Skip to content
Auto-CTI

What has changed?

Comparing 6 July 2026 with the previous day 29 June 2026.

Newly added

12
Chinese state-sponsored group (unnamed by Anthropic; September 2025 campaign) B3
75

Hypersonic Supply Chain Attacks: One Solution That Didn't Need to Know the Payload

Chinese state-sponsored actors conducted an AI-assisted espionage campaign against approximately 30 organizations in September 2025, with the AI system autonomously executing 80,90% of tactical operations and reducing human decision-making to only 4,6 points per campaign.

Critical
NEW PolinRider (North Korea-aligned) B3
70

6th July , Threat Intelligence Report

North Korea-aligned PolinRider campaign distributes 100+ malicious packages across open-source registries and Chrome extensions; targets developer supply chains critical to manufacturing environments (CAD, ERP integrations).

High

Newly KEV-listed

0

No changes in this category.

Score moved

0

No changes in this category.

No longer in report

29
KEV NEW C1
72

'Djinn' Stealer Targets Cloud, AI Credentials

Active attack campaign exploits authentication bypass in RMM tools to gain admin access and deploy credential-stealing malware in enterprise environments , an attack pattern enabling widespread compromise.

High CVSS 10.0 EPSS 1%
NEW Russian Intelligence Services C3
85

FBI Warning: Russian Intelligence Targeting Messenger Backup Keys

Russian intelligence services impersonate messenger support to steal backup recovery keys and gain access to high-value targets (government officials, military, journalists) , a new tactic in the phishing context.

Critical
NEW CyberAv3ngers, IRGC-linked groups, Russian state actors, Chinese state actors C3
83

Iran, Russia, China Target Water Systems for Sabotage

State-sponsored actors from Iran, Russia, and China exploit basic attack vectors such as weak passwords and exposed PLCs rather than sophisticated malware to sabotage critical infrastructure.

Critical
NEW C3
75

Interior Ministry Partially Clarifies Cyberdome

The Interior Ministry's clarification of Cyberdome signals strengthened government coordination against cyberattacks in the DACH region and may require IT vendors to achieve 'Cyberdome-ready' certification.

Critical
Russian-speaking threat actors C3
37

Sweeping Credential-Harvesting Heist Compromises 30K+ Fortinet Devices

A large-scale automated credential-harvesting campaign ("FortiBleed") targeting Fortinet devices is actively operational and has already compromised 30,000+ Internet-facing devices globally; suspected Russian-speaking threat actors.

Critical
NEW ShinyHunters C3
17

'DirtyClone' Linux Kernel Vulnerability Leads to Root Access

DirtyClone (CVE-2026-43503, CVSS 8.8) is a new Linux kernel variant of DirtyFrag with active abuse by groups like ShinyHunters, enabling immediate root privilege escalation on unpatched or incompletely patched systems.

High
NEW B3
15

The Art of Being Ungovernable

An established MaaS campaign for Chinese-speaking cybercriminal groups leverages BadIIS to compromise IIS servers for SEO fraud and traffic redirection, with multi-year development history and persistent mechanisms.

High
NEW B3
12

29th June , Threat Intelligence Report

Report aggregates multiple unrelated attacks and vulnerabilities (Polymarket supply-chain attack, KDDI breach, Cisco zero-day, Fortinet vulnerabilities) without focus on a single active campaign; serves as a weekly threat intelligence digest.

High
ESC