Weekly dossier · 2026-W26
Joel Traber AG
22.06.2026 – 28.06.2026
Strategic overview
CRITICALIn CW 26, critical vulnerabilities in Google Chrome and Adobe Acrobat Reader dominate the threat landscape for Joel Traber AG, as both products are broadly deployed across company endpoints and several of the identified flaws enable remote code execution without elevated privileges. Additionally, an actively exploited vulnerability in Autodesk Fusion with the MCP extension directly threatens design and engineering workflows in the manufacturing environment.
- Alerts
- 124
- CVEs
- 458
- KEV
- 9
- Critical
- 49
Top news
- TAKTISCH BleepingComputerMandiant reveals how Cisco SD-WAN zero-day attacks gained root access
Mandiant documents active exploitation of a Cisco SD-WAN zero-day vulnerability by a previously unidentified threat actor for full system compromise, indicating coordinated campaign activity.
→ Cisco SD-WAN zero-day vulnerability with active exploitation enables root access; company uses Fortinet FortiGate and remote access infrastructure where SD-WAN alternatives may be considered or already deployed in network architecture.
- TAKTISCH SecurityWeekCisco SD-WAN Zero-Day Exploited Months Before Patching
A Cisco SD-WAN zero-day was actively exploited for months prior to disclosure, with evidence of file deletion and system configuration restoration by the attacker to evade detection.
→ Cisco SD-WAN is an important network security product for enterprise WAN infrastructure that may be relevant in distributed manufacturing environments; active exploitation of a zero-day for months before patching signals elevated risk for affected systems.
- TAKTISCH ZDI: Published AdvisoriesZDI-26-361: Adobe Acrobat Reader DC Field signatureInfo Use-After-Free Remote Code Execution Vulnerability
Use-After-Free in signature field handling enables Remote Code Execution when opening crafted PDF files with CVSS 7.8; requires user interaction.
→ Adobe Acrobat Reader DC is deployed in the company's tech stack; CVE-2026-27278 is a high-CVSS RCE vulnerability requiring user interaction (opening malicious files/pages), directly affecting document handling workflows in manufacturing.
- TAKTISCH The Hacker NewsCisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root
Critical Cisco Unified CM vulnerability is already under active exploitation by unknown threat actors following PoC disclosure; provides path to root privileges via file-write operation.
→ Cisco Unified CM is used in DACH manufacturing environments for VoIP/telephony infrastructure; active exploitation of a critical remote code execution flaw with file-write privileges presents immediate operational risk.
- TAKTISCH ZDI: Published AdvisoriesZDI-26-344: Adobe Acrobat Reader DC Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability
The vulnerability has a low CVSS score (3.3) and requires user interaction; risk is limited, but patch management should be monitored in environments with frequent PDF file processing.
→ Adobe Acrobat Reader DC is in the company's tech stack; this is an out-of-bounds read leading to information disclosure with low CVSS (3.3) but requires user interaction.
- TAKTISCH The Hacker NewsNew DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets
DirtyClone is the third variant in a series of Linux kernel flaws in the DirtyFrag family caused by incomplete flag propagation during packet cloning; each patch closed one code path while leaving others open.
→ CVE-2026-43503 affects Ubuntu/Linux kernel, directly relevant to company's Ubuntu 24.04 LTS servers; local privilege escalation risk requires immediate kernel patching.
- OPERATIV SecurityWeekFirst-Ever Exploitation of PTC Windchill Vulnerability Discovered in the Wild
First documented exploitation of CVE-2026-12569 in Windchill demonstrates that threat actors are operationalizing PTC products as targets immediately after patches became available,German authorities have also previously warned about this vulnerability and a related CVE-2026-4681.
→ PTC Windchill is a product lifecycle management (PLM) tool widely used in manufacturing and engineering sectors; active exploitation of a critical RCE vulnerability poses direct risk to companies using this software for design and production data management.
- OPERATIV CERT Recently Published Vulnerability NotesVU#616257: Microsoft-signed UEFI shim bootloaders vulnerable to Secure Boot bypass
Microsoft-signed UEFI shim bootloaders up to version 0.9 permit Secure Boot bypass via BYOVD technique and will be added to the UEFI Forbidden Signature Database; affects Windows Server, VMware ESXi, and Enterprise Linux systems in European infrastructures.
→ UEFI Secure Boot bypass affects Windows Server 2022/2019 systems and VMware ESXi infrastructure used in the company's environment; supply-chain risk from vulnerable bootloaders in enterprise Linux distributions and management tools.
- INFORMATIV CERT Recently Published Vulnerability NotesVU#158530: PCTCore64.sys Windows kernel driver contains missing access control vulnerability
An obsolete but still-signed Windows kernel driver can be abused as an attack vector in BYOVD scenarios to manipulate privileged processes like lsass.exe and extract credentials.
→ PCTCore64.sys is a legacy Windows kernel driver vulnerability relevant to Windows Server environments; while PC Tools itself is obsolete, the BYOVD attack vector affects any organization with legacy drivers or security software remnants in their Windows infrastructure.
- TAKTISCH SANS Internet Storm Center, InfoCON: greenCVE-2024-40766: The Patch Fixed the Bug. Nobody Fixed the Configuration.
The vulnerability is actively exploited and demonstrates a typical gap between patch availability and user configuration; exploitation waves in July-August 2025 indicate ransomware campaigns (including Akira) combining a firewall vulnerability with weak configuration practices.
→ CVE-2024-40766 affects SonicWall firewalls (Gen 5-7) with CVSS 9.3; company uses Fortinet FortiGate for network security, but the advisory documents active exploitation waves and configuration weaknesses in SSLVPN/management interfaces that are operationally relevant to firewall security posture assessment.
- OPERATIV Tenable BlogMicrosoft's June 2026 Patch Tuesday Addresses 198 CVEs (CVE-2026-49160, CVE-2026-50507)
[Microsoft’s June 2026 Patch Tuesday Addresses 198 CVEs ( CVE-2026-49160, CVE-202] [Tenable Product Login](https://cloud.tenable.com/)[Community & Support](https://connect.tenable.com/) Manage cyber risk with one platform to find, prioritize and eliminate exposures across your attack...
→ Microsoft Patch Tuesday roundup covering 198 CVEs including 32 critical vulnerabilities affecting Windows Server, Remote Desktop, and other core infrastructure components used by the company.
Research Deep Dives
View all →- SANS INTERNET STORM CENTER, INFOCON: GREEN 23/06/2026CVE-2024-40766: The Patch Fixed the Bug. Nobody Fixed the Configuration.
The vulnerability CVE-2024-40766 (CVSS 9.3) disclosed in August 2024 affects SonicOS management and SSLVPN services and continues to be actively exploited by ransomware groups like Akira and Fog despite available patches. A separate breach of the MySonicWall service exposed configuration backups containing encrypted credentials, facilitating compromise of SSLVPN accounts. Additionally, a new vulnerability (CVE-2024-12802) enabling MFA bypass has been observed in the wild since early 2026. Organizations must urgently update their SonicWall devices, reset local passwords, and restrict management interface access.
- TENABLE BLOG 09/06/2026Microsoft's June 2026 Patch Tuesday Addresses 198 CVEs (CVE-2026-49160, CVE-2026-50507)
Microsoft addressed 198 vulnerabilities in its June 2026 Patch Tuesday, the largest release ever. This includes 32 critical and 166 important CVEs, along with three zero-day vulnerabilities. A wide range of products are affected, such as Windows components, Microsoft Office, Exchange Server, and Azure services. Organizations in the manufacturing sector should immediately apply critical patches to reduce their attack surface.
- CISCO TALOS BLOG 09/06/2026Microsoft Patch Tuesday for June 2026 , Snort rules and prominent vulnerabilities
Microsoft's June 2026 Patch Tuesday addresses 206 vulnerabilities, including 32 critical ones, mostly remote code execution flaws in Windows services. Talos highlights four vulnerabilities as more likely to be exploited: a Remote Desktop Client buffer overflow, an HTTP Protocol Stack integer overflow, and two Windows Graphics component issues. Another 23 critical vulnerabilities, deemed less likely, affect Hyper-V, Remote Desktop, and other core components. Immediate patching is crucial to mitigate these risks.
Top vendors
- Microsoft 25
- Adobe 19
- Google 17
- Ubiquiti 8
- Linux 7
- Cisco 4
Top CVEs
- CVE-2026-20245 Mandiant reveals how Cisco SD-WAN zero-day attacks gained root access 7.8
- CVE-2026-34910 CVE-2026-34910 , Ubiquiti UniFi OS Improper Input Validation Vulnerability 10.0
- CVE-2026-34908 CVE-2026-34908 , Ubiquiti UniFi OS Improper Access Control Vulnerability 10.0
- CVE-2026-34909 CVE-2026-34909 , Ubiquiti UniFi OS Path Traversal Vulnerability 10.0
- CVE-2026-10789 CVE-2026-10789 , Autodesk Fusion Desktop MCP Extension Arbitrary Code Execution 9.6
- CVE-2026-13027 CVE-2026-13027: Use After Free in FileSystem in Google Chrome prior to 149.0.7827.197 8.8