Skip to content
Auto-CTI

What has changed?

Comparing 28 May 2026 with the previous day 27 May 2026.

Newly added

35
KEV
76

Patch Tuesday - May 2026

137 Microsoft vulnerabilities published in May 2026, including critical RCE in Windows Netlogon and DNS Client with no known active exploitation.

Critical CVSS 9.8 EPSS 94%
NEW
86

CVE-2026-47331

An unprivileged local user can exploit a race condition in AppArmor SAUCE patches to achieve arbitrary code execution, which is particularly relevant for multi-tenant environments.

Critical CVSS 7.8 EPSS 0%
NEW
67

CVE-2026-47328

An unprivileged local user can trigger a memory-management bug in the kernel via AppArmor SAUCE patches, leading to slab metadata corruption and resource exhaustion.

High CVSS 6.1 EPSS 0%
NEW
51

CVE-2026-32998

A remote code execution in Veeam Service Provider Console enables unauthorized access to backup infrastructure and potential compromise of business-critical data.

Critical EPSS 0%
NEW
20

Veeam Backup & Replication: Multiple Vulnerabilities

A BSI warning regarding multiple vulnerabilities in Veeam Backup & Replication signals elevated priority for patching, as this solution is central to the company's data protection and recovery strategy.

High
NEW
20

Mozilla Firefox: Multiple Vulnerabilities

BSI advisory without specific CVE numbers or technical details; typical pattern of generic security warnings without documented active exploits in the wild.

High
20

Adobe Creative Cloud Applications: Multiple Vulnerabilities

BSI warns of multiple unspecified vulnerabilities in Adobe Creative Cloud applications without concrete CVE numbers or patching information; the advisory is generic and requires clarification of affected versions and available patches.

High
NEW
15

Warning of Malware Due to Supply-Chain Attacks

CISA warns of currently active supply-chain attacks on multiple popular developer tools, with 42 TanStack packages comprising 84 versions compromised within 6,20 minutes; affected organizations should immediately reset credentials and audit installations.

High
0

Microsoft Patch Day May 2026

BSI notification of Microsoft's monthly patch day , routine security updates with no specific CVEs or exploitation status disclosed.

Medium

Newly KEV-listed

0

No changes in this category.

Score moved

0

No changes in this category.

No longer in report

36
NEW
100

CVE-2025-12686

A remote code execution vulnerability in BeeStation Manager requires attention if the product is deployed, but does not affect standard Synology DSM devices typically used in manufacturing environments.

Critical CVSS 9.8 EPSS 0%
NEW
98

CVE-2025-13392

An authentication bypass in Synology DSM SSO module allows unauthorised access to NAS systems with knowledge of LDAP Distinguished Names, without requiring a password.

Critical CVSS 8.1 EPSS 0%
NEW
97

CVE-2025-41669

The vulnerability allows local users to install unsigned APP packages on PLCnext controllers without integrity verification, leading to root-level code execution,a critical risk for connected industrial automation systems.

Critical CVSS 8.8 EPSS 0%
NEW
80

Disputed Powers: BKA Receives Access to Attacker Infrastructure

Germany's Cabinet has granted the BKA new powers for active cyber defense, including the right to infiltrate and disrupt or destroy foreign IT systems , a measure that carries significant risks to uninvolved third parties, as attackers routinely use compromised systems as springboards.

Critical
NEW
80

Bill on Cybersecurity: Dobrindt Redefines Hackbacks

The German bill explicitly regulates hackbacks and active cyber defense for the first time, defining new legal boundaries and options for cyber countermeasures for German and European companies.

Critical
OceanLotus
75

OceanLotus suspected of using PyPI to deliver ZiChatBot malware

OceanLotus leverages legitimate Python package repositories (PyPI) as a malware distribution channel to compromise developers and organizations with Python dependencies,a sophisticated supply-chain approach with potential DACH implications.

Critical
NEW
59

CVE-2024-47268

The vulnerability allows already-authenticated administrators to obtain sensitive information via undocumented vectors , an insider-risk scenario in surveillance-critical systems.

Medium CVSS 4.9 EPSS 0%
NEW
20

7-Zip: Vulnerability Enables Code Execution

The BSI warns of a critical remote code execution vulnerability in 7-Zip when processing NTFS archives, which requires user interaction but poses significant security implications.

High
NEW
20

[UPDATE] OpenSSL: Multiple Vulnerabilities

BSI warning on multiple OpenSSL vulnerabilities without specific CVE references , requires clarification via direct BSI source or CISA cross-reference for concrete patching priorities.

High
20

Google Chrome: Multiple Vulnerabilities

BSI warns of multiple unspecified Chrome vulnerabilities without naming specific CVE IDs or affected versions; the exact risk remains unclear until full disclosure.

High
NEW Akira
20

Reconstructing an Akira Ransomware Kill Chain from Perimeter and Endpoint Logs

Akira intrusion demonstrates typical pattern: initial authentication via SSLVPN, lateral movement exclusively via RDP over two days, Kerberoasting and defense evasion through Event Log deletion,all activity was visible in standard logs but required proactive correlation between firewall and endpoint logs.

High
NEW
0

[UPDATE] Linux Kernel: Multiple Vulnerabilities

BSI warning regarding multiple unspecified Linux kernel vulnerabilities without concrete CVE identifiers complicates risk prioritization for organizations with Ubuntu deployments.

Medium
ESC