Skip to content
Auto-CTI

What has changed?

Comparing 9 July 2026 with the previous day 8 July 2026.

Newly added

43
KEV B1
62

The April 2026 Security Update Review

The article is a monthly patch review covering multiple elevation-of-privilege vulnerabilities in Windows kernel modules and SQL Server; Adobe Reader is flagged as actively exploited, but without specific DACH relevance or geopolitical implications.

Medium CVSS 6.5 EPSS 64%
NEW Iran (state-sponsored) C3
80

Iran's Cyber Crosshairs Focus Beyond Critical Infrastructure

Iranian cyber actors are expanding targets beyond classical critical infrastructure to manufacturing operations and supply chains, representing an immediate geopolitical threat to European industrial enterprises.

Critical
NEW A2
79

CVE-2026-54801

Authentication bypass in the Web API allows authenticated attackers to elevate to administrative accounts without credential validation.

Critical CVSS 7.2 EPSS 0%
NEW UAT-7810 B3
75

Winning 54% of the time

China-nexus APT group UAT-7810 systematically exploits unpatched network devices as relay points for attacks on high-value targets and provides infrastructure for other APT groups.

Critical
B2
74

CVE-2026-33824: Remote Code Execution in Windows IKEv2

A double-free vulnerability in the Windows IKEv2 service allows unauthenticated remote attackers to crash the IKEEXT service or execute arbitrary code by sending crafted packet fragments.

High CVSS 9.8 EPSS 56%
NEW C3
71

Microsoft Patches Defender 'RoguePlanet' Vulnerability

A privilege escalation flaw in Microsoft's malware protection engine could allow attackers with limited rights to escalate to system level and compromise the security infrastructure itself.

High CVSS 7.8 EPSS 3%
NEW C3
70

Microsoft fixes RoguePlanet zero-day in Defender

A critical elevation of privilege vulnerability in Microsoft Defender allows attackers to escalate from standard user account to full system control (NT AUTHORITY\SYSTEM).

Critical
NEW A2
58

CVE-2026-54800

Critical vulnerability in Siemens ICS components with default-disabled OPC UA security mechanisms allows unauthorized access to production systems without requiring prior attacker reconnaissance.

Medium CVSS 4.8 EPSS 0%
NEW A3
20

[UPDATE] Microsoft Edge: Multiple Vulnerabilities

The BSI advisory provides no specific CVE identifiers and describes a general vulnerability pattern in Microsoft Edge without exploitation status or PoC details; likely an aggregated patch advisory.

High
NEW A3
20

Google Chrome: Multiple Vulnerabilities

The BSI alert signals multiple critical Chrome vulnerabilities without specific CVE enumeration, indicating an aggregated security advisory requiring timely patched versions.

High
NEW C3
17

Microsoft Reins in RoguePlanet Zero-Day Threat

A security researcher (Nightmare-Eclipse) is deliberately publishing multiple Microsoft zero-days with PoC exploits; RoguePlanet enables privilege escalation from user to SYSTEM level on Windows devices.

High

Newly KEV-listed

0

No changes in this category.

Score moved

0

No changes in this category.

No longer in report

29
NEW A2
99

CVE-2026-58525

This is a standard NVD patch notice without active campaign or in-the-wild exploitation details; likely already covered by BSI/CISA advisories.

Critical CVSS 8.2 EPSS 0%
C3
80

Europe Evolves Into Ransomware's Favorite Region

Ransomware-as-a-Service ecosystems are strategically shifting focus toward European organizations and their supply chains, signaling a deliberate repositioning of ransomware campaigns after a global lull.

Critical
NEW LapDogs (China-linked APT) C3
80

China-Linked APT Expands Arsenal With New 'Leash' Backdoors

A China-linked APT group is actively expanding its arsenal with new proprietary backdoor variants (LongLeash, DogLeash, JarLeash) for SOHO routers, signalling sustained investment in infrastructure compromise in the context of geopolitical tensions.

Critical
NEW UAT-7810 C3
75

China-Linked UAT-7810 Expands ORB Network With New LONGLEASH Malware

Chinese APT UAT-7810 is actively developing custom malware (ShortLeash/LONGLEASH) to establish Operational Relay Box networks positioned as infrastructure provider for downstream threat actors,a strategic escalation pattern targeting high-value victims.

Critical
NEW A2
71

CVE-2026-13129

A JavaScript-based field traversal vulnerability in PDF applications can cause application crash through invalid pointer dereference when a corrupted field form is opened.

High CVSS 7.8 EPSS 0%
NEW A2
71

CVE-2026-57237

A memory-corruption flaw in PDF applications can be triggered by malicious JavaScript in form fields, leading to application crashes; remote code execution potential is unclear from the advisory.

High CVSS 7.8 EPSS 0%
NEW A2
71

CVE-2026-57238

The vulnerability causes DoS through invalid object access after JavaScript deletion of form fields in PDF documents; no remote code execution.

High CVSS 7.8 EPSS 0%
NEW A2
71

CVE-2026-57245

The vulnerability enables a heap corruption condition through improper validation of PDF annotation relationships, potentially leading to crashes or code execution.

High CVSS 7.8 EPSS 0%
NEW A2
71

CVE-2026-57250

A flaw in PDF applications enables crash-through-service via malformed JavaScript form fields without validation checks.

High CVSS 7.8 EPSS 0%
NEW A2
71

CVE-2026-57252

The vulnerability enables PDF application crashes through manipulated JavaScript code during page deletion and annotation removal, with no remote code execution or data loss documented.

High CVSS 7.8 EPSS 0%
NEW A2
71

CVE-2026-57256

A validation failure in PDF form objects during JavaScript execution leads to invalid pointer access and application crash, potentially exploitable for denial-of-service.

High CVSS 7.8 EPSS 0%
NEW A2
68

CVE-2026-57239

The vulnerability allows local users to escalate privileges to NT AUTHORITY\SYSTEM level via user-controllable executable files; however, the vendor, PoC status, and active exploitation details remain unclear.

High CVSS 8.2 EPSS 0%
NEW A2
55

CVE-2026-57255

Memory vulnerability in PDF rendering enables remote denial-of-service through malformed color spaces; attack vectors via email attachments or SharePoint documents are likely.

Medium CVSS 6.1 EPSS 0%
B3
20

Introduction to COM usage by Windows threats

Researchers systematically document how malware abuses COM interfaces for lateral movement, persistence, and Windows automation, with Qakbot presented as a case study and reverse-engineering tools discussed.

High
NEW A3
20

[UPDATE] OpenSSH: Multiple Vulnerabilities

The BSI advisory covers multiple OpenSSH vulnerabilities without naming CVE numbers or specific version details,a typical aggregated advisory lacking clarity on exploit status.

High
A3
20

Google Chrome and Microsoft Edge: Multiple Vulnerabilities

The BSI warning is a collection advisory covering multiple browser vulnerabilities without specific CVE identification; prioritizing patches requires identifying the specific CVEs affecting Chrome and Edge versions in use.

High
ESC