Vergleich von 5. Mai 2026 mit dem Vortag 28. April 2026.
Multiple threat actors (including state-sponsored groups) are actively weaponizing WinRAR vulnerabilities against manufacturing and engineering sectors; immediate patching critical for supply-chain security.
A malicious Bitwarden CLI npm package can directly compromise credentials and exfiltrate sensitive data—critical for manufacturing organizations relying on Bitwarden for password management across infrastructure and engineering tools.
Network-adjacent RCE on MFP requires no authentication; organizations running Canon imageCLASS MF654Cdw must apply patches or restrict BJNP access on network perimeter immediately.
Unauthenticated network-adjacent RCE in Canon MFP firmware exploitable via TTF font parsing; impacts print infrastructure security and should be prioritized for firmware updates.
Pwn2Own-confirmed RCE in Canon MFP allows unauthenticated network-adjacent attackers to achieve code execution on a device present in manufacturing environments, requiring immediate patching of affected MF654Cdw units.
Pwn2Own vulnerability affecting Canon imageCLASS MF654Cdw printers with CVSS 8.8; no authentication required for network-adjacent RCE.
Network-adjacent unauthenticated RCE in Canon MFP commonly deployed in manufacturing environments; immediate patch/segmentation assessment required.
NDIS driver UAF requires prior code execution but enables unprivileged-to-admin escalation; patch urgency depends on lateral-movement risk in ESXi/vCenter guest environments.
Requires prior code execution but affects endpoint security agent across workforce; relevant for manufacturing with remote access (RDP Gateway, TeamViewer) and third-party integrations.
High-severity local privilege escalation in core Windows component; impacts all Windows Server deployments in company environment and requires prioritized patching once available.
CVSS 7.8 LPE in core Windows component requires patching across Windows Server estate; typical attack chain involves initial compromise followed by privilege escalation.
Affects core Windows kernel component used across entire Windows Server estate; requires local code execution first but enables full system compromise once foothold established.
April 2026 patch cycle includes zero-day fixes for SharePoint spoofing, Defender elevation-of-privilege, and Windows IKE pre-auth RCE—all directly relevant to manufacturing operations relying on AD, Remote Desktop Gateway, and Defender for Endpoint.
Unauthenticated network-adjacent DoS against Ubiquiti AI Pro; escalation risk if similar flaws exist in UniFi core infrastructure used by Joel Traber AG.
BlueHammer (Windows Defender zero-day) and SharePoint Server zero-day represent actively exploited flaws requiring immediate patching ahead of standard patch cycles.
Confirms April Windows updates introduce driver-blocking issues causing backup failures—critical for manufacturing environments relying on Veeam backup infrastructure.
Passwords are loaded unencrypted into Edge process memory at startup and remain accessible to memory inspection, affecting all users relying on Edge's integrated credential manager—requires immediate investigation of alternatives or workarounds.
FortiGate edge intrusions leading to stolen service accounts and deep AD compromise represents a known TTPs chain—likely nation-state or organized threat actors targeting manufacturing supply chains through perimeter device compromise.
BSI RSS feed publication indicates German federal cybersecurity authority has flagged this as critical for DACH organizations; OLE vulnerabilities commonly exploited in supply-chain and manufacturing sector attacks.
BSI advisory on multiple browser vulnerabilities affecting RCE, sandbox bypass, data disclosure, and DoS—requires immediate patch assessment and deployment.
If MS Edge stores passwords in cleartext, lateral movement and credential theft risk increases significantly for manufacturing environments relying on RDP Gateway, TeamViewer, and ERP access.
Edge's built-in password manager stores credentials in plaintext in process memory at startup, exposing them to local memory dump attacks and physical access scenarios — a design flaw rather than a narrow exploit.
Keine Änderungen in dieser Kategorie.
Keine Änderungen in dieser Kategorie.
This alert confirms active exploitation beyond patch availability, indicating real-world attacks targeting Windows systems, likely including credential theft via NTLM relay.
Describes a new ransomware variant that can accidentally act as a wiper, posing a dual threat of data encryption and destruction.
The vulnerability in Entra ID could allow attackers to compromise multiple Microsoft services, posing a severe risk to the company's entire Microsoft 365 and Azure AD environment.
This alert confirms a critical-risk vulnerability in Entra ID has been patched, but provides no details on active exploitation or specific attack campaigns.
This alert describes an active ransomware campaign that irreversibly destroys files over 131KB, posing a severe data loss risk beyond typical encryption.
This alert describes a newly discovered privilege escalation path via the Agent ID Administrator role in Entra ID, which could allow attackers to take over service principals, going beyond a simple patch reminder.