Skip to content
Auto-CTI

What has changed?

Comparing 14 July 2026 with the previous day 13 July 2026.

Newly added

24
NEW A2
84

CVE-2026-58233

The vulnerability requires authentication and manual processing of a malicious archive file, which limits attack surface in typical production environments but is relevant for SAP administrators and change-management workflows.

Critical CVSS 7.6 EPSS 0%
NEW A2
67

CVE-2026-44769

The vulnerability requires already-high privileges for exploitation and is limited to confidentiality impact, indicating relatively constrained risk in typical deployment scenarios.

High CVSS 5.5 EPSS 0%
NEW A2
52

CVE-2026-44771

The vulnerability allows restricted authenticated users to access information from other entities and escalate privileges without authorization checks being performed.

Medium CVSS 4.3 EPSS 0%
NEW A3
51

[UPDATE] Microsoft Windows: Multiple Vulnerabilities

BSI warning of multiple critical Windows vulnerabilities with potential for privilege escalation and code execution , the exact CVE portfolio and patch date must be obtained from the official BSI WID entry.

Critical
A3
20

[UPDATE] 7-Zip: Multiple Vulnerabilities

The BSI warning describes multiple 7-Zip vulnerabilities without specific CVE numbers or CVSS scores; further details on exploitability and affected versions are required.

High
NEW A3
20

SAP Patch Day July 2026

The Patch Day aggregates multiple vulnerabilities (RCE, DoS, information disclosure, SQL injection, XSS) with varying impacts and requires prioritized patch management.

High

Newly KEV-listed

0

No changes in this category.

Score moved

0

No changes in this category.

No longer in report

18
NEW Turla C3
90

Severe cyber attacks and sabotage: EU sanctions Russia

EU sanctions confirm an ongoing, coordinated Russian cyber-attack ecosystem comprising intelligence services, cybercriminals, and hacktivists with documented access to European defense ministries and industrial enterprises.

Critical
NEW Russia (state-sponsored) C3
85

US and allies warn of Russian critical infrastructure attacks

Coordinated warning from Western allies of Russian critical infrastructure attacks signals escalated cyber-warfare activity with potential implications for European industrial operations and supply chains.

Critical
NEW Russia (state-sponsored) C3
80

Weak Security Continues to Fuel Russian Cyberattacks

First joint UK-EU sanctions against Russian cyber actors signal escalation of coordinated Western response to state-sponsored Russian cyber and disinformation campaigns, with direct implications for European critical infrastructure.

Critical
NEW A3
20

[UPDATE] Google Chrome: Multiple Vulnerabilities

BSI warns of multiple vulnerabilities in Chrome enabling active exploitation; as Chrome is widely deployed, timely patching to the released fix version should be prioritized.

High
NEW C3
20

Forg365 PhaaS Targets Microsoft 365 with Device Code and AitM Session Theft

Forg365 demonstrates the industrialization of phishing-as-a-service with AI-assisted lure generation, SMTP rotation via Amazon SES/Twilio SendGrid, and post-compromise mailbox operations for under €400 per month, enabling even low-skill threat actors to orchestrate scaled campaigns against Microsoft 365.

High
NEW A3
20

Microsoft Edge: Multiple Vulnerabilities

BSI warns of multiple unspecified vulnerabilities in Microsoft Edge enabling code execution and privilege escalation; exploitation requires user interaction.

High
B3
0

What's new in Microsoft Security: June 2026

Microsoft introduces AI-powered security tools (MDASH for vulnerability scanning, extended threat detection for databases, Entra Backup) relevant to organizations with hybrid-cloud and multi-cloud infrastructure.

Low
ESC