Threat Intelligence Report

Generated 2026-07-19 09:19 UTC  ·  3/3 sources live  ·  ← back to cyberassist
1647
KEV catalog total
10
Added last 7 days
329
Ransomware-linked
35
Fresh IOCs / pulses

Latest CISA Known Exploited Vulnerabilities live

CVEVendor / ProductVulnerabilityAddedDue
CVE-2026-58644Microsoft
SharePoint
Microsoft SharePoint Deserialization of Untrusted Data Vulnerability2026-07-162026-07-19
CVE-2026-25089Fortinet
FortiSandbox
Fortinet FortiSandbox OS Command Injection Vulnerability2026-07-162026-07-19
CVE-2026-39808Fortinet
FortiSandbox
Fortinet FortiSandbox OS Command Injection Vulnerability2026-07-162026-07-19
CVE-2026-46817Oracle
E-Business Suite
Oracle E-Business Suite Improper Privilege Management Vulnerability2026-07-152026-07-18
CVE-2023-4346KNX Association
KNX Protocol Connection Authorization Option 1
KNX Association KNX Protocol Connection Authorization Option 1 Overly Restrictive Account Lockout Mechanism Vulnerability2026-07-152026-07-29
CVE-2026-56155Microsoft
Active Directory Federation Services
Microsoft Active Directory Federation Services Insufficient Granularity of Access Control Vulnerability 2026-07-142026-07-28
CVE-2026-56164Microsoft
SharePoint Server
Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability2026-07-142026-07-17
CVE-2026-15409SonicWall
SMA1000 Appliances
SonicWall SMA1000 Appliances Server-Side Request Forgery Vulnerability2026-07-142026-07-17
CVE-2026-15410SonicWall
SMA1000 Appliances
SonicWall SMA1000 Appliances Code Injection Vulnerability2026-07-142026-07-17
CVE-2008-4128Cisco
IOS
Cisco IOS Cross-Site Request Forgery Vulnerability2026-07-132026-07-16
CVE-2026-56291Balbooa
Forms
Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability2026-07-102026-07-13
CVE-2026-48939iCagenda
iCagenda
iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability2026-07-102026-07-13
CVE-2026-48908JoomShaper
SP Page Builder
JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability2026-07-072026-07-10
CVE-2026-55255Langflow
Langflow
Langflow Authorization Bypass Through User-Controlled Key Vulnerability2026-07-072026-07-10
CVE-2026-56290Joomlack
Page Builder
Joomlack Page Builder Improper Access Control Vulnerability2026-07-072026-07-10
CVE-2026-48282Adobe
ColdFusion
Adobe ColdFusion Path Traversal Vulnerability2026-07-072026-07-10
CVE-2026-45659Microsoft
SharePoint Server
Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability2026-07-012026-07-04
CVE-2026-48558SimpleHelp
SimpleHelp
SimpleHelp Authentication Bypass Vulnerability2026-06-292026-07-02
CVE-2026-12569PTC
Windchill and FlexPLM
PTC Windchill and FlexPLM Improper Input Validation Vulnerability2026-06-252026-06-28
CVE-2026-20230Cisco
Unified Communications Manager
Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability2026-06-252026-06-28
CVE-2025-67038Lantronix
EDS5000
Lantronix EDS5000 Code Injection Vulnerability2026-06-232026-06-26
CVE-2026-34910Ubiquiti
UniFi OS
Ubiquiti UniFi OS Improper Input Validation Vulnerability2026-06-232026-06-26
CVE-2026-34909Ubiquiti
UniFi OS
Ubiquiti UniFi OS Path Traversal Vulnerability2026-06-232026-06-26
CVE-2026-34908Ubiquiti
UniFi OS
Ubiquiti UniFi OS Improper Access Control Vulnerability2026-06-232026-06-26
CVE-2026-20253Splunk
Enterprise
Splunk Enterprise Missing Authentication for Critical Function Vulnerability2026-06-182026-06-21

Recent Malware IOCs — ThreatFox live

IndicatorTypeMalwareThreatConf.First seen
ystr.bittersweetkennel.comdomainClearFakepayload_delivery100%2026-07-19 09:05:53 UTC
82.156.166.227:1890ip:portUnknown malwarebotnet_cc100%2026-07-19 09:05:08 UTC
82.156.166.227:111ip:portUnknown malwarebotnet_cc100%2026-07-19 09:05:06 UTC
82.156.166.227:5003ip:portUnknown malwarebotnet_cc100%2026-07-19 09:05:06 UTC
67.216.197.83:3000ip:portUnknown malwarebotnet_cc100%2026-07-19 09:05:05 UTC
96.44.138.102:22ip:portUnknown malwarebotnet_cc100%2026-07-19 09:05:05 UTC
bittersweetkennel.comdomainClearFakepayload_delivery100%2026-07-19 09:00:51 UTC
jackpot168.de.comdomainClearFakepayload_delivery100%2026-07-19 09:00:22 UTC
zuibs.jetbet.downloaddomainClearFakepayload_delivery100%2026-07-19 08:59:38 UTC
coolriverpizzaca.comdomainClearFakepayload_delivery100%2026-07-19 08:49:34 UTC
nextbahis.appdomainClearFakepayload_delivery100%2026-07-19 08:48:23 UTC
trivaleal9.eightyen1arge.gardendomainClearFakebotnet_cc90%2026-07-19 08:37:08 UTC
markol.prodomainClearFakebotnet_cc90%2026-07-19 08:37:08 UTC
https://afsd.net/urlVidarpayload_delivery75%2026-07-19 08:15:04 UTC
85.137.240.26:8888ip:portUnknown malwarebotnet_cc100%2026-07-19 08:05:06 UTC
85.137.240.26:1080ip:portUnknown malwarebotnet_cc100%2026-07-19 08:05:06 UTC
47.86.97.42:8911ip:portUnknown malwarebotnet_cc100%2026-07-19 08:05:05 UTC
85.137.240.26:7500ip:portUnknown malwarebotnet_cc100%2026-07-19 08:05:05 UTC
8.138.179.29:10022ip:portUnknown malwarebotnet_cc100%2026-07-19 08:05:04 UTC
bzeg.bikertlane.comdomainClearFakepayload_delivery100%2026-07-19 08:01:16 UTC
m4jpiubh.royaldoorsspringdale.comdomainClearFakepayload_delivery100%2026-07-19 08:00:54 UTC
bikertlane.comdomainClearFakepayload_delivery100%2026-07-19 08:00:21 UTC
royaldoorsspringdale.comdomainClearFakepayload_delivery100%2026-07-19 07:59:10 UTC
4yl6u62i.pdfbama.comdomainClearFakepayload_delivery100%2026-07-19 07:58:21 UTC
otcgf.christorem.comdomainClearFakepayload_delivery100%2026-07-19 07:56:56 UTC

Community Threat Pulses — AlienVault OTX live

PulseAuthorTagsIOCsCreated
Popa: From Sourcing to DistributionAlienVaultresidential proxy, netnut, neupop, sdk, moneytiser, hopanet, popa, loopop2112026-06-18
Klue Integration Abused in Salesforce Data Theft | Threat SpotlightAlienVaultsalesforce, unc6395, oauth abuse, api exfiltration, third-party integration, klue integration, shinyhunters, crm data theft02026-06-18
Botnet Analysis: A Product-Grade Threat for the AI Service EraAlienVaultshodan intelligence, credential harvesting, polymorphic, ai infrastructure targeting, mcp exploitation, botnet, autonomous scanning, go-based62026-07-17
Contagious Interview malware in SVG images: DPRK campaignAlienVaultdeveloper targeting, cryptocurrency wallet theft, supply chain attack, svg, ottercookie, steganography, fake job interviews, beavertail132026-07-17
Behind the Refund: From GST Phishing to Remcos RAT Through a Multi-Stage .NET Infection ChainAlienVaultbitmap steganography, fileless execution, multi-stage loader, dynamic dns, india targeting, credential theft, gst phishing, remcos rat62026-07-17
ClickFix Campaign Generated Via AI Delivers SmartRATAlienVaultbanana rat, fake captcha, smartrat, powershell, typosquatting, ghostloader, brazil, clickfix112026-06-17
ACR Stealer: Two observed intrusion chains amid increased threat activityAlienVaultblockchain c2, webdav, steganography, amatera stealer, clickfix, acr stealer162026-07-17
Novel Starland RAT and bespoke WLDR C2 implant deployed in financially motivated campaignAlienVaultcredential harvesting, trojanized installers, python rat, powershell implant, starland rat, clickfix, wldr agent, castlestealer492026-07-16
The Patch Wars have begunAlienVaultcastlestealer, starland rat, remcos rat, russian-speaking adversary, wldr agent, uat-11795, trojanized installers, financial motivation112026-07-16
GoSerpent backdoor attacks in Southeast AsiaAlienVaultgovernment targeting, southeast asia, goserpent, diplomatic entities, quarksdumplocalhash, stowaway, tmcloader, tmcpayload142026-07-16