Threat Intelligence Report

Generated 2026-07-19 19:22 UTC  ·  3/3 sources live  ·  ← back to cyberassist
1647
KEV catalog total
10
Added last 7 days
329
Ransomware-linked
35
Fresh IOCs / pulses

Latest CISA Known Exploited Vulnerabilities live

CVEVendor / ProductVulnerabilityAddedDue
CVE-2026-58644Microsoft
SharePoint
Microsoft SharePoint Deserialization of Untrusted Data Vulnerability2026-07-162026-07-19
CVE-2026-25089Fortinet
FortiSandbox
Fortinet FortiSandbox OS Command Injection Vulnerability2026-07-162026-07-19
CVE-2026-39808Fortinet
FortiSandbox
Fortinet FortiSandbox OS Command Injection Vulnerability2026-07-162026-07-19
CVE-2026-46817Oracle
E-Business Suite
Oracle E-Business Suite Improper Privilege Management Vulnerability2026-07-152026-07-18
CVE-2023-4346KNX Association
KNX Protocol Connection Authorization Option 1
KNX Association KNX Protocol Connection Authorization Option 1 Overly Restrictive Account Lockout Mechanism Vulnerability2026-07-152026-07-29
CVE-2026-56155Microsoft
Active Directory Federation Services
Microsoft Active Directory Federation Services Insufficient Granularity of Access Control Vulnerability 2026-07-142026-07-28
CVE-2026-56164Microsoft
SharePoint Server
Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability2026-07-142026-07-17
CVE-2026-15409SonicWall
SMA1000 Appliances
SonicWall SMA1000 Appliances Server-Side Request Forgery Vulnerability2026-07-142026-07-17
CVE-2026-15410SonicWall
SMA1000 Appliances
SonicWall SMA1000 Appliances Code Injection Vulnerability2026-07-142026-07-17
CVE-2008-4128Cisco
IOS
Cisco IOS Cross-Site Request Forgery Vulnerability2026-07-132026-07-16
CVE-2026-56291Balbooa
Forms
Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability2026-07-102026-07-13
CVE-2026-48939iCagenda
iCagenda
iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability2026-07-102026-07-13
CVE-2026-48908JoomShaper
SP Page Builder
JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability2026-07-072026-07-10
CVE-2026-55255Langflow
Langflow
Langflow Authorization Bypass Through User-Controlled Key Vulnerability2026-07-072026-07-10
CVE-2026-56290Joomlack
Page Builder
Joomlack Page Builder Improper Access Control Vulnerability2026-07-072026-07-10
CVE-2026-48282Adobe
ColdFusion
Adobe ColdFusion Path Traversal Vulnerability2026-07-072026-07-10
CVE-2026-45659Microsoft
SharePoint Server
Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability2026-07-012026-07-04
CVE-2026-48558SimpleHelp
SimpleHelp
SimpleHelp Authentication Bypass Vulnerability2026-06-292026-07-02
CVE-2026-12569PTC
Windchill and FlexPLM
PTC Windchill and FlexPLM Improper Input Validation Vulnerability2026-06-252026-06-28
CVE-2026-20230Cisco
Unified Communications Manager
Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability2026-06-252026-06-28
CVE-2025-67038Lantronix
EDS5000
Lantronix EDS5000 Code Injection Vulnerability2026-06-232026-06-26
CVE-2026-34910Ubiquiti
UniFi OS
Ubiquiti UniFi OS Improper Input Validation Vulnerability2026-06-232026-06-26
CVE-2026-34909Ubiquiti
UniFi OS
Ubiquiti UniFi OS Path Traversal Vulnerability2026-06-232026-06-26
CVE-2026-34908Ubiquiti
UniFi OS
Ubiquiti UniFi OS Improper Access Control Vulnerability2026-06-232026-06-26
CVE-2026-20253Splunk
Enterprise
Splunk Enterprise Missing Authentication for Critical Function Vulnerability2026-06-182026-06-21

Recent Malware IOCs — ThreatFox live

IndicatorTypeMalwareThreatConf.First seen
koin99.linkdomainClearFakepayload_delivery100%2026-07-19 19:19:43 UTC
istudiosgl.comdomainClearFakepayload_delivery100%2026-07-19 19:14:32 UTC
cydm.domirunway.comdomainClearFakepayload_delivery100%2026-07-19 19:10:56 UTC
domirunway.comdomainClearFakepayload_delivery100%2026-07-19 19:09:30 UTC
divoraworld.comdomainClearFakepayload_delivery100%2026-07-19 19:08:21 UTC
1.92.135.168:8080ip:portAdaptixC2botnet_cc100%2026-07-19 19:05:06 UTC
154.219.115.123:8080ip:portAdaptixC2botnet_cc100%2026-07-19 19:05:05 UTC
154.219.115.123:443ip:portAdaptixC2botnet_cc100%2026-07-19 19:05:04 UTC
radiozona94fm.comdomainVidarpayload_delivery100%2026-07-19 18:50:21 UTC
reelwalestudio.comdomainVidarpayload_delivery100%2026-07-19 18:50:21 UTC
rolems.comdomainVidarpayload_delivery100%2026-07-19 18:50:21 UTC
roofing-clearwater.comdomainVidarpayload_delivery100%2026-07-19 18:50:21 UTC
rumahlift.comdomainVidarpayload_delivery100%2026-07-19 18:50:21 UTC
salariadvogados.com.brdomainVidarpayload_delivery100%2026-07-19 18:50:21 UTC
soccerpunter.orgdomainVidarpayload_delivery100%2026-07-19 18:50:21 UTC
toufafashion.comdomainVidarpayload_delivery100%2026-07-19 18:50:21 UTC
yourhomeguide.co.ukdomainVidarpayload_delivery100%2026-07-19 18:50:21 UTC
euregio-camper.dedomainVidarpayload_delivery100%2026-07-19 18:50:20 UTC
guiasantosdumont.com.brdomainVidarpayload_delivery100%2026-07-19 18:50:20 UTC
instantfixservices.comdomainVidarpayload_delivery100%2026-07-19 18:50:20 UTC
lagrandefm.comdomainVidarpayload_delivery100%2026-07-19 18:50:20 UTC
lucianasalomao.com.brdomainVidarpayload_delivery100%2026-07-19 18:50:20 UTC
mazradioaurora.comdomainVidarpayload_delivery100%2026-07-19 18:50:20 UTC
mobilitate.primariapetrosani.rodomainVidarpayload_delivery100%2026-07-19 18:50:20 UTC
moroneyaccountants.iedomainVidarpayload_delivery100%2026-07-19 18:50:20 UTC

Community Threat Pulses — AlienVault OTX live

PulseAuthorTagsIOCsCreated
Inside the FortiBleed Open Directory: A Technical Analysis of What the Attacker Left BehindAlienVaultvpn compromise, hash cracking, fortibleed, hashtopolis, fortigate, initial access broker, fortinet, credential harvesting02026-06-19
Operation Poisson – Analyzing a Cybercriminal’s Entire OperationAlienVaulttailscale, rustdesk, poisson, credential-theft, france, keylogger, fileless-attack, openssh112026-06-19
Popa: From Sourcing to DistributionAlienVaultresidential proxy, netnut, neupop, sdk, moneytiser, hopanet, popa, loopop2112026-06-18
Klue Integration Abused in Salesforce Data Theft | Threat SpotlightAlienVaultsalesforce, unc6395, oauth abuse, api exfiltration, third-party integration, klue integration, shinyhunters, crm data theft02026-06-18
Botnet Analysis: A Product-Grade Threat for the AI Service EraAlienVaultshodan intelligence, credential harvesting, polymorphic, ai infrastructure targeting, mcp exploitation, botnet, autonomous scanning, go-based62026-07-17
Contagious Interview malware in SVG images: DPRK campaignAlienVaultdeveloper targeting, cryptocurrency wallet theft, supply chain attack, svg, ottercookie, steganography, fake job interviews, beavertail132026-07-17
Behind the Refund: From GST Phishing to Remcos RAT Through a Multi-Stage .NET Infection ChainAlienVaultbitmap steganography, fileless execution, multi-stage loader, dynamic dns, india targeting, credential theft, gst phishing, remcos rat62026-07-17
ClickFix Campaign Generated Via AI Delivers SmartRATAlienVaultbanana rat, fake captcha, smartrat, powershell, typosquatting, ghostloader, brazil, clickfix112026-06-17
ACR Stealer: Two observed intrusion chains amid increased threat activityAlienVaultblockchain c2, webdav, steganography, amatera stealer, clickfix, acr stealer162026-07-17
Novel Starland RAT and bespoke WLDR C2 implant deployed in financially motivated campaignAlienVaultcredential harvesting, trojanized installers, python rat, powershell implant, starland rat, clickfix, wldr agent, castlestealer492026-07-16