Skip to content
Auto-CTI

What has changed?

Comparing 3 May 2026 with the previous day 2 May 2026.

Newly added

218
KEV NEW Microsoft HAFNIUM (Chinese state-sponsored)
55

CVE-2021-27065 — Microsoft Exchange Server Remote Code Execution Vulnerability

This CVE is part of the Proxylogon chain (CVE-2021-26855 + 27065) actively exploited by state-sponsored actors (HAFNIUM/China) since early 2021; patch status should be verified immediately as critical infrastructure and manufacturing sectors remain targets.

Critical CVSS 7.8 EPSS 94%
KEV NEW Netapp
55

CVE-2025-0411 — 7-Zip Mark of the Web Bypass Vulnerability

Mark of the Web bypass enables malicious 7z archives to execute without user warning when extracted, elevating phishing+social engineering risk in manufacturing environments where CAD/design files are routinely shared.

Critical CVSS 7.0 EPSS 52%
KEV NEW Microsoft Hafnium (suspected APT40)
55

CVE-2021-26857 — Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2021-26857 was exploited by state-sponsored Hafnium (suspected APT40) against European manufacturing and utilities in early 2021; DACH SMEs running Exchange must treat this as a nation-state supply-chain threat even if patched, as forensics may reveal lateral movement into manufacturing control networks.

Critical CVSS 7.8 EPSS 45%
NEW Microsoft
20

Microsoft won’t patch PhantomRPC: Feature or bug?

Microsoft's decision not to patch PhantomRPC suggests either a design-level architectural decision or disputed severity classification; critical for organizations relying on RPC-dependent legacy systems and manufacturing tools.

High
NEW sudo
20

[UPDATE] sudo: Mehrere Schwachstellen

BSI update confirms multiple sudo flaws enabling local root escalation; critical for Ubuntu 24.04 LTS systems used in manufacturing environment where industrial control access (SIMATIC WinCC, TIA Portal, PLCs) depends on privilege separation.

High
NEW Oracle
20

[UPDATE] Oracle Java SE: Mehrere Schwachstellen

BSI official advisory on Oracle Java SE indicates this is a coordinated disclosure—likely covering recent Java SE critical patch updates; Joel Traber AG should prioritize patching Java runtimes used in Abacus ERP and development environments.

High
NEW Google
20

Google Chrome: Mehrere Schwachstellen

BSI advisory flags multiple Chrome vulnerabilities with unspecified details; patch status and CVE list should be tracked as details emerge.

High
NEW Google; Microsoft
20

Google Chrome und Microsoft Edge: Mehrere Schwachstellen

BSI has issued a warning on multiple Chrome/Edge vulnerabilities without full disclosure yet—suggests active exploitation risk or zero-day concerns in DACH region; immediate patch monitoring required.

High
NEW FreeRDP
20

[UPDATE] FreeRDP: Mehrere Schwachstellen

BSI advisory on FreeRDP multiple vulnerabilities affecting arbitrary code execution and DoS; relevant for organisations deploying open-source RDP alternatives or legacy RDP-based infrastructure.

High
NEW Microsoft
20

[UPDATE] Microsoft Windows: Mehrere Schwachstellen

BSI advisory on multiple Windows vulnerabilities affecting privilege escalation and RCE vectors; no specific CVEs listed in this update notice, suggesting rolling advisory covering recent patches or embargo-period disclosures.

High
NEW Synology
20

Synology DiskStation Manager: Mehrere Schwachstellen

BSI warning on multiple DSM vulnerabilities affecting a core backup/storage component; no CVE numbers provided in alert, suggesting coordinated or embargoed disclosure—immediate patching of Synology DSM systems recommended.

High
NEW Adobe
20

Adobe Creative Cloud Applikationen: Mehrere Schwachstellen

BSI advisory confirms multiple unpatched or recently patched vulnerabilities in Creative Cloud suite affecting German manufacturing; recommend immediate patch review and user awareness on suspicious file sources.

High
NEW Adobe
20

Adobe Acrobat DC: Mehrere Schwachstellen

BSI advisory on multiple unspecified Adobe Acrobat DC/Reader DC RCE and privilege escalation flaws; lack of CVE details suggests active advisory or coordinated disclosure window.

High
NEW Intel
20

Intel Prozessoren: Mehrere Schwachstellen

BSI official warning signals coordinated vulnerability disclosure affecting core compute infrastructure; DACH supply-chain and manufacturing sectors should prioritize patching.

High
NEW Microsoft
20

Exploits Turn Windows Defender Into Attacker Tool

Exploitation technique that converts Windows Defender from defensive tool into attack vector represents a critical defense-in-depth concern for organizations relying on Microsoft's endpoint protection as primary security layer.

High
NEW Microsoft
20

Bypassing Windows Administrator Protection

Project Zero disclosed a method to bypass Windows Administrator Protection by exploiting TokenLinkedToken query behavior that generates new logon sessions, enabling potential privilege escalation on vulnerable systems.

High
NEW Ubiquiti; ConnectWise
20

23rd March – Threat Intelligence Report

Ubiquiti UniFi critical vulnerability directly affects company's network infrastructure; ScreenConnect flaw relevant to remote access security posture across managed IT services.

High
NEW Linux
0

[UPDATE] Linux Kernel: Mehrere Schwachstellen

BSI advisory signals multiple unspecified kernel CVEs requiring patch assessment across Ubuntu 24.04 LTS fleet; prioritize kernel updates in WSUS/patch management.

Medium
NEW Microsoft
0

Microsoft Edge: Mehrere Schwachstellen

BSI generic advisory without CVE details limits immediate patching clarity; requires monitoring for published CVE list and Microsoft security updates.

Medium

Newly KEV-listed

0

No changes in this category.

Score moved

0

No changes in this category.

No longer in report

11
KEV NEW Linux
100

Metasploit Wrap-Up 05/01/2026

Public PoC and Metasploit module for a Linux kernel cryptographic API logic flaw enabling local privilege escalation on AMD64/AARCH64 systems.

Critical CVSS 7.8 EPSS 3%
KEV NEW Dell
50

vSphere and BRICKSTORM Malware: A Defender's Guide

The BRICKSTORM malware exploits vCenter SSO to establish persistence and evade detection, requiring MFA and real-time alerting on SSO account actions.

Critical CVSS 10.0 EPSS 22%
NEW
100

CVE-2026-22167

This vulnerability allows a non-privileged user to corrupt kernel memory via GPU system calls, which could be exploited in multi-tenant virtualization environments like VMware ESXi to break isolation.

High CVSS 7.8 EPSS 0%
NEW Linux
0

CVE-2026-31700

This is a newly disclosed Linux kernel vulnerability with a TOCTOU race condition in the packet socket subsystem that could allow local privilege escalation.

Low EPSS 0%
NEW Linux
0

CVE-2026-31709

This CVE describes a newly discovered vulnerability in the Linux kernel's SMB client that allows a malicious server to corrupt memory via a crafted DACL, going beyond a simple patch reminder by detailing the specific flaw in ACL validation.

Low EPSS 0%
NEW Linux
0

CVE-2026-31711

An unauthenticated remote attacker can exhaust the max_connections pool by triggering memory allocation failures via crafted TCP connections, causing permanent denial of service until module reload.

Low EPSS 0%
NEW Linux
0

CVE-2026-31774

This vulnerability describes a specific slab-out-of-bounds read in io_uring that can be triggered by passing large sqe->len values, potentially leading to memory corruption or information disclosure.

Low EPSS 0%
NEW Linux
0

CVE-2026-43016

This is a newly disclosed use-after-free vulnerability in the Linux kernel's BPF sockmap subsystem that could allow local privilege escalation or denial of service.

Low EPSS 0%
NEW Linux
0

CVE-2026-43043

This is a newly disclosed vulnerability with no active exploitation reported yet, but it poses a high risk of kernel panic for systems using AF_ALG crypto operations.

Low EPSS 0%
ESC