Skip to content
Auto-CTI

What has changed?

Comparing 20 June 2026 with the previous day 13 June 2026.

Newly added

57
NEW A2
100

CVE-2026-54130

An authentication bypass in M365 Copilot permits unauthorized access to sensitive information over the network without legitimate credentials.

Critical CVSS 9.8 EPSS 0%
NEW A2
100

CVE-2026-45480

An authentication flaw in Azure AD enables remote privilege escalation; this affects organizations relying on Microsoft Entra ID for identity management, especially in distributed access scenarios (RDP, VPN, cloud services).

Critical CVSS 10.0 EPSS 0%
NEW A2
90

CVE-2026-48582

An authentication gap in Microsoft Exchange Online allows authorized attackers to escalate privileges over the network, with no prior disclosure or active exploitation reported.

Critical CVSS 9.6 EPSS 0%
NEW A2
87

CVE-2026-42488

A memory corruption vulnerability in Xen shadow paging can lead to mapcache inconsistencies when vCPU references are not updated after page-table switches.

Critical CVSS 8.1 EPSS 0%
Screening Serpens B3
85

Tracking Iranian APT Screening Serpens' 2026 Espionage Campaigns

Iranian APT Screening Serpens deploys updated MiniJunk V2 malware with advanced defense evasion techniques (.NET AppDomainManager) for espionage against European targets, signaling elevated activity against EU/DACH infrastructure.

Critical
B3
75

25th May , Threat Intelligence Report

Two actively exploited Windows Defender flaws (privilege escalation and denial of service) are being weaponized in the wild, coinciding with a documented 124% surge in hacktivism and ransomware targeting DACH organizations in 2025.

Critical
NEW A2
50

CVE-2026-1288

A NULL pointer dereference in Revit's RFA-to-FormIt conversion can cause application crashes, but impacts only availability, not data integrity or code execution.

Medium CVSS 5.5 EPSS 0%
NEW A3
20

Adobe Creative Cloud Applications: Multiple Vulnerabilities

The BSI warns of multiple unspecified vulnerabilities in Adobe Creative Cloud without naming individual CVEs or version numbers; this indicates an aggregated security notice but requires cross-reference with Adobe security bulletins for specific affected versions.

High
A3
20

[UPDATE] OpenSSL: Multiple Vulnerabilities

BSI warns of multiple OpenSSL vulnerabilities with varying impacts (DoS, information disclosure); specific CVE numbers and CVSS scores are required for prioritization.

High
A3
20

7-Zip: Vulnerability Enables Code Execution

A code-execution vulnerability in 7-Zip affecting NTFS archive processing requires user interaction for exploitation; this poses a risk to systems where 7-Zip is deployed for file management.

High
NEW B3
15

Threat Brief: Mitigating Large-Scale Credential Attacks

Unit 42 documents an active large-scale campaign using password spraying attacks against Fortinet, Sophos, and MSSQL services for initial access; threat actors extract configurations and target authentication mechanisms.

High
A3
0

Microsoft Patchday April 2026

Routine BSI patch advisory without specific CVE details or active exploitation; requires standard patch process.

Medium

Newly KEV-listed

0

No changes in this category.

Score moved

0

No changes in this category.

No longer in report

2
NEW C3
80

Chinese hackers hijack auth flow, spy on isolated network for a decade

Chinese threat actors demonstrate capability for undetected decade-long compromise of isolated/air-gapped networks through authentication mechanism manipulation, raising critical concerns for European manufacturing and critical infrastructure environments.

Critical
A3
20

Microsoft Edge: Multiple Vulnerabilities

BSI warns of multiple vulnerabilities in Microsoft Edge enabling active security bypass and code execution; specific CVE numbers and patch status are not detailed in the source.

High
ESC