Weekly dossier · 2026-W23
Joel Traber AG
01.06.2026 – 07.06.2026
Strategic overview
CRITICALIn calendar week 23, Joel Traber AG's infrastructure faced an elevated threat level as several critical vulnerabilities in core components of the technology stack were actively exploited, including Windows Server, Linux systems, Microsoft 365 services, and the deployed Palo Alto firewalls. Particularly severe is the critically rated Netlogon vulnerability with a CVSS score of 9.8, for which active exploits have been reported, combined with an authentication bypass in PAN-OS that potentially undermines the protection of the entire network perimeter.
- Alerts
- 249
- CVEs
- 415
- KEV
- 8
- Critical
- 62
Top news
- TAKTISCH SecurityWeekRecent Palo Alto Networks Vulnerability Exploited for Weeks
Attackers are actively exploiting CVE-2026-0257 in PAN-OS just four days after public disclosure, indicating targeted attacks on firewall products in critical enterprise networks.
→ Palo Alto Networks PAN-OS is a critical security product in the firewall landscape and is widely deployed in DACH enterprise networks; active exploitation of an authentication bypass vulnerability is highly relevant for network security.
- TAKTISCH ZDI: Published AdvisoriesZDI-26-331: (Pwn2Own) Microsoft Edge Feedback Log File Handling Directory Traversal Remote Code Execution Vulnerability
Directory-traversal-based RCE in Microsoft Edge feedback logs with CVSS 7.5; Pwn2Own context indicates active, practically demonstrated exploitability.
→ Microsoft Edge is widely deployed in the company's tech stack; a CVSS 7.5 RCE vulnerability requiring user interaction represents a direct operational security risk to endpoint users.
- TAKTISCH ZDI: Published AdvisoriesZDI-26-329: (Pwn2Own) Microsoft Edge Origin Validation Error Security Bypass Vulnerability
Pwn2Own vulnerability in Microsoft Edge allows bypass of origin validation; attackers can access restricted functionality if users visit a malicious page.
→ Microsoft Edge is included in the company's tech stack and used for browsing activities; the origin validation flaw could expose users to malicious pages, but requires active user interaction.
- TAKTISCH ZDI: Published AdvisoriesZDI-26-188: (Pwn2Own) VMware ESXi VMCI Integer Underflow Local Privilege Escalation Vulnerability
An integer underflow vulnerability in the VMware ESXi VMCI subsystem enables local privilege escalation with a high CVSS score and Pwn2Own proof-of-concept code.
→ VMware ESXi is directly listed in the company's tech stack; a local privilege escalation vulnerability (CVSS 8.2) with Pwn2Own proof-of-concept requires immediate attention for infrastructure management.
- TAKTISCH The Hacker NewsGamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine
Gamaredon employs a multi-stage exploitation chain leveraging the WinRAR vulnerability to establish system fingerprinting and remote payload delivery, indicating escalation of Russian APT activity targeting Eastern Europe.
→ Russian state-sponsored APT group Gamaredon actively exploiting WinRAR vulnerability to deliver malware against Ukraine; relevant to DACH manufacturing sector due to nation-state threat landscape and potential supply-chain targeting of European industrial organizations.
- TAKTISCH SecurityWeekCritical Windows Netlogon Vulnerability in Attackers' Crosshairs
Threat actors are actively exploiting the vulnerability; the Centre for Cybersecurity Belgium warns of ongoing exploitation, although Microsoft has not yet confirmed active abuse in the wild.
→ CVE-2026-41089 is a critical Windows Netlogon vulnerability (CVSS 9.8) affecting Windows Server 2022 and 2019 in the company's tech stack, with active exploitation reported by CCB.
- OPERATIV ZDI: Published AdvisoriesZDI-26-206: (Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
A critical TTF-parsing vulnerability in Canon multifunction printers enables unauthenticated remote code execution from network-adjacent positions and was demonstrated at Pwn2Own 2025.
→ Canon imageCLASS MF654Cdw multifunction printers are in the company's tech stack; this RCE vulnerability affecting network-adjacent attackers without authentication represents a direct operational risk to printer infrastructure.
- OPERATIV CERT Recently Published Vulnerability NotesVU#980487: Local privilege escalation in Linux Kernel (Dirty Frag)
Chaining of two Linux kernel fragmentation-related vulnerabilities enables memory corruption and local privilege escalation through crafted network packets.
→ Ubuntu 24.04 LTS is in the company's tech stack; Linux kernel vulnerabilities enabling local privilege escalation are operationally relevant for any organization running Linux systems, though this particular vulnerability requires local access or network packet manipulation.
- OPERATIV ZDI: Published AdvisoriesZDI-26-278: Microsoft Windows win32kfull Improper Locking Local Privilege Escalation Vulnerability
Local privilege escalation in win32kfull (CVSS 7.8) requires prior code execution on the target system but presents a critical escalation path for attackers who have already compromised the system.
→ Microsoft Windows is a core component of the company's infrastructure (Windows Server 2022, 2019); local privilege escalation in win32kfull directly affects all Windows systems in the environment.
- TAKTISCH Unit 42Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257
Unknown threat actors are actively exploiting an authentication bypass vulnerability in PAN-OS GlobalProtect to gain unauthorized VPN access and circumvent security controls.
→ CVE-2026-0257 is an active authentication bypass vulnerability in PAN-OS GlobalProtect directly relevant to organizations operating Palo Alto Networks firewalls.
- OPERATIV Tenable BlogMini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign
A self-propagating worm (Mini Shai-Hulud) by TeamPCP has compromised over 170 npm and PyPI packages while defeating SLSA provenance attestation, representing a critical threat to any software development relying on dependencies from these ecosystems.
→ Self-propagating worm campaign targeting npm and PyPI packages with SLSA provenance bypass affects development supply chains and CI/CD environments critical to manufacturing software workflows.
Research Deep Dives
View all →- UNIT 42 05/06/2026Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257
An unidentified threat actor is actively exploiting PAN-OS vulnerability CVE-2026-0257, which allows authentication bypass in GlobalProtect portals and gateways. This flaw permits unauthorized VPN connections without valid credentials, though only a small portion of probed devices established actual sessions. No lateral movement or post-access activity has been observed yet. Organizations, especially in manufacturing, should urgently hunt for the listed indicators in logs and apply patches or mitigations.
- TENABLE BLOG 21/05/2026Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign
"Mini Shai-Hulud" is a self-propagating supply chain worm that has breached over 170 npm and PyPI packages. It steals developer and cloud credentials and defeats SLSA Build Level 3 provenance attestation, a critical security control. Any system that installed a compromised package is considered fully compromised. The campaign has been active since September 2025 and uses CI/CD pipelines to spread exponentially.
- MICROSOFT SECURITY BLOG 03/06/2026Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign
Microsoft Threat Intelligence identified a large-scale npm supply chain attack compromising 32 packages under the @redhat-cloud-services scope. The attackers exploited a compromised CI/CD pipeline to publish trojanized packages with valid provenance signatures. A preinstall hook executed a heavily obfuscated dropper script that stole credentials from cloud services and developer systems and spread by compromising additional packages. Microsoft shared findings with the npm team, leading to removal of affected repositories and implementation of additional protections.
Top vendors
- Google 127
- Microsoft 48
- 7-Zip 8
- Linux 7
- Canon 7
- Mozilla 4
Top CVEs
- CVE-2026-0257 Recent Palo Alto Networks Vulnerability Exploited for Weeks 9.1
- CVE-2025-8088 Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine 8.8
- CVE-2026-22769 vSphere and BRICKSTORM Malware: A Defender's Guide 10.0
- CVE-2026-45321 Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign 9.6
- CVE-2026-48579 CVE-2026-48579 9.1
- CVE-2026-48095 CVE-2026-48095: 7-Zip Heap Buffer Overflow in NTFS Handler Allows Arbitrary Code Execution 8.8