ctipilot.ch

Unsafe

actor · actor:unsafe-ransomware

Ransomware-as-a-service / double-extortion operator; relatively quiet through 2024–2025, re-emerged in 2026 with reported targets in Germany, the United States, Switzerland and France; in July 2026 claimed a Deutsche Bank breach that the bank attributed to a compromise at a German third-party marketing/incentive-platform vendor rather than its own network (Computing UK / Cybernews, 2026-07-07/09).

Coverage timeline
9
first 2026-05-04 → last 2026-07-09
Entries
9
9 distinct days
Sources cited
26
21 hosts
Sections touched
6
active-threats, deep-dive, research
Co-occurring entities
8
see Related entities below
2026-05-049 appearances2026-07-09

Story timeline

  1. 2026-07-09Deutsche Bank confirms a third-party vendor incident after 'Unsafe' ransomware group posts alleged employee data
    active-threatsDeutsche Bank says its own network is untouched, pointing to a German marketing-platform vendor, after 'Unsafe' claims a breach and leaks employee records
  2. 2026-06-25"Cordyceps" — the GitHub Actions pull_request_target pwn-request class is still widely exploitable at scale
    research"Cordyceps" — the GitHub Actions pull_request_target pwn-request class is still widely exploitable at scale
  3. 2026-06-22CVE-2026-12569 — PTC Windchill / FlexPLM pre-auth deserialization RCE, exploited, BSI calling admins at 02:30
    weekly-top-storiesCVE-2026-12569 — PTC Windchill / FlexPLM pre-auth deserialization RCE, exploited, BSI calling admins at 02:30
  4. 2026-06-20PTC Windchill CVE-2026-12569: unauthenticated Java deserialization to RCE on the PLM management plane
    deep-divePTC Windchill CVE-2026-12569: unauthenticated Java deserialization to RCE on the PLM management plane
  5. 2026-06-13Check Point chains SQL injection to RCE in LangGraph's checkpointer (CVE-2025-67644 + CVE-2026-28277)
    researchCheck Point chains SQL injection to RCE in LangGraph's checkpointer (CVE-2025-67644 + CVE-2026-28277)
  6. 2026-05-13CERTFR-2026-AVI-0564 — SPIP < 4.4.14: multiple RCEs (public and private area)
    trending-vulnerabilitiesCERTFR-2026-AVI-0564 — SPIP < 4.4.14: multiple RCEs (public and private area)
  7. 2026-05-11BSI flags Netgate pfSense Community Edition as critical-unpatched — CVE-2025-69690 / CVE-2025-69691 authenticated root RCE, vendor refuses to fix
    active-threatsBSI flags Netgate pfSense Community Edition as critical-unpatched — CVE-2025-69690 / CVE-2025-69691 authenticated root RCE, vendor refuses to fix
  8. 2026-05-10cPanel/WHM second emergency TSR in 10 days — embargo lifted on CVE-2026-29202 (post-auth Perl RCE, CVSS 8.8), CVE-2026-29203 (CVSS 8.8), CVE-2026-29201 (CVSS 4.3)
    trending-vulnerabilitiescPanel/WHM second emergency TSR in 10 days — embargo lifted on CVE-2026-29202 (post-auth Perl RCE, CVSS 8.8), CVE-2026-29203 (CVSS 8.8), CVE-2026-29201 (CVSS
  9. 2026-05-04cPanel / WHM — two emergency TSRs inside ten days: post-CVE-2026-41940 fleet now facing CVE-2026-29201/29202/29203
    weekly-multi-daycPanel / WHM — two emergency TSRs inside ten days: post-CVE-2026-41940 fleet now facing CVE-2026-29201/29202/29203

Where this entity is cited

  • trending-vulnerabilities2
  • active-threats2
  • research2
  • weekly-multi-day1
  • deep-dive1
  • weekly-top-stories1

Source distribution

  • attack.mitre.org4 (15%)
  • security-hub.ncsc.admin.ch2 (8%)
  • thehackernews.com2 (8%)
  • blog.spip.net1 (4%)
  • cert.ssi.gouv.fr1 (4%)
  • computing.co.uk1 (4%)
  • cve.news1 (4%)
  • cybernews.com1 (4%)
  • other13 (50%)

Related entities

All cited sources (26)

Entries about Unsafe (9)

2026-07-09 · view entry permalink →

NOTABLE

Deutsche Bank confirms a third-party vendor incident after 'Unsafe' ransomware group posts alleged employee data

The ransomware/extortion group "Unsafe" listed Deutsche Bank on its dark-web leak site and published screenshots of alleged database exports, terminal commands and employee records — email addresses, password hashes, physical addresses — as proof of a claimed breach of the bank's "internal systems" (Cybernews, 2026-07-07; Cybersecurity Insiders, 2026-07-08). Deutsche Bank's own spokesperson, in a statement carried on 2026-07-08/09, said the incident did not involve the bank's own network but instead affected a third-party company in Germany that runs a marketing and incentive platform for the bank's sales partners, with "no indication that Deutsche Bank's internal systems or networks were or are affected" (Computing UK, 2026-07-09). Researchers assessing the leaked samples said the data appears to relate to bank employees but that they could not determine whether any customer information was included.

Unsafe operates a ransomware-as-a-service, double-extortion model; after a relatively quiet 2024–2025 it re-emerged in 2026 with reported targets in Germany, the United States, Switzerland and France — the same-actor reach into this constituency's home region being the reason the item is in scope rather than the victim's name. The actual initial-access vector into the German vendor has not been disclosed by any party, and generic secondary profiling of Unsafe's tooling should be treated as unverified for this specific intrusion.

"We have been informed of a cybersecurity incident at an external service provider," the spokesperson said, adding that there was "no indication that Deutsche Bank's internal systems or networks were or are affected" and no evidence of unauthorised access to the bank's network.

Computing (UK) 2026-07-09

Based on the available samples, it's not possible to determine whether customer data is included in the alleged breach

Cybernews 2026-07-07
incident09 Jul 12:35Zmulti-sourceOpen finding ↗

2026-06-25 · view entry permalink →

HIGH

"Cordyceps" — the GitHub Actions pull_request_target pwn-request class is still widely exploitable at scale

Novee Security published "Cordyceps", an empirical study of a long-known but persistently unmitigated class of GitHub Actions CI/CD vulnerabilities (Novee Security, 2026-06-23 · SecurityWeek, 2026-06-24). The pattern: a pull_request_target (or comment-triggered) workflow runs with the base repository's write permissions and secrets while checking out or otherwise consuming untrusted fork-PR content, letting an attacker inject code into a privileged CI context (T1195.002). Of ~30,000 high-impact repositories scanned, 654 were flagged and 300+ confirmed fully exploitable — including Microsoft (Azure Sentinel), Google (AI Agent Development Kit), Apache (Doris), Cloudflare (Workers SDK) and the Python Software Foundation (Black) — with exploitation requiring only a free GitHub account and a single PR. Successful exploitation can yield the org's GitHub App key, cloud repository authority, or the ability to publish attacker-controlled packages to trusted registries. GitHub shipped actions/checkout v7 on 18 June with safer pull_request_target defaults that refuse to fetch fork-PR head commits in unsafe patterns (GitHub Changelog, 2026-06-18), but organisations pinning older action versions or running self-managed Enterprise Server are not yet protected. Audit .github/workflows/*.yml for pull_request_target triggers that reference any ${{ github.event.pull_request.* }} context in run:/env: steps; scope GITHUB_TOKEN to contents: read by default; and split build/test onto the unprivileged pull_request trigger.

Scans of 30,000 high-impact repositories flagged 654 vulnerable instances; over 300 were confirmed fully exploitable

Novee Security

GitHub updated actions/checkout on June 18 to block common pwn-request patterns

GitHub Changelog
research25 Jun 04:59Zmulti-sourceOpen finding ↗

2026-06-22 · view entry permalink →

HIGHCVE-2026-12569exploited

CVE-2026-12569 — PTC Windchill / FlexPLM pre-auth deserialization RCE, exploited, BSI calling admins at 02:30

If you did nothing this week: if you run an internet-reachable PTC Windchill or FlexPLM instance, assume compromise — a pre-auth deserialization flaw on the login interface is being exploited to drop backdoors, and the German BSI considered it urgent enough to phone operators in the middle of the night.

CVE-2026-12569 (CVSS 3.1 10.0; CVSS 4.0 9.3) is an unsafe deserialization of untrusted data reachable on the web-based Windchill/FlexPLM login interface before authentication — no credentials, no prior foothold, no user interaction (NCSC-CH Security Hub, 2026-06-19; daily 06-20 deep dive). PTC shipped fixes on 2026-06-15 and auto-patched cloud tenants; affected on-premises builds span the 11.x, 12.0.x, 12.1.x, 13.0.x and 13.1.0.0–13.1.3.0 lines as well as releases prior to 11.0 M030 (PTC PSIRT). Both BSI and NCSC-CH treat it as actively exploited, with Heise reporting backdoor deployment on vulnerable servers and the BSI escalating to direct after-hours phone calls — a step reserved for its highest-urgency advisories (Heise Security, 2026-06-19).

Windchill and FlexPLM are the product-lifecycle-management backbone across DACH manufacturing, aerospace, automotive and the defence-industrial base, holding engineering crown jewels (CAD, BOMs, supplier data) behind increasingly internet-reachable supplier portals — which is exactly why the BSI mobilised. Patch every on-premises instance, confirm cloud tenants were auto-patched, and until then pull the login interface off the internet behind a VPN or authenticating reverse proxy. Hunt for Java deserialization exception bursts on the login path and for the Windchill application-server process (JBoss/WildFly/WebLogic) spawning shells or scripting interpreters (T1190T1505.003).

Attacks on the deserialization vulnerability are apparently already underway to place backdoors on vulnerable servers.

At 2:30 AM, a BSI employee called the company, reported a new zero-day vulnerability, and urged immediate patches.

Heise Security
synthesis22 Jun 00:14Zmulti-sourceOpen finding ↗

2026-06-20 · view entry permalink →

CRITICALCVE-2026-12569exploited

PTC Windchill CVE-2026-12569: unauthenticated Java deserialization to RCE on the PLM management plane

Context. PTC Windchill and the FlexPLM apparel/retail variant are dominant product-lifecycle-management platforms across DACH manufacturing, aerospace, automotive and the defence-industrial base — systems that hold the engineering crown jewels (CAD, BOMs, supplier data) and increasingly sit behind internet-reachable web front-ends to support distributed engineering and supplier portals. That combination — high-value data and a network-exposed login surface — is what makes CVE-2026-12569 an emergency rather than a routine critical.

The flaw. CVE-2026-12569 (CVSS 3.1 10.0; CVSS 4.0 9.3) is an unsafe deserialization of untrusted data reachable on the web-based Windchill/FlexPLM login interface before authentication (NCSC-CH, 2026-06-19). A deserialization sink consumes attacker-controlled serialized data at the network edge; the only prerequisite is network access to the login endpoint, with no valid credentials, no prior foothold and no user interaction. PTC released fixes on 2026-06-15 and auto-patched cloud-hosted tenants (PTC PSIRT). Affected on-premises builds span the 11.x, 12.0.x, 12.1.x, 13.0.x and 13.1.0.0–13.1.3.0 lines as well as releases prior to 11.0 M030 — verify exact fixed-build numbers against the PTC advisory for your release train.

Exploitation status. Both BSI (Germany) and NCSC-CH treat this as actively exploited: Heise reported active exploitation deploying backdoors on vulnerable systems, and the BSI escalated to direct after-hours phone calls to known Windchill operators — a step reserved for the highest-urgency advisories (Heise Security, 2026-06-19).

Kill chain (mapped to MITRE ATT&CK).

  • Initial access / execution — pre-auth deserialization RCE against the public-facing login interface (T1190 Exploit Public-Facing Application). The deserialization gadget executes in the context of the Windchill Java application server.
  • Persistence — the sources report follow-on backdoor deployment on compromised hosts; this is consistent with installing a server-side implant or web component on the application server (T1505.003 Server Software Component: Web Shell), though the specific implant class was not detailed publicly.
  • Discovery / collection — a foothold on a PLM server places the attacker adjacent to engineering IP, supplier records and integration credentials to ERP/CAD systems.

Hunt and detection concepts (no IOCs). Watch Windchill application-server logs for Java deserialization exception bursts and class-resolution errors around the login path; alert on unexpected child processes spawned by the Windchill application-server process (JBoss/WildFly/WebLogic parent), which should not normally fork shells or scripting interpreters; flag anomalous inbound connections to Windchill HTTP/HTTPS ports from CIDR ranges that never legitimately reach the login surface; and treat any new outbound connections initiated by a PLM server as suspect, since these servers should have tightly-bounded egress.

Hardening / mitigation. Apply the 2026-06-15 patch on every on-premises instance and confirm cloud tenants were auto-patched. Until patched, remove the login interface from direct internet exposure — front it with VPN or an authenticating reverse proxy and segment the PLM tier so it cannot be reached from untrusted networks. Constrain the application-server service account to least privilege and restrict its outbound network paths so a successful deserialization yields the smallest possible blast radius.

Active exploitation is underway to deploy backdoors on vulnerable systems.

Heise Security

Current exploitation status: Actively Exploited

NCSC-CH Security Hub
vulnerability20 Jun 05:12Zmulti-sourceOpen finding ↗

2026-06-13 · view entry permalink →

Check Point chains SQL injection to RCE in LangGraph's checkpointer (CVE-2025-67644 + CVE-2026-28277)

Check Point Research disclosed a vulnerability chain in LangGraph, the open-source stateful-agent framework published under LangChain (Check Point Research, 2026-06-11). CVE-2025-67644 is a SQL injection in the SQLite checkpointer's get_state_history() function, which interpolates user-controlled metadata filter keys directly into SQL without sanitisation. Chained with CVE-2026-28277, an unsafe msgpack deserialization in checkpoint loading, an attacker injects a crafted checkpoint row via the SQLi and triggers arbitrary Python module import and command execution when the application later loads that checkpoint — full server-side RCE (The Hacker News, 2026-06-12). A parallel SQLi in the Redis checkpointer is tracked as CVE-2026-27022. Exploitation requires a self-hosted deployment using the SQLite or Redis checkpointer that exposes get_state_history() to user-controlled filter input; PostgreSQL-backed deployments and LangChain's managed LangSmith cloud are not affected. Per Check Point, the fixes shipped in langgraph-checkpoint-sqlite 3.0.1 (CVE-2025-67644), langgraph 1.0.10 (CVE-2026-28277) and langgraph-checkpoint-redis 1.0.2 (CVE-2026-27022). Maps to T1190 and T1059.006. This is the substantive technical disclosure behind the agentic-AI attack surface that Swiss/EU public-sector AI pilots are increasingly building on. Defender action: pin the fixed versions, treat get_state_history() filter input as untrusted even in internal tooling, and never expose the state-history API unauthenticated.

research13 Jun 05:00Zmulti-sourceOpen finding ↗

2026-05-13 · view entry permalink →

NOTABLE

CERTFR-2026-AVI-0564 — SPIP < 4.4.14: multiple RCEs (public and private area)

CERT-FR's advisory CERTFR-2026-AVI-0564 (2026-05-12) covers multiple remote code execution flaws in SPIP — the open-source CMS that powers a substantial share of French ministry, université and francophone Swiss canton web sites (CERT-FR CERTFR-2026-AVI-0564, 2026-05-12; SPIP security bulletin, 2026-05-12). The SPIP bulletin describes two distinct RCE paths in versions prior to 4.4.14: one in the private (authenticated) area, and one in the public (unauthenticated) area "under specific nginx configurations" — the SPIP bulletin notes the bugs are "not covered by the security screen", meaning they bypass SPIP's built-in filter layer. No CVE identifiers are assigned in the vendor bulletin. Fixed in SPIP 4.4.14. No ITW reported. Detection concepts: monitor SPIP ecrire/ and front-end access logs for the SSTI / template-load gadget patterns the bulletin enumerates; on shared-host SPIP estates, audit the nginx reverse-proxy configuration for the unsafe location pattern. Hardening: upgrade to 4.4.14; on internet-facing SPIP, gate ecrire/ to a known admin source set at the reverse proxy.

vulnerability13 May 05:00Zmulti-sourceOpen finding ↗

2026-05-11 · view entry permalink →

BSI flags Netgate pfSense Community Edition as critical-unpatched — CVE-2025-69690 / CVE-2025-69691 authenticated root RCE, vendor refuses to fix

BSI published WID-SEC-2026-1435 on 2026-05-08 rating two authenticated remote code execution vulnerabilities in Netgate pfSense Community Edition as kritisch and explicitly UNGEPATCHT in the BSI advisory feed (BSI WID-SEC-2026-1435, 2026-05-08). CVE-2025-69691 (CVSS 9.9) affects pfSense CE 2.8.0: the XMLRPC API endpoint /xmlrpc.php exposes the pfsense.exec_php method, which executes arbitrary PHP as root when invoked with any Basic Auth credentials — including default admin passwords on Internet-exposed deployments (Full Disclosure, 2026-02-16; cve.news analysis of CVE-2025-69691, 2026-05-08). CVE-2025-69690 (CVSS 8.8) affects pfSense CE 2.7.2 via unsafe deserialization in the configuration backup/restore path — uploading a crafted backup containing a serialized PHP object with a malicious post_reboot_commands property yields root RCE on restore (same primary disclosure thread).

Netgate's position, restated in the Full Disclosure thread, is that both behaviours are expected for authenticated administrators and that no patch will be issued. BSI taking a national-CERT position on the unpatched state three months after researcher disclosure is the in-window signal: this elevates pfSense CE from "vendor accepts behaviour" to "EU national authority recommends mitigation." pfSense Community Edition is licence-free and commonly deployed at the perimeter of Swiss cantonal, municipal, healthcare, education and SME networks where commercial pfSense+ subscriptions are out of reach. The pfSense+ commercial product is reportedly not affected by the same code paths.

Why it matters to us: Treat any Internet-exposed pfSense CE management interface (HTTPS web GUI, XMLRPC endpoint, SSH) as a credential-theft single-point-of-failure rather than a hardened control plane. Block the XMLRPC interface at the network level for any CE 2.8.0 deployment that cannot disable it administratively, restrict the web GUI to a management VLAN, rotate any admin passwords that ever traversed unencrypted networks, and audit system.xml for unexplained post_reboot_commands entries (CVE-2025-69690 persistence indicator). Because exploitation requires existing admin credentials, the operative attack chain is T1078 Valid Accounts (after credential theft) → T1059.004 Unix Shell; for an Internet-exposed management plane, T1190 Exploit Public-Facing Application remains the framing for the initial brute-force / credential-stuffing pivot.

threat11 May 05:00Zmulti-sourceOpen finding ↗

2026-05-10 · view entry permalink →

cPanel/WHM second emergency TSR in 10 days — embargo lifted on CVE-2026-29202 (post-auth Perl RCE, CVSS 8.8), CVE-2026-29203 (CVSS 8.8), CVE-2026-29201 (CVSS 4.3)

UPDATE (originally noted as embargoed-and-dropped 2026-05-09): Technical details for the three CVEs cPanel patched on 2026-05-08 emerged on 2026-05-09 (The Hacker News, 2026-05-09 · NCSC-CH Security Hub post 12550, 2026-05-08 · Panelica technical analysis, 2026-05-08).

CVE-2026-29202 (CVSS 8.8) is the highest-severity item: insufficient input validation of the plugin parameter in the create_user API allows an authenticated cPanel user to inject and execute arbitrary Perl code in the context of their system account — post-authentication RCE for any cPanel user with API access. CVE-2026-29203 (CVSS 8.8) is unsafe symlink handling enabling chmod abuse on arbitrary files (privilege escalation or denial-of-service). CVE-2026-29201 (CVSS 4.3) is arbitrary feature-file disclosure. None have confirmed in-the-wild exploitation as of 2026-05-09.

The compounding risk: cPanel hosts that were compromised through the still-recent CVE-2026-41940 authentication-bypass wave (~44 000 hosting servers exploited over February–May 2026) now face a fresh post-auth Perl-execution primitive. An attacker who already used the auth bypass can pivot to CVE-2026-29202 to escalate privilege or persist. Fixed: cPanel/WHM 11.136.0.9+, 11.134.0.25+, 11.132.0.31+. Operators with auto-update disabled or version-pinned builds must run /scripts/upcp manually.

vulnerability10 May 05:00Zmulti-sourceOpen finding ↗

2026-05-04 · view entry permalink →

NOTABLECVE-2026-29202 +2exploited

cPanel / WHM — two emergency TSRs inside ten days: post-CVE-2026-41940 fleet now facing CVE-2026-29201/29202/29203

cPanel / WHM saw two emergency Targeted Security Releases inside ten days, with the second arriving against a fleet that had not yet recovered from the first. CVE-2026-41940 (CRLF cookie-forge unauthenticated bypass) drove mass exploitation from approximately 2026-02-23 through the emergency patch on 2026-04-28 — roughly two months of zero-day exposure during which Shadowserver telemetry estimated ~44,000 IP addresses likely compromised; multiple distinct threat-actor campaigns deployed payloads, including a "Sorry" Go-based Linux encryptor and AdaptixC2 against government and military entities (watchTowr Labs · Rapid7 ETR · Help Net Security, 2026-05-04 · daily 2026-05-06 first coverage). The second TSR landed 2026-05-08 with three CVEs initially under responsible-disclosure embargo (and dropped from § 3 of the daily that day for that reason); the embargo lifted 2026-05-09 with technical analyses from The Hacker News and Panelica (daily 2026-05-09, daily 2026-05-10 UPDATE).

The compounding pattern is what makes this a multi-day-chain entry: cPanel hosts that recovered from the ~February–April CVE-2026-41940 wave now face fresh primitives — CVE-2026-29202 (CVSS 8.8) is post-auth Perl execution in the create_user API (any authenticated cPanel user with API access can inject and execute arbitrary Perl code in their system account context); CVE-2026-29203 (CVSS 8.8) is unsafe symlink handling enabling chmod abuse for privilege escalation or denial of service; CVE-2026-29201 (CVSS 4.3) is arbitrary feature-file disclosure (The Hacker News, 2026-05-09 · NCSC-CH 12550, 2026-05-08 · Panelica, 2026-05-08). An attacker who used CVE-2026-41940 to obtain unauthenticated cPanel access can pivot to CVE-2026-29202 to escalate privilege or persist inside the same compromised host. No confirmed in-the-wild exploitation of the second batch at week-end, but the population of unpatched hosts overlaps materially with the recovering CVE-2026-41940 fleet. Patch path: cPanel/WHM patched builds 11.136.0.9+, 11.134.0.25+, 11.132.0.31+; operators with auto-update disabled or version-pinned builds must run /scripts/upcp manually. European hosting providers and MSPs serving public-sector clients remain the structural exposure concentration.

synthesis04 May 05:00Zmulti-sourceOpen finding ↗