The critical deserialization vulnerability CVE-2026-12569 in PTC Windchill PDMLink is being actively exploited; attackers are installing web shells and targeting sensitive design and engineering data in defense, aerospace, and automotive sectors.
OP-512 is the fourth China-linked group in 12 months to attack IIS servers, employing three proprietary web shells with cryptographic controls and automated callback functionality.