Skip to content
Auto-CTI

What has changed?

Comparing 30 June 2026 with the previous day 29 June 2026.

Newly added

20
KEV NEW C1
93

BlueHammer Vulnerability Exploited in Ransomware Attacks

A Microsoft Defender vulnerability is being actively exploited by ransomware groups, yet CISA does not proactively notify users when KEV-listed vulnerabilities enter active exploitation by ransomware campaigns.

Critical CVSS 7.8 EPSS 7%
NEW C3
63

Critical SimpleHelp Vulnerability Exploited for Malware Delivery

Attackers actively exploit an authentication bypass in SimpleHelp to deliver malware that specifically targets developer credentials, SSH keys, and cryptocurrency wallets,suggesting supply-chain and development-pipeline targeting.

Critical
NEW A3
47

[UPDATE] GNU libc: Multiple Vulnerabilities

BSI warning on critical GNU libc vulnerabilities affecting all Linux systems in production environment; prioritization of security updates required.

Critical
Russian ransomware group (identity unclear, but linked to eCrime operations) C3
32

An update on FortiBleed , what's happening with victim orgs

A significant number of Fortigate customers are already compromised via dormant admin accounts planted by ransomware groups , strategic backdoor infrastructure for future attacks.

Critical
A3
20

[UPDATE] 7-Zip: Multiple Vulnerabilities

BSI alert on multiple critical vulnerabilities in 7-Zip enabling local and remote code execution; patch status and affected versions should be verified.

High
NEW B3
0

What's new in Microsoft Security: June 2026

Microsoft introduces agent-based AI systems (MDASH) for automated vulnerability discovery and extends threat protection to AWS databases alongside enhanced identity backup capabilities.

Medium

Newly KEV-listed

0

No changes in this category.

Score moved

0

No changes in this category.

No longer in report

29
KEV NEW C1
72

'Djinn' Stealer Targets Cloud, AI Credentials

Active attack campaign exploits authentication bypass in RMM tools to gain admin access and deploy credential-stealing malware in enterprise environments , an attack pattern enabling widespread compromise.

High CVSS 10.0 EPSS 1%
NEW Russian Intelligence Services C3
85

FBI Warning: Russian Intelligence Targeting Messenger Backup Keys

Russian intelligence services impersonate messenger support to steal backup recovery keys and gain access to high-value targets (government officials, military, journalists) , a new tactic in the phishing context.

Critical
NEW CyberAv3ngers, IRGC-linked groups, Russian state actors, Chinese state actors C3
83

Iran, Russia, China Target Water Systems for Sabotage

State-sponsored actors from Iran, Russia, and China exploit basic attack vectors such as weak passwords and exposed PLCs rather than sophisticated malware to sabotage critical infrastructure.

Critical
NEW C3
75

Interior Ministry Partially Clarifies Cyberdome

The Interior Ministry's clarification of Cyberdome signals strengthened government coordination against cyberattacks in the DACH region and may require IT vendors to achieve 'Cyberdome-ready' certification.

Critical
Russian-speaking threat actors C3
37

Sweeping Credential-Harvesting Heist Compromises 30K+ Fortinet Devices

A large-scale automated credential-harvesting campaign ("FortiBleed") targeting Fortinet devices is actively operational and has already compromised 30,000+ Internet-facing devices globally; suspected Russian-speaking threat actors.

Critical
NEW ShinyHunters C3
17

'DirtyClone' Linux Kernel Vulnerability Leads to Root Access

DirtyClone (CVE-2026-43503, CVSS 8.8) is a new Linux kernel variant of DirtyFrag with active abuse by groups like ShinyHunters, enabling immediate root privilege escalation on unpatched or incompletely patched systems.

High
NEW B3
15

The Art of Being Ungovernable

An established MaaS campaign for Chinese-speaking cybercriminal groups leverages BadIIS to compromise IIS servers for SEO fraud and traffic redirection, with multi-year development history and persistent mechanisms.

High
NEW B3
12

29th June , Threat Intelligence Report

Report aggregates multiple unrelated attacks and vulnerabilities (Polymarket supply-chain attack, KDDI breach, Cisco zero-day, Fortinet vulnerabilities) without focus on a single active campaign; serves as a weekly threat intelligence digest.

High
ESC