Skip to content
Auto-CTI

What has changed?

Comparing 30 June 2026 with the previous day 23 June 2026.

Newly added

20
KEV NEW C1
93

BlueHammer Vulnerability Exploited in Ransomware Attacks

A Microsoft Defender vulnerability is being actively exploited by ransomware groups, yet CISA does not proactively notify users when KEV-listed vulnerabilities enter active exploitation by ransomware campaigns.

Critical CVSS 7.8 EPSS 7%
NEW C3
63

Critical SimpleHelp Vulnerability Exploited for Malware Delivery

Attackers actively exploit an authentication bypass in SimpleHelp to deliver malware that specifically targets developer credentials, SSH keys, and cryptocurrency wallets,suggesting supply-chain and development-pipeline targeting.

Critical
NEW A3
47

[UPDATE] GNU libc: Multiple Vulnerabilities

BSI warning on critical GNU libc vulnerabilities affecting all Linux systems in production environment; prioritization of security updates required.

Critical
Russian ransomware group (identity unclear, but linked to eCrime operations) C3
32

An update on FortiBleed , what's happening with victim orgs

A significant number of Fortigate customers are already compromised via dormant admin accounts planted by ransomware groups , strategic backdoor infrastructure for future attacks.

Critical
A3
20

[UPDATE] 7-Zip: Multiple Vulnerabilities

BSI alert on multiple critical vulnerabilities in 7-Zip enabling local and remote code execution; patch status and affected versions should be verified.

High
NEW B3
0

What's new in Microsoft Security: June 2026

Microsoft introduces agent-based AI systems (MDASH) for automated vulnerability discovery and extends threat protection to AWS databases alongside enhanced identity backup capabilities.

Medium

Newly KEV-listed

0

No changes in this category.

Score moved

0

No changes in this category.

No longer in report

18
KEV NEW B1
71

CVE-2024-40766: The Patch Fixed the Bug. Nobody Fixed the Configuration.

The vulnerability is actively exploited and demonstrates a typical gap between patch availability and user configuration; exploitation waves in July-August 2025 indicate ransomware campaigns (including Akira) combining a firewall vulnerability with weak configuration practices.

High CVSS 9.8 EPSS 16%
KEV Russian state-sponsored actors C1
70

Russian Attackers Weaponize WinRAR Flaw Against Ukrainian Orgs

Russian threat actors are actively exploiting a known WinRAR vulnerability (patched in July) for targeted cyberespionage against Ukrainian military and government targets, signaling sustained cyber-warfare in the region.

High CVSS 8.8 EPSS 81%
NEW Russian Initial-Access Broker (IAB) C3
80

Russian Initial Access Broker Behind FortiBleed Campaign

A Russian initial-access broker is running the FortiBleed campaign to harvest credentials at scale (110+ million since February 2026) via network sniffers and may sell acquired access to state-sponsored groups or ransomware gangs.

Critical
NEW A2
71

CVE-2020-9695

This CVE originates from 2020 and has been extensively patched; active exploitations in the wild are unlikely if patches have been applied.

High CVSS 7.8 EPSS 0%
NEW A2
58

CVE-2026-54515

Vulnerability allows bypass of @JsonIgnoreProperties filters by exploiting case-insensitivity processing in jackson-databind, making supposedly ignored properties writable again.

Medium CVSS 5.3 EPSS 0%
NEW A2
50

CVE-2020-9711

This 2020 CVE is long patched and remains relevant only if outdated Acrobat versions are still in productive use in the organisation; no current threat.

Medium CVSS 5.5 EPSS 0%
NEW A2
50

CVE-2020-9713

This is a 2020 vulnerability with no evidence of active exploitation or coordinated attack campaigns in the wild.

Medium CVSS 5.5 EPSS 0%
A3
20

[UPDATE] systemd: Multiple Vulnerabilities

BSI advisory without explicit CVE numbers suggests coordinated disclosure or not-yet-fully-disclosed vulnerabilities; priority depends on CVE details and patch availability.

High
NEW A3
0

Siemens WinCC Certificate Manager

Siemens WinCC Certificate Manager has a vulnerability that may allow attackers to bypass authentication mechanisms or accept invalid certificates.

Medium
ESC