Skip to content
Auto-CTI

What has changed?

Comparing 24 June 2026 with the previous day 23 June 2026.

Newly added

54
NEW C3
75

Traces of cyberattacks often lead to Russia

Germany is identified as Europe's focal point for ransomware attacks, while Russia serves as a safe haven for cybercriminals,a geopolitical pattern with direct relevance for DACH organizations.

Critical
NEW C3
70

Ubiquiti UniFi OS Security Vulnerabilities Under Active Attack

Critical Ubiquiti UniFi OS vulnerabilities are already being actively exploited in the wild despite patches being available since late May 2026; administrators who have not yet updated to version 5.1.12 or 5.0.8 are at immediate risk.

Critical
NEW C3
70

Critical Ubiquiti Vulnerabilities in Attackers' Crosshairs

Multiple critical Ubiquiti vulnerabilities (CVE-2026-34908, -34909, -34910 with CVSS 10/10 and CVE-2025-67038 with CVSS 9.8) were already exploited in the wild as zero-days despite patches, to create rogue administrator accounts and conduct automated reconnaissance attacks.

Critical
A3
20

Mozilla Firefox: Multiple Vulnerabilities

The BSI alert does not specify CVE numbers or affected versions, indicating a generic vulnerability announcement without concrete threat intensity.

High
A3
20

[UPDATE] OpenSSL: Multiple Vulnerabilities

The BSI warns of multiple critical-severity vulnerabilities in OpenSSL (RCE, DoS, information disclosure); timely patching and specific CVE identification are required to prioritize affected systems.

High
A3
20

Ubiquiti UniFi OS: Multiple Vulnerabilities

BSI warns of multiple vulnerabilities in Ubiquiti UniFi OS without specific CVE numbers; technical detail level and exploitation status are currently unclear.

High
A3
20

7-Zip: Multiple Vulnerabilities

The BSI warns of multiple vulnerabilities in 7-Zip that can be exploited by simply opening manipulated archives and enable code execution.

High
NEW Woodgnat C3
17

New 'Mistic' RAT Opens Door to Several Ransomware Families

Woodgnat group actively uses the new Mistic RAT to distribute multiple ransomware families (Qilin, Rhysida, Akira, Black Basta), combining technical exploits with social engineering techniques like ClickFix.

High
NEW A3
0

[UPDATE] Linux Kernel: Multiple Vulnerabilities

BSI alert on multiple unspecified Linux Kernel vulnerabilities without CVE details complicates prioritisation; details and affected versions must be retrieved from the full BSI advisory.

Medium
A3
0

Microsoft Patch Day May 2026

Monthly patch summary without specification of individual CVEs or active exploits , routine update announcement.

Medium

Newly KEV-listed

0

No changes in this category.

Score moved

0

No changes in this category.

No longer in report

18
KEV NEW B1
71

CVE-2024-40766: The Patch Fixed the Bug. Nobody Fixed the Configuration.

The vulnerability is actively exploited and demonstrates a typical gap between patch availability and user configuration; exploitation waves in July-August 2025 indicate ransomware campaigns (including Akira) combining a firewall vulnerability with weak configuration practices.

High CVSS 9.8 EPSS 16%
KEV Russian state-sponsored actors C1
70

Russian Attackers Weaponize WinRAR Flaw Against Ukrainian Orgs

Russian threat actors are actively exploiting a known WinRAR vulnerability (patched in July) for targeted cyberespionage against Ukrainian military and government targets, signaling sustained cyber-warfare in the region.

High CVSS 8.8 EPSS 81%
NEW Russian Initial-Access Broker (IAB) C3
80

Russian Initial Access Broker Behind FortiBleed Campaign

A Russian initial-access broker is running the FortiBleed campaign to harvest credentials at scale (110+ million since February 2026) via network sniffers and may sell acquired access to state-sponsored groups or ransomware gangs.

Critical
NEW A2
71

CVE-2020-9695

This CVE originates from 2020 and has been extensively patched; active exploitations in the wild are unlikely if patches have been applied.

High CVSS 7.8 EPSS 0%
NEW A2
58

CVE-2026-54515

Vulnerability allows bypass of @JsonIgnoreProperties filters by exploiting case-insensitivity processing in jackson-databind, making supposedly ignored properties writable again.

Medium CVSS 5.3 EPSS 0%
NEW A2
50

CVE-2020-9711

This 2020 CVE is long patched and remains relevant only if outdated Acrobat versions are still in productive use in the organisation; no current threat.

Medium CVSS 5.5 EPSS 0%
NEW A2
50

CVE-2020-9713

This is a 2020 vulnerability with no evidence of active exploitation or coordinated attack campaigns in the wild.

Medium CVSS 5.5 EPSS 0%
A3
20

[UPDATE] systemd: Multiple Vulnerabilities

BSI advisory without explicit CVE numbers suggests coordinated disclosure or not-yet-fully-disclosed vulnerabilities; priority depends on CVE details and patch availability.

High
NEW A3
0

Siemens WinCC Certificate Manager

Siemens WinCC Certificate Manager has a vulnerability that may allow attackers to bypass authentication mechanisms or accept invalid certificates.

Medium
ESC