Skip to content
Auto-CTI

What has changed?

Comparing 9 July 2026 with the previous day 2 July 2026.

Newly added

43
KEV B1
62

The April 2026 Security Update Review

The article is a monthly patch review covering multiple elevation-of-privilege vulnerabilities in Windows kernel modules and SQL Server; Adobe Reader is flagged as actively exploited, but without specific DACH relevance or geopolitical implications.

Medium CVSS 6.5 EPSS 64%
NEW Iran (state-sponsored) C3
80

Iran's Cyber Crosshairs Focus Beyond Critical Infrastructure

Iranian cyber actors are expanding targets beyond classical critical infrastructure to manufacturing operations and supply chains, representing an immediate geopolitical threat to European industrial enterprises.

Critical
NEW A2
79

CVE-2026-54801

Authentication bypass in the Web API allows authenticated attackers to elevate to administrative accounts without credential validation.

Critical CVSS 7.2 EPSS 0%
NEW UAT-7810 B3
75

Winning 54% of the time

China-nexus APT group UAT-7810 systematically exploits unpatched network devices as relay points for attacks on high-value targets and provides infrastructure for other APT groups.

Critical
B2
74

CVE-2026-33824: Remote Code Execution in Windows IKEv2

A double-free vulnerability in the Windows IKEv2 service allows unauthenticated remote attackers to crash the IKEEXT service or execute arbitrary code by sending crafted packet fragments.

High CVSS 9.8 EPSS 56%
NEW C3
71

Microsoft Patches Defender 'RoguePlanet' Vulnerability

A privilege escalation flaw in Microsoft's malware protection engine could allow attackers with limited rights to escalate to system level and compromise the security infrastructure itself.

High CVSS 7.8 EPSS 3%
NEW C3
70

Microsoft fixes RoguePlanet zero-day in Defender

A critical elevation of privilege vulnerability in Microsoft Defender allows attackers to escalate from standard user account to full system control (NT AUTHORITY\SYSTEM).

Critical
NEW A2
58

CVE-2026-54800

Critical vulnerability in Siemens ICS components with default-disabled OPC UA security mechanisms allows unauthorized access to production systems without requiring prior attacker reconnaissance.

Medium CVSS 4.8 EPSS 0%
NEW A3
20

[UPDATE] Microsoft Edge: Multiple Vulnerabilities

The BSI advisory provides no specific CVE identifiers and describes a general vulnerability pattern in Microsoft Edge without exploitation status or PoC details; likely an aggregated patch advisory.

High
NEW A3
20

Google Chrome: Multiple Vulnerabilities

The BSI alert signals multiple critical Chrome vulnerabilities without specific CVE enumeration, indicating an aggregated security advisory requiring timely patched versions.

High
NEW C3
17

Microsoft Reins in RoguePlanet Zero-Day Threat

A security researcher (Nightmare-Eclipse) is deliberately publishing multiple Microsoft zero-days with PoC exploits; RoguePlanet enables privilege escalation from user to SYSTEM level on Windows devices.

High

Newly KEV-listed

0

No changes in this category.

Score moved

0

No changes in this category.

No longer in report

28
APT29 (Cloaked Ursa, Cozy Bear, Midnight Blizzard), UNC6692 B3
85

When "Hi, This Is IT" Comes Through Microsoft Teams

State-sponsored threat actors (APT29/Cloaked Ursa, UNC6692) are actively using compromised Microsoft Teams accounts to impersonate IT support and harvest credentials with documented success against targeted organizations.

Critical
A3
0

Google Chrome: Multiple Vulnerabilities

The BSI warns of multiple undisclosed vulnerabilities in Google Chrome; details are not yet published, complicating timely patch monitoring.

Medium
ESC