Skip to content
Auto-CTI

What has changed?

Comparing 8 July 2026 with the previous day 1 July 2026.

Newly added

29
NEW A2
99

CVE-2026-58525

This is a standard NVD patch notice without active campaign or in-the-wild exploitation details; likely already covered by BSI/CISA advisories.

Critical CVSS 8.2 EPSS 0%
C3
80

Europe Evolves Into Ransomware's Favorite Region

Ransomware-as-a-Service ecosystems are strategically shifting focus toward European organizations and their supply chains, signaling a deliberate repositioning of ransomware campaigns after a global lull.

Critical
NEW LapDogs (China-linked APT) C3
80

China-Linked APT Expands Arsenal With New 'Leash' Backdoors

A China-linked APT group is actively expanding its arsenal with new proprietary backdoor variants (LongLeash, DogLeash, JarLeash) for SOHO routers, signalling sustained investment in infrastructure compromise in the context of geopolitical tensions.

Critical
NEW UAT-7810 C3
75

China-Linked UAT-7810 Expands ORB Network With New LONGLEASH Malware

Chinese APT UAT-7810 is actively developing custom malware (ShortLeash/LONGLEASH) to establish Operational Relay Box networks positioned as infrastructure provider for downstream threat actors,a strategic escalation pattern targeting high-value victims.

Critical
NEW A2
71

CVE-2026-13129

A JavaScript-based field traversal vulnerability in PDF applications can cause application crash through invalid pointer dereference when a corrupted field form is opened.

High CVSS 7.8 EPSS 0%
NEW A2
71

CVE-2026-57237

A memory-corruption flaw in PDF applications can be triggered by malicious JavaScript in form fields, leading to application crashes; remote code execution potential is unclear from the advisory.

High CVSS 7.8 EPSS 0%
NEW A2
71

CVE-2026-57238

The vulnerability causes DoS through invalid object access after JavaScript deletion of form fields in PDF documents; no remote code execution.

High CVSS 7.8 EPSS 0%
NEW A2
71

CVE-2026-57245

The vulnerability enables a heap corruption condition through improper validation of PDF annotation relationships, potentially leading to crashes or code execution.

High CVSS 7.8 EPSS 0%
NEW A2
71

CVE-2026-57250

A flaw in PDF applications enables crash-through-service via malformed JavaScript form fields without validation checks.

High CVSS 7.8 EPSS 0%
NEW A2
71

CVE-2026-57252

The vulnerability enables PDF application crashes through manipulated JavaScript code during page deletion and annotation removal, with no remote code execution or data loss documented.

High CVSS 7.8 EPSS 0%
NEW A2
71

CVE-2026-57256

A validation failure in PDF form objects during JavaScript execution leads to invalid pointer access and application crash, potentially exploitable for denial-of-service.

High CVSS 7.8 EPSS 0%
NEW A2
68

CVE-2026-57239

The vulnerability allows local users to escalate privileges to NT AUTHORITY\SYSTEM level via user-controllable executable files; however, the vendor, PoC status, and active exploitation details remain unclear.

High CVSS 8.2 EPSS 0%
NEW A2
55

CVE-2026-57255

Memory vulnerability in PDF rendering enables remote denial-of-service through malformed color spaces; attack vectors via email attachments or SharePoint documents are likely.

Medium CVSS 6.1 EPSS 0%
B3
20

Introduction to COM usage by Windows threats

Researchers systematically document how malware abuses COM interfaces for lateral movement, persistence, and Windows automation, with Qakbot presented as a case study and reverse-engineering tools discussed.

High
NEW A3
20

[UPDATE] OpenSSH: Multiple Vulnerabilities

The BSI advisory covers multiple OpenSSH vulnerabilities without naming CVE numbers or specific version details,a typical aggregated advisory lacking clarity on exploit status.

High
A3
20

Google Chrome and Microsoft Edge: Multiple Vulnerabilities

The BSI warning is a collection advisory covering multiple browser vulnerabilities without specific CVE identification; prioritizing patches requires identifying the specific CVEs affecting Chrome and Edge versions in use.

High

Newly KEV-listed

0

No changes in this category.

Score moved

0

No changes in this category.

No longer in report

111
NEW A2
98

CVE-2026-50521

The vulnerability requires prior network authorization and is covered by standard NVD reporting without active exploitation or geopolitical dimension.

Critical CVSS 8.3 EPSS 0%
B3
75

25th May , Threat Intelligence Report

Check Point documents a 124% surge in hacktivism and ransomware across Germany, Austria, and Switzerland in 2025,a strategically significant shift in the DACH threat landscape for manufacturing organizations.

Critical
A3
20

[UPDATE] GNU libc: Multiple Vulnerabilities

BSI alert on multiple GNU libc vulnerabilities with broad impact on all Linux systems in production environments; urgency and details depend on the severity level of the underlying CVEs.

High
A3
20

Ubiquiti UniFi OS Server: Multiple Vulnerabilities

BSI warns of multiple critical vulnerabilities in Ubiquiti UniFi OS Server enabling remote code execution and data compromise , a direct threat to network infrastructure requiring urgent patching.

High
NEW C3
20

Massive Password Spray Campaign Targeting Azure CLI

Massive credential-spraying attack with 81 million login attempts against Azure CLI indicates coordinated attacks on cloud infrastructure; LSHIY hosting provider as attack infrastructure suggests organized threat actors.

High
A3
20

[UPDATE] OpenSSL: Multiple Vulnerabilities

The BSI warning describes multiple OpenSSL vulnerabilities without specific CVE designations or severity levels , a typical aggregated security alert for critical infrastructure, but requires clarification for prioritization.

High
A3
20

7-Zip: Vulnerability Enables Code Execution

A newly discovered RCE vulnerability in 7-Zip when processing NTFS archives requires user interaction but poses significant risk in manufacturing environments where archives are frequently exchanged.

High
NEW B3
12

ARToken: Inside an EvilTokens affiliate panel targeting Microsoft 365

ARToken is a fully automated PhaaS panel with 80+ API endpoints for targeted Microsoft 365 phishing, including persistent token acquisition via Microsoft Authentication Broker and SharePoint exfiltration , an escalated threat model compared to earlier EvilTokens reporting.

High
A3
0

Microsoft Edge: Multiple Vulnerabilities

The advisory contains no CVE numbers or specific vulnerability details; this is a generic precautionary notice without current exploitation evidence.

Medium
ESC