Skip to content
Auto-CTI

What has changed?

Comparing 4 June 2026 with the previous day 28 May 2026.

Newly added

14
NEW TeamPCP C3
75

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

A hacker group (TeamPCP) is exploiting vulnerabilities in development tools and cloud misconfigurations at scale to steal credentials and propagate through supply-chain ecosystems via worms,a new escalation in attacks on open-source infrastructure.

Critical
NEW Iranian state-backed ransomware actors C3
75

U.S. sanctions Nobitex crypto exchange used by Iranian ransomware actors

Iranian ransomware actors use cryptocurrency exchanges for money laundering; OFAC sanctions against Nobitex signal escalated financial control and elevated risk for European organizations targeted by Iran-backed ransomware campaigns.

Critical
NEW A3
20

CVE-2026-50205

The vulnerability enables extraction of unencrypted SMTP authentication credentials directly from system log files , a frequently overlooked attack vector for lateral movement and account compromise.

High EPSS 0%

Newly KEV-listed

0

No changes in this category.

Score moved

0

No changes in this category.

No longer in report

35
KEV
76

Patch Tuesday - May 2026

137 Microsoft vulnerabilities published in May 2026, including critical RCE in Windows Netlogon and DNS Client with no known active exploitation.

Critical CVSS 9.8 EPSS 94%
NEW
86

CVE-2026-47331

An unprivileged local user can exploit a race condition in AppArmor SAUCE patches to achieve arbitrary code execution, which is particularly relevant for multi-tenant environments.

Critical CVSS 7.8 EPSS 0%
NEW
67

CVE-2026-47328

An unprivileged local user can trigger a memory-management bug in the kernel via AppArmor SAUCE patches, leading to slab metadata corruption and resource exhaustion.

High CVSS 6.1 EPSS 0%
NEW
51

CVE-2026-32998

A remote code execution in Veeam Service Provider Console enables unauthorized access to backup infrastructure and potential compromise of business-critical data.

Critical EPSS 0%
NEW
20

Veeam Backup & Replication: Multiple Vulnerabilities

A BSI warning regarding multiple vulnerabilities in Veeam Backup & Replication signals elevated priority for patching, as this solution is central to the company's data protection and recovery strategy.

High
NEW
20

Mozilla Firefox: Multiple Vulnerabilities

BSI advisory without specific CVE numbers or technical details; typical pattern of generic security warnings without documented active exploits in the wild.

High
20

Adobe Creative Cloud Applications: Multiple Vulnerabilities

BSI warns of multiple unspecified vulnerabilities in Adobe Creative Cloud applications without concrete CVE numbers or patching information; the advisory is generic and requires clarification of affected versions and available patches.

High
NEW
15

Warning of Malware Due to Supply-Chain Attacks

CISA warns of currently active supply-chain attacks on multiple popular developer tools, with 42 TanStack packages comprising 84 versions compromised within 6,20 minutes; affected organizations should immediately reset credentials and audit installations.

High
0

Microsoft Patch Day May 2026

BSI notification of Microsoft's monthly patch day , routine security updates with no specific CVEs or exploitation status disclosed.

Medium
ESC