Vergleich von 5. Mai 2026 mit dem Vortag 4. Mai 2026.
Multiple threat actors (including state-sponsored groups) are actively weaponizing WinRAR vulnerabilities against manufacturing and engineering sectors; immediate patching critical for supply-chain security.
A malicious Bitwarden CLI npm package can directly compromise credentials and exfiltrate sensitive data—critical for manufacturing organizations relying on Bitwarden for password management across infrastructure and engineering tools.
Network-adjacent RCE on MFP requires no authentication; organizations running Canon imageCLASS MF654Cdw must apply patches or restrict BJNP access on network perimeter immediately.
Unauthenticated network-adjacent RCE in Canon MFP firmware exploitable via TTF font parsing; impacts print infrastructure security and should be prioritized for firmware updates.
Pwn2Own-confirmed RCE in Canon MFP allows unauthenticated network-adjacent attackers to achieve code execution on a device present in manufacturing environments, requiring immediate patching of affected MF654Cdw units.
Pwn2Own vulnerability affecting Canon imageCLASS MF654Cdw printers with CVSS 8.8; no authentication required for network-adjacent RCE.
Network-adjacent unauthenticated RCE in Canon MFP commonly deployed in manufacturing environments; immediate patch/segmentation assessment required.
NDIS driver UAF requires prior code execution but enables unprivileged-to-admin escalation; patch urgency depends on lateral-movement risk in ESXi/vCenter guest environments.
Requires prior code execution but affects endpoint security agent across workforce; relevant for manufacturing with remote access (RDP Gateway, TeamViewer) and third-party integrations.
High-severity local privilege escalation in core Windows component; impacts all Windows Server deployments in company environment and requires prioritized patching once available.
CVSS 7.8 LPE in core Windows component requires patching across Windows Server estate; typical attack chain involves initial compromise followed by privilege escalation.
Affects core Windows kernel component used across entire Windows Server estate; requires local code execution first but enables full system compromise once foothold established.
April 2026 patch cycle includes zero-day fixes for SharePoint spoofing, Defender elevation-of-privilege, and Windows IKE pre-auth RCE—all directly relevant to manufacturing operations relying on AD, Remote Desktop Gateway, and Defender for Endpoint.
Unauthenticated network-adjacent DoS against Ubiquiti AI Pro; escalation risk if similar flaws exist in UniFi core infrastructure used by Joel Traber AG.
BlueHammer (Windows Defender zero-day) and SharePoint Server zero-day represent actively exploited flaws requiring immediate patching ahead of standard patch cycles.
Confirms April Windows updates introduce driver-blocking issues causing backup failures—critical for manufacturing environments relying on Veeam backup infrastructure.
Passwords are loaded unencrypted into Edge process memory at startup and remain accessible to memory inspection, affecting all users relying on Edge's integrated credential manager—requires immediate investigation of alternatives or workarounds.
FortiGate edge intrusions leading to stolen service accounts and deep AD compromise represents a known TTPs chain—likely nation-state or organized threat actors targeting manufacturing supply chains through perimeter device compromise.
BSI RSS feed publication indicates German federal cybersecurity authority has flagged this as critical for DACH organizations; OLE vulnerabilities commonly exploited in supply-chain and manufacturing sector attacks.
BSI advisory on multiple browser vulnerabilities affecting RCE, sandbox bypass, data disclosure, and DoS—requires immediate patch assessment and deployment.
If MS Edge stores passwords in cleartext, lateral movement and credential theft risk increases significantly for manufacturing environments relying on RDP Gateway, TeamViewer, and ERP access.
Edge's built-in password manager stores credentials in plaintext in process memory at startup, exposing them to local memory dump attacks and physical access scenarios — a design flaw rather than a narrow exploit.
Keine Änderungen in dieser Kategorie.
Keine Änderungen in dieser Kategorie.
CVE-2021-38647 is a 3-year-old advisory with no mention of active manufacturing-sector campaigns; patch status should be verified in WSUS/Defender logs rather than treated as urgent novel threat.
CISA KEV listing indicates active exploitation in the wild; prioritize FortiGate/FortiProxy patching before 2025-01-21 deadline to prevent unauthorized administrative access.
WSUS deserialization flaws are historically exploited for lateral movement and supply-chain poisoning to distribute malicious updates across enterprise networks.
Alert emphasizes decommissioning EOL/EOS SharePoint Server instances rather than patching; suggests vulnerability is actively exploited against public-facing legacy deployments.
CISA KEV listing confirms active exploitation in the wild; July 1, 2025 deadline suggests imminent weaponization—prioritize patching Windows Server infrastructure ahead of deadline.
CISA KEV listing signals imminent active exploitation; race condition in ESXi could enable privilege escalation or VM escape if weaponized, requiring immediate patching despite mitigation availability.
This 2022 CVE was actively exploited by Hafnium/APT40 (China-linked) against European manufacturing and critical infrastructure; relevant for DACH firms even without Exchange if mail gateway or hybrid cloud email is present.
This is a 2021 vulnerability with a patch deadline 3+ years in the past; it adds no novel intelligence beyond standard patch management and likely indicates stale alert feeds.
This is a stale patch reminder from 2022; verify if systems have already been patched to Windows Server 2022/2019 current baselines.
This CVE (ProxyLogon) was actively exploited by state-sponsored actors (HAFNIUM/China) and is already covered by BSI/CISA advisories; news reminder adds no new intelligence beyond patch guidance.
Alert references 2021 CVE with patch deadline from 2021; no novel attack campaign or victim-sector intelligence provided beyond standard patch guidance.
This is a dated patch reminder (5+ years old with expired deadline); no active campaign or novel attack details provided beyond standard patch guidance.
This is a standard CISA Known Exploited Vulnerabilities (KEV) bulletin with BOD 22-01 compliance deadline; no novel attack campaign, victim attribution, or TTP disclosure beyond vendor mitigation guidance.
This is a 2018 vulnerability with a June 2022 patch deadline noted; no active exploitation campaign or novel TTPs described—purely a patch reminder already covered by CISA/Microsoft advisories.
This is a 2017 vulnerability with a 2022 patch deadline already expired; no novel attack campaign or tactical development is described.
This is a historical patch reminder from 2019 with expired deadline (2022-04-05); no indication of active exploitation or novel campaign—verify internal patch compliance rather than treat as emerging threat.
CISA KEV listing confirms active in-the-wild exploitation; prioritize patching Windows Server 2022/2019 and client systems before 2025-06-03 deadline.
This is a publicly disclosed patch-and-exploit vulnerability from 2023; no novel active campaign data added by news sources beyond CISA KEV listing.
No active attack campaign or victim sector details disclosed; this is a standard CISA KEV patch advisory without operational intelligence beyond standard mitigation guidance.
MOTW bypass allows attackers to execute malware from internet-downloaded files without security warnings—critical for manufacturing environments where CAD/ERP file sharing is common.
No novel attack campaign or DACH-specific targeting identified; alert appears to be routine patch reminder from CISA KEV catalogue.
Pwn2Own-disclosed RCE requiring no authentication on Canon MFP model likely in use across manufacturing sites; patch/network segmentation required urgently.
Integer overflow in VMXNET3 driver allows local privilege escalation on ESXi; patching required for vSphere 8.x infrastructure.
FCConfig utility symlink-following flaw enables unprivileged users to escalate to higher privilege levels on VPN client installations; requires prior code execution but no authentication.
Windows cdd component LPE with high CVSS; requires local code execution first, limiting exposure but high impact if combined with remote code execution.
AoE (ATA over Ethernet) driver vulnerability; exploitation requires local code execution first, making it a second-stage privilege escalation risk in multi-tenant or compromised-host scenarios.
This is a detection logic error in Microsoft Defender that incorrectly flags legitimate DigiCert certificates as malware; it requires immediate awareness and potential signature/policy remediation to prevent legitimate business certificate validation failures.
Active in-the-wild exploitation of Linux "Copy Fail" vulnerability signals rapid weaponization; manufacturing systems running Ubuntu 24.04 require immediate kernel patching.
A Microsoft Defender update bug deleted DigiCert root certificates, potentially breaking certificate validation across systems — this is an operational incident requiring immediate verification of certificate store integrity, not a patch reminder.
Project Zero discloses novel UAC/Administrator Protection bypass exploiting kernel token integrity level mechanisms; demonstrates that Microsoft's post-Vista privilege boundary protections remain bypassable through UI manipulation attacks.
Attackers abuse legitimate Amazon SES infrastructure to bypass email filters and authentication checks, enabling scaled phishing and BEC attacks that bypass traditional sender reputation filters.
BSI UPDATE advisory signals kernel vulnerabilities with potential for RCE/privilege escalation; impact scope unspecified without CVE details—requires follow-up on which kernel versions and Ubuntu releases are affected.
BSI warning indicates multiple active kernel CVEs; patching status unclear without specific CVE identifiers—requires follow-up on CVSS scores and KEV catalog inclusion to prioritize.
March 2026 Patch Tuesday addresses 77 vulnerabilities with no zero-days; routine monthly advisory without active exploitation intelligence or novel attack campaigns.
BSI advisory on multiple Linux kernel DoS flaws; specifics are vague (no CVE list provided), limiting immediate patch/remediation planning—clarification from BSI or vendor advisories needed.