DMZ//THREAT INTEL
FEED ACTIVELAST SYNC: 06:13:27ZSOURCES: 14CRITICAL: 30
⚠ ACTIVE ALERTS
@FalconFeedsio CRITICAL — 🚨 Ransomware Alert: The Gentlemen RaaS group continues active DLS postings. Now at 478… /// @DarkWebInformer CRITICAL — 🚨 ServiceNow discloses June 5 security update tied to anomalous activity — KB3067321.… /// @MsftSecIntel CRITICAL — MSTIC analysis of The Gentlemen ransomware (tracked internally): self-propagating… /// @GossiTheDog CRITICAL — ServiceNow KB3067321 situation is worse than the vendor comms suggest. Advisory was gated… /// @AlvieriD CRITICAL — The '340M OnlyFans' listing on the leak forum is a compiled corpus — seller confirmed to…
30Critical Threats
15Active CVEs
1IOCs Tracked
14New Advisories
INTEL FEED/ARCHIVE/ADVISORY
DMZ INTEL DESK//FILED: 2026-06-12//05:08Z
HIGH#advisory

CISA BOD 26-04 Mandates 72-Hour Patch Deadline for Highest-Risk KEV Vulnerabilities — Supersedes BOD 22-01, Cites AI-Accelerated Exploitation

CISA issued Binding Operational Directive 26-04 on June 10, replacing BOD 19-02 and BOD 22-01 with a risk-matrix framework that scores vulnerabilities across four criteria: internet exposure, KEV status, exploit automatability, and technical impact. Vulnerabilities meeting all four criteria — internet-exposed, KEV-listed, fully automatable, and granting total system control — must be remediated within 72 hours and require mandatory forensic triage to assess prior compromise before patching. CISA explicitly cited AI-assisted exploit automation as a key driver, noting that only 26% of KEV-listed vulnerabilities were fully remediated in 2025 (down from 38% the prior year), with median time to resolution rising to 43 days.

CISA explicitly cited AI-assisted exploit automation as a key driver, noting that only 26% of KEV-listed vulnerabilities were fully remediated in 2025 (down from 38% the prior year), with median time to resolution rising to 43 days.

This intelligence brief has been compiled from open-source reporting and corroborated across multiple threat intelligence sources. Defenders should treat the high severity rating as a guide to prioritization within their environment.

For the latest indicators of compromise, formatted SIEM queries, and unredacted actor intelligence related to this brief, DMZ Operator subscribers receive automated IOC packages via email the moment new advisories are published.

FILED UNDER:
cisa · bod-26-04 · patch-management · kev · federal-agencies · ai-exploitation · vulnerability-management · 72-hour-deadline
STAY AHEAD OF THREATS
Daily intel briefs and IOC packages — delivered to your inbox the moment a new advisory drops.
SUBSCRIBE — $29/MO →
SHARE BRIEF:✕ Post on Xin Share on LinkedIn

MORE FROM ARCHIVE

# ADVISORY
2026-06-13
INTERPOL Operation Ramz Dismantles Decade-Long SniperDz PhaaS Platform; Developer 'Guedz' Arrested in Algeria After 9-Year Run
# ADVISORY
2026-06-11
ServiceNow Unauthenticated REST API Endpoint Exploited Across Enterprise Customer Tenants — Silent Patch Applied June 5, Weeks After Internal Knowledge