Skip to content
Auto-CTI

What has changed?

Comparing 21 June 2026 with the previous day 20 June 2026.

Newly added

4
Iran (state-sponsored) C3
75

Iran Signed a Ceasefire , Its Hackers Didn't

Iranian state actors continue cyber operations despite diplomatic ceasefires, exposing a loophole in international conflict law regarding cyberwarfare under ceasefire conditions.

Critical
APT29 (Cloaked Ursa, Midnight Blizzard) B3
20

When "Hi, This Is IT" Comes Through Microsoft Teams

APT29 (Cloaked Ursa) and UNC6692 exploit compromised accounts to send phishing links via Microsoft Teams messages redirecting to credential harvesting pages mimicking legitimate Microsoft login portals.

High
A3
20

Google Chrome: Multiple Vulnerabilities

BSI advisory on multiple Chrome vulnerabilities without specific CVE numbers; details not yet published, but code execution and security bypass possible.

High

Newly KEV-listed

0

No changes in this category.

Score moved

0

No changes in this category.

No longer in report

57
NEW A2
100

CVE-2026-54130

An authentication bypass in M365 Copilot permits unauthorized access to sensitive information over the network without legitimate credentials.

Critical CVSS 9.8 EPSS 0%
NEW A2
100

CVE-2026-45480

An authentication flaw in Azure AD enables remote privilege escalation; this affects organizations relying on Microsoft Entra ID for identity management, especially in distributed access scenarios (RDP, VPN, cloud services).

Critical CVSS 10.0 EPSS 0%
NEW A2
90

CVE-2026-48582

An authentication gap in Microsoft Exchange Online allows authorized attackers to escalate privileges over the network, with no prior disclosure or active exploitation reported.

Critical CVSS 9.6 EPSS 0%
NEW A2
87

CVE-2026-42488

A memory corruption vulnerability in Xen shadow paging can lead to mapcache inconsistencies when vCPU references are not updated after page-table switches.

Critical CVSS 8.1 EPSS 0%
Screening Serpens B3
85

Tracking Iranian APT Screening Serpens' 2026 Espionage Campaigns

Iranian APT Screening Serpens deploys updated MiniJunk V2 malware with advanced defense evasion techniques (.NET AppDomainManager) for espionage against European targets, signaling elevated activity against EU/DACH infrastructure.

Critical
B3
75

25th May , Threat Intelligence Report

Two actively exploited Windows Defender flaws (privilege escalation and denial of service) are being weaponized in the wild, coinciding with a documented 124% surge in hacktivism and ransomware targeting DACH organizations in 2025.

Critical
NEW A2
50

CVE-2026-1288

A NULL pointer dereference in Revit's RFA-to-FormIt conversion can cause application crashes, but impacts only availability, not data integrity or code execution.

Medium CVSS 5.5 EPSS 0%
NEW A3
20

Adobe Creative Cloud Applications: Multiple Vulnerabilities

The BSI warns of multiple unspecified vulnerabilities in Adobe Creative Cloud without naming individual CVEs or version numbers; this indicates an aggregated security notice but requires cross-reference with Adobe security bulletins for specific affected versions.

High
A3
20

[UPDATE] OpenSSL: Multiple Vulnerabilities

BSI warns of multiple OpenSSL vulnerabilities with varying impacts (DoS, information disclosure); specific CVE numbers and CVSS scores are required for prioritization.

High
A3
20

7-Zip: Vulnerability Enables Code Execution

A code-execution vulnerability in 7-Zip affecting NTFS archive processing requires user interaction for exploitation; this poses a risk to systems where 7-Zip is deployed for file management.

High
NEW B3
15

Threat Brief: Mitigating Large-Scale Credential Attacks

Unit 42 documents an active large-scale campaign using password spraying attacks against Fortinet, Sophos, and MSSQL services for initial access; threat actors extract configurations and target authentication mechanisms.

High
A3
0

Microsoft Patchday April 2026

Routine BSI patch advisory without specific CVE details or active exploitation; requires standard patch process.

Medium
ESC