Skip to content
Auto-CTI

What has changed?

Comparing 23 May 2026 with the previous day 22 May 2026.

Newly added

15
KEV BRICKSTORM
72

vSphere and BRICKSTORM Malware: A Defender's Guide

BRICKSTORM operates below the guest OS layer on the virtualization plane where EDR agents are ineffective and traditional security controls historically lag , a critical visibility gap for most organizations.

High CVSS 10.0 EPSS 22%
UNC6201, UNC5807, UNC6692
75

M-Trends 2026: Data, Insights, and Strategies From the Frontlines

Sophisticated APT groups like UNC6201 and UNC5807 optimize for extreme persistence by targeting edge devices (VPNs, routers) lacking EDR telemetry; exploitation occurs on average 7 days before patch availability, with custom malware deployed directly to network appliances.

Critical

Newly KEV-listed

0

No changes in this category.

Score moved

0

No changes in this category.

No longer in report

47
NEW
92

CVE-2026-33000

A privilege-escalation vulnerability in UniFi OS enables remote command execution for attackers with network access, directly compromising the central network-management infrastructure.

Critical CVSS 9.1 EPSS 0%
NEW
92

CVE-2026-34908

An access control vulnerability in UniFi OS allows network-adjacent attackers to make unauthorized system changes without requiring authentication.

Critical CVSS 10.0 EPSS 0%
NEW
92

CVE-2026-34909

Network access alone is sufficient to exploit a path-traversal vulnerability in UniFi devices for file manipulation and account compromise, without requiring authentication.

Critical CVSS 10.0 EPSS 0%
NEW
92

CVE-2026-34910

The vulnerability enables direct command execution on UniFi devices through network access by exploiting improper input validation, requiring immediate patch prioritization in Joel Traber AG's infrastructure.

Critical CVSS 10.0 EPSS 0%
NEW
51

Ubiquiti UniFi OS Server: Multiple Vulnerabilities

BSI warns of multiple production-in-use vulnerabilities in UniFi OS Server with direct RCE potential; absence of CVE numbers suggests possible zero-days or coordinated disclosure.

Critical
NEW
20

[UPDATE] Linux Kernel: Multiple Vulnerabilities

The advisory lacks specificity regarding affected kernel versions and CVE identifiers; further details are required to assess exploitation status and patching priority for Ubuntu 24.04 LTS.

High
20

[UPDATE] Linux Kernel: Multiple Vulnerabilities

BSI advisory on multiple Linux kernel vulnerabilities without specific CVE disclosure or PoC status; concrete patch status and affected versions must be obtained from the full BSI report.

High
20

Adobe Acrobat DC: Multiple Vulnerabilities

The BSI alert on multiple RCE and privilege escalation vulnerabilities in Adobe Acrobat DC/Reader DC requires immediate patching action for all affected systems in the company.

High
NEW
12

CVE-2026-39832

OpenSSH-based remote access scenarios at Joel Traber AG may be affected by a vulnerability that bypasses key access restrictions and permits unrestricted use of forwarded keys on remote hosts.

High EPSS 0%
0

Microsoft Edge: Multiple Vulnerabilities

The BSI warns of multiple unspecified vulnerabilities in Microsoft Edge enabling information disclosure and manipulation; user interaction is required for exploitation.

Medium
ESC