CTI Status
Stand:
Letzter Pipeline-Run:
Multiple threat actors (including state-sponsored groups) are actively weaponizing WinRAR vulnerabilities against manufacturing and engineering sectors; immediate patching critical for supply-chain security.
A malicious Bitwarden CLI npm package can directly compromise credentials and exfiltrate sensitive data—critical for manufacturing organizations relying on Bitwarden for password management across infrastructure and engineering tools.
Network-adjacent RCE on MFP requires no authentication; organizations running Canon imageCLASS MF654Cdw must apply patches or restrict BJNP access on network perimeter immediately.
Unauthenticated network-adjacent RCE in Canon MFP firmware exploitable via TTF font parsing; impacts print infrastructure security and should be prioritized for firmware updates.
Pwn2Own-confirmed RCE in Canon MFP allows unauthenticated network-adjacent attackers to achieve code execution on a device present in manufacturing environments, requiring immediate patching of affected MF654Cdw units.
Pwn2Own vulnerability affecting Canon imageCLASS MF654Cdw printers with CVSS 8.8; no authentication required for network-adjacent RCE.
Network-adjacent unauthenticated RCE in Canon MFP commonly deployed in manufacturing environments; immediate patch/segmentation assessment required.
NDIS driver UAF requires prior code execution but enables unprivileged-to-admin escalation; patch urgency depends on lateral-movement risk in ESXi/vCenter guest environments.
Requires prior code execution but affects endpoint security agent across workforce; relevant for manufacturing with remote access (RDP Gateway, TeamViewer) and third-party integrations.
High-severity local privilege escalation in core Windows component; impacts all Windows Server deployments in company environment and requires prioritized patching once available.
CVSS 7.8 LPE in core Windows component requires patching across Windows Server estate; typical attack chain involves initial compromise followed by privilege escalation.
Affects core Windows kernel component used across entire Windows Server estate; requires local code execution first but enables full system compromise once foothold established.
April 2026 patch cycle includes zero-day fixes for SharePoint spoofing, Defender elevation-of-privilege, and Windows IKE pre-auth RCE—all directly relevant to manufacturing operations relying on AD, Remote Desktop Gateway, and Defender for Endpoint.
Unauthenticated network-adjacent DoS against Ubiquiti AI Pro; escalation risk if similar flaws exist in UniFi core infrastructure used by Joel Traber AG.
BlueHammer (Windows Defender zero-day) and SharePoint Server zero-day represent actively exploited flaws requiring immediate patching ahead of standard patch cycles.
Confirms April Windows updates introduce driver-blocking issues causing backup failures—critical for manufacturing environments relying on Veeam backup infrastructure.
Passwords are loaded unencrypted into Edge process memory at startup and remain accessible to memory inspection, affecting all users relying on Edge's integrated credential manager—requires immediate investigation of alternatives or workarounds.
FortiGate edge intrusions leading to stolen service accounts and deep AD compromise represents a known TTPs chain—likely nation-state or organized threat actors targeting manufacturing supply chains through perimeter device compromise.
BSI RSS feed publication indicates German federal cybersecurity authority has flagged this as critical for DACH organizations; OLE vulnerabilities commonly exploited in supply-chain and manufacturing sector attacks.
BSI advisory on multiple browser vulnerabilities affecting RCE, sandbox bypass, data disclosure, and DoS—requires immediate patch assessment and deployment.
If MS Edge stores passwords in cleartext, lateral movement and credential theft risk increases significantly for manufacturing environments relying on RDP Gateway, TeamViewer, and ERP access.
Edge's built-in password manager stores credentials in plaintext in process memory at startup, exposing them to local memory dump attacks and physical access scenarios — a design flaw rather than a narrow exploit.