NCSC-CH Week 25 M365 voicemail phishing wave (CH)
campaign · campaign:ncsc-ch-m365-voicemail-phishing-week25
Coverage timeline
1
first 2026-06-25 → last 2026-06-25
Briefs
1
1 distinct
Sources cited
140
66 hosts
Sections touched
1
active_threats
Co-occurring entities
0
no co-occurrence
Story timeline
- 2026-06-25CTI Daily Brief — 2026-06-25
Where this entity is cited
- active_threats1
Source distribution
- security-hub.ncsc.admin.ch27 (19%)
- bleepingcomputer.com8 (6%)
- helpnetsecurity.com7 (5%)
- ncsc.admin.ch5 (4%)
- securityweek.com5 (4%)
- thehackernews.com5 (4%)
- attack.mitre.org4 (3%)
- cisa.gov3 (2%)
- other76 (54%)
All cited sources (140)
- ncsc.admin.chprimaryinlineNCSC-CH pre-event advisoryhttps://www.ncsc.admin.ch/ncsc/en/home/aktuell/im-fokus/2026/massnahmen-grossanlaesse-konferenzen-g7.html
- ncsc.admin.chprimaryinlineNCSC-CHhttps://www.ncsc.admin.ch/ncsc/en/home/aktuell/im-fokus/2026/wochenrueckblick_22.html
- ncsc.admin.chprimaryinlineNCSC-CHhttps://www.ncsc.admin.ch/ncsc/en/home/aktuell/im-fokus/2026/wochenrueckblick_23.html
- ncsc.admin.chprimaryinlineNCSC-CH, 2026-06-16https://www.ncsc.admin.ch/ncsc/en/home/aktuell/im-fokus/2026/wochenrueckblick_24.html
- ncsc.admin.chprimaryinlineNCSC-CH, 2026-06-23https://www.ncsc.admin.ch/ncsc/en/home/aktuell/im-fokus/2026/wochenrueckblick_25.html
- access.redhat.cominlineRed Hat RHSB-2026-003https://access.redhat.com/security/vulnerabilities/RHSB-2026-003
- advisories.ncsc.nlinlineNCSC-NL NCSC-2026-0159, 2026-05-15https://advisories.ncsc.nl/advisory?id=NCSC-2026-0159
- arcticwolf.cominlineArctic Wolf, 2026-06-11https://arcticwolf.com/resources/blog/arctic-wolf-observes-increase-in-palo-alto-networks-globalprotect-authentication-bypass-exploitation-via-cve-2026-0257/
- attack.mitre.orginlineT1059https://attack.mitre.org/techniques/T1059/
- attack.mitre.orginlineT1068 Exploitation for Privilege Escalationhttps://attack.mitre.org/techniques/T1068/
- attack.mitre.orginlineT1542.001https://attack.mitre.org/techniques/T1542/001/
- attack.mitre.orginlineT1548.001 Setuid and Setgid Abusehttps://attack.mitre.org/techniques/T1548/001/
- bleepingcomputer.cominlineBleepingComputer, 2026-06-09https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-rogueplanet-zero-day-grants-system-privileges/
- bleepingcomputer.cominlineBleepingComputerhttps://www.bleepingcomputer.com/news/security/check-point-links-vpn-zero-day-attacks-to-qilin-ransomware-gang/
- bleepingcomputer.cominlineBleepingComputerhttps://www.bleepingcomputer.com/news/security/drupal-critical-sql-injection-flaw-now-targeted-in-attacks/
- bleepingcomputer.cominlineBleepingComputer, 2026-05-13https://www.bleepingcomputer.com/news/security/fortinet-warns-of-critical-rce-flaws-in-fortisandbox-and-fortiauthenticator/
- bleepingcomputer.cominlineBleepingComputer, 2026-05-07https://www.bleepingcomputer.com/news/security/ivanti-warns-of-new-epmm-flaw-exploited-in-zero-day-attacks/
- bleepingcomputer.cominlineBleepingComputer, 2026-06-09https://www.bleepingcomputer.com/news/security/sap-fixes-critical-flaws-in-netweaver-and-commerce-cloud/
- bleepingcomputer.cominlineBleepingComputer, 2026-06-09https://www.bleepingcomputer.com/news/security/servicenow-discloses-security-incident-exposing-customer-data/
- bleepingcomputer.cominlineBleepingComputer, 2026-05-13https://www.bleepingcomputer.com/news/security/windows-bitlocker-zero-day-gives-access-to-protected-drives-poc-released/
- blog.checkpoint.cominlineCheck Point, 2026-06-08https://blog.checkpoint.com/security/check-point-releases-important-hotfix-for-vulnerabilities-in-deprecated-ikev1-vpn-protocol/
- bsi.bund.deinlineBSI advisory 2026-05-07https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2026/2026-211476-1032.html
- ccb.belgium.beinlineCCB Belgium, 2026-05-08https://ccb.belgium.be/advisories/warning-dirty-frag-new-linux-local-privilege-escalation-vulnerability-was-disclosed
- ccb.belgium.beinlineCCB, 2026-06-09https://ccb.belgium.be/advisories/warning-sap-addresses-critical-vulnerabilities-affecting-multiple-sap-products-patch
- cert.europa.euinlineCERT-EU Advisory 2026-005, 2026-04-30https://cert.europa.eu/publications/security-advisories/2026-005/
- cert.ssi.gouv.frinlineCERTFR-2026-ACT-016 agentic-AI advisoryhttps://www.cert.ssi.gouv.fr/actualite/CERTFR-2026-ACT-016/
- cert.ssi.gouv.frinlineCERT-FR CERTFR-2026-AVI-0552, 2026-05-07https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0552/
- cisa.govinlineCISA ICS-CERT, 2026-06-16https://www.cisa.gov/news-events/ics-advisories/icsa-26-167-03
- cisa.govinlineCISA ICS-CERT ICSA-26-167-05https://www.cisa.gov/news-events/ics-advisories/icsa-26-167-05
- cisa.govinlineCISA ICS advisory ICSA-26-169-01, 2026-06-18https://www.cisa.gov/news-events/ics-advisories/icsa-26-169-01
- cloud.google.cominlineoriginal Adversarial Misuse of Generative AI reporthttps://cloud.google.com/blog/topics/threat-intelligence/adversarial-misuse-generative-ai
- cloud.google.cominlineGoogle Cloud Threat Intelligence — AI vulnerability exploitation initial access, 2026-05-11https://cloud.google.com/blog/topics/threat-intelligence/ai-vulnerability-exploitation-initial-access
- crowdstrike.cominlineCrowdStrike bloghttps://www.crowdstrike.com/en-us/blog/crowdstrike-2026-financial-services-threat-landscape-report/
- crowdstrike.cominlineCrowdStrike press releasehttps://www.crowdstrike.com/en-us/press-releases/crowdstrike-2026-financial-services-threat-landscape-report/
- csoonline.cominlineCSO Online, 2026-05-20https://www.csoonline.com/article/4175329/drupal-admins-rushing-to-patch-maximum-severity-sql-injection-vulnerability.html
- cyber.gouv.frinlineANSSIhttps://cyber.gouv.fr/en/publications/jointly-led-international-publications/declaration-of-the-g7-cybersecurity-working-group/
- cyberattaque.orginlineCyberattaque.org, 2026-06-16https://www.cyberattaque.org/g7-devian-plusieurs-sites-publics-de-haute-savoie-cibles-par-des-cyberattaques/
- depthfirst.cominlinedepthfirst "NGINX Rift" technical writeup, 2026-05-13https://depthfirst.com/research/nginx-rift-achieving-nginx-rce-via-an-18-year-old-vulnerability
- digital-strategy.ec.europa.euinlineEuropean Commission, 2026-06-17https://digital-strategy.ec.europa.eu/en/news/european-commission-welcomes-g7-cybersecurity-declaration-strengthen-global-digital-resilience
- docu.ilias.deinlineILIAS Security Blog, 2026-05-27https://docu.ilias.de/go/blog/15821
- downloads.seppmail.cominlineSEPPmail v15.0 release noteshttps://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#security
- drupal.orginlineDrupal PSA, 2026-05-18https://www.drupal.org/psa-2026-05-18
- drupal.orginlineDrupal Security Team, 2026-05-22https://www.drupal.org/sa-core-2026-004
- drupal.orginlineDrupal Steward WAFhttps://www.drupal.org/steward
- dutchnews.nlinlineDutchNews.nlhttps://www.dutchnews.nl/2026/06/mass-data-breach-on-over-100-dutch-hotels-hits-guests/
- enisa.europa.euinlineENISAhttps://www.enisa.europa.eu/news/cyber-europe-2026-all-eyes-on-the-eus-collective-response-and-resilience
- fortiguard.fortinet.cominlineFortinet PSIRT FG-IR-26-128, 2026-05-12https://fortiguard.fortinet.com/psirt/FG-IR-26-128
- fortiguard.fortinet.cominlineFortinet PSIRT FG-IR-26-136, 2026-05-12https://fortiguard.fortinet.com/psirt/FG-IR-26-136
- gbhackers.cominlineGBHackers, 2026-06-09https://gbhackers.com/ghost-sender-flaw-exposes-exchange-online-users/
- github.cominlineResearcher write-up (V4bel), 2026-05-07https://github.com/V4bel/dirtyfrag/blob/master/assets/write-up.md
- github.cominlineGitHub GHSA-gcgv-v5gf-c543https://github.com/advisories/GHSA-gcgv-v5gf-c543
- heise.deinlineHeise Security, 2026-06-19https://www.heise.de/en/news/PTC-Windchill-BSI-calls-admins-at-night-due-to-critical-security-vulnerability-11338329.html
- heise.deinlineHeise, 2026-05-27https://www.heise.de/news/Roundcube-Webmail-Instanzen-mit-Schadcode-attackierbar-11307545.html
- helpnetsecurity.cominlineHelp Net Security — European Commission Ivanti EPMM vulnerabilities, 2026-02-09https://www.helpnetsecurity.com/2026/02/09/european-commission-ivanti-epmm-vulnerabilities/
- helpnetsecurity.cominlineHelp Net Security, 2026-05-08https://www.helpnetsecurity.com/2026/05/08/dirty-frag-linux-vulnerability-cve-2026-43284-cve-2026-43500/
- helpnetsecurity.cominlineHelp Net Security, 2026-05-08https://www.helpnetsecurity.com/2026/05/08/ivanti-epmm-zero-day-cve-2026-6973/
- helpnetsecurity.cominlineHelp Net Security, 2026-05-14https://www.helpnetsecurity.com/2026/05/14/sophos-2026-identity-breach-costs-report/
- helpnetsecurity.cominlineHelp Net Security, 2026-05-26https://www.helpnetsecurity.com/2026/05/26/sharepoint-vulnerability-cve-2026-45659/
- helpnetsecurity.cominlineHelp Net Securityhttps://www.helpnetsecurity.com/2026/06/05/cisco-sd-wan-cve-2026-20245-0-day-exploited/
- helpnetsecurity.cominlineHelp Net Security, 2026-06-08https://www.helpnetsecurity.com/2026/06/08/check-point-cve-2026-50751-qilin-ransomware/
- imperva.cominlineImperva, 2026-05-21https://www.imperva.com/blog/imperva-customers-protected-against-cve-2026-9082-in-drupal-core/
- ivanti.cominlineIvanti — May 2026 EPMM Security Updatehttps://www.ivanti.com/blog/may-2026-epmm-security-update
- labs.infoguard.chinlineInfoGuard, 2026-06-09https://labs.infoguard.ch/posts/ghost-sender/
- labs.watchtowr.cominlinewatchTowr Labs — CVE-2026-41940https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/
- mariadb.cominlineMariaDB CVE listhttps://mariadb.com/docs/server/security/cve/community-server
- mariadb.orginlineMariaDB Foundation, 2026-06-02https://mariadb.org/mariadb-community-server-corrective-releases/
- microsoft.cominlineMicrosoft Security Blog, 2026-05-08https://www.microsoft.com/en-us/security/blog/2026/05/08/active-attack-dirty-frag-linux-vulnerability-expands-post-compromise-risk/
- msrc.microsoft.cominlineMicrosoft MSRC, 2026-05-14https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42897
- msrc.microsoft.cominlineMicrosoft MSRChttps://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45659
- my.f5.cominlineF5 PSIRT advisory K000161019https://my.f5.com/manage/s/article/K000161019
- ncsc.gov.ukinlineNCSC-UK blog, 2026-05-11https://www.ncsc.gov.uk/blogs/10-questions-ask-using-ai-models-find-vulnerabilities
- noscope.cominlineNoScope, 2026-05-25https://www.noscope.com/blog/gitea-instances-exposing-private-container
- onapsis.cominlineOnapsis, 2026-06-09https://onapsis.com/blog/sap-security-patch-day-june-2026
- onapsis.cominlineOnapsis, 2026-05-12https://onapsis.com/blog/sap-security-patch-day-may-2026/
- oracle.cominlineOracle Security Alert CVE-2026-35273https://www.oracle.com/security-alerts/alert-cve-2026-35273.html
- panelica.cominlinePanelica, 2026-05-08https://panelica.com/blog/cpanel-cve-2026-29201-29202-29203-may-2026-tsr-advisory
- ptc.cominlinePTC PSIRThttps://www.ptc.com/en/about/trust-center/advisory-center/active-advisories/windchill-flexplm-rce-vulnerability
- rapid7.cominlineRapid7https://www.rapid7.com/blog/post/etr-critical-check-point-vpn-zero-day-exploited-in-the-wild-cve-2026-50751/
- roundcube.netinlineRoundcube Project, 2026-05-24https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1
- sec.cloudapps.cisco.cominlineCisco PSIRT, 2026-05-20https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csw-pnbsa-g8WEnuy
- sec.cloudapps.cisco.cominlineCisco PSIRThttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-4uxFrdzx
- seclists.orginlineCalif/oss-securityhttps://seclists.org/oss-sec/2026/q2/790
- security-hub.ncsc.admin.chinlineNCSC-CH Security Hub #12558, 2026-05-12https://security-hub.ncsc.admin.ch/#/posts/12558
- security-hub.ncsc.admin.chinlineNCSC-CH Security Hub #12565, 2026-05-12https://security-hub.ncsc.admin.ch/#/posts/12565
- security-hub.ncsc.admin.chinlineNCSC-CH Security Hub #12569, 2026-05-13https://security-hub.ncsc.admin.ch/#/posts/12569
- security-hub.ncsc.admin.chinlineNCSC-CH Security Hub #12574, 2026-05-14https://security-hub.ncsc.admin.ch/#/posts/12574
- security-hub.ncsc.admin.chinlineNCSC-CH Security Hub post #12575https://security-hub.ncsc.admin.ch/#/posts/12575
- security-hub.ncsc.admin.chinlineNCSC-CH Security Hub #12577, 2026-05-15https://security-hub.ncsc.admin.ch/#/posts/12577
- security-hub.ncsc.admin.chinlineNCSC-CH 12579https://security-hub.ncsc.admin.ch/#/posts/12579
- security-hub.ncsc.admin.chinlineNCSC-CH, 2026-05-22https://security-hub.ncsc.admin.ch/#/posts/12584
- security-hub.ncsc.admin.chinlineNCSC-CH Security Hub, 2026-05-21https://security-hub.ncsc.admin.ch/#/posts/12588
- security-hub.ncsc.admin.chinlineNCSC-CH post 12594https://security-hub.ncsc.admin.ch/#/posts/12594
- security-hub.ncsc.admin.chinlineNCSC-CH, 2026-05-27https://security-hub.ncsc.admin.ch/#/posts/12596
- security-hub.ncsc.admin.chinlineNCSC-CH, 2026-05-27https://security-hub.ncsc.admin.ch/#/posts/12599
- security-hub.ncsc.admin.chinlineNCSC-CH Security Hubhttps://security-hub.ncsc.admin.ch/#/posts/12605
- security-hub.ncsc.admin.chinlineNCSC-CH advisory 12610https://security-hub.ncsc.admin.ch/#/posts/12610
- security-hub.ncsc.admin.chinlineNCSC-CH Security Hubhttps://security-hub.ncsc.admin.ch/#/posts/12615
- security-hub.ncsc.admin.chinlineNCSC-CH, 2026-06-09https://security-hub.ncsc.admin.ch/#/posts/12619
- security-hub.ncsc.admin.chinlineNCSC-CH, 2026-06-09https://security-hub.ncsc.admin.ch/#/posts/12620
- security-hub.ncsc.admin.chinlineNCSC-CH GovCERThttps://security-hub.ncsc.admin.ch/#/posts/12621
- security-hub.ncsc.admin.chinlineNCSC-CH CSH, 2026-06-11https://security-hub.ncsc.admin.ch/#/posts/12622
- security-hub.ncsc.admin.chinlineNCSC-CH Security Hubhttps://security-hub.ncsc.admin.ch/#/posts/12627
- security-hub.ncsc.admin.chinlineNCSC-CH Security Hubhttps://security-hub.ncsc.admin.ch/#/posts/12639
- security-hub.ncsc.admin.chinlineNCSC-CH Security Hub, 2026-06-19https://security-hub.ncsc.admin.ch/#/posts/12713
- security-hub.ncsc.admin.chinlineNCSC-CH, 2026-06-19https://security-hub.ncsc.admin.ch/#/posts/12720
- security-hub.ncsc.admin.chinlineNCSC-CH 12547https://security-hub.ncsc.admin.ch/api/posts/12547/details
- security-hub.ncsc.admin.chinlineNCSC-CH 12548, 2026-05-08https://security-hub.ncsc.admin.ch/api/posts/12548/details
- security-hub.ncsc.admin.chinlineNCSC-CH 12550, 2026-05-08https://security-hub.ncsc.admin.ch/api/posts/12550/details
- security-hub.ncsc.admin.chinlineNCSC-CH 12551https://security-hub.ncsc.admin.ch/api/posts/12551/details
- security.paloaltonetworks.cominlinePalo Alto Networks PSIRThttps://security.paloaltonetworks.com/CVE-2026-0257
- securityaffairs.cominlineSecurity Affairs, 2026-05-14https://securityaffairs.com/192132/hacking/nginx-rift-an-18-year-old-flaw-in-the-worlds-most-deployed-web-server-just-came-to-light.html
- securityonline.infoinlineSecurityOnlinehttps://securityonline.info/mariadb-security-flaw-cvss-10/
- securityweek.cominlineSecurityWeek, 2026-05-19https://www.securityweek.com/drupal-to-patch-highly-critical-vulnerability-at-risk-of-quick-exploitation/
- securityweek.cominlineSecurityWeek, 2026-06-11https://www.securityweek.com/greatxml-zero-day-exploit-bypasses-bitlocker/
- securityweek.cominlineSecurityWeekhttps://www.securityweek.com/http-2-bomb-exploit-knocks-web-servers-offline-in-seconds/
- securityweek.cominlineSecurityWeek, 2026-06-10https://www.securityweek.com/new-windows-zero-day-exploit-rogueplanet-released/
- securityweek.cominlineSecurityWeek, 2026-05-12https://www.securityweek.com/sap-patches-critical-s-4hana-commerce-vulnerabilities/
- slcyber.ioinlineSearchlight Cyber write-uphttps://slcyber.io/research-center/keys-to-the-kingdom-anonymous-sql-injection-in-drupal-core-cve-2026-9082/
- stepsecurity.ioinlineStepSecurity analysis, 2026-05-11https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem
- support.sap.cominlineSAP, 2026-06-09https://support.sap.com/en/my-support/knowledge-base/security-notes-news/june-2026.html
- tanstack.cominlineTanStack post-mortem, 2026-05-12https://tanstack.com/blog/npm-supply-chain-compromise-postmortem
- techcommunity.microsoft.cominlineMicrosoft Exchange Team, 2026-05-14https://techcommunity.microsoft.com/blog/exchange/addressing-exchange-server-may-2026-vulnerability-cve-2026-42897/4518498
- techcrunch.cominlineTechCrunch, 2026-06-10https://techcrunch.com/2026/06/10/servicenow-tells-customers-a-bug-left-some-of-their-data-exposed-to-the-internet/
- thehackernews.cominlineThe Hacker News, 2026-05-09https://thehackernews.com/2026/05/cpanel-whm-patch-3-new-vulnerabilities.html
- thehackernews.cominlineThe Hacker News, 2026-05-27https://thehackernews.com/2026/05/gitea-vulnerability-exposes-private.html
- thehackernews.cominlineVulnCheck honeypot telemetry confirmed active exploitation of CVE-2026-42945 on 2026-05-17https://thehackernews.com/2026/05/nginx-cve-2026-42945-exploited-in-wild.html
- thehackernews.cominlineThe Hacker News, 2026-05-15https://thehackernews.com/2026/05/on-prem-microsoft-exchange-server-cve.html
- thehackernews.cominlineThe Hacker News, 2026-06-10https://thehackernews.com/2026/06/servicenow-flaw-exploited-to-gain.html
- theregister.cominlineThe Register, 2026-05-13https://www.theregister.com/security/2026/05/13/disgruntled-researcher-releases-two-more-microsoft-zero-days/5239758
- theregister.cominlineThe Register, 2026-05-21https://www.theregister.com/security/2026/05/21/cisco-serves-up-yet-another-perfect-10-bug-with-secure-workload-admin-flaw/5244012
- theregister.cominlineThe Register, 2026-06-11https://www.theregister.com/security/2026/06/11/nightmare-eclipse-drops-claimed-bitlocker-bypass-for-microsoft-windows/5254371
- ubuntu.cominlineUbuntu — Dirty Frag fixes-availablehttps://ubuntu.com/blog/dirty-frag-linux-vulnerability-fixes-available
- unit42.paloaltonetworks.cominlineUnit 42https://unit42.paloaltonetworks.com/active-exploitation-of-pan-os-cve-2026-0257/
- unit42.paloaltonetworks.cominlineUnit 42 — Copy Failhttps://unit42.paloaltonetworks.com/cve-2026-31431-copy-fail/
- vulnerability.circl.luinlineCIRCL vulnerability.circl.luhttps://vulnerability.circl.lu/vuln/cve-2026-44128
- wid.cert-bund.deinlineBSI WID-SEC-2026-1232https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1232
- wid.cert-bund.deinlineBSI WID-SEC-2026-1536, 2026-05-14https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1536
- wid.cert-bund.deinlineBSI CERT-Bund WID-SEC-2026-1689, 2026-05-27https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1689
- wiz.ioinlineWiz Research, 2026-05-08https://www.wiz.io/blog/dirty-frag-linux-kernel-local-privilege-escalation-via-esp-and-rxrpc
- wiz.ioinlineWiz, 2026-05-12https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
Items in briefs about NCSC-CH Week 25 M365 voicemail phishing wave (CH)
No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.