Skip to content
Auto-CTI
Archive view — this data may be outdated.

CTI status

Joel Traber AG

As of:

Last pipeline run:

Status High

All threats

Sorted by KEV · Risk · EPSS
KEV BRICKSTORM
72

vSphere and BRICKSTORM Malware: A Defender's Guide

BRICKSTORM operates below the guest OS layer on the virtualization plane where EDR agents are ineffective and traditional security controls historically lag , a critical visibility gap for most organizations.

High CVSS 10.0 EPSS 22%
UNC6201, UNC5807, UNC6692
75

M-Trends 2026: Data, Insights, and Strategies From the Frontlines

Sophisticated APT groups like UNC6201 and UNC5807 optimize for extreme persistence by targeting edge devices (VPNs, routers) lacking EDR telemetry; exploitation occurs on average 7 days before patch availability, with custom malware deployed directly to network appliances.

Critical
What has changed since yesterday? →
ESC