Skip to content
Auto-CTI

What has changed?

Comparing 30 May 2026 with the previous day 23 May 2026.

Newly added

4
NEW UNC6671
15

Welcome to BlackFile: Inside a Vishing Extortion Operation

UNC6671 uses vishing and adversary-in-the-middle techniques to bypass MFA, compromise Microsoft 365 and Okta, and exfiltrate data for extortion; the recent shutdown of their data leak site may signal a rebranding rather than cessation of operations.

High

Newly KEV-listed

0

No changes in this category.

Score moved

0

No changes in this category.

No longer in report

15
KEV BRICKSTORM
72

vSphere and BRICKSTORM Malware: A Defender's Guide

BRICKSTORM operates below the guest OS layer on the virtualization plane where EDR agents are ineffective and traditional security controls historically lag , a critical visibility gap for most organizations.

High CVSS 10.0 EPSS 22%
UNC6201, UNC5807, UNC6692
75

M-Trends 2026: Data, Insights, and Strategies From the Frontlines

Sophisticated APT groups like UNC6201 and UNC5807 optimize for extreme persistence by targeting edge devices (VPNs, routers) lacking EDR telemetry; exploitation occurs on average 7 days before patch availability, with custom malware deployed directly to network appliances.

Critical
ESC