Skip to content
Auto-CTI

What has changed?

Comparing 30 May 2026 with the previous day 29 May 2026.

Newly added

4
NEW UNC6671
15

Welcome to BlackFile: Inside a Vishing Extortion Operation

UNC6671 uses vishing and adversary-in-the-middle techniques to bypass MFA, compromise Microsoft 365 and Okta, and exfiltrate data for extortion; the recent shutdown of their data leak site may signal a rebranding rather than cessation of operations.

High

Newly KEV-listed

0

No changes in this category.

Score moved

0

No changes in this category.

No longer in report

83
KEV NEW
75

CVE-2026-0265: Authentication Bypass in Palo Alto Networks PAN-OS

CVE-2026-0265 enables authentication bypass in Palo Alto Networks firewalls with Cloud Authentication Service enabled; no public exploits available yet but practical exploitability confirmed with technical details pending disclosure.

Critical CVSS 9.8 EPSS 5%
Kimsuky
80

Kimsuky targets organizations with PebbleDash-based tools

Kimsuky has developed two variants of the httpMalice backdoor: an HTTP/HTTPS variant (v1.9) with Windows service persistence and an older Dropbox-API-based variant (v1.8), which could target European and DACH organizations.

Critical
NEW
47

[UPDATE] OpenSSL: Multiple Vulnerabilities

BSI warning regarding multiple OpenSSL vulnerabilities with potential code execution and denial-of-service; update information without specific CVE details in this summary.

Critical
NEW
20

CVE-2026-9933

This is a pure patch notification with no evidence of active exploitation or coordinated attacks; the vulnerability requires targeted user interaction.

High EPSS 0%
NEW
20

7-Zip: Multiple Vulnerabilities

BSI warns of multiple unspecified vulnerabilities in 7-Zip triggered by user interaction with manipulated files,advisory lacks CVE numbers or PoC details.

High
ESC