Skip to content
Auto-CTI

What has changed?

Comparing 27 June 2026 with the previous day 26 June 2026.

Newly added

4
NEW Russian Intelligence Services C3
85

Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials

Russian intelligence services are conducting a targeted campaign using fake SMS messages to steal credentials from Ukrainian and European government officials, military personnel, and activists , a strategic threat pattern for DACH organizations in government and critical infrastructure sectors.

Critical
NEW Russian intelligence services C3
75

FBI: Russian hackers now target Signal backup recovery keys

Russian intelligence services are expanding their Signal-targeted phishing campaigns to extract Backup Recovery Keys, enabling access to historical messages and compromising the security of encrypted communications within organizations.

Critical

Newly KEV-listed

0

No changes in this category.

Score moved

0

No changes in this category.

No longer in report

25
KEV B1
62

The April 2026 Security Update Review

Monthly patch roundup focused on Adobe and Microsoft; particular priority given to an active Reader exploit and multiple elevation-of-privilege vulnerabilities in Windows components and SQL Server.

Medium CVSS 6.5 EPSS 64%
KEV NEW C1
55

First-Ever Exploitation of PTC Windchill Vulnerability Discovered in the Wild

First documented exploitation of CVE-2026-12569 in Windchill demonstrates that threat actors are operationalizing PTC products as targets immediately after patches became available,German authorities have also previously warned about this vulnerability and a related CVE-2026-4681.

Medium EPSS 1%
NEW B2
51

The May 2026 Security Update Review

May release covers 52 Adobe CVEs and numerous Microsoft patches with Adobe Commerce and Connect highest priority; no active wild exploitations reported.

Medium CVSS 8.1 EPSS 72%
NEW A3
20

CVE-2026-57535

HTML content in PDF rendering contexts can leak information about the rendering server via <img> tags with remote URLs or be exploited as an SSRF vector in the local network.

High EPSS 0%
A3
20

Microsoft Edge: Multiple Vulnerabilities

BSI warns of multiple critical vulnerabilities in Microsoft Edge enabling remote code execution and security bypass; specific CVE numbers not provided.

High
NEW A3
20

Bitwarden: Multiple Vulnerabilities

Authenticated attackers can exploit multiple vulnerabilities to manipulate critical password and management data or disclose sensitive information.

High
ESC