'Djinn' Stealer Targets Cloud, AI Credentials
The campaign demonstrates that attackers leverage RMM tools as entry points to steal cloud and AI credentials using admin privileges, enabling broad network compromise.
Comparing 11 July 2026 with the previous day 10 July 2026.
The campaign demonstrates that attackers leverage RMM tools as entry points to steal cloud and AI credentials using admin privileges, enabling broad network compromise.
A critical deserialization vulnerability in Microsoft Edge allows unauthenticated remote code execution, requiring immediate patch prioritization across all Edge installations.
State-sponsored APT groups exploit simple attack vectors such as weak passwords and lack of network segmentation rather than sophisticated malware,an operational concern for European manufacturing facilities with similar OT configurations.
The draft intelligence service law reform could force the BSI to hand over zero-day vulnerabilities to the BND,a step that could endanger the cybersecurity of German organisations if flaws are not promptly disclosed to vendors.
Russia is using compromised private IP cameras for reconnaissance of NATO military logistics infrastructure,an example of the instrumentalization of consumer IoT devices in state-sponsored espionage operations.
Dropping Elephant leverages legitimate binaries (Fondue.exe) for DLL side-loading and Donut shellcode for in-memory RAT placement to bypass disk-based security controls; operational approaches change slower than the tooling itself.
A directory-traversal vulnerability in Edge feedback logging enables remote code execution when a user visits a malicious page or opens a malicious file.
BSI warns of multiple vulnerabilities in Firefox/ESR and Thunderbird with high exploitation potential; exact CVE numbers and version details are absent from this generic announcement.
CISA warns of active credential exposure incidents in Fortinet devices and recommends hardening measures, indicating ongoing threat exploitation in the wild.
BSI warns of multiple undisclosed vulnerabilities in Chrome and Edge; details are limited until patches become available.
BSI advisory for multiple GNU libc vulnerabilities with potential code execution , directly affects all Ubuntu systems in DACH environments.
ClickOnce applications provide threat actors with a built-in update mechanism and reliable persistence method through .appref-ms files in the Start Menu, executable on every user launch.
No changes in this category.
No changes in this category.
HTTP.sys kernel-mode RCE allows unauthenticated remote attackers to achieve code execution with kernel privileges via specially crafted HTTP/1.x requests over TLS.
The planned degradation of BSI from an independent cybersecurity regulator to a supplier for state cyber-attack operations signals a strategic reassessment of offensive vs. defensive cyber capabilities at the highest German policy level.
The vulnerability allows a malicious RDP server to overwrite arbitrary memory on the client when specific cache options are enabled,a critical risk for remote-working organizations.
GigaWiper is a modular Golang backdoor observed in intrusions since October 2025, combining multiple wiper functions with C2 and remote access capabilities in a single operational framework.
Official BSI advisory on multiple vulnerabilities in Microsoft Defender and Malware Protection Engine enabling privilege escalation and code execution , direct threat to all Windows systems on the network.
Three of the vulnerabilities are already being exploited in active attacks; immediate patching is required.
BSI warns of a code-execution vulnerability in Python; details on the CVE, affected version range, and exploitation status are missing from the advisory.
Threat actor O-UNC-066 is conducting active vishing campaigns that specifically impersonate the Microsoft Entra passkey enrollment process to steal credentials and conduct data extortion attacks.
Vishing attackers use phone calls to redirect victims to fake Microsoft Entra ID login pages to steal credentials from Microsoft 365 users.
BSI security advisory on kernel vulnerability without specific CVE designation , detailed information and patch status must be obtained from the BSI WID portal.
An authenticated code execution vulnerability in Microsoft Edge requires timely patch validation, as the browser is widely deployed in production environments.