Skip to content
Threat Intelligence

The Threat Landscape

Real-time cybersecurity data from 17 intelligence sources. CVE trends, ransomware tracking, malware analysis, botnet infrastructure, and global exposure data.

Intelligence refreshed just now
CISA KEV: CVE-2026-20253 added (Splunk) Ransomware: New victim claimed by chaos URLhaus: 6,464 malware URLs currently online Feodo: 5 active botnet C2 servers tracked Tor Network: 1,240 exit nodes active NVD: 20,010 CVEs published in 2026 CISA: 1,623 known exploited vulnerabilities cataloged HIBP: 1,011 breaches tracked, 17.7B accounts compromised CIRCL: CVE-2025-61726 published — Red Hat Security Advisory: Multicluster Global Hub 1.5.4 sec APT Intel: 503 threat groups tracked across 233 target countries CISA KEV: CVE-2026-20253 added (Splunk) Ransomware: New victim claimed by chaos URLhaus: 6,464 malware URLs currently online Feodo: 5 active botnet C2 servers tracked Tor Network: 1,240 exit nodes active NVD: 20,010 CVEs published in 2026 CISA: 1,623 known exploited vulnerabilities cataloged HIBP: 1,011 breaches tracked, 17.7B accounts compromised CIRCL: CVE-2025-61726 published — Red Hat Security Advisory: Multicluster Global Hub 1.5.4 sec APT Intel: 503 threat groups tracked across 233 target countries
CVEs (2026)
0
Source: NIST NVD
CISA KEV Total
0
Source: CISA
Ransomware Groups
0
Source: ransomware.live
Data Breaches
0
Source: Have I Been Pwned
Advisories

Latest CISA Security Advisories

Recent cybersecurity advisories from the U.S. Cybersecurity and Infrastructure Security Agency.

Jun 18

CISA Urges Hardening Fortinet Devices After Reports of Credential Exposure
Jun 18

CISA Adds One Known Exploited Vulnerability to Catalog
Jun 16

CISA Adds One Known Exploited Vulnerability to Catalog
Jun 15

CISA Adds Two Known Exploited Vulnerabilities to Catalog
Jun 12

CISA Adds One Known Exploited Vulnerability to Catalog
Jun 11

CISA Adds One Known Exploited Vulnerability to Catalog
Jun 9

CISA Adds Three Known Exploited Vulnerabilities to Catalog
Jun 8

CISA Adds Two Known Exploited Vulnerabilities to Catalog

Source: CISA Cybersecurity Advisories

CISA KEV

Known Exploited Vulnerabilities

Vulnerabilities confirmed to be actively exploited in the wild, tracked by the U.S. Cybersecurity and Infrastructure Security Agency.

KEV Additions by Year

2026
139
2025
245
2024
186
2023
187
2022
555
2021
311

Source: CISA KEV Catalog

Most Affected Vendors (KEV)

1. Microsoft
377 CVEs
2. Apple
93 CVEs
3. Cisco
92 CVEs
4. Adobe
79 CVEs
5. Google
72 CVEs

Source: CISA KEV

Recently Added

CVE-2026-20253 Splunk — Enterprise
2026-06-18
CVE-2026-48907 Widget Factory — Joomla Content Editor
2026-06-16
CVE-2026-54420 LiteSpeed — cPanel Plugin
2026-06-15
CVE-2026-20262 Cisco — Catalyst SD-WAN Manager
2026-06-15
CVE-2026-35273 Oracle — PeopleSoft Enterprise PeopleTools
2026-06-12
CVE-2026-10520 Ivanti — Sentry
2026-06-11
CVE-2026-11645 Google — Chromium V8
2026-06-09
CVE-2026-7473 Arista — Extensible Operating System
2026-06-09
CVE-2026-20245 Cisco — Catalyst SD-WAN Manager
2026-06-09
CVE-2026-42271 BerriAI — LiteLLM
2026-06-08
Ransomware

Active Threat Groups

Tracking 350 ransomware groups and their recent activity.

Recent Ransomware Activity

chaos 2026-06-23T05:20:58.867277+00:00

randa.net

View group profile →
aurora 2026-06-23T06:21:35.978085+00:00

Corporación Primax S.A.

View group profile →
incransom 2026-06-22T23:32:10.070996+00:00

belpointeasset.com \ belpointe.com

View group profile →
safepay 2026-06-22T21:34:49.725878+00:00

ehg.bayern

View group profile →
qilin 2026-06-22T21:34:04.767008+00:00

Schumacher Homes

View group profile →
Icarus 2026-06-22T21:21:56.304797+00:00

Huntress

View group profile →
Icarus 2026-06-22T21:21:35.847205+00:00

HDS (Hdscorp)

View group profile →
Icarus 2026-06-22T21:21:16.000368+00:00

Gms-net

View group profile →
Icarus 2026-06-22T21:20:55.241001+00:00

Cqcrm

View group profile →
Icarus 2026-06-22T21:20:34.415723+00:00

Cbassociations

View group profile →
cmdorganization 2026-06-22T20:50:15.598300+00:00

EON Meditech Pvt

View group profile →
chaos 2026-06-22T20:21:48.555322+00:00

graymont.com

View group profile →
BrainCipher 2026-06-22T19:50:47.320389+00:00

eggetttax.ca

View group profile →
BrainCipher 2026-06-22T19:20:25.356137+00:00

sterlinggloballtd.com

View group profile →
qilin 2026-06-22T13:35:53.890994+00:00

Central Bank of Libya

View group profile →

Source: ransomware.live

Internet Exposure

What's exposed right now

Real-time data from Shodan on internet-facing services and attack surface exposure worldwide.

SSH Exposed
0
Port 22
RDP Exposed
0
Port 3389
MongoDB Exposed
0
Port 27017
ICS/SCADA
0
Industrial systems

Global SSH Exposure Rankings

1 United States
4,825,122
2 Germany
1,807,458
3 China
1,531,924
4 United Kingdom
663,602
5 Netherlands
575,028
6 Singapore
564,180
7 France
558,509
8 Hong Kong
520,167
9 Japan
476,381
10 FI
296,883

Source: Shodan

Internet Scanning Intelligence

5/5 SEEN SCANNING Cross-referenced with AbuseIPDB
43.164.194.198
MALICIOUS
78.89.154.59
MALICIOUS
85.217.140.41
BENIGN
199.45.154.181
BENIGN
45.144.212.172
SUSPICIOUS

5 of 5 blacklisted IPs are also observed performing internet-wide scanning by GreyNoise.

Source: GreyNoise

EPSS

Exploit Prediction Scores

CVEs with the highest probability of exploitation in the next 30 days, scored by FIRST.org's Exploit Prediction Scoring System.

1 CVE-2024-3400 CRITICAL
100.0%
2 CVE-2024-23897 CRITICAL
100.0%
3 CVE-2024-21893 CRITICAL
100.0%
4 CVE-2024-21887 CRITICAL
100.0%
5 CVE-2023-4966 CRITICAL
100.0%
6 CVE-2023-44487 CRITICAL
100.0%
7 CVE-2023-35082 CRITICAL
100.0%
8 CVE-2023-35078 CRITICAL
100.0%
9 CVE-2023-27350 CRITICAL
100.0%
10 CVE-2023-22518 CRITICAL
100.0%

Source: FIRST.org EPSS

APT Threat Explorer

503
Threat Groups

Top Threat Origins

China 177
[Unknown] 137
Russia 52
Iran 44
North Korea 14
USA 8
Pakistan 7

Showing all 503 threat groups

[Unnamed group USA]
USA

Information theft and espionage

A subgroup of the {{CIA}}. (ClearSky) Over the last few weeks, several significant leaks regarding a number of Iranian APTs took place. After analyzing and investigating the documents we conclude that they are authentic. Consequently, this causes considerable harm to the groups and their operation.

Active since 2019

View details →
[Unnamed groups: China]
China

Information theft and espionage

DefenseGovernment

These are reported APT activities attributed to a country, but not to an individual threat group.

Active since 2018

View details →
[Unnamed groups: Iran]
Iran

Information theft and espionage

AviationGovernmentIndustrial +2

These are reported APT activities attributed to a country, but not to an individual threat group.

Active since 2019

View details →
[Unnamed groups: North Korea]
North Korea

Information theft and espionage

These are reported APT activities attributed to a country, but not to an individual threat group.

Active since 2019

View details →
[Unnamed groups: Russia]
Russia

Information theft and espionage

Financial

These are reported APT activities attributed to a country, but not to an individual threat group.

Active since 2014

View details →
[Vault 7/8]
USA

Financial gain

An unnamed source leaked almost 10,000 documents describing a large number of 0-day vulnerabilities, methodologies and tools that had been collected by the {{CIA}}'s {{Subgroup: Longhorn, The Lamberts}}. This leaking was done through WikiLeaks, since March 2017. In weekly publications, the dumps wer

Active since 2017

View details →
8220 Gang
China

Financial gain

(Trend Micro) 8220 Gang (also known as “8220 Mining Group,” derived from their use of port 8220 for command and control or C&C communications exchange) has been active since 2017 and continues to scan for vulnerable applications in cloud and container environments. Researchers have documented this g

Active since 2017

View details →
Achilles
[Unknown]

Financial crime

DefenseGovernmentprivate sectors

This actor may be related to {{Iridium}}. (AdvIntel) “Achilles” is an English-speaking threat actor primarily operating on various English-language underground hacking forums as well as through secure messengers. Achilles specializes in obtaining accesses to high-value corporate internal networks.

Active since 2018

View details →
AeroBlade
[Unknown]

Information theft and espionage

Aerospace

(BlackBerry) BlackBerry has uncovered a previously unknown threat actor targeting an aerospace organization in the United States, with the apparent goal of conducting commercial and competitive cyber espionage. The BlackBerry Threat Research and Intelligence team is tracking this threat actor as Aer

Active since 2022

View details →
Aggah
[Unknown]

Information theft and espionage

AutomotiveEducationGovernment +6

(Palo Alto) In March 2019, Unit 42 began looking into an attack campaign that appeared to be primarily focused on organizations within a Middle Eastern country. Further analysis revealed that this activity is likely part of a much larger campaign impacting not only that region but also the United St

Active since 2018

View details →
Agrius
Iran

Information theft and espionage

(SentinelLabs) A new threat actor SentinelLabs track as Agrius was observed operating in Israel beginning in 2020. An analysis of what at first sight appeared to be a ransomware attack revealed new variants of wipers that were deployed in a set of destructive attacks against Israeli targets. The ope

Active since 2020

View details →
Allanite
[Unknown]

Information theft and espionage

Energy

(Dragos) Allanite accesses business and industrial control (ICS) networks, conducts reconnaissance, and gathers intelligence in United States and United Kingdom electric utility sectors. Dragos assesses with moderate confidence that Allanite operators continue to maintain ICS network access to: (1)

Active since 2017

View details →
ALPHV
[Unknown]

aka BlackCat Gang

Financial gain

(Palo Alto) BlackCat (aka ALPHV) is a ransomware family that surfaced in mid-November 2021 and quickly gained notoriety for its sophistication and innovation. Operating a ransomware-as-a-service (RaaS) business model, BlackCat was observed soliciting for affiliates in known cybercrime forums, offeri

Active since 2021

View details →
ALTDOS
Singapore

aka Desorden

Financial gain

(Group-IB) Group-IB, a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime, announced today that it has contributed to a joint operation of the Royal Thai Police and the Singapore Police Force which led to the arrest of an individual responsible for more th

Active since 2020

View details →
Anchor Panda
China

aka APT 14

Information theft and espionage

AerospaceDefenseEngineering +3

(CrowdStrike) Anchor Panda is an adversary that CrowdStrike has tracked extensively over the last year targeting both civilian and military maritime operations in the green/brown water regions primarily in the area of operations of the South Sea Fleet of the PLA Navy. In addition to maritime operati

Active since 2012

View details →
Andariel
North Korea

aka Silent Chollima

Information theft and espionage

A subgroup of {{Lazarus Group, Hidden Cobra, Labyrinth Chollima}}.

Active since 2009

View details →
Andromeda Spider
Belarus

Financial gain

(Virus Bulletin) Andromeda, also known as Gamaru and Wauchos, is a modular and HTTP-based botnet that was discovered in late 2011. From that point on, it managed to survive and continue hardening by evolving in different ways. In particular, the complexity of its loader and AV evasion methods increa

Active since 2011

View details →
Angry Likho
[Unknown]

Information theft and espionage

Government

(Kaspersky) Angry Likho (referred to as Sticky Werewolf by some vendors) is an APT group we’ve been monitoring since 2023. It bears a strong resemblance to {{Awaken Likho}}, which we’ve analyzed before, so we classified it within the Likho malicious activity cluster. However, Angry Likho’s attacks t

Active since 2023

View details →
Antlion
China

Information theft and espionage

FinancialManufacturing

(Symantec) Antlion is believed to have been involved in espionage activities since at least 2011, and this recent activity shows that it is still an actor to be aware of more than 10 years after it first appeared. The length of time that Antlion was able to spend on victim networks is notable, with

Active since 2011

View details →
Aoqin Dragon
China

Information theft and espionage

EducationGovernmentTelecommunications

(SentinelLabs) SentinelLabs has uncovered a cluster of activity beginning at least as far back as 2013 and continuing to the present day, primarily targeting organizations in Southeast Asia and Australia. We assess that the threat actor’s primary focus is espionage and relates to targets in Australi

Active since 2013

View details →
APT 12
China

aka Numbered Panda

Information theft and espionage

DefenseGovernmentHigh-Tech +3

(CrowdStrike) Numbered Panda has a long list of high-profile victims and is known by a number of names including: DYNCALC, IXESHE, JOY RAT, APT-12, etc. Numbered Panda has targeted a variety of victims including but not limited to media outlets, high-tech companies, and multiple governments. Number

Active since 2009

View details →
APT 16
China

aka SVCMONDR

Information theft and espionage

FinancialGovernmentHigh-Tech +1

(FireEye) Between November 26, 2015, and December 1, 2015, known and suspected China-based APT groups launched several spear-phishing attacks targeting Japanese and Taiwanese organizations in the high-tech, government services, media and financial services industries. Each campaign delivered a malic

Active since 2015

View details →
APT 17
China

aka Deputy Dog, Elderwood, Sneaky Panda

Information theft and espionage

DefenseEducationEnergy +8

(Symantec) In 2009, Google was attacked by a group using the Hydraq (Aurora) Trojan horse. Symantec has monitored this group’s activities for the last three years as they have consistently targeted a number of industries. Interesting highlights in their method of operations include: the use of seemi

Active since 2009

View details →
APT 18
China

aka Dynamite Panda, Wekby

Information theft and espionage

AerospaceConstructionDefense +7

Wekby was described by Palo Alto Networks in a 2016 report as: ‘Wekby is a group that has been active for a number of years, targeting various industries such as healthcare, telecommunications, aerospace, defense, and high tech. The group is known to leverage recently released exploits very shortly

Active since 2009

View details →
APT 19
China

aka Deep Panda, C0d0so0

Information theft and espionage

DefenseEducationEnergy +8

APT 19 is a Chinese-based threat group that has targeted a variety of industries, including defense, finance, energy, pharmaceutical, telecommunications, high tech, education, manufacturing, and legal services. In 2017, a phishing campaign was used to target seven law and investment firms. Some ana

Active since 2013

View details →
APT 20
China

aka Violin Panda

Information theft and espionage

AviationChemicalConstruction +11

(Palo Alto) We’ve uncovered some new data and likely attribution regarding a series of APT watering hole attacks this past summer. Watering hole attacks are an increasingly popular component of APT campaigns, as many people are more aware of spear phishing and are less likely to open documents or cl

Active since 2014

View details →
APT 29
Russia

aka Cozy Bear, The Dukes

Information theft and espionage

AerospaceDefenseEducation +13

(F-Secure) The Dukes are a well-resourced, highly dedicated and organized cyberespionage group that we believe has been working for the Russian Federation since at least 2008 to collect intelligence in support of foreign and security policy decision-making. The Dukes primarily target Western govern

Active since 2008

View details →
APT 3
China

aka Gothic Panda, Buckeye

Information theft and espionage

AerospaceConstructionDefense +5

(Recorded Future) APT3 (also known as UPS, Gothic Panda, and TG-0110) is a sophisticated threat group that has been active since at least 2010. APT3 utilizes a broad range of tools and techniques including spear-phishing attacks, zero-day exploits, and numerous unique and publicly available remote a

Active since 2007

View details →
APT 30
China

aka Override Panda

Information theft and espionage

DefenseGovernment

APT 30 is a threat group suspected to be associated with the Chinese government. While {{Naikon, Lotus Panda}} shares some characteristics with APT 30, the two groups do not appear to be exact matches. (FireEye) When our Singapore-based FireEye labs team examined malware aimed predominantly at enti

Active since 2005

View details →
APT 31
China

aka Judgment Panda, Zirconium

Information theft and espionage

FireEye characterizes APT31 as an actor specialized on intellectual property theft, focusing on data and projects that make a particular organization competetive in its field. Based on available data (April 2016), FireEye assesses that APT31 conducts network operations at the behest of the Chinese G

Active since 2016

View details →
APT 32
Vietnam

aka OceanLotus, SeaLotus

Information theft and espionage

DefenseFinancialGovernment +7

(FireEye) Since at least 2014, FireEye has observed APT32 targeting foreign corporations with a vested interest in Vietnam’s manufacturing, consumer products, and hospitality sectors. Furthermore, there are indications that APT32 actors are targeting peripheral network security and technology infras

Active since 2013

View details →
APT 33
Iran

aka Elfin, Magnallium

Information theft and espionage

AviationDefenseEducation +11

(FireEye) When discussing suspected Middle Eastern hacker groups with destructive capabilities, many automatically think of the suspected Iranian group that previously used SHAMOON – aka Disttrack – to target organizations in the Persian Gulf. However, over the past few years, we have been tracking

Active since 2013

View details →
APT 4
China

aka Maverick Panda, Wisp Team

Information theft and espionage

AerospaceAviationDefense +2

(Trend Micro) Sykipot has a history of primarily targeting US Defense Initial Base (DIB) and key industries such as telecommunications, computer hardware, government contractors, and aerospace. Open source review of 15 major Sykipot attacks over the last 6 years confirm this. Recently, we encounter

Active since 2007

View details →
APT 41
China

Financial crime

ConstructionDefenseEducation +16

(FireEye) FireEye Threat Intelligence assesses with high confidence that APT41 is a prolific cyber threat group that carries out Chinese state-sponsored espionage activity in addition to financially motivated activity potentially outside of state control. Activity traces back to 2012 when individual

Active since 2012

View details →
APT 42
Iran

Information theft and espionage

EducationGovernmentHealthcare +5

(Mandiant) Mandiant assesses with high confidence that APT42 is an Iranian state-sponsored cyber espionage group tasked with conducting information collection and surveillance operations against individuals and organizations of strategic interest to the Iranian government. We further estimate with m

Active since 2015

View details →
APT 5
China

aka Keyhole Panda

Information theft and espionage

DefenseHigh-TechIndustrial +2

(FireEye) We have observed one APT group, which we call APT5, particularly focused on telecommunications and technology companies. More than half of the organizations we have observed being targeted or breached by APT5 operate in these sectors. Several times, APT5 has targeted organizations and pers

Active since 2007

View details →
APT 6
China

Information theft and espionage

Government

(Kaspersky) The FBI issued a rare bulletin admitting that a group named Advanced Persistent Threat 6 (APT6) hacked into US government computer systems as far back as 2011 and for years stole sensitive data. The FBI alert was issued in February and went largely unnoticed. Nearly a month later, secur

Active since 2011

View details →
APT-C-60
South Korea

Information theft and espionage

(ThreatBook) APT-C-60 is disclosed by domestic security vendors in 2021. It is reported that the earliest attack time can be traced back to 2018 and the attack targets human resources and trade-related institutions including China. Recent monitoring by ThreatBook Intelligence Research and Response T

Active since 2018

View details →
APT9
[Unknown]

Financial gain

Members of FIN9, including the defendants, obtained unauthorized access to the computer networks of victim companies through phishing campaigns or other methods, such as supply chain attacks – a type of cyberattack that seeks to damage an organization by targeting the computer networks of trusted th

Active since 2018

View details →
Aquatic Panda
China

Information theft and espionage

GovernmentTechnologyTelecommunications

(CrowdStrike) AQUATIC PANDA is a China-based targeted intrusion adversary with a dual mission of intelligence collection and industrial espionage. It has likely operated since at least May 2020. AQUATIC PANDA operations have primarily focused on entities in the telecommunications, technology and gov

Active since 2020

View details →
AtlasCross
[Unknown]

Information theft and espionage

(NSFOCUS) After an in-depth study of the attack process, NSFOCUS Security Labs found that this APT attacker is quite different from known attacker characteristics in terms of execution flow, attack technology stack, attack tools, implementation details, attack objectives, behavior tendency and other

Active since 2023

View details →
Avalanche
Russia

Financial gain

(US-CERT) Cyber criminals utilized Avalanche botnet infrastructure to host and distribute a variety of malware variants to victims, including the targeting of over 40 major financial institutions. Victims may have had their sensitive personal information stolen (e.g., user account credentials). Vict

Active since 2006

View details →
AVIVORE
China

Information theft and espionage

AerospaceAutomotiveEnergy +1

(Context) Until now, most prominent supply chain intrusions have been 'vertical'; initial victims are typically Managed Services Providers or software vendors leveraged by attackers to move up or down the supply chain. However, since summer 2018, Context Information Security has been investigating a

Active since 2015

View details →
Awaken Likho
[Unknown]

Information theft and espionage

Government

(Kaspersky) In July 2021, a campaign was launched primarily targeting Russian government agencies and industrial enterprises. Shortly after the campaign started, we began tracking it, and published three reports in August and September 2024 through our threat research subscription on the threat acto

Active since 2021

View details →
Axiom
China

aka Group 72

Information theft and espionage

AerospaceDefenseIndustrial +2

(Talos) Group 72 is a long standing threat actor group involved in Operation SMN, named Axiom by Novetta. The group is sophisticated, well funded, and possesses an established, defined software development methodology. The group targets high profile organizations with high value intellectual propert

Active since 2008

View details →
Bad Magic
[Unknown]

aka RedStinger

Information theft and espionage

DefenseFood and AgricultureGovernment +1

(Kaspersky) In October 2022, we identified an active infection of government, agriculture and transportation organizations located in the Donetsk, Lugansk, and Crimea regions. Although the initial vector of compromise is unclear, the details of the next stage imply the use of spear phishing or simil

Active since 2020

View details →
Bahamut
[Middle East]

Information theft and espionage

Political, economic and social

(Bellingcat) Bahamut was first noticed when it targeted a Middle Eastern human rights activist in the first week of January 2017. Later that month, the same tactics and patterns were seen in attempts against an Iranian women’s activist – an individual commonly targeted by Iranian actors, such as {{M

Active since 2016

View details →
Bamboo Spider
[Unknown]

aka TA544

Financial crime

FinancialHospitalityIT +3

Zeus Panda, Panda Banker, or Panda is a variant of the original Zeus under the banking Trojan category. Its discovery was in 2016 in Brazil around the time of the Olympic Games. The majority of the code is derived from the original Zeus trojan, and maintains the coding to carry out man-in-the-browse

Active since 2016

View details →
Barium
China

Information theft and espionage

MediaOnline video game companiesTechnology

(Microsoft) Barium begins its attacks by cultivating relationships with potential victims—particularly those working in Business Development or Human Resources—on various social media platforms. Once Barium has established rapport, they spear-phish the victim using a variety of unsophisticated malwa

Active since 2016

View details →
BeagleBoyz
North Korea

Financial crime

Financial

(US CERT) The BeagleBoyz, an element of the North Korean government’s Reconnaissance General Bureau, have likely been active since at least 2014. As opposed to typical cybercrime, the group likely conducts well-planned, disciplined, and methodical cyber operations more akin to careful espionage acti

Active since 2014

View details →

Source: ETDA Threat Group Cards · 503 groups indexed

Active Threats

Malware, abuse & detection intelligence

Unified threat feed from URLhaus, AbuseIPDB, VirusTotal, and Malware Bazaar — malware URLs, blacklisted IPs, and recent malware samples.

0
Active C2 Servers
0
Blacklisted IPs Tracked
0
Tor Exit Nodes

Malware Distribution

0
URLs Online Now
0
Total Tracked

29% of tracked URLs are currently serving malware

Source: URLhaus by abuse.ch

Most Reported IPs

43.164.194.198
BR
100%
78.89.154.59
KW
100%
85.217.140.41
FR
100%
199.45.154.181
HK
100%
45.144.212.172
NL
100%
45.153.34.112
NL
100%
189.51.43.54
BR
100%
13.86.116.162
US
100%

Source: AbuseIPDB

Botnets

Command & Control Infrastructure

Active botnet C2 servers tracked by Feodo Tracker. These servers control malware-infected systems worldwide.

162.243.103.246:8080 US
Emotet 2026-03-07
50.16.16.211:443 US
QakBot 2026-03-12
34.204.119.63:443 US
QakBot 2026-03-01
178.62.3.223:443 GB
QakBot 2026-02-18
27.133.154.218:443 JP
QakBot 2026-03-05

Source: Feodo Tracker by abuse.ch

Data Breaches

Global Breach Landscape

Tracking 1,011 known data breaches affecting 17.7 billion accounts worldwide.

Known Breaches
0
Accounts Compromised
17.7B
Avg per Breach
17.5M

Most Recent Breaches Added

JCPenney jcpenny.com
0.4M
2026-06-12
RalphLauren ralphlauren.com
0.1M
2026-06-11
OperationEndgame4
0.2M
2026-06-18
CFGI cfgi.com
0.2M
2026-03-06
June2026StealerLogs
56.3M
2026-06-15
Berkadia berkadia.com
0.3M
2026-03-19
InfiniteCampus infinitecampus.com
0.1M
2026-03-18
UniversityOfNottingham nottingham.ac.uk
0.5M
2026-06-09

Source: Have I Been Pwned

Latest CVEs

Recently published vulnerabilities

The latest CVE publications from CIRCL — newly disclosed vulnerabilities that may affect your infrastructure.

CVE-2025-61726 Jun 23

Red Hat Security Advisory: Multicluster Global Hub 1.5.4 security update
CVE-2025-61726 Jun 23

Red Hat Security Advisory: Red Hat Quay 3.12.15
CVE-2025-61726 Jun 23

Red Hat Security Advisory: container-tools:rhel8 security update
CVE-2025-13465 Jun 23

Red Hat Security Advisory: RHACS 4.9.4 security and bug fix update
CVE-2025-13465 Jun 23

Red Hat Security Advisory: RHACS 4.8.9 security and bug fix update
CVE-2025-47907 Jun 23

Red Hat Security Advisory: OpenShift Container Platform 4.19.26 bug fix and security update
CVE-2025-61726 Jun 23

Red Hat Security Advisory: Red Hat OpenShift API for Data Protection
CVE-2025-13465 Jun 23

Red Hat Security Advisory: Red Hat OpenShift GitOps v1.19.2 security update

Source: CIRCL CVE-Search

threat-feed — live
[08:59:47] SYSTEM Threat intelligence feed initialized — 14/17 sources active
[08:29:47] CISA KEV CVE-2026-20253 added — Splunk Enterprise
[08:39:47] CISA KEV CVE-2026-48907 added — Widget Factory Joomla Content Editor
[08:09:47] CHAOS New victim: randa.net
[08:19:47] AURORA New victim: Corporación Primax S.A.
[07:49:47] URLhaus 6,464 malware distribution URLs currently online
[07:29:47] FEODO 5 active C2 servers (Emotet)
[07:19:47] TOR 1,240 exit nodes active across the network
$ _

This is what we protect you against

The threat landscape evolves daily. Make sure your security does too.

Get a Security Assessment or book a free call