Skip to content
Auto-CTI

What has changed?

Comparing 6 June 2026 with the previous day 5 June 2026.

Newly added

19
C3
17

Microsoft Issues Out-of-Band SharePoint Patch

The out-of-band patch prioritization underscores that Microsoft considers the vulnerability time-critical; despite the absence of public exploits and in-the-wild exploitation, rapid deployment is recommended given SharePoint's history as a high-value target.

High

Newly KEV-listed

0

No changes in this category.

Score moved

0

No changes in this category.

No longer in report

182
KEV BRICKSTORM B1
72

vSphere and BRICKSTORM Malware: A Defender's Guide

BRICKSTORM is a targeted espionage campaign against VMware vSphere environments that establishes persistence at the hypervisor layer below the guest OS, exploiting visibility gaps in traditional endpoint detection.

High CVSS 10.0 EPSS 23%
NEW A2
100

CVE-2026-48579

The vulnerability affects authorization in Exchange Online and allows unauthorized information disclosure over the network , a direct risk for cloud-based email infrastructure.

Critical CVSS 9.1 EPSS 0%
NEW A2
79

CVE-2026-47655

The vulnerability allows an authorized attacker to disclose sensitive information via the Microsoft Graph API; this is critical for organizations using Microsoft 365 and Entra ID.

Critical CVSS 6.5 EPSS 0%
NEW Nimbus Manticore (Iran IRGC-affiliated) B3
75

Fast and Furious , Nimbus Manticore Operations During the Iranian Conflict

An Iran-affiliated IRGC-linked threat actor (Nimbus Manticore) demonstrates novel operational techniques including SEO poisoning against Western aviation and software sectors, indicating elevated state-sponsored cyber activity during regional conflicts with potential supply-chain implications for European manufacturing.

Critical
B3
75

25th May , Threat Intelligence Report

Hacktivism and ransomware in Germany, Austria, and Switzerland surged 124% in 2025; simultaneously, Windows Defender zero-days (CVE-2026-41091, CVE-2026-45498) are actively exploited.

Critical
NEW A2
70

CVE-2026-48092

The vulnerability affects only 32-bit builds of 7-Zip; 64-bit versions are protected due to automatic integer promotion, enabling selective patching prioritization.

High CVSS 4.3 EPSS 0%
NEW A2
52

CVE-2026-48111

The vulnerability is triggered automatically when opening UEFI firmware archives and can cause denial of service or data leakage without requiring active exploitation.

Medium CVSS 4.3 EPSS 0%
NEW A2
38

CVE-2026-48102

The vulnerability allows information disclosure and denial-of-service via crafted UDF disc images; auto-detection by signature means suspect ISO/UDF files pose a crash risk at the point of opening.

Low CVSS 3.1 EPSS 0%
A3
20

[UPDATE] GNU libc: Multiple Vulnerabilities

The BSI warning addresses multiple GNU libc vulnerabilities without explicitly naming specific CVE numbers; this indicates a meta-advisory or overview of several already-known gaps.

High
NEW A3
20

Google Chrome and Microsoft Edge: Multiple Vulnerabilities

BSI warns of multiple unspecified vulnerabilities in both browsers exploitable via web-based attacks , without specific CVE numbers or PoC details, this is likely a generic security advisory accompanying a regular patch cycle.

High
ESC