Skip to content
Auto-CTI

What has changed?

Comparing 8 June 2026 with the previous day 7 June 2026.

Newly added

30
NEW A2
90

CVE-2026-50752

A weakness in certificate validation logic of the deprecated IKEv1 key exchange allows man-in-the-middle attackers to bypass authentication and intercept or modify VPN tunnel traffic.

Critical CVSS 7.4 EPSS 0%
NEW VerdantBamboo (aka Clay Typhoon, UNC5221, Warp Panda) C3
80

VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances

A China-nexus APT group (VerdantBamboo/Clay Typhoon) deploys specialized malware variants on Linux systems, including a BSD-variant backdoor with customized persistence mechanisms for appliances; this signals targeted adaptation to critical infrastructure targets.

Critical
B3
80

State-sponsored actors, better known as the friends you don't want

State-sponsored adversaries exploit legitimate access and internal tools rather than direct breaches; their reconnaissance phase can span months and often leaves no detectable log artifacts , standard ransomware incident response procedures are ineffective against them.

Critical
NEW NSO Group C3
75

WhatsApp says it disrupted new NSO spyware phishing attacks

NSO Group is conducting active spear-phishing campaigns via WhatsApp, demonstrating that commercial spyware developers continue to be deployed as state-sponsored tools against individuals and organizations.

Critical
NEW Iran (Iranian state-sponsored cyber actors) C3
75

Iran Signed a Ceasefire , Its Hackers Didn't

The article reveals that Iranian cyber operations continue independently of diplomatic ceasefires, indicating a structural risk to Western and European infrastructure.

Critical
A3
20

[UPDATE] OpenSSL: Multiple Vulnerabilities

The BSI advisory on multiple OpenSSL vulnerabilities without specific CVE identification and without detailed exploitation status indicates a general warning that likely aggregates multiple known vulnerabilities without describing an active targeted campaign.

High
A3
20

Google Chrome: Multiple Vulnerabilities

BSI warns of multiple undisclosed Chrome vulnerabilities; details are minimal, exploitation is possible but only active for specific variants.

High
NEW TeamPCP B3
15

TeamPCP Supply Chain Campaign: Activity Through 2026-06-07

TeamPCP campaign now publicly available in Mini Shai-Hulud framework; threat expands from original supply-chain target to broader attacker community with focus on build-pipeline access and credential exfiltration.

High
NEW A3
0

Microsoft Edge: Multiple Vulnerabilities

The BSI advisory describes multiple vulnerabilities in Microsoft Edge without specific CVE numbers; exploitation in some cases requires only clicking a malicious link.

Medium

Newly KEV-listed

0

No changes in this category.

Score moved

0

No changes in this category.

No longer in report

0

No changes in this category.

ESC