Weekly dossier · 2026-W24
Joel Traber AG
08.06.2026 – 14.06.2026
Strategic overview
CRITICALIn CW 24, the relevant threats are concentrated across three core areas of Joel Traber AG's IT infrastructure: Windows Server, Microsoft Exchange, and Google Chrome. Particularly critical is an actively exploited zero-day vulnerability in Chrome, alongside two Windows Server vulnerabilities enabling remote code execution and local privilege escalation respectively, all of which require immediate action.
- Alerts
- 383
- CVEs
- 510
- KEV
- 8
- Critical
- 140
Top news
- TAKTISCH The Hacker NewsCISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation
CISA has added these vulnerabilities to the KEV catalog due to active exploitation in the wild, requiring immediate action for affected systems.
→ Cisco and Google Chrome are part of the company's tech stack; active exploitation requires prompt attention.
- TAKTISCH ZDI: Published AdvisoriesZDI-26-349: Adobe Acrobat Pro DC Annots.api Use-After-Free Remote Code Execution Vulnerability
A use-after-free vulnerability in Adobe Acrobat Pro DC enables remote code execution via malicious files or web pages with moderate-to-high severity (CVSS 7.8).
→ Adobe Acrobat Pro DC is widely deployed in the company's engineering and documentation workflows (SolidWorks PDM, design documents, CAD files); a use-after-free RCE with CVSS 7.8 requiring user interaction poses direct operational risk.
- TAKTISCH The Hacker NewsIvanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities
This is a pure patch roundup covering multiple CVEs across different vendors with no evidence of active exploitation in the wild.
→ Fortinet FortiGate and FortiClient are in the tech stack; SAP Business One is also deployed. However, the vulnerabilities affect specific products (FortiSandbox, SAP NetWeaver AS ABAP) that do not appear to be directly in the company's infrastructure.
- TAKTISCH The Hacker NewsVeeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code
The vulnerability is actively exploited by ransomware groups and other threat actors, as evidenced by prior Veeam exploits; immediate upgrade to version 12.3.2.4854 or 13.x is critical.
→ Veeam Backup & Replication is deployed in the company's tech stack, and CVE-2026-44963 is a critical RCE vulnerability (CVSS 9.4) in versions ≤12.3.2.4465 requiring immediate patching.
- TAKTISCH SecurityWeekMicrosoft Patches Exploited Exchange Server Vulnerability
CVE-2026-42897 was an actively exploited zero-day vulnerability in Exchange Server that Microsoft warned about in mid-May 2026 before a patch became available in June.
→ Microsoft Exchange Server is not in the company's tech stack; however, Exchange vulnerabilities are industry-relevant for manufacturing companies using Microsoft cloud services or hybrid deployments.
- TAKTISCH SecurityWeekGoogle Patches 5th Chrome Zero-Day Exploited in 2026
An actively exploited zero-day in Chrome's V8 engine enables remote code execution within the sandbox; attackers have likely chained this with a sandbox escape flaw.
→ Google Chrome is widely deployed in the company's tech stack and this zero-day in V8 with active exploitation represents a direct operational risk requiring immediate patching.
- TAKTISCH The Hacker NewsChrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now
This is the fifth actively exploited Chrome zero-day since the start of 2026, indicating an intensive campaign targeting Chromium-based browsers.
→ Chrome V8 zero-day CVE-2026-11645 is actively exploited in the wild and directly affects the company's tech stack (Google Chrome, Microsoft Edge both used).
- TAKTISCH The Hacker NewsOne-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public
The exploit leverages the combination of nf_tables and unprivileged user namespaces to escalate from a low-privilege shell or container context to host root,a common attack pattern following initial compromise.
→ CVE-2026-23111 is a local privilege escalation in the Linux kernel affecting Ubuntu 24.04 LTS, which is part of the company's tech stack; however, exploitation requires prior local access and is not being actively exploited in the wild.
- TAKTISCH The Hacker NewsWinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine
Russia-aligned groups (Earth Dahu, UAC-0226) continue to actively exploit the WinRAR vulnerability CVE-2025-8088 nearly a year after patches were released to deploy stealers against Ukrainian organisations,signalling coordinated campaigns targeting European infrastructure.
→ WinRAR is widely used in manufacturing companies; active exploitation by Russia-aligned APT groups demonstrates threat trend for European targets.
- TAKTISCH darkreadingRussian Attackers Weaponize WinRAR Flaw Against Ukrainian Orgs
Russian state-sponsored actors are exploiting an already-patched WinRAR vulnerability in active campaigns against Ukrainian military and government targets, signalling ongoing cyber-warfare in a strategically relevant geographical zone for DACH.
→ While WinRAR is not in the company's documented tech stack, the alert describes active Russian nation-state cyber-warfare operations with DACH/EU geopolitical implications and supply-chain risk awareness value for Swiss manufacturing.
- TAKTISCH ZDI: Published AdvisoriesZDI-26-339: Microsoft Windows Narrator Braille Support brlapi Exposed Dangerous Function Local Privilege Escalation Vulnerability
Local privilege escalation in Windows Narrator requires precondition (low-privilege code execution) and optional Braille module installation; CVSS 7.0 indicates high but non-critical risk.
→ Local privilege escalation in Windows Narrator Braille support affects Windows Server 2022 and 2019 deployments; requires prior code execution and optional Braille module installation.
- TAKTISCH CERT Recently Published Vulnerability NotesVU#616257: Microsoft-signed UEFI shim bootloaders vulnerable to Secure Boot bypass
Firmware-level Secure Boot bypass in widely-deployed shim bootloaders enables pre-OS arbitrary code execution via BYOVD techniques; mitigation through Microsoft DBX update required.
→ Microsoft-signed UEFI shim bootloaders vulnerable to Secure Boot bypass affect Linux-based systems and multi-boot environments; Joel Traber AG operates Ubuntu 24.04 LTS servers and Windows Server infrastructure, making firmware-level supply-chain risks operationally relevant.
- INFORMATIV CERT Recently Published Vulnerability NotesVU#158530: PCTCore64.sys Windows kernel driver contains missing access control vulnerability
A signed but legacy driver from PC Tools (unmaintained since 2013) can still be exploited as a BYOVD vector in modern Windows systems for privilege escalation and credential theft.
→ PCTCore64.sys is a legacy Windows driver with missing access control that can be abused in BYOVD attacks and affects Windows Server 2022/2019 systems.
- TAKTISCH Tenable BlogMicrosoft's June 2026 Patch Tuesday Addresses 198 CVEs (CVE-2026-49160, CVE-2026-50507)
Largest Patch Tuesday release with 32 critical vulnerabilities and three zero-days including Remote Desktop Client RCE; requires prioritization for Windows Server and RDP-based remote access systems.
→ Microsoft Patch Tuesday covering 198 CVEs including 32 critical vulnerabilities directly affects company's Windows Server 2022, Windows Server 2019, and Microsoft 365 infrastructure; three zero-days (including Remote Desktop Client RCE) require urgent assessment.
- TAKTISCH Rapid7 Cybersecurity BlogRapid7 Observed Exploitation of PAN-OS GlobalProtect Authentication Bypass Vulnerability (CVE-2026-0257)
Active exploitation by multiple threat actors observed in the field; unauthenticated remote VPN connections possible under specific configuration, with IOCs provided for incident response.
→ CVE-2026-0257 affects Palo Alto Networks PAN-OS and Prisma Access GlobalProtect, critical VPN gateway components widely deployed in enterprise networks including manufacturing; active exploitation observed by Rapid7 MDR across multiple customers with IOCs provided.
Research Deep Dives
View all →- TENABLE BLOG 09/06/2026Microsoft's June 2026 Patch Tuesday Addresses 198 CVEs (CVE-2026-49160, CVE-2026-50507)
Microsoft's June 2026 Patch Tuesday addresses 198 vulnerabilities, including 32 critical and 166 important, making it the largest release in the program's history. The update includes three zero-day flaws that could be actively exploited. Affected products span Windows, Office, Azure, and Exchange Server. Manufacturing firms in the DACH region should prioritize patching to protect their IT infrastructures.
- RAPID7 CYBERSECURITY BLOG 29/05/2026Rapid7 Observed Exploitation of PAN-OS GlobalProtect Authentication Bypass Vulnerability (CVE-2026-0257)
On May 13, 2026, a medium severity authentication bypass vulnerability (CVE-2026-0257) was disclosed in PAN-OS GlobalProtect, allowing unauthenticated attackers to establish VPN connections when Cloud Authentication Service is disabled and authentication override cookies are enabled. Rapid7 observed successful exploitation starting May 17, 2026, across multiple customers, though no lateral movement was detected from compromised devices. The attacks occurred in two waves, first from hosting provider Vultr and then from Dromatics Systems, with the second wave achieving internal network access via VPN. Organizations are urged to apply patches immediately, as the CVSS score was raised to 7.8 (High) and the vulnerability has been added to CISA KEV.
- BLOG 10/06/2026June 2026 Patch Tuesday: Microsoft Patches 206 Vulnerabilities Including Three Publicly Disclosed Zero-Days
In June 2026, Microsoft addressed 206 vulnerabilities, including three publicly disclosed zero-days and 37 critical flaws. Two of these zero-days are an elevation of privilege in Windows CTFMON (CVE-2026-45586) and a BitLocker security feature bypass (CVE-2026-50507). Both were publicly disclosed, and Microsoft assesses exploitation as more likely. The most common risk categories are elevation of privilege (32%) and remote code execution (27%).
Top vendors
- Microsoft 203
- Google 56
- Adobe 40
- Ubiquiti 9
- Fortinet 8
- OpenSSL 7
Top CVEs
- CVE-2026-42897 Microsoft Patches Exploited Exchange Server Vulnerability 8.1
- CVE-2026-20245 CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation 7.8
- CVE-2026-49160 Microsoft's June 2026 Patch Tuesday Addresses 198 CVEs (CVE-2026-49160, CVE-2026-50507) 7.5
- CVE-2026-0300 Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution 9.8
- CVE-2025-8088 WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine 8.8
- CVE-2026-0257 Rapid7 Observed Exploitation of PAN-OS GlobalProtect Authentication Bypass Vulnerability (CVE-2026-0257) 9.1