Skip to content
Auto-CTI

What has changed?

Comparing 23 May 2026 with the previous day 16 May 2026.

Newly added

15
KEV BRICKSTORM
72

vSphere and BRICKSTORM Malware: A Defender's Guide

BRICKSTORM operates below the guest OS layer on the virtualization plane where EDR agents are ineffective and traditional security controls historically lag , a critical visibility gap for most organizations.

High CVSS 10.0 EPSS 22%
UNC6201, UNC5807, UNC6692
75

M-Trends 2026: Data, Insights, and Strategies From the Frontlines

Sophisticated APT groups like UNC6201 and UNC5807 optimize for extreme persistence by targeting edge devices (VPNs, routers) lacking EDR telemetry; exploitation occurs on average 7 days before patch availability, with custom malware deployed directly to network appliances.

Critical

Newly KEV-listed

0

No changes in this category.

Score moved

0

No changes in this category.

No longer in report

0

No changes in this category.

ESC