Critical Vulnerability in PAN-OS (CERT-EU Security Advisory 2026-006)

On 6 May 2026, Palo Alto published a security advisory addressing a critical vulnerability affecting PAN-OS. This vulnerability allows an unauthenticated attacker to execute arbitrary code with root privileges.
Palo Alto observed limited exploitation of this vulnerability. It is strongly recommended updating affected appliances as soon as patches will be available, and to apply workarounds and mitigation in the meantime.

https://www.cert.europa.eu/publications/security-advisories/2026-006/

High Vulnerability in the Linux Kernel ("Copy Fail") (CERT-EU Security Advisory 2026-005)

On 29 April 2026, a high local privilege escalation vulnerability in the Linux kernel, tracked as CVE-2026-31431 and named "Copy Fail", was publicly disclosed.

The vulnerability affects every mainstream Linux distributions shipping a kernel built since 2017. A public proof-of-concept exploit has been released.
As of the date of this advisory, no distribution has shipped a fixed kernel package. The mainline fix was committed on 1 April 2026, but vendor updates are still pending across all major distributions.

CERT-EU strongly recommends applying the interim mitigation immediately, prioritising Kubernetes nodes, and CI/CD runners exposed to untrusted workloads.

https://www.cert.europa.eu/publications/security-advisories/2026-005/

#CERTEU
#CybersecurityConference
#CFP

Less than a week to submit your proposal to be part of CERT-EU Conference Programme. All info can be found visiting the link :

https://cert.europa.eu/conference/steam-n-steel-the-chronicles-of-the-cyberverse/announcement

AI is changing the economics of vulnerability discovery. Defenders should adapt now.

Mean time to exploit newly disclosed vulnerabilities is now estimated at minus seven days. Exploitation typically occurs before a patch exists. Frontier AI models have taken a generational leap in autonomous exploit development, and open-weight releases are narrowing the gap.

We set out what this means for Union entities, and eight concrete actions for defenders.

https://www.cert.europa.eu/blog/ai-vulnerability-discovery-defenders-must-adapt

#cybersecurity #AI

In 2025, we tracked 174 threat actors and responded to nine significant incidents affecting Union entities.

Our annual Threat Landscape Report is out. Cyberespionage, supply-chain compromises, and AI-enabled social engineering are reshaping the threat landscape.

Our top recommendations: patch internet-facing systems and edge devices as a priority, and adopt end-to-end encryption for sensitive communications.

https://cert.europa.eu/blog/threat-landscape-report-2025

#CyberSecurity #ThreatIntelligence #CERTEU

#CyberSecurity
#SupplyChain
#CERTEU

A compromised version of Trivy gave attackers access to the European Commission’s europa.eu platform hosted on AWS.

We have published our analysis – what happened, who is affected, and what to do – in full transparency and in agreement with the European Commission.

https://cert.europa.eu/blog/european-commission-cloud-breach-trivy-supply-chain

#FICLille
#CERTEU

🎪 Greetings, fellow keyboard warriors, EU policy wonks, and caffeine-dependent sentinels of the digital realm…
Pack your bags (and your YARA rules)—CERT-EU is invading Forum In Cyber in Lille next week (31 March–2 April)! 🇪🇺⚔️🐧

We’re bringing:
✅ Free advice (yes, even for non-EU entities… sometimes)
✅ A live feed of our team pretending to be extroverted at a public fair 😅
✅ Swag so good, even nation-state actors would trade their zero-days for it
✅ Lots of stickers and goodies and the best pew-pew map you have ever seen!

Swing by if you’re in town—we’ll swap cyber stories, share some wisdom, and help you justify your paranoia.

Where to find us? At the Pavillon Europe, at the E20-3.
You will see cool people wearing the coolest, blue, CERT-EU hoodies 😉

Looking forward to seeing you there!

P.S. No, we won’t fix your home router. 😉

https://europe.forum-incyber.com/partenaires-2026/

#CERTEU
#Cybersecurity
#AnnualConference
#CFP

Take an active role in shaping the agenda of this year #CERTEU #AnnualConfernce, by submitting your proposal at the following link:

https://cert.europa.eu/conference/steam-n-steel-the-chronicles-of-the-cyberverse/announcement

This year’s edition, ‘Steam & Steel: The Chronicles of The Cyberverse’, blends steampunk imagery with cybersecurity practice: proven fundamentals forged together with emerging tools to build durable, community-driven resilience at a time of rising geopolitical pressure.

#CERTEU
#CTI
#Framework

🚀 Today, CERT-EU is publishing https://lnkd.in/e6BhqkY5
its Cyber Threat Intelligence Framework https://lnkd.in/eGvPgHv8,
a reference we share with our constituents to classify, assess, and prioritise malicious cyber activity affecting Union entities and their ecosystem. It introduces shared CTI concepts and a clear scoring approach to support consistent reporting, alerting, and prioritisation across CERT-EU products, including Cyber Briefs and the TLR Year in Review. 🇪🇺 We are publishing it openly to increase transparency on how we structure and prioritise CTI, and to invite feedback from peers and cybersecurity professionals to further refine and strengthen it. 🦾

🤝🛡️ We welcome your feedback, suggestions, and practical observations at
[email protected] to help us continuously improve the framework for the whole community.

#CybersecurityRegulation
#AnnualReport

🚀 Exciting Developments in EU Cybersecurity! 🚀

The 2025 report from the Interinstitutional Cybersecurity Board (IICB) has just dropped, and it's already creating waves in Brussels. 📈 With Regulation (EU) 2023/2841 in its second year, Union entities have achieved significant milestones in strengthening their cybersecurity frameworks.

🔒 Key Highlights:

▪️ Establishing robust cybersecurity risk-management frameworks

▪️Assessing cybersecurity maturity levels

▪️Tailoring measures to manage cybersecurity risks

▪️Leveraging the FREIA framework contract for trusted service outsourcing

CERT-EU continues to play a critical role in defending against advanced threats, identifying over thirty malicious actors targeting Union entities. As the threat landscape becomes more complex, our collective resilience is paramount.

Don't miss out—grab a cup of your favorite beverage and dive into the IICB report to discover how these efforts are keeping our Union strong and secure for the future. 🛡️

https://www.cert.europa.eu/blog/another-year-another-blast