Today's landscape
Top 3 vulnerabilities
- Two OpenSSH vulnerabilities could disrupt operations
- Microsoft discovers two exploited zero-day vulnerabilities
- Active exploitation: Palo Alto Pan OS is struck again
Attacks
Today's landscape
Political cyber warfare and government action
Europe's cyber security landscape is characterized by an increase in politically driven cyber activities, such as the DoS attacks on Italian government websites and financial institutions. Russian groups have also breached networks in Western countries to conduct espionage and disruptive attacks.
Consequently, both public and private sectors across Europe are taking proactive measures to enhance resilience against an evolving array of threats. The EU Cybersecurity Certification Scheme on Common Criteria (EUCC) is now available, with the aim to establish assurance levels for ICT products and services, and the UK’s newly created Cyber Monitoring Centre has launched the world's first cyberattack severity classification system.
Top 3 vulnerabilities
Two OpenSSH vulnerabilities could disrupt operations
Two significant vulnerabilities were discovered in the OpenSSH suite. If successfully exploited, they could lead to a machine-in-the-middle (MitM) and a denial-of-service (DoS) attack.
The first vulnerability, CVE-2025-26465, is a logic error found in the OpenSSH client between versions 6.8p1 to 9.9p1 that makes the client susceptible to an active MitM attack if a specific option is enabled (off by default). In such a scenario, a cybercriminal could impersonate a legitimate server when a client attempts to connect, potentially obtaining unauthorized access to sensitive data.
The second vulnerability, CVE-2025-26466, affects the OpenSSH client and server between versions 9.5p1 and 9.9p1. Exploitation can result in significant memory and CPU consumption, potentially preventing administrators from managing servers and locking out legitimate users, effectively disrupting operations.
Both vulnerabilities have been addressed in the OpenSSH 9.9p2 version.
Microsoft discovers two exploited zero-day vulnerabilities
Microsoft resolved 56 vulnerabilities in a recent Patch Tuesday, including two actively exploited zero-days. The Cybersecurity & Infrastructure Security Agency (CISA) has added these vulnerabilities to its Known Exploited Vulnerabilities catalog.
The first zero-day, CVE-2025-21418, is associated with the Windows Ancillary Function Driver (AFD.sys), a crucial component that allows Windows applications to connect to the internet. To exploit this vulnerability, an attacker with local privileges could send a specially crafted input that would allow him to overflow the available buffer and overwrite adjacent memory regions. By controlling the overwritten data, the attacker could finally obtain arbitrary code execution with SYSTEM privileges.
The second zero-day, CVE-2025-21391, is found in Windows Storage across various Windows and Windows Server versions. This flaw allows cybercriminals to delete specific files on a system, potentially rendering the system unavailable. In some cases, this could also lead to the attacker gaining escalated privileges over a system.
Microsoft urges users to apply the patches for these vulnerabilities promptly.
Active exploitation: Palo Alto Pan OS is struck again
Palo Alto Networks confirmed reports of active exploitation of a security flaw in its PAN-OS software. The vulnerability, CVE-2025-0108, could allow unauthorized users to bypass authentication protocols. An attacker with network access to the management web interface could abuse this flaw by invoking certain PHP scripts without the necessary authentication. While this does not enable direct remote code execution, it can compromise the integrity and confidentiality of the PAN-OS software. When coupled with other vulnerabilities like CVE-2024-9474, it could allow unauthorized access to unpatched and unsecured firewalls.
This vulnerability affects several versions of the PAN-OS software within releases 10.1, 10.2, 11.1, and 11.2 and can be resolved by applying the latest updates. Users can also disable access to the management web interface from untrusted networks or the internet to greatly reduce the risk of exploitation.
Attacks
European businesses and institutions under attack
February saw a surge in cyberattacks on European institutions and businesses. The affected entities, both public and private, faced operational disruptions, financial setbacks, and heightened security concerns.
In Austria, a ransomware attack targeted Tulln’s municipal administration, encrypting servers and disrupting essential services. While most systems were restored within a week, some remained offline, including the library’s software. Although no data breach was confirmed, the attack highlights how even local government entities are vulnerable to cyberattacks.
Italy faced significant cyber threats. Alf DaFrè, a leading furniture manufacturer based in Treviso, was crippled by ransomware, forcing a halt in production and an IT system shutdown. Refusing to pay the ransom, the company sought government assistance to support its 350 employees.
Germany experienced multiple cyber incidents. A Russian hacker group claimed responsibility for a DDoS attack on Bremen’s city administration, temporarily disabling government websites, and pro-Russian hacktivists took down state government sites in Bavaria. The medical technology firm Eckert & Ziegler also suffered a data breach, prompting an IT shutdown to contain potential damage.
In Belgium, the Port of Ostend was hit by a cyberattack on its 'Ensor' system, which contains ship arrival data. Operations remained unaffected, but experts are still working to restore the system.