RoguePlanet CVE-2026-47281: Swiss Endpoint Zero-Day 2026
CVE-2026-47281 (RoguePlanet, CVSS 9.6) exploits Microsoft Defender via VS Code integration to achieve SYSTEM-level escalation on any Windows endpoint.
Threat Intel
14 articles
SearchLeak CVE-2026-42824: M365 Copilot One-Click Data Theft
Varonis disclosed SearchLeak (CVE-2026-42824): a one-click attack chain that turned M365 Copilot into a data exfiltration tool targeting emails and files.
Citrix NetScaler CVE-2026-3055: Swiss Perimeter Alert 2026
CVE-2026-3055 is exploited at scale against Citrix NetScaler — the dominant SSL-VPN and load balancer in Swiss banking and enterprise perimeters.
Dirty Frag Zero-Day Hits Swiss Linux Infrastructure 2026
CVE-2026-43500 grants root on all major Linux distributions. Swiss banks, cloud workloads, and VPN gateways running IPsec are immediately exposed.
APT28 Deploys PRISMEX Against EU Defence Supply Chains: Anatomy of an Eleven-Day Zero-Day Window
Russia-linked APT28 exploited CVE-2026-21513 for eleven days before patching, deploying PRISMEX across NATO logistics networks. Swiss dual-use exporters face direct exposure.
PAN-OS CVE-2026-0300: RCE Exploit Hits Swiss Networks
CVE-2026-0300 gives unauthenticated root RCE on PAN-OS User-ID. Swiss enterprises must patch or isolate affected firewalls now.
QR Code Phishing Targeting Swiss Microsoft 365 Tenants: An Adversary-in-the-Middle Campaign
A quishing campaign targeting Swiss Microsoft 365 tenants uses AiTM proxy infrastructure to bypass MFA and steal session tokens, with links to Eastern European APT activity.
Microsoft Patch Tuesday April 2026: 165 CVEs, One Actively Exploited SharePoint Zero-Day
Microsoft's April 2026 Patch Tuesday fixed 165 CVEs including an actively exploited SharePoint zero-day (CVE-2026-32201) and a wormable Windows TCP/IP RCE. Triage guidance for Swiss IT teams.
Fortinet FortiClient EMS Under Active Attack: Two Zero-Days, One Patch Window, and What Swiss Enterprises Must Do Now
Two critical zero-days in Fortinet FortiClient EMS — CVE-2026-35616 and CVE-2026-21643, both CVSS 9.1 — are being actively exploited in the wild. Swiss enterprises using FortiClient EMS must apply the emergency hotfix immediately.
The npm Trust Problem: How the Claude Code Leak and the Axios RAT Created a Supply Chain Emergency
Between 00:21 and 03:29 UTC on 31 March 2026, malicious axios versions with a Trojan went live on npm. DevSecOps lessons for Swiss engineering teams.
AI Agent Vulnerabilities in the Enterprise: LangChain, LangGraph and the Expanding Attack Surface
Three vulnerabilities disclosed in LangChain and LangGraph expose filesystem data, secrets, and conversation history in enterprise AI deployments.
AI-Driven Fraud in Switzerland: Deepfakes, Voice Cloning, and the New Social Engineering Threat
In January 2026, a Swiss entrepreneur transferred several million francs after calls from an entirely AI-generated voice.
Zero-Day Before the Patch: How Interlock Ransomware Exploited Cisco FMC for 36 Days Undetected
Amazon's threat intelligence team confirmed that Interlock ransomware began exploiting CVE-2026-20131 on 26 January 2026.
Ransomware Attacks on Swiss SMEs: A Growing Threat in 2025
New data from NCSC reveals a 34% increase in ransomware incidents targeting Swiss SMEs in 2025.