderer process to break out of the browser sandbox , threat to endpoint security in web-based attack scenarios.
The vulnerability enables privilege escalation via crafted HTML pages once the renderer process is compromised, which is relevant for multi-stage attack chains.
Heap-corruption vulnerability in Chromium's Dawn graphics engine enables potential remote code execution via crafted HTML pages without additional user interaction.
An implementation vulnerability in Google Chrome allows remote attackers to obtain potentially sensitive information from process memory via crafted HTML pages.
A sandbox escape vulnerability in the Chrome renderer allows an attacker with control over the renderer process to break security boundaries and potentially execute system code.
A use-after-free vulnerability in Chromoting enables remote code execution via malicious network traffic, affecting Linux systems running Chrome versions prior to 150.0.7871.47.
The vulnerability requires a pre-compromised renderer process and is primarily relevant in multi-stage attack chains rather than standalone exploitation.
The vulnerability requires prior compromise of the renderer process and enables a sandbox escape , an escalation scenario relevant in targeted attacks.
This is a standard patch notice from the NVD with no indication of active exploitation or specific attack scenarios beyond the basic vulnerability description.
This vulnerability allows an attacker with a compromised renderer process to escape the sandbox via crafted HTML content, requiring timely updates of Chrome installations.
The vulnerability enables remote injection of arbitrary scripts via crafted HTML pages with high severity, posing significant risk to web-based applications and cloud services used by organizations.
A CSS implementation flaw in Chrome allows attackers to bypass the same-origin policy,a fundamental browser security model,which significantly simplifies phishing, credential harvesting, and malware vectors against end users.
A local vulnerability in the Chrome Updater enables privilege escalation on Windows systems, which is relevant for organizations with local security models, as attackers with user access can gain OS-level privileges.
A flaw in Canvas policy enforcement enables attackers to extract sensitive cross-origin data through crafted web pages, posing elevated risk to users operating across multiple web contexts.
The vulnerability allows an attacker to execute code within Chrome's sandbox; a sandbox escape is possible if combined with additional vulnerabilities.
The vulnerability enables sandbox escape through DOM manipulation via a crafted HTML page without requiring additional user interaction.
The vulnerability requires local access and file-system interaction, limiting risk in typical enterprise environments where desktop isolation and endpoint detection mechanisms are active.
This is an active, critical security flaw in a widely-used browser that can be exploited on Linux systems through minimal user-interaction social engineering.
This vulnerability enables sandbox escape following renderer compromise , a multi-stage attack posing elevated risk to Linux systems within manufacturing environments.
The vulnerability requires prior compromise of the renderer process, which restricts the practical exploitation chain and is primarily relevant in targeted attacks following initial access.
The exploit requires a previously compromised renderer process, which limits immediate exploitability but remains relevant as a second-stage attack following initial compromise.
The vulnerability requires user interaction but enables arbitrary code execution within the browser context, posing significant risk to manufacturing organizations deploying Chrome on Windows endpoints.
The sandbox escape via a heap buffer overflow in V8 enables attackers to break out of the Chrome sandbox and execute arbitrary code with user privileges.
The vulnerability requires specific UI gestures and a malicious file delivery, limiting real-world attack risk in production environments; however, prompt update to version 150.0.7871.47 or later is necessary.
A sandbox escape vulnerability in the renderer process allows an attacker with a compromised renderer to break out of browser isolation and potentially gain system-level access , a critical risk beyond mere information disclosure.
ClickFix uses API-driven backend servers to distribute polymorphic malware while bypassing Windows script scanning through novel delivery techniques.
BSI alert on multiple GNU libc vulnerabilities with broad impact on all Linux systems in production environments; urgency and details depend on the severity level of the underlying CVEs.
The BSI warns of multiple vulnerabilities in Chrome and Edge browsers without citing specific CVE IDs, suggesting this is a summary advisory covering already-known or imminent patches.
BSI warns of multiple critical vulnerabilities in Ubiquiti UniFi OS Server enabling remote code execution and data compromise , a direct threat to network infrastructure requiring urgent patching.
The BSI alert addresses local code execution in a widely deployed PDF reader commonly used for document handling in production environments; specific CVE identifiers and patch status are needed for prioritization.
An aggregation report covering ~382 partly critical CVEs in Chromium-based browsers without describing an active exploitation campaign or specific attack patterns.
Massive credential-spraying attack with 81 million login attempts against Azure CLI indicates coordinated attacks on cloud infrastructure; LSHIY hosting provider as attack infrastructure suggests organized threat actors.
BSI warns of multiple Apache vulnerabilities enabling DoS and security bypasses; without specific CVE details, this is a generic warning without immediate tactical novelty.
The BSI warns of multiple unspecified vulnerabilities in Google Chrome whose details have not yet been publicly disclosed; exact CVE numbers and patches are pending.
The BSI advisory addresses multiple vulnerabilities in widely-used Mozilla products without specifics on CVE numbers or CVSS scores; details are required for patch prioritization.
BSI warns of multiple vulnerabilities in Synology DSM without naming specific CVE identifiers; details on exact impact and patch status are not clear from this advisory.
Local code execution in Adobe Photoshop via maliciously crafted files , affects users in product development and design roles.
BSI warning for multiple vulnerabilities in Adobe Creative Cloud with code-execution potential; no specific CVE IDs or PoC status mentioned in this alert.
Threat actors distribute manipulated ScreenConnect archives disguised as legitimate freeware utilities (OBS Studio, DS4Windows, DNS Jumper, Glary Utilities) to gain access to enterprise-wide systems.
A campaign with 81 million Microsoft 365 login attempts indicates large-scale, automated attacks likely exploiting stolen or weak credentials and potentially bypassing multi-factor authentication.
The BSI warning describes multiple OpenSSL vulnerabilities without specific CVE designations or severity levels , a typical aggregated security alert for critical infrastructure, but requires clarification for prioritization.
A newly discovered RCE vulnerability in 7-Zip when processing NTFS archives requires user interaction but poses significant risk in manufacturing environments where archives are frequently exchanged.
The vulnerability requires an already-compromised renderer process and is therefore primarily an escalation mechanism after initial compromise, not a primary attack vector.
Monthly patch announcement for Chrome with 382 security fixes, of which 15 are rated critical and could allow arbitrary code execution outside the browser sandbox.
FortiBleed is actively being exploited by the Lynx ransomware group for credential theft prior to ransomware deployment, indicating coordinated attack-chain coordination.
ARToken is a fully automated PhaaS panel with 80+ API endpoints for targeted Microsoft 365 phishing, including persistent token acquisition via Microsoft Authentication Broker and SharePoint exfiltration , an escalated threat model compared to earlier EvilTokens reporting.
An out-of-bounds read vulnerability in FFmpeg within Chrome enables attackers to extract potentially sensitive data from process memory via a crafted video file.
UI spoofing vulnerability in Chrome allows attackers to impersonate browser interface via crafted HTML pages, potentially enhancing phishing campaigns.
A sandbox escape vulnerability allows an attacker with renderer process access to break out of the Chrome sandbox, enabling privilege escalation on Windows systems.
A race condition in the DataTransfer mechanism allows attackers to extract sensitive data from browser process memory via a crafted HTML page,relevant for all employees who handle confidential content in Chrome.
The CVE affects a validation flaw in Chrome's ANGLE component that allows an attacker with renderer process access to leak sensitive memory contents,a relatively low risk in stable enterprise environments.
A vulnerability in Google Chrome's WebUI allows attackers to leak cross-origin data through malicious network traffic , relevant for organizations relying on Chrome for sensitive business applications.
This is a pure patch notice with no evidence of active exploitation or campaigns in the wild.
This is a pure patch notification without reports of active exploitation or targeted campaigns; strategic relevance falls below management escalation threshold.
The vulnerability allows an attacker to bypass the same-origin policy via a crafted HTML page, potentially compromising sessions across different origins.
A side-channel vulnerability in Chromium's ComputePressure API enables exfiltration of cross-origin data through crafted HTML pages under specific conditions.
The vulnerability requires prior compromise of the renderer process; for attackers this constitutes a two-stage exploit (web-RCE + sandbox-escape) and is thus further limited in practice by modern browser isolation (e.g., Windows Sandbox, separate processes).
The vulnerability allows attackers to exfiltrate cross-origin data via malicious HTML pages,a direct threat to multi-tab and cloud-based workflows in enterprises.
A same-origin policy bypass via crafted HTML pages potentially enables cross-origin access to sensitive data in browser sessions.
The vulnerability requires deliberate user interaction (specific UI gestures) and access to a crafted HTML page, limiting attack risk to advanced social-engineering scenarios.
Although the vulnerability is rated Medium severity, it enables code execution within the browser sandbox and should be patched promptly, but is not currently documented as actively exploited.
This is a standard Chromium security update with no indication of active exploitation; the UI-spoofing vulnerability requires prior renderer-process compromise.
The vulnerability requires already-compromised renderer processes and is not known to be actively exploited; this is a standard browser patch without geopolitical or campaign implications.
Vulnerability enables bypass of same-origin policy via crafted HTML page without authentication, potentially allowing web-based attacks on locally trusted content.
A privilege escalation vulnerability in Chromoting requires a local attacker to already have file access on the system , typical of insider or post-compromise scenarios following initial compromise.
A race condition in history management enables UI spoofing, but is low-severity and requires user interaction with a crafted HTML page.
The vulnerability requires existing authentication, but does not fully reduce exposure risk for NAS systems available via remote access.
The BSI has published an update warning on multiple unspecified vulnerabilities in Firefox, Firefox ESR and Thunderbird; specific CVE identifiers and exploitation reports are not provided in this notice.
The advisory contains no CVE numbers or specific vulnerability details; this is a generic precautionary notice without current exploitation evidence.
BSI alert on Linux Kernel vulnerabilities lacks CVE details, complicating prioritization for Ubuntu deployments; specific CVEs needed for patch management.
A BSI notification regarding a vague TeamViewer vulnerability without CVE assignment and lacking detailed attack scenarios suggests preventive awareness rather than active exploitation.