Full list, filterable by severity, tag and KEV status, sortable by relevance, EPSS, CVSS or date.
102 of 300 threats
Tags
Admiralty grading (A–F · 1–6)
Source reliability
A Completely reliable
B Usually reliable
C Fairly reliable
D Not usually reliable
E Unreliable
F Cannot be judged
Information credibility
1 Confirmed
2 Probably true
3 Possibly true
4 Doubtful
5 Improbable
6 Cannot be judged
NATO Admiralty (AJP-2.1) grades confidence, independent of the risk score. Cross-source corroboration isn't tracked for non-CVE news, so single-source items are capped at a lower credibility number; a low number does not imply low quality.
CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalogue and mandates patching by 4 July 2026 for US federal agencies, signalling active or imminent exploitation.
A Microsoft Defender vulnerability is being actively exploited by ransomware groups, yet CISA does not proactively notify users when KEV-listed vulnerabilities enter active exploitation by ransomware campaigns.
The campaign demonstrates that attackers leverage RMM tools as entry points to steal cloud and AI credentials using admin privileges, enabling broad network compromise.
First documented exploitation of CVE-2026-12569 in Windchill demonstrates that threat actors are operationalizing PTC products as targets immediately after patches became available,German authorities have also previously warned about this vulnerability and a related CVE-2026-4681.
The RoguePlanet vulnerability is a race condition in mpengine.dll that can be exploited regardless of whether real-time protection is enabled, and has already been publicly documented with PoC exploits.
A critical remote-access vulnerability in SimpleHelp is being actively exploited to deploy a new information stealer , a risk for organizations using this tool for technical support.
The vulnerability requires authentication and exploits memory management errors, which means lower exploitation risk for ERP systems with restricted network access, but becomes critical if user accounts are compromised.
The vulnerability allows unauthenticated attackers to expose user responses and cause system unavailability through crafted HTTP requests , a critical risk for SAP-based ERP infrastructure.
A critical deserialization vulnerability in Microsoft Edge allows unauthenticated remote code execution, requiring immediate patch prioritization across all Edge installations.
Prior BeyondTrust flaws have been actively exploited for web shell and backdoor deployment, justifying urgent patch prioritization for these critical authentication bypass vulnerabilities.
Sandbox-escape vulnerability in Chrome requires a pre-compromised renderer process, limiting practical exploitation but still warranting timely patching.
Successful exploitation requires a pre-compromised renderer process, limiting risk to multi-stage attack scenarios, but the sandbox escape represents a critical privilege-escalation vector.
A use-after-free vulnerability in the ANGLE graphics library enables potential sandbox escape via crafted HTML pages, with no evidence of active exploitation in the wild.
An out-of-bounds vulnerability in Chrome's Dawn graphics engine potentially enables sandbox escape via crafted HTML pages with no confirmed active exploitation in the wild.
A use-after-free in the Skia rendering engine enables sandbox escapes via crafted HTML pages, allowing remote code execution on the host system and representing one of the highest severity levels.
A use-after-free vulnerability in Chrome's Dawn component enables sandbox escape and potential arbitrary code execution with elevated privileges , a critical threat to endpoints, particularly in production environments using Chrome.
The vulnerability enables sandbox escape following renderer process compromise, representing a local privilege-escalation risk on already-compromised endpoints.
The sandbox escape requires prior renderer process compromise but is critical for attackers who already have initial code execution within the browser.
A sandbox-escape vulnerability in Google's ANGLE rendering engine potentially allows remote code execution with elevated privileges via crafted HTML pages, with no documented active exploitation in the wild yet.
The vulnerability allows an attacker with access to the renderer process to achieve a sandbox escape, significantly increasing the risk of complete system compromise.
The vulnerability requires an already-compromised renderer process as a prerequisite, making it primarily relevant as a privilege escalation mechanism rather than as a standalone entry point.
A sandbox-escape vulnerability allows attackers to break out of the Chrome sandbox via crafted HTML pages and potentially gain higher system privileges.
The vulnerability enables authentication bypass through manipulated HTTP headers without requiring user interaction , organizations with cloud-based SAP deployments should prioritize reviewing their Approuter configuration.
Russian state-sponsored threat actors have already compromised Ubiquiti Edge OS routers into botnets for malware traffic proxying; three of the now-patched UniFi OS vulnerabilities have been flagged by CISA as actively exploited.
GhostLock is a 15-year-old Linux kernel flaw now publicly disclosed with working exploit code offering 97% reliability for local privilege escalation and container escape.
DirtyClone is the third variant in a series of Linux kernel flaws in the DirtyFrag family caused by incomplete flag propagation during packet cloning; each patch closed one code path while leaving others open.
EU-wide coordinated sanctions against Turla/FSB signal escalated counter-measures against Russia's cyber operations targeting critical infrastructure, with direct relevance to DACH security posture and regional cyber-warfare.
A critical use-after-free vulnerability in Google's ANGLE rendering engine allows an attacker to bypass Chrome's sandbox and execute arbitrary code with elevated privileges , a direct escalation risk for endpoint infection.
EU sanctions confirm an ongoing, coordinated Russian cyber-attack ecosystem comprising intelligence services, cybercriminals, and hacktivists with documented access to European defense ministries and industrial enterprises.
Russian intelligence cyber actors are globally exploiting poorly configured routers and network devices as attack vectors against critical infrastructure and industrial enterprises in DACH regions.
The first joint cyber sanctions by the UK and EU against Russia's FSB signal escalated geopolitical tensions and heightened nation-state cyber threats to European critical infrastructure and supply systems.
The planned degradation of BSI from an independent cybersecurity regulator to a supplier for state cyber-attack operations signals a strategic reassessment of offensive vs. defensive cyber capabilities at the highest German policy level.
The vulnerability affects a simulation environment, not production systems directly; however, it poses a risk to engineering workstations and development workflows in manufacturing operations.
The vulnerability allows low-privileged organization members to impersonate other users and steal their vault keys, enabling complete account takeover and database access.
Coordinated warning from Western allies of Russian critical infrastructure attacks signals escalated cyber-warfare activity with potential implications for European industrial operations and supply chains.
The PolinRider campaign demonstrates a coordinated North Korean supply-chain attack model that has compromised over 100 legitimate open-source packages and directly endangers developer environments and CI/CD credentials.
State-sponsored APT groups exploit simple attack vectors such as weak passwords and lack of network segmentation rather than sophisticated malware,an operational concern for European manufacturing facilities with similar OT configurations.
Russian intelligence services impersonate messenger support to steal backup recovery keys and gain access to high-value targets (government officials, military, journalists) , a new tactic in the phishing context.
Russian intelligence services are conducting a targeted campaign using fake SMS messages to steal credentials from Ukrainian and European government officials, military personnel, and activists , a strategic threat pattern for DACH organizations in government and critical infrastructure sectors.
The Russian FSB is actively improving its malware delivery chains and server concealment techniques, indicating an escalated threat to European industrial networks.
The vulnerability requires authentication and manual processing of a malicious archive file, which limits attack surface in typical production environments but is relevant for SAP administrators and change-management workflows.
The vulnerability allows a malicious RDP server to overwrite arbitrary memory on the client when specific cache options are enabled,a critical risk for remote-working organizations.
First joint UK-EU sanctions against Russian cyber actors signal escalation of coordinated Western response to state-sponsored Russian cyber and disinformation campaigns, with direct implications for European critical infrastructure.
US sanctions against VPN service providers and operators signal escalation in combating ransomware infrastructure and efforts to disrupt financing flows affecting European and DACH organizations.
CISA warns of Russian state actors actively targeting router infrastructure , a critical risk for European manufacturing enterprises relying on distributed sites and VPN-dependent remote-access scenarios.
The draft intelligence service law reform could force the BSI to hand over zero-day vulnerabilities to the BND,a step that could endanger the cybersecurity of German organisations if flaws are not promptly disclosed to vendors.
Iranian cyber actors are expanding targets beyond classical critical infrastructure to manufacturing operations and supply chains, representing an immediate geopolitical threat to European industrial enterprises.
A China-linked APT group is actively expanding its arsenal with new proprietary backdoor variants (LongLeash, DogLeash, JarLeash) for SOHO routers, signalling sustained investment in infrastructure compromise in the context of geopolitical tensions.
North Korean actors are conducting an active supply-chain campaign with 108 malicious packages across multiple popular package repositories, indicating a strategic shift toward dependency-chain compromise as a vector for network infiltration.
Gamaredon is intensifying attacks against Ukraine with 35 new spear-phishing campaigns in 2025 and increasing abuse of cloud services for obfuscation; this signals an escalation of Russian cyber operations in the European context.
Kaspersky documents new tactics and custom backdoors deployed by an established APT group targeting Western infrastructure, relevant to DACH manufacturing and industrial sectors.
Russian state-sponsored groups are conducting active campaigns against Western government and military personnel, indicating targeted cyber-warfare activity with potential spillover effects on European critical infrastructure and supply chains.
Turla continuously develops new .NET backdoors such as STOCKSTAY for targeted state-sponsored espionage against Ukraine and entities with Italy-related interests , signals escalating Russian-Ukrainian cyber-warfare with relevance to European critical infrastructure.
Russian state actors are conducting sustained campaigns against network infrastructure in critical sectors, which is relevant for European manufacturing operations with dependencies on energy supply and supply chains.
EU sanctions against Russian GRU hackers underscore coordinated Western response to state-sponsored cyberattacks and elevate geopolitical cyber risk for European manufacturing enterprises.
Russia is using compromised private IP cameras for reconnaissance of NATO military logistics infrastructure,an example of the instrumentalization of consumer IoT devices in state-sponsored espionage operations.
China-nexus APT group UAT-7810 systematically exploits unpatched network devices as relay points for attacks on high-value targets and provides infrastructure for other APT groups.
Delays in NIS2 implementation by major EU member states create regulatory uncertainty for European critical infrastructure operators and risk fragmented cybersecurity governance across the EU.
Volt Typhoon is portrayed as a persistent China-backed threat to Western critical infrastructure, signaling geopolitical cyber-warfare scenarios that indirectly threaten European supply chains and industrial operations.
ToddyCat develops specialized tools (Umbrij) to bypass EPP/EDR solutions through OAuth token theft via remote debugging port , an advanced technique for silent email compromise.
The USA has announced a reward for information about Russian hackers behind organized phishing attacks against Signal users,a sign of escalating state-sponsored cyber operations targeting Western communications infrastructure.
The Interior Ministry's clarification of Cyberdome signals strengthened government coordination against cyberattacks in the DACH region and may require IT vendors to achieve 'Cyberdome-ready' certification.
Russian intelligence services are expanding their Signal-targeted phishing campaigns to extract Backup Recovery Keys, enabling access to historical messages and compromising the security of encrypted communications within organizations.
Russian intelligence expands its Signal phishing campaign to specifically target backup recovery keys, which provide unlimited access to restored accounts and complete message history.
Russian state actors are conducting systematic social-engineering campaigns against messaging services, indicating operationalization of credential-harvesting as a geopolitical weapon.
Critical heap-corruption vulnerability in Chrome requires user interaction (specific UI gestures) for exploitation and is therefore not remotely exploitable without user engagement.
A use-after-free vulnerability in Google's Views component enables heap corruption via crafted HTML pages when users perform specific UI gestures; critical CVSS score requires immediate update to version 150.0.7871.47 or later.
A privilege escalation flaw in Microsoft's malware protection engine could allow attackers with limited rights to escalate to system level and compromise the security infrastructure itself.
A validation failure in PDF form objects during JavaScript execution leads to invalid pointer access and application crash, potentially exploitable for denial-of-service.
The vulnerability enables PDF application crashes through manipulated JavaScript code during page deletion and annotation removal, with no remote code execution or data loss documented.
The vulnerability enables a heap corruption condition through improper validation of PDF annotation relationships, potentially leading to crashes or code execution.
A memory-corruption flaw in PDF applications can be triggered by malicious JavaScript in form fields, leading to application crashes; remote code execution potential is unclear from the advisory.
A JavaScript-based field traversal vulnerability in PDF applications can cause application crash through invalid pointer dereference when a corrupted field form is opened.
High
CVSS
7.8
EPSS
0%
NEW Cisco Russian APT (unspecified), Salt Typhoon C3
Russian state-sponsored APTs are actively exploiting poorly secured routers in critical infrastructure using seven-year-old known vulnerabilities, signaling a coordinated campaign focused on persistent network presence.
Critical
NEW Linux, Google Chrome PolinRider (North Korea-aligned) B3
A critical elevation of privilege vulnerability in Microsoft Defender allows attackers to escalate from standard user account to full system control (NT AUTHORITY\SYSTEM).
A maximum-severity vulnerability in Ubiquiti UniFi OS requires immediate attention as this component is central to network management and segmentation.
The vulnerability allows local users to escalate privileges to NT AUTHORITY\SYSTEM level via user-controllable executable files; however, the vendor, PoC status, and active exploitation details remain unclear.
The vulnerability requires already-high privileges for exploitation and is limited to confidentiality impact, indicating relatively constrained risk in typical deployment scenarios.
This is the RAR5 sibling of CVE-2023-40477 (fixed only in the RAR3 path through version 6.23); the new vulnerability affects recovery files and requires only that the user perform a test/repair operation on the crafted .rev files.
A 16-year-old use-after-free vulnerability in the Linux KVM hypervisor enables the first reliable guest-to-host escape with full code execution on both Intel and AMD x86 systems.
The alert mentions critical flaws in BeyondTrust software but provides no details on CVE numbers, attack scenarios, or active exploitation , the article appears incomplete or is a preview lacking substantive technical information.
Attackers actively exploit an authentication bypass in SimpleHelp to deliver malware that specifically targets developer credentials, SSH keys, and cryptocurrency wallets,suggesting supply-chain and development-pipeline targeting.
The vulnerability is already actively exploited for web shell deployment; it is the first PTC product vulnerability added to CISA's KEV catalog and signals rapid weaponization of newly disclosed flaws by threat actors.
The vulnerability allows injection of malicious firmware without valid signature validation, enabling persistent compromise of critical control and communication systems in production environments.
Critical vulnerability in Siemens ICS components with default-disabled OPC UA security mechanisms allows unauthorized access to production systems without requiring prior attacker reconnaissance.
Reflected XSS in SAP NetWeaver enables JavaScript execution in the victim's browser under certain conditions, leading to session theft and authenticated actions in the user's context.
Memory vulnerability in PDF rendering enables remote denial-of-service through malformed color spaces; attack vectors via email attachments or SharePoint documents are likely.
A critical use-after-free vulnerability in Chrome's Chromoting component enables remote code execution via malicious network traffic and requires immediate patching on Windows systems using Chrome remote access.
A critical use-after-free vulnerability in the Ozone rendering engine enables remote code execution via crafted HTML pages without requiring user interaction.
A critical use-after-free vulnerability in the Chrome renderer enables sandbox escape under certain conditions, potentially leading to complete system compromise.
A sandbox-escape vulnerability in Chromium allows an attacker with renderer-process access to break browser isolation and execute arbitrary code on the host system,a critical risk for endpoints running Chrome or Chromium-based browsers.
The vulnerability requires an already-compromised renderer process and thus represents the second stage of a multi-stage attack chain rather than a direct remote code execution vector.
Critical RCE vulnerability in Chrome Chromoting component requires immediate patching; the flaw is triggered via malicious network packets and affects remote desktop usage.
The vulnerability enables an attacker with renderer-process access to escape the Chrome sandbox and execute arbitrary code,a critical escalation across browser security boundaries.
A use-after-free vulnerability in GPU processing allows an attacker with renderer access to achieve full sandbox escape,critical for browser security in production environments.
The vulnerability enables arbitrary code execution through malicious Chrome extensions and requires user interaction to install the malicious extension.
The vulnerability documents an undocumented security behavior in OpenSSH within Windows AD environments where GSSAPI strict checks fail to activate , a previously undisclosed configuration edge case with potential authentication bypass implications.
The vulnerability allows restricted authenticated users to access information from other entities and escalate privileges without authorization checks being performed.
The article is a patch announcement without CVE numbers, active exploitation details, or affected customer groups, and provides no strategic information beyond standard patch advisory.
BSI warning of multiple critical Windows vulnerabilities with potential for privilege escalation and code execution , the exact CVE portfolio and patch date must be obtained from the official BSI WID entry.
GigaWiper is a modular Golang backdoor observed in intrusions since October 2025, combining multiple wiper functions with C2 and remote access capabilities in a single operational framework.
BSI advisory on multiple Windows/Windows Server vulnerabilities without specific CVE listing indicates current patch-cycle warning or aggregation of concurrent exposures.
The authentication vulnerability allows unauthorized access to GSSAPI-authenticated systems without valid credentials, but primarily affects environments with explicitly configured JNDIRealm.
Leaked exploits for a Linux kernel vulnerability signal immediate attack readiness for any Ubuntu/Linux environment and significantly elevate the risk of local compromise.
The vulnerability allows attackers to deceive authenticated users, steal their session tokens, or generate persistent access tokens to inject malicious extension versions into the Open VSX supply chain.
The vulnerability allows authenticated users to inject arbitrary key-value pairs into webhook and SIEM payloads, undermining the reliability of security events and their interpretation in downstream systems.
CISA has added the SimpleHelp vulnerability to its Known Exploited Vulnerabilities catalog; security researchers have identified malware such as TaskWeaver and Djinn Stealer deployed post-compromise via CVE-2026-48558.
The vulnerability allows attackers to bypass the Windows Mark-of-the-Web security boundary by using specially crafted RAR5 archives with Zone.Identifier stream entries to evade 7-Zip's guard mechanism.
An authentication bypass (CVE-2026-55040) was chained by Rapid7 Labs with a separate RCE vulnerability to achieve unauthenticated remote code execution; patching the bypass breaks the exploit chain.
Eleven forgotten Microsoft-signed UEFI bootloaders can bypass Secure Boot and enable malicious code execution during system startup, independent of the installed operating system.
Attackers exploit OAuth Client ID spoofing to validate stolen credentials against Microsoft Entra ID without detection, as no successful sign-in event is logged.
The Patch Day aggregates multiple vulnerabilities (RCE, DoS, information disclosure, SQL injection, XSS) with varying impacts and requires prioritized patch management.
The alert generically describes 16 partially critical SAP flaws without specific CVE numbers, affected product versions, or exploitability details , it is a pure patch announcement without operational added value.
The BSI warning describes multiple 7-Zip vulnerabilities without specific CVE numbers or CVSS scores; further details on exploitability and affected versions are required.
Forg365 demonstrates the industrialization of phishing-as-a-service with AI-assisted lure generation, SMTP rotation via Amazon SES/Twilio SendGrid, and post-compromise mailbox operations for under €400 per month, enabling even low-skill threat actors to orchestrate scaled campaigns against Microsoft 365.
BSI warns of multiple unspecified vulnerabilities in Microsoft Edge enabling code execution and privilege escalation; exploitation requires user interaction.
The discovery of a misconfigured Evilginx infrastructure with three active phishing campaigns targeting Microsoft 365 demonstrates the operational reality of reverse-proxy phishing with advanced MFA-bypass capabilities.
BSI warns of multiple vulnerabilities in Chrome enabling active exploitation; as Chrome is widely deployed, timely patching to the released fix version should be prioritized.
CISA warns of active credential exposure incidents in Fortinet devices and recommends hardening measures, indicating ongoing threat exploitation in the wild.
Threat actor O-UNC-066 is conducting active vishing campaigns that specifically impersonate the Microsoft Entra passkey enrollment process to steal credentials and conduct data extortion attacks.
BSI security advisory on kernel vulnerability without specific CVE designation , detailed information and patch status must be obtained from the BSI WID portal.
BSI warns of a code-execution vulnerability in Python; details on the CVE, affected version range, and exploitation status are missing from the advisory.
The vulnerability requires social engineering (user clicking a malicious link) and is largely mitigatable through access restrictions to trusted internal IP addresses.
A new vishing group named Helix uses social engineering tactics specifically targeting SharePoint environments to steal credentials and access corporate data.
Three related vulnerabilities in Windows paravirtualization drivers enable local privilege escalation through missing security descriptors on kernel-level facilities.
This vulnerability enables unauthenticated local privilege escalation on Windows Xen instances, posing a hypervisor-security risk in virtualized production environments.
Forg365 uses generative AI to optimize phishing campaigns against Microsoft 365 accounts, increasing the success rate of automated credential-harvesting attacks.
Case study demonstrates that cyberattacks on manufacturing operations can pose existential threat,not merely production downtime but leading to business insolvency.
The BSI advisory provides no specific CVE identifiers and describes a general vulnerability pattern in Microsoft Edge without exploitation status or PoC details; likely an aggregated patch advisory.
The BSI warning concerns critical browser vulnerabilities without specific CVE numbers in this alert , details on affected versions and exploit status should be in the full BSI advisory.
A use-after-free vulnerability in Google's InterestGroups feature enables sandbox escape and arbitrary code execution via crafted HTML pages, with no active exploitation in the wild confirmed.
This vulnerability enables code execution within the Chrome sandbox via crafted HTML pages; without description of active exploitation or campaigns, the immediate attack risk remains unclear.
A critical heap-corruption vulnerability in Google's Views component allows remote code execution via a crafted HTML page; there are no reports of active exploitation in the wild.
A UXSS vulnerability in WebGL allows attackers to inject arbitrary scripts into Chrome browsers while bypassing the Same-Origin-Policy , a critical risk for web-based business applications and cloud-based systems.
The vulnerability allows circumventing a sandbox environment and thus enabling the execution of arbitrary code on the end system of a user who visits a crafted HTML page.
A high-severity vulnerability in Chrome's DOM handler enables heap corruption via crafted HTML pages; attackers may potentially execute code within the browser context without further user interaction.
A sandbox-escape vulnerability in Chrome's renderer process allows an attacker with renderer-process access to break out of the sandbox and potentially execute code on the host system.
This is a use-after-free vulnerability with sandbox escape potential that requires a compromised renderer process first, making it a multi-stage attack.
A race condition in GetUserMedia allows an attacker with compromised renderer-process access to escape the browser sandbox,a critical escalation beyond typical rendering exploits.
A use-after-free vulnerability in Chrome's Actor allows sandbox escape and arbitrary code execution via crafted HTML pages, requiring only a user to visit a malicious webpage.
A vulnerability in Chrome's ANGLE graphics engine prior to version 150.0.7871.115 enables memory disclosure through crafted HTML pages; no active campaign or specific exploitation known.
The vulnerability enables out-of-bounds memory access through manipulated browser extensions and requires user interaction to install the malicious extension.
The BSI advisory covers multiple OpenSSH vulnerabilities without naming CVE numbers or specific version details,a typical aggregated advisory lacking clarity on exploit status.
The campaign abuses legitimate Microsoft authentication mechanisms instead of fake login pages, combining collaboration-themed lures with OAuth Device-Flow exploitation to bypass MFA and gain persistent account access.
A long-overlooked KVM vulnerability allows attackers within virtual machines to escape their isolated environment and gain kernel privileges on the host system.
The BSI warns of multiple OpenSSL vulnerabilities without specific CVE references in this notice; this indicates a summary or update of multiple already-known vulnerabilities.
The vulnerability enables sandbox escape via Type Confusion in V8; this is significant for Chrome users in production environments exposed to advanced web-based exploits.
An integer overflow vulnerability in Google's V8 JavaScript engine enables remote code execution within Chrome's sandbox through crafted HTML pages and requires timely patching.
This CVE is a standard browser security vulnerability with no geopolitical or supply-chain implications; it requires routine patch management like any other Chrome update.
The vulnerability affects the ANGLE graphics library in Chrome and enables memory read access via crafted HTML pages, potentially exposing sensitive process memory data.
The vulnerability allows leaking data across origin boundaries via crafted HTML pages, potentially enabling attackers to access sensitive information from other websites within the same browser.
An out-of-bounds read vulnerability in Chrome's ANGLE renderer allows extraction of sensitive data from process memory; this is already patched in Chrome version 150.0.7871.46 and later.
Sandbox-escape vulnerability in V8 allows attackers to execute code with elevated privileges via crafted HTML pages, but is documented as a standard patch advisory with no evidence of active exploitation.
A campaign with 81 million Microsoft 365 login attempts indicates large-scale, automated attacks likely exploiting stolen or weak credentials and potentially bypassing multi-factor authentication.
Threat actors distribute manipulated ScreenConnect archives disguised as legitimate freeware utilities (OBS Studio, DS4Windows, DNS Jumper, Glary Utilities) to gain access to enterprise-wide systems.
BSI warns of multiple Apache vulnerabilities enabling DoS and security bypasses; without specific CVE details, this is a generic warning without immediate tactical novelty.
The BSI warns of multiple unspecified vulnerabilities in Google Chrome whose details have not yet been publicly disclosed; exact CVE numbers and patches are pending.
An aggregation report covering ~382 partly critical CVEs in Chromium-based browsers without describing an active exploitation campaign or specific attack patterns.
A sandbox escape vulnerability in the renderer process allows an attacker with a compromised renderer to break out of browser isolation and potentially gain system-level access , a critical risk beyond mere information disclosure.
The vulnerability requires specific UI gestures and a malicious file delivery, limiting real-world attack risk in production environments; however, prompt update to version 150.0.7871.47 or later is necessary.
The sandbox escape via a heap buffer overflow in V8 enables attackers to break out of the Chrome sandbox and execute arbitrary code with user privileges.
The vulnerability requires user interaction but enables arbitrary code execution within the browser context, posing significant risk to manufacturing organizations deploying Chrome on Windows endpoints.
The exploit requires a previously compromised renderer process, which limits immediate exploitability but remains relevant as a second-stage attack following initial compromise.
The vulnerability requires prior compromise of the renderer process, which restricts the practical exploitation chain and is primarily relevant in targeted attacks following initial access.
This is an active, critical security flaw in a widely-used browser that can be exploited on Linux systems through minimal user-interaction social engineering.
This vulnerability enables sandbox escape following renderer compromise , a multi-stage attack posing elevated risk to Linux systems within manufacturing environments.
The vulnerability requires local access and file-system interaction, limiting risk in typical enterprise environments where desktop isolation and endpoint detection mechanisms are active.
The vulnerability allows an attacker to execute code within Chrome's sandbox; a sandbox escape is possible if combined with additional vulnerabilities.
A local vulnerability in the Chrome Updater enables privilege escalation on Windows systems, which is relevant for organizations with local security models, as attackers with user access can gain OS-level privileges.
A flaw in Canvas policy enforcement enables attackers to extract sensitive cross-origin data through crafted web pages, posing elevated risk to users operating across multiple web contexts.
A CSS implementation flaw in Chrome allows attackers to bypass the same-origin policy,a fundamental browser security model,which significantly simplifies phishing, credential harvesting, and malware vectors against end users.
The vulnerability enables remote injection of arbitrary scripts via crafted HTML pages with high severity, posing significant risk to web-based applications and cloud services used by organizations.
This is a standard patch notice from the NVD with no indication of active exploitation or specific attack scenarios beyond the basic vulnerability description.
This vulnerability allows an attacker with a compromised renderer process to escape the sandbox via crafted HTML content, requiring timely updates of Chrome installations.
The vulnerability requires prior compromise of the renderer process and enables a sandbox escape , an escalation scenario relevant in targeted attacks.
The vulnerability requires a pre-compromised renderer process and is primarily relevant in multi-stage attack chains rather than standalone exploitation.
A use-after-free vulnerability in Chromoting enables remote code execution via malicious network traffic, affecting Linux systems running Chrome versions prior to 150.0.7871.47.
A sandbox escape vulnerability in the Chrome renderer allows an attacker with control over the renderer process to break security boundaries and potentially execute system code.
An implementation vulnerability in Google Chrome allows remote attackers to obtain potentially sensitive information from process memory via crafted HTML pages.
Heap-corruption vulnerability in Chromium's Dawn graphics engine enables potential remote code execution via crafted HTML pages without additional user interaction.
The vulnerability enables privilege escalation via crafted HTML pages once the renderer process is compromised, which is relevant for multi-stage attack chains.
Sandbox-escape potential through use-after-free in Chrome renderer enables an attacker with a compromised renderer process to break out of the browser sandbox , threat to endpoint security in web-based attack scenarios.
A sandbox escape vulnerability in Google Chrome allows attackers to potentially break out of the browser sandbox via crafted HTML pages, enabling arbitrary code execution.
High-severity RCE vulnerability in Blink requires immediate Chrome update to version 150.0.7871.47 or later to prevent sandbox escapes via crafted HTML pages.
The vulnerability allows an attacker with control over the renderer process to bypass site isolation, demonstrating that isolation between websites is not guaranteed when the renderer is compromised.
The vulnerability requires a successfully compromised renderer process as a prerequisite; it is thus relevant for multi-stage exploitation attacks but is addressed in isolation through browser updates.
The vulnerability requires a pre-compromised renderer process and then enables sandbox escape , a two-stage exploitation scenario that underscores the importance of browser isolation and defense-in-depth measures.
The vulnerability requires specifically manipulated UI gestures from the user, which limits the risk of opportunistic remote exploitation but enables targeted attacks against known users.
The vulnerability in the Chrome Updater enables local privilege escalation on Windows systems, but requires system access and a malicious file to exploit.
The vulnerability enables sandbox escape after renderer process compromise, but requires prior compromise and is primarily a browser risk with no known active exploitation reported.
For Windows systems with Chrome: High-severity RCE through WebApp installation manipulation requires user interaction but poses elevated risk for industrial workstations.
The vulnerability requires active user interaction (installation of a malicious extension) and thus presents a moderate, not critical, risk if user security training is effective.
A side-channel vulnerability in Chrome's Scroll mechanism allows attackers to leak confidential cross-origin data through a crafted HTML page, raising concerns about browser security against subtle timing-based exploits.
The BSI warning describes multiple OpenSSL vulnerabilities without specific CVE designations or severity levels , a typical aggregated security alert for critical infrastructure, but requires clarification for prioritization.
BSI issues warning on multiple Chrome/Edge vulnerabilities without specific CVE numbers; incomplete details suggest a coordination or staged-update scenario.
BSI alert on multiple GNU libc vulnerabilities with broad impact on all Linux systems in production environments; urgency and details depend on the severity level of the underlying CVEs.
The BSI warns of multiple privilege escalation vulnerabilities in sudo; without CVE numbers, it remains unclear whether these are already-known or newly disclosed flaws.
An unnamed vulnerability in 7-Zip allows attackers to bypass security mechanisms and manipulate files, which is critical in environments with data protection requirements.
119 malicious browser extensions with 2.6 million installations were discovered in Microsoft Edge despite obfuscation techniques , an active supply-chain risk for enterprise endpoints.
An authenticated code execution vulnerability in Microsoft Edge requires timely patch validation, as the browser is widely deployed in production environments.
The BSI advisory indicates a vulnerability in RHEL that can be exploited by an authenticated attacker to achieve code execution , the absence of CVE numbers and PoC status makes technical triage impossible without further details.
BSI alerts to multiple Chrome vulnerabilities; without specific CVE numbers, this is a generic warning category but requires immediate patch verification.
A coordinated campaign since at least 2021 exploited 119 malicious Edge extensions to hide malware in image and font files, stealing credentials and conducting ad fraud days after installation.
BSI warning on multiple unspecified vulnerabilities in Chrome/Edge without concrete CVE numbers or exploitation details , typically aggregation of multiple CVEs from regular browser updates.
A popular Chrome extension with ten million installations was potentially compromised with a backdoor, pointing to an active supply-chain attack scenario.
The Miasma campaign demonstrates a new escalation: attackers abuse compromised developer credentials to inject malware-laden packages via trusted npm registry and GitHub workflows, compromising downstream developers.
Unattributed active campaign since April 2026 uses deceptive photo archives as entry point for multi-stage intrusion with persistent Node.js implant and obfuscated PowerShell.
A vulnerability in PKCS#7 signature verification allows forged digital signatures to be accepted by failing to correctly bind the signer identity to the signature, affecting trust chains in Windows, Active Directory, and Office environments.
The vulnerability requires an already-compromised renderer process and is therefore primarily an escalation mechanism after initial compromise, not a primary attack vector.
New phishing kits use advanced social engineering techniques to bypass multi-factor authentication, posing an immediate threat to organizations relying on Microsoft 365.
Threat actors leverage AI-generated tools for automated AD enumeration, lowering the skill barrier for less-experienced attackers and representing a new dimension of post-compromise reconnaissance.
A security researcher (Nightmare-Eclipse) is deliberately publishing multiple Microsoft zero-days with PoC exploits; RoguePlanet enables privilege escalation from user to SYSTEM level on Windows devices.
Microsoft has released an improved patch after an initial rudimentary fix in June, as the vulnerability from the "Nightmare Eclipse" exploit collection is already being actively exploited.
EtherRAT is being distributed via fake IT support calls through Microsoft Teams,a social engineering campaign that exploits trusted-contact impersonation to install remote access trojans on Windows systems.
The release of PoC code for a Linux kernel vulnerability enabling local root access significantly increases exploitation risk and requires urgent patching on affected Ubuntu systems.
Monthly patch announcement for Chrome with 382 security fixes, of which 15 are rated critical and could allow arbitrary code execution outside the browser sandbox.
The BlueHammer vulnerability is already being exploited by ransomware groups in active attacks, not merely in theoretical scenarios; this indicates an immediate threat to unpatched Windows systems.
DirtyClone (CVE-2026-43503, CVSS 8.8) is a new Linux kernel variant of DirtyFrag with active abuse by groups like ShinyHunters, enabling immediate root privilege escalation on unpatched or incompletely patched systems.
ShinyHunters-associated campaigns exploit vishing attacks to compromise OAuth access to Salesforce instances, combined with supply-chain attacks through trusted integrations such as Salesloft and Gainsight.
ClickOnce applications provide threat actors with a built-in update mechanism and reliable persistence method through .appref-ms files in the Start Menu, executable on every user launch.
EvilTokens uses AES-GCM-encrypted HTML payloads that decrypt only in the browser to bypass traditional email security inspections and conduct device-code phishing attacks against Microsoft 365 accounts.
FortiBleed is actively being exploited by the Lynx ransomware group for credential theft prior to ransomware deployment, indicating coordinated attack-chain coordination.
GodDamn ransomware leverages the signed PoisonX kernel driver to disable Windows Defender and other endpoint security software , an escalation in defense evasion capabilities by the Hyadina group.
ARToken is a fully automated PhaaS panel with 80+ API endpoints for targeted Microsoft 365 phishing, including persistent token acquisition via Microsoft Authentication Broker and SharePoint exfiltration , an escalated threat model compared to earlier EvilTokens reporting.
Report aggregates multiple unrelated attacks and vulnerabilities (Polymarket supply-chain attack, KDDI breach, Cisco zero-day, Fortinet vulnerabilities) without focus on a single active campaign; serves as a weekly threat intelligence digest.
BSI warning on multiple Linux kernel CVEs without specific CVE identifiers in this notice; likely a summary of ongoing or newly disclosed vulnerabilities.
Microsoft is making passkeys the default authentication method in Entra ID beginning September 1, 2026, to reduce phishing, SIM swapping, and MFA bypass attacks.
BSI advisory on multiple Linux Kernel DoS vulnerabilities without specific CVE references or exploitation details; urgency and affected versions remain unclear.
This is a standard security patch notification for an already-reported Chrome vulnerability with no indication of active exploitation or targeted campaigns.
BSI alert on Linux Kernel vulnerabilities lacks CVE details, complicating prioritization for Ubuntu deployments; specific CVEs needed for patch management.
A BSI notification regarding a vague TeamViewer vulnerability without CVE assignment and lacking detailed attack scenarios suggests preventive awareness rather than active exploitation.
The BSI has published an update warning on multiple unspecified vulnerabilities in Firefox, Firefox ESR and Thunderbird; specific CVE identifiers and exploitation reports are not provided in this notice.
A privilege escalation vulnerability in Chromoting requires a local attacker to already have file access on the system , typical of insider or post-compromise scenarios following initial compromise.
Vulnerability enables bypass of same-origin policy via crafted HTML page without authentication, potentially allowing web-based attacks on locally trusted content.
The vulnerability requires already-compromised renderer processes and is not known to be actively exploited; this is a standard browser patch without geopolitical or campaign implications.
This is a standard Chromium security update with no indication of active exploitation; the UI-spoofing vulnerability requires prior renderer-process compromise.
Although the vulnerability is rated Medium severity, it enables code execution within the browser sandbox and should be patched promptly, but is not currently documented as actively exploited.
The vulnerability requires deliberate user interaction (specific UI gestures) and access to a crafted HTML page, limiting attack risk to advanced social-engineering scenarios.
The vulnerability allows attackers to exfiltrate cross-origin data via malicious HTML pages,a direct threat to multi-tab and cloud-based workflows in enterprises.
The vulnerability requires prior compromise of the renderer process; for attackers this constitutes a two-stage exploit (web-RCE + sandbox-escape) and is thus further limited in practice by modern browser isolation (e.g., Windows Sandbox, separate processes).
A side-channel vulnerability in Chromium's ComputePressure API enables exfiltration of cross-origin data through crafted HTML pages under specific conditions.
This is a pure patch notification without reports of active exploitation or targeted campaigns; strategic relevance falls below management escalation threshold.
The vulnerability allows an attacker to bypass the same-origin policy via a crafted HTML page, potentially compromising sessions across different origins.
A vulnerability in Google Chrome's WebUI allows attackers to leak cross-origin data through malicious network traffic , relevant for organizations relying on Chrome for sensitive business applications.
The CVE affects a validation flaw in Chrome's ANGLE component that allows an attacker with renderer process access to leak sensitive memory contents,a relatively low risk in stable enterprise environments.
A race condition in the DataTransfer mechanism allows attackers to extract sensitive data from browser process memory via a crafted HTML page,relevant for all employees who handle confidential content in Chrome.
A sandbox escape vulnerability allows an attacker with renderer process access to break out of the Chrome sandbox, enabling privilege escalation on Windows systems.
UI spoofing vulnerability in Chrome allows attackers to impersonate browser interface via crafted HTML pages, potentially enhancing phishing campaigns.
An out-of-bounds read vulnerability in FFmpeg within Chrome enables attackers to extract potentially sensitive data from process memory via a crafted video file.
Microsoft introduces AI-powered security tools (MDASH for vulnerability scanning, extended threat detection for databases, Entra Backup) relevant to organizations with hybrid-cloud and multi-cloud infrastructure.