{ "generated": "2026-06-15T01:48:51Z", "count": 3206, "iocs": [ { "value": "avads.live", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "med", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-04", "title": "152 Chrome Extensions Hide Ad Tracking and Fake Google Search Traffic", "link": "https://cybersecuritynews.com/chrome-extensions-hide-ad-tracking/", "published": "2026-06-14", "sev": "med" } ], "first_seen": "2026-06-14" }, { "value": "chromewallpaper.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "med", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-04", "title": "152 Chrome Extensions Hide Ad Tracking and Fake Google Search Traffic", "link": "https://cybersecuritynews.com/chrome-extensions-hide-ad-tracking/", "published": "2026-06-14", "sev": "med" } ], "first_seen": "2026-06-14" }, { "value": "owhit.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "med", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-04", "title": "152 Chrome Extensions Hide Ad Tracking and Fake Google Search Traffic", "link": "https://cybersecuritynews.com/chrome-extensions-hide-ad-tracking/", "published": "2026-06-14", "sev": "med" } ], "first_seen": "2026-06-14" }, { "value": "tabplugins.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "med", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-04", "title": "152 Chrome Extensions Hide Ad Tracking and Fake Google Search Traffic", "link": "https://cybersecuritynews.com/chrome-extensions-hide-ad-tracking/", "published": "2026-06-14", "sev": "med" } ], "first_seen": "2026-06-14" }, { "value": "yowgames.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "med", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-04", "title": "152 Chrome Extensions Hide Ad Tracking and Fake Google Search Traffic", "link": "https://cybersecuritynews.com/chrome-extensions-hide-ad-tracking/", "published": "2026-06-14", "sev": "med" } ], "first_seen": "2026-06-14" }, { "value": "147.79.120.202", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "med", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-04", "title": "152 Chrome Extensions Hide Ad Tracking and Fake Google Search Traffic", "link": "https://cybersecuritynews.com/chrome-extensions-hide-ad-tracking/", "published": "2026-06-14", "sev": "med" } ], "first_seen": "2026-06-14" }, { "value": "92.112.198.22", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "med", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-04", "title": "152 Chrome Extensions Hide Ad Tracking and Fake Google Search Traffic", "link": "https://cybersecuritynews.com/chrome-extensions-hide-ad-tracking/", "published": "2026-06-14", "sev": "med" } ], "first_seen": "2026-06-14" }, { "value": "CVE-2024-20399", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "BleepingComputer", "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-07", "title": "Chinese hackers hijack auth flow, spy on isolated network for a decade", "link": "https://www.bleepingcomputer.com/news/security/chinese-hackers-hijack-auth-flow-spy-on-isolated-network-for-a-decade/", "published": "2026-06-13", "sev": "crit" }, { "id": "art-22", "title": "China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade", "link": "https://thehackernews.com/2026/06/china-linked-hackers-backdoored-linux.html", "published": "2026-06-12", "sev": "crit" }, { "id": "art-1216", "title": "CISA KEV: CVE-2024-20399 \u2014 Cisco NX-OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-02", "sev": "crit" } ], "first_seen": "2026-06-13" }, { "value": "CVE-2026-20253", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "Cyber Security News" ], "articles": [ { "id": "art-09", "title": "Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication", "link": "https://thehackernews.com/2026/06/critical-splunk-enterprise-flaw-lets.html", "published": "2026-06-13", "sev": "crit" } ], "first_seen": "2026-06-13" }, { "value": "github.com/fardewoak/nodejs-argo", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-14", "title": "400+ AUR Packages Hijacked: What the \u201cAtomic Arch\u201d Campaign Means for Supply-Chain Security", "link": "https://www.stepsecurity.io/blog/400-aur-packages-hijacked-atomic-arch-campaign", "published": "2026-06-13", "sev": "crit" } ], "first_seen": "2026-06-13" }, { "value": "gs.thc.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "BleepingComputer" ], "articles": [ { "id": "art-07", "title": "Chinese hackers hijack auth flow, spy on isolated network for a decade", "link": "https://www.bleepingcomputer.com/news/security/chinese-hackers-hijack-auth-flow-spy-on-isolated-network-for-a-decade/", "published": "2026-06-13", "sev": "crit" } ], "first_seen": "2026-06-13" }, { "value": "temp.sh", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "StepSecurity", "The Hacker News", "BleepingComputer" ], "articles": [ { "id": "art-14", "title": "400+ AUR Packages Hijacked: What the \u201cAtomic Arch\u201d Campaign Means for Supply-Chain Security", "link": "https://www.stepsecurity.io/blog/400-aur-packages-hijacked-atomic-arch-campaign", "published": "2026-06-13", "sev": "crit" }, { "id": "art-17", "title": "Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit", "link": "https://thehackernews.com/2026/06/over-400-arch-linux-aur-packages.html", "published": "2026-06-12", "sev": "high" }, { "id": "art-25", "title": "Over 400 Arch Linux packages compromised to push rootkit, infostealer", "link": "https://www.bleepingcomputer.com/news/security/over-400-arch-linux-packages-compromised-to-push-rootkit-infostealer/", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-13" }, { "value": "advisory-tracker.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Cyber Security News", "The Hacker News" ], "articles": [ { "id": "art-06", "title": "New Agentjacking Attack Hijacks Your AI Coding Agent to Run Code From a Hacker\u2019s Server", "link": "https://cybersecuritynews.com/agentjacking-attack-hijacks-ai-coding-agent/", "published": "2026-06-13", "sev": "med" }, { "id": "art-28", "title": "Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code", "link": "https://thehackernews.com/2026/06/agentjacking-attack-tricks-ai-coding.html", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-13" }, { "value": "CVE-2023-50224", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cyber Security News", "CISA KEV" ], "articles": [ { "id": "art-19", "title": "Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to Launch Stealthy Cyberattacks", "link": "https://cybersecuritynews.com/fancy-bear-hackers-abuse-edgerouters-and-cloud-services/", "published": "2026-06-12", "sev": "high" }, { "id": "art-800", "title": "CISA KEV: CVE-2023-50224 \u2014 TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-03", "sev": "crit" }, { "id": "art-801", "title": "CISA KEV: CVE-2025-9377 \u2014 TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-03", "sev": "crit" } ], "first_seen": "2026-06-12" }, { "value": "CVE-2025-67644", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-32", "title": "LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution", "link": "https://thehackernews.com/2026/06/langgraph-flaw-chain-exposes-self.html", "published": "2026-06-12", "sev": "crit" } ], "first_seen": "2026-06-12" }, { "value": "CVE-2026-10520", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "BleepingComputer", "CISA KEV", "The Hacker News" ], "articles": [ { "id": "art-34", "title": "CISA orders feds to patch actively exploited Ivanti flaw by Sunday", "link": "https://www.bleepingcomputer.com/news/security/cisa-gives-feds-3-days-to-patch-ivanti-flaw-exploited-in-attacks/", "published": "2026-06-12", "sev": "high" }, { "id": "art-56", "title": "CISA KEV: CVE-2026-10520 \u2014 Ivanti Sentry OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-06-11", "sev": "crit" }, { "id": "art-61", "title": "Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities", "link": "https://thehackernews.com/2026/06/ivanti-fortinet-and-sap-release-patches.html", "published": "2026-06-10", "sev": "crit" } ], "first_seen": "2026-06-12" }, { "value": "CVE-2026-10523", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "BleepingComputer", "CISA KEV", "The Hacker News" ], "articles": [ { "id": "art-34", "title": "CISA orders feds to patch actively exploited Ivanti flaw by Sunday", "link": "https://www.bleepingcomputer.com/news/security/cisa-gives-feds-3-days-to-patch-ivanti-flaw-exploited-in-attacks/", "published": "2026-06-12", "sev": "high" }, { "id": "art-56", "title": "CISA KEV: CVE-2026-10520 \u2014 Ivanti Sentry OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-06-11", "sev": "crit" }, { "id": "art-61", "title": "Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities", "link": "https://thehackernews.com/2026/06/ivanti-fortinet-and-sap-release-patches.html", "published": "2026-06-10", "sev": "crit" } ], "first_seen": "2026-06-12" }, { "value": "CVE-2026-21509", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cyber Security News", "CISA KEV" ], "articles": [ { "id": "art-19", "title": "Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to Launch Stealthy Cyberattacks", "link": "https://cybersecuritynews.com/fancy-bear-hackers-abuse-edgerouters-and-cloud-services/", "published": "2026-06-12", "sev": "high" }, { "id": "art-602", "title": "CISA KEV: CVE-2026-21509 \u2014 Microsoft Office Security Feature Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-01-26", "sev": "crit" } ], "first_seen": "2026-06-12" }, { "value": "CVE-2026-27022", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-32", "title": "LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution", "link": "https://thehackernews.com/2026/06/langgraph-flaw-chain-exposes-self.html", "published": "2026-06-12", "sev": "crit" } ], "first_seen": "2026-06-12" }, { "value": "CVE-2026-28277", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-32", "title": "LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution", "link": "https://thehackernews.com/2026/06/langgraph-flaw-chain-exposes-self.html", "published": "2026-06-12", "sev": "crit" } ], "first_seen": "2026-06-12" }, { "value": "CVE-2026-33634", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "BleepingComputer", "StepSecurity", "Aikido", "CISA KEV" ], "articles": [ { "id": "art-27", "title": "Early Warning Signs of Supply-Chain Attacks Live in the Dark Web", "link": "https://www.bleepingcomputer.com/news/security/early-warning-signs-of-supply-chain-attacks-live-in-the-dark-web/", "published": "2026-06-12", "sev": "crit" }, { "id": "art-400", "title": "Behind the Scenes: How StepSecurity Detected and Helped Remediate the Largest npm Supply Chain Attack", "link": "https://www.stepsecurity.io/blog/behind-the-scenes-how-stepsecurity-detected-and-helped-remediate-the-largest-npm-supply-chain-attack", "published": "2026-04-09", "sev": "crit" }, { "id": "art-425", "title": "Popular telnyx package compromised on PyPI by TeamPCP", "link": "https://www.aikido.dev/blog/telnyx-pypi-compromised-teampcp-canisterworm", "published": "2026-03-27", "sev": "crit" }, { "id": "art-437", "title": "CISA KEV: CVE-2026-33634 \u2014 Aquasecurity Trivy Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-26", "sev": "crit" } ], "first_seen": "2026-06-12" }, { "value": "CVE-2026-35273", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-37", "title": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities", "link": "https://thehackernews.com/2026/06/shinyhunters-exploits-oracle-peoplesoft.html", "published": "2026-06-12", "sev": "crit" } ], "first_seen": "2026-06-12" }, { "value": "CVE-2026-48150", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-20", "title": "[GHSA / CRITICAL] CVE-2026-48150: Budibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assign", "link": "https://github.com/advisories/GHSA-6xp4-cf37-ppjh", "published": "2026-06-12", "sev": "crit" } ], "first_seen": "2026-06-12" }, { "value": "azurenetfiles.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-37", "title": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities", "link": "https://thehackernews.com/2026/06/shinyhunters-exploits-oracle-peoplesoft.html", "published": "2026-06-12", "sev": "crit" } ], "first_seen": "2026-06-12" }, { "value": "webhook.site", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "BleepingComputer", "Aikido", "StepSecurity", "Snyk", "CISA KEV" ], "articles": [ { "id": "art-27", "title": "Early Warning Signs of Supply-Chain Attacks Live in the Dark Web", "link": "https://www.bleepingcomputer.com/news/security/early-warning-signs-of-supply-chain-attacks-live-in-the-dark-web/", "published": "2026-06-12", "sev": "crit" }, { "id": "art-46", "title": "npm v12 delivers one of the biggest security improvements in years", "link": "https://www.aikido.dev/blog/npm-v12-block-postinstall", "published": "2026-06-11", "sev": "high" }, { "id": "art-475", "title": "kubernetes-el Compromised: How a Pwn Request Exploited a Popular Emacs Package", "link": "https://www.stepsecurity.io/blog/kubernetes-el-compromised-how-a-pwn-request-exploited-a-popular-emacs-package", "published": "2026-03-11", "sev": "high" }, { "id": "art-652", "title": "How Harden Runner Detected the Sha1-Hulud Supply Chain Attack in CNCF's Backstage Repository", "link": "https://www.stepsecurity.io/blog/how-harden-runner-detected-the-sha1-hulud-supply-chain-attack-in-cncfs-backstage-repository", "published": "2025-12-15", "sev": "high" }, { "id": "art-686", "title": "SHA1-Hulud, npm supply chain incident", "link": "https://snyk.io/blog/sha1-hulud-npm-supply-chain-incident/", "published": "2025-11-24", "sev": "high" }, { "id": "art-789", "title": "Zero-day Extensive NPM Package Compromise - Shai Hulud Supply Chain Attack", "link": "https://snyk.io/blog/embedded-malicious-code-in-tinycolor-and-ngx-bootstrap-releases-on-npm/", "published": "2025-09-15", "sev": "high" }, { "id": "art-847", "title": "CISA KEV: CVE-2025-47812 \u2014 Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-14", "sev": "crit" } ], "first_seen": "2026-06-12" }, { "value": "108.174.202.99", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-37", "title": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities", "link": "https://thehackernews.com/2026/06/shinyhunters-exploits-oracle-peoplesoft.html", "published": "2026-06-12", "sev": "crit" } ], "first_seen": "2026-06-12" }, { "value": "142.11.200.186", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-37", "title": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities", "link": "https://thehackernews.com/2026/06/shinyhunters-exploits-oracle-peoplesoft.html", "published": "2026-06-12", "sev": "crit" } ], "first_seen": "2026-06-12" }, { "value": "142.11.200.187", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-37", "title": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities", "link": "https://thehackernews.com/2026/06/shinyhunters-exploits-oracle-peoplesoft.html", "published": "2026-06-12", "sev": "crit" } ], "first_seen": "2026-06-12" }, { "value": "142.11.200.188", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-37", "title": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities", "link": "https://thehackernews.com/2026/06/shinyhunters-exploits-oracle-peoplesoft.html", "published": "2026-06-12", "sev": "crit" } ], "first_seen": "2026-06-12" }, { "value": "142.11.200.189", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-37", "title": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities", "link": "https://thehackernews.com/2026/06/shinyhunters-exploits-oracle-peoplesoft.html", "published": "2026-06-12", "sev": "crit" } ], "first_seen": "2026-06-12" }, { "value": "142.11.200.190", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-37", "title": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities", "link": "https://thehackernews.com/2026/06/shinyhunters-exploits-oracle-peoplesoft.html", "published": "2026-06-12", "sev": "crit" } ], "first_seen": "2026-06-12" }, { "value": "176.120.22.24", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-37", "title": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities", "link": "https://thehackernews.com/2026/06/shinyhunters-exploits-oracle-peoplesoft.html", "published": "2026-06-12", "sev": "crit" } ], "first_seen": "2026-06-12" }, { "value": "46faab8ab153fae6e80e7cca38eab363075bb524edd79e42269217a083628f09", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "BleepingComputer", "Aikido", "StepSecurity", "Snyk" ], "articles": [ { "id": "art-27", "title": "Early Warning Signs of Supply-Chain Attacks Live in the Dark Web", "link": "https://www.bleepingcomputer.com/news/security/early-warning-signs-of-supply-chain-attacks-live-in-the-dark-web/", "published": "2026-06-12", "sev": "crit" }, { "id": "art-46", "title": "npm v12 delivers one of the biggest security improvements in years", "link": "https://www.aikido.dev/blog/npm-v12-block-postinstall", "published": "2026-06-11", "sev": "high" }, { "id": "art-395", "title": "Securing Vibe Coding and AI Coding Agents: An End-to-End Approach with StepSecurity", "link": "https://www.stepsecurity.io/blog/securing-vibe-coding-and-ai-coding-agents-an-end-to-end-approach-with-stepsecurity", "published": "2026-04-12", "sev": "high" }, { "id": "art-652", "title": "How Harden Runner Detected the Sha1-Hulud Supply Chain Attack in CNCF's Backstage Repository", "link": "https://www.stepsecurity.io/blog/how-harden-runner-detected-the-sha1-hulud-supply-chain-attack-in-cncfs-backstage-repository", "published": "2025-12-15", "sev": "high" }, { "id": "art-686", "title": "SHA1-Hulud, npm supply chain incident", "link": "https://snyk.io/blog/sha1-hulud-npm-supply-chain-incident/", "published": "2025-11-24", "sev": "high" }, { "id": "art-789", "title": "Zero-day Extensive NPM Package Compromise - Shai Hulud Supply Chain Attack", "link": "https://snyk.io/blog/embedded-malicious-code-in-tinycolor-and-ngx-bootstrap-releases-on-npm/", "published": "2025-09-15", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "4b2399646573bb737c4969563303d8ee2e9ddbd1b271f1ca9e35ea78062538db", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "BleepingComputer", "Aikido", "StepSecurity", "Snyk" ], "articles": [ { "id": "art-27", "title": "Early Warning Signs of Supply-Chain Attacks Live in the Dark Web", "link": "https://www.bleepingcomputer.com/news/security/early-warning-signs-of-supply-chain-attacks-live-in-the-dark-web/", "published": "2026-06-12", "sev": "crit" }, { "id": "art-46", "title": "npm v12 delivers one of the biggest security improvements in years", "link": "https://www.aikido.dev/blog/npm-v12-block-postinstall", "published": "2026-06-11", "sev": "high" }, { "id": "art-395", "title": "Securing Vibe Coding and AI Coding Agents: An End-to-End Approach with StepSecurity", "link": "https://www.stepsecurity.io/blog/securing-vibe-coding-and-ai-coding-agents-an-end-to-end-approach-with-stepsecurity", "published": "2026-04-12", "sev": "high" }, { "id": "art-652", "title": "How Harden Runner Detected the Sha1-Hulud Supply Chain Attack in CNCF's Backstage Repository", "link": "https://www.stepsecurity.io/blog/how-harden-runner-detected-the-sha1-hulud-supply-chain-attack-in-cncfs-backstage-repository", "published": "2025-12-15", "sev": "high" }, { "id": "art-686", "title": "SHA1-Hulud, npm supply chain incident", "link": "https://snyk.io/blog/sha1-hulud-npm-supply-chain-incident/", "published": "2025-11-24", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "62ee164b9b306250c1172583f138c9614139264f889fa99614903c12755468d0", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "BleepingComputer", "Aikido", "StepSecurity", "Snyk" ], "articles": [ { "id": "art-27", "title": "Early Warning Signs of Supply-Chain Attacks Live in the Dark Web", "link": "https://www.bleepingcomputer.com/news/security/early-warning-signs-of-supply-chain-attacks-live-in-the-dark-web/", "published": "2026-06-12", "sev": "crit" }, { "id": "art-46", "title": "npm v12 delivers one of the biggest security improvements in years", "link": "https://www.aikido.dev/blog/npm-v12-block-postinstall", "published": "2026-06-11", "sev": "high" }, { "id": "art-395", "title": "Securing Vibe Coding and AI Coding Agents: An End-to-End Approach with StepSecurity", "link": "https://www.stepsecurity.io/blog/securing-vibe-coding-and-ai-coding-agents-an-end-to-end-approach-with-stepsecurity", "published": "2026-04-12", "sev": "high" }, { "id": "art-652", "title": "How Harden Runner Detected the Sha1-Hulud Supply Chain Attack in CNCF's Backstage Repository", "link": "https://www.stepsecurity.io/blog/how-harden-runner-detected-the-sha1-hulud-supply-chain-attack-in-cncfs-backstage-repository", "published": "2025-12-15", "sev": "high" }, { "id": "art-686", "title": "SHA1-Hulud, npm supply chain incident", "link": "https://snyk.io/blog/sha1-hulud-npm-supply-chain-incident/", "published": "2025-11-24", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "a3894003ad1d293ba96d77881ccd2071446dc3f65f434669b49b3da92421901a", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "BleepingComputer", "Aikido", "StepSecurity", "Snyk" ], "articles": [ { "id": "art-27", "title": "Early Warning Signs of Supply-Chain Attacks Live in the Dark Web", "link": "https://www.bleepingcomputer.com/news/security/early-warning-signs-of-supply-chain-attacks-live-in-the-dark-web/", "published": "2026-06-12", "sev": "crit" }, { "id": "art-46", "title": "npm v12 delivers one of the biggest security improvements in years", "link": "https://www.aikido.dev/blog/npm-v12-block-postinstall", "published": "2026-06-11", "sev": "high" }, { "id": "art-395", "title": "Securing Vibe Coding and AI Coding Agents: An End-to-End Approach with StepSecurity", "link": "https://www.stepsecurity.io/blog/securing-vibe-coding-and-ai-coding-agents-an-end-to-end-approach-with-stepsecurity", "published": "2026-04-12", "sev": "high" }, { "id": "art-652", "title": "How Harden Runner Detected the Sha1-Hulud Supply Chain Attack in CNCF's Backstage Repository", "link": "https://www.stepsecurity.io/blog/how-harden-runner-detected-the-sha1-hulud-supply-chain-attack-in-cncfs-backstage-repository", "published": "2025-12-15", "sev": "high" }, { "id": "art-686", "title": "SHA1-Hulud, npm supply chain incident", "link": "https://snyk.io/blog/sha1-hulud-npm-supply-chain-incident/", "published": "2025-11-24", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "b74caeaa75e077c99f7d44f46daaf9796a3be43ecf24f2a1fd381844669da777", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "BleepingComputer", "Aikido", "StepSecurity", "Snyk" ], "articles": [ { "id": "art-27", "title": "Early Warning Signs of Supply-Chain Attacks Live in the Dark Web", "link": "https://www.bleepingcomputer.com/news/security/early-warning-signs-of-supply-chain-attacks-live-in-the-dark-web/", "published": "2026-06-12", "sev": "crit" }, { "id": "art-46", "title": "npm v12 delivers one of the biggest security improvements in years", "link": "https://www.aikido.dev/blog/npm-v12-block-postinstall", "published": "2026-06-11", "sev": "high" }, { "id": "art-395", "title": "Securing Vibe Coding and AI Coding Agents: An End-to-End Approach with StepSecurity", "link": "https://www.stepsecurity.io/blog/securing-vibe-coding-and-ai-coding-agents-an-end-to-end-approach-with-stepsecurity", "published": "2026-04-12", "sev": "high" }, { "id": "art-652", "title": "How Harden Runner Detected the Sha1-Hulud Supply Chain Attack in CNCF's Backstage Repository", "link": "https://www.stepsecurity.io/blog/how-harden-runner-detected-the-sha1-hulud-supply-chain-attack-in-cncfs-backstage-repository", "published": "2025-12-15", "sev": "high" }, { "id": "art-686", "title": "SHA1-Hulud, npm supply chain incident", "link": "https://snyk.io/blog/sha1-hulud-npm-supply-chain-incident/", "published": "2025-11-24", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "cbb9bc5a8496243e02f3cc080efbe3e4a1430ba0671f2e43a202bf45b05479cd", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "BleepingComputer", "Aikido", "StepSecurity", "Snyk" ], "articles": [ { "id": "art-27", "title": "Early Warning Signs of Supply-Chain Attacks Live in the Dark Web", "link": "https://www.bleepingcomputer.com/news/security/early-warning-signs-of-supply-chain-attacks-live-in-the-dark-web/", "published": "2026-06-12", "sev": "crit" }, { "id": "art-46", "title": "npm v12 delivers one of the biggest security improvements in years", "link": "https://www.aikido.dev/blog/npm-v12-block-postinstall", "published": "2026-06-11", "sev": "high" }, { "id": "art-395", "title": "Securing Vibe Coding and AI Coding Agents: An End-to-End Approach with StepSecurity", "link": "https://www.stepsecurity.io/blog/securing-vibe-coding-and-ai-coding-agents-an-end-to-end-approach-with-stepsecurity", "published": "2026-04-12", "sev": "high" }, { "id": "art-652", "title": "How Harden Runner Detected the Sha1-Hulud Supply Chain Attack in CNCF's Backstage Repository", "link": "https://www.stepsecurity.io/blog/how-harden-runner-detected-the-sha1-hulud-supply-chain-attack-in-cncfs-backstage-repository", "published": "2025-12-15", "sev": "high" }, { "id": "art-686", "title": "SHA1-Hulud, npm supply chain incident", "link": "https://snyk.io/blog/sha1-hulud-npm-supply-chain-incident/", "published": "2025-11-24", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "dc67467a39b70d1cd4c1f7f7a459b35058163592f4a9e8fb4dffcbba98ef210c", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "BleepingComputer", "Aikido", "StepSecurity", "Snyk" ], "articles": [ { "id": "art-27", "title": "Early Warning Signs of Supply-Chain Attacks Live in the Dark Web", "link": "https://www.bleepingcomputer.com/news/security/early-warning-signs-of-supply-chain-attacks-live-in-the-dark-web/", "published": "2026-06-12", "sev": "crit" }, { "id": "art-46", "title": "npm v12 delivers one of the biggest security improvements in years", "link": "https://www.aikido.dev/blog/npm-v12-block-postinstall", "published": "2026-06-11", "sev": "high" }, { "id": "art-395", "title": "Securing Vibe Coding and AI Coding Agents: An End-to-End Approach with StepSecurity", "link": "https://www.stepsecurity.io/blog/securing-vibe-coding-and-ai-coding-agents-an-end-to-end-approach-with-stepsecurity", "published": "2026-04-12", "sev": "high" }, { "id": "art-652", "title": "How Harden Runner Detected the Sha1-Hulud Supply Chain Attack in CNCF's Backstage Repository", "link": "https://www.stepsecurity.io/blog/how-harden-runner-detected-the-sha1-hulud-supply-chain-attack-in-cncfs-backstage-repository", "published": "2025-12-15", "sev": "high" }, { "id": "art-686", "title": "SHA1-Hulud, npm supply chain incident", "link": "https://snyk.io/blog/sha1-hulud-npm-supply-chain-incident/", "published": "2025-11-24", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "f099c5d9ec417d4445a0328ac0ada9cde79fc37410914103ae9c609cbc0ee068", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "BleepingComputer", "Aikido", "StepSecurity", "Snyk" ], "articles": [ { "id": "art-27", "title": "Early Warning Signs of Supply-Chain Attacks Live in the Dark Web", "link": "https://www.bleepingcomputer.com/news/security/early-warning-signs-of-supply-chain-attacks-live-in-the-dark-web/", "published": "2026-06-12", "sev": "crit" }, { "id": "art-46", "title": "npm v12 delivers one of the biggest security improvements in years", "link": "https://www.aikido.dev/blog/npm-v12-block-postinstall", "published": "2026-06-11", "sev": "high" }, { "id": "art-395", "title": "Securing Vibe Coding and AI Coding Agents: An End-to-End Approach with StepSecurity", "link": "https://www.stepsecurity.io/blog/securing-vibe-coding-and-ai-coding-agents-an-end-to-end-approach-with-stepsecurity", "published": "2026-04-12", "sev": "high" }, { "id": "art-652", "title": "How Harden Runner Detected the Sha1-Hulud Supply Chain Attack in CNCF's Backstage Repository", "link": "https://www.stepsecurity.io/blog/how-harden-runner-detected-the-sha1-hulud-supply-chain-attack-in-cncfs-backstage-repository", "published": "2025-12-15", "sev": "high" }, { "id": "art-686", "title": "SHA1-Hulud, npm supply chain incident", "link": "https://snyk.io/blog/sha1-hulud-npm-supply-chain-incident/", "published": "2025-11-24", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "automaticgiveaway.000webhostapp.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-33", "title": "INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator", "link": "https://thehackernews.com/2026/06/interpol-takes-down-sniper-dz-phishing.html", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "climbing-green-botany.glitch.me", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-33", "title": "INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator", "link": "https://thehackernews.com/2026/06/interpol-takes-down-sniper-dz-phishing.html", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "deliverlett.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-36", "title": "Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs", "link": "https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "deliverly.top", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-36", "title": "Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs", "link": "https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "designli.pictures", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-36", "title": "Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs", "link": "https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "dev-cdn370.pantheonsite.io", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-33", "title": "INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator", "link": "https://thehackernews.com/2026/06/interpol-takes-down-sniper-dz-phishing.html", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "facebookbusiness0078.blogspot.be", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-33", "title": "INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator", "link": "https://thehackernews.com/2026/06/interpol-takes-down-sniper-dz-phishing.html", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "ff-rewards-redeem-codes-org.github.io", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-33", "title": "INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator", "link": "https://thehackernews.com/2026/06/interpol-takes-down-sniper-dz-phishing.html", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "flowcomm.click", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-36", "title": "Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs", "link": "https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "free-fire-reward-garena-bd-nepazl.epizy.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-33", "title": "INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator", "link": "https://thehackernews.com/2026/06/interpol-takes-down-sniper-dz-phishing.html", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "freefirefff.github.io", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-33", "title": "INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator", "link": "https://thehackernews.com/2026/06/interpol-takes-down-sniper-dz-phishing.html", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "freefoodaid.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-19", "title": "Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to Launch Stealthy Cyberattacks", "link": "https://cybersecuritynews.com/fancy-bear-hackers-abuse-edgerouters-and-cloud-services/", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "inboxally.agency", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-36", "title": "Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs", "link": "https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "inboxly.top", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-36", "title": "Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs", "link": "https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "instagram-cutequeen57.netlify.app", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-33", "title": "INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator", "link": "https://thehackernews.com/2026/06/interpol-takes-down-sniper-dz-phishing.html", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "lett.email", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-36", "title": "Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs", "link": "https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "lettermail.eu", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-36", "title": "Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs", "link": "https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "longsauce.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-19", "title": "Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to Launch Stealthy Cyberattacks", "link": "https://cybersecuritynews.com/fancy-bear-hackers-abuse-edgerouters-and-cloud-services/", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "mailora.eu", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-36", "title": "Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs", "link": "https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "olrh4mibs62l6kkuvvjyc5lrercqg5tz543r4lsw3o6mh5qb7g7sneid.onion", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News", "BleepingComputer" ], "articles": [ { "id": "art-17", "title": "Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit", "link": "https://thehackernews.com/2026/06/over-400-arch-linux-aur-packages.html", "published": "2026-06-12", "sev": "high" }, { "id": "art-25", "title": "Over 400 Arch Linux packages compromised to push rootkit, infostealer", "link": "https://www.bleepingcomputer.com/news/security/over-400-arch-linux-packages-compromised-to-push-rootkit-infostealer/", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "pastefy.app", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Cyber Security News", "Lab52" ], "articles": [ { "id": "art-26", "title": "Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Credentials, and Wallet Secrets", "link": "https://cybersecuritynews.com/malicious-npm-campaign-steals-ssh-keys-api-tokens/", "published": "2026-06-12", "sev": "high" }, { "id": "art-470", "title": "DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear", "link": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/", "published": "2026-03-13", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "pheontx.eu", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-36", "title": "Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs", "link": "https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "postfast.eu", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-36", "title": "Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs", "link": "https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "postify.email", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-36", "title": "Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs", "link": "https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "postino.click", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-36", "title": "Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs", "link": "https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "pro.riccardomalisano.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-33", "title": "INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator", "link": "https://thehackernews.com/2026/06/interpol-takes-down-sniper-dz-phishing.html", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "pubg-tournament-official.github.io", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-33", "title": "INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator", "link": "https://thehackernews.com/2026/06/interpol-takes-down-sniper-dz-phishing.html", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "qube.black", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-36", "title": "Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs", "link": "https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "quix.express", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-36", "title": "Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs", "link": "https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "raviral.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-33", "title": "INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator", "link": "https://thehackernews.com/2026/06/interpol-takes-down-sniper-dz-phishing.html", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "raviral.com/host_style/style/js-track/track.js", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-33", "title": "INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator", "link": "https://thehackernews.com/2026/06/interpol-takes-down-sniper-dz-phishing.html", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "raviral.com/k_fac.php", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-33", "title": "INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator", "link": "https://thehackernews.com/2026/06/interpol-takes-down-sniper-dz-phishing.html", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "smplfy.in", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-36", "title": "Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs", "link": "https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "sniperdz.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-33", "title": "INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator", "link": "https://thehackernews.com/2026/06/interpol-takes-down-sniper-dz-phishing.html", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "sumato-soft.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-36", "title": "Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs", "link": "https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "t.me/JokerDzV2", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-33", "title": "INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator", "link": "https://thehackernews.com/2026/06/interpol-takes-down-sniper-dz-phishing.html", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "technobrains.dev", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-36", "title": "Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs", "link": "https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "trayo.app", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-36", "title": "Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs", "link": "https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "v0tingsystem.github.io", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-33", "title": "INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator", "link": "https://thehackernews.com/2026/06/interpol-takes-down-sniper-dz-phishing.html", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "wellnesscaremed.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-19", "title": "Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to Launch Stealthy Cyberattacks", "link": "https://cybersecuritynews.com/fancy-bear-hackers-abuse-edgerouters-and-cloud-services/", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "wellnessmedcare.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-19", "title": "Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to Launch Stealthy Cyberattacks", "link": "https://cybersecuritynews.com/fancy-bear-hackers-abuse-edgerouters-and-cloud-services/", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "193.233.201.21", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-26", "title": "Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Credentials, and Wallet Secrets", "link": "https://cybersecuritynews.com/malicious-npm-campaign-steals-ssh-keys-api-tokens/", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "42b59fdbe1b72895b2951412222ebf40", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "The Hacker News", "BleepingComputer" ], "articles": [ { "id": "art-17", "title": "Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit", "link": "https://thehackernews.com/2026/06/over-400-arch-linux-aur-packages.html", "published": "2026-06-12", "sev": "high" }, { "id": "art-25", "title": "Over 400 Arch Linux packages compromised to push rootkit, infostealer", "link": "https://www.bleepingcomputer.com/news/security/over-400-arch-linux-packages-compromised-to-push-rootkit-infostealer/", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "53b91117db931d3acbbfd15aa8400bb6691e023d", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-26", "title": "Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Credentials, and Wallet Secrets", "link": "https://cybersecuritynews.com/malicious-npm-campaign-steals-ssh-keys-api-tokens/", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "63154cd9c79f9d14eb9be6c4efc2a778d31646ec", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-26", "title": "Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Credentials, and Wallet Secrets", "link": "https://cybersecuritynews.com/malicious-npm-campaign-steals-ssh-keys-api-tokens/", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "70842cfc27b116d0db2fd7aa33d53a3faf510993", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-26", "title": "Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Credentials, and Wallet Secrets", "link": "https://cybersecuritynews.com/malicious-npm-campaign-steals-ssh-keys-api-tokens/", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "74d3d5ab6d0fa4c6a5860598231728a6a893ecf7", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-26", "title": "Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Credentials, and Wallet Secrets", "link": "https://cybersecuritynews.com/malicious-npm-campaign-steals-ssh-keys-api-tokens/", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "e1bdcd1a7157f7d047a88ab4573723fe1e861951", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-26", "title": "Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Credentials, and Wallet Secrets", "link": "https://cybersecuritynews.com/malicious-npm-campaign-steals-ssh-keys-api-tokens/", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "fcc8a542aad41e758cf6c18571048890be53808e", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-26", "title": "Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Credentials, and Wallet Secrets", "link": "https://cybersecuritynews.com/malicious-npm-campaign-steals-ssh-keys-api-tokens/", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "0bb0d54033767f081cae775e3cf9ede7ae6bea75f35fbfb748ccba9325e28e5e", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-19", "title": "Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to Launch Stealthy Cyberattacks", "link": "https://cybersecuritynews.com/fancy-bear-hackers-abuse-edgerouters-and-cloud-services/", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "17bad5ae5b2ac262f5f18854853869840245c344105aa38c7f550ef51d2e5f26", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-26", "title": "Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Credentials, and Wallet Secrets", "link": "https://cybersecuritynews.com/malicious-npm-campaign-steals-ssh-keys-api-tokens/", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "1ed863a32372160b3a25549aad25d48d5352d9b4f58d4339408c4eea69807f50", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-19", "title": "Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to Launch Stealthy Cyberattacks", "link": "https://cybersecuritynews.com/fancy-bear-hackers-abuse-edgerouters-and-cloud-services/", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "2822c72a59b58c00fc088aa551cdeeb92ca10fd23e23745610ff207f53118db9", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-19", "title": "Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to Launch Stealthy Cyberattacks", "link": "https://cybersecuritynews.com/fancy-bear-hackers-abuse-edgerouters-and-cloud-services/", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "2fa5b0475c3b70a3ba14c6a3938baf441a08b11841493b85e087d1d5e01eba49", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-26", "title": "Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Credentials, and Wallet Secrets", "link": "https://cybersecuritynews.com/malicious-npm-campaign-steals-ssh-keys-api-tokens/", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "3f476d316efe2514efd70c975d0c87e12357db9fca54a25834d60b28192c6a69", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-19", "title": "Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to Launch Stealthy Cyberattacks", "link": "https://cybersecuritynews.com/fancy-bear-hackers-abuse-edgerouters-and-cloud-services/", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "5a17cfaea0cc3a82242fdd11b53140c0b56256d769b07c33757d61e0a0a6ec02", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-19", "title": "Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to Launch Stealthy Cyberattacks", "link": "https://cybersecuritynews.com/fancy-bear-hackers-abuse-edgerouters-and-cloud-services/", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "5c50f79038b31aa8a3a68b24d8b783dfbd2e15fff7586c5609e544a717ef7d05", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-26", "title": "Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Credentials, and Wallet Secrets", "link": "https://cybersecuritynews.com/malicious-npm-campaign-steals-ssh-keys-api-tokens/", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "6144d433f8a0316869877b5f834c801251bbb936e5f1577c5680878c7443c98b", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "The Hacker News", "BleepingComputer" ], "articles": [ { "id": "art-17", "title": "Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit", "link": "https://thehackernews.com/2026/06/over-400-arch-linux-aur-packages.html", "published": "2026-06-12", "sev": "high" }, { "id": "art-25", "title": "Over 400 Arch Linux packages compromised to push rootkit, infostealer", "link": "https://www.bleepingcomputer.com/news/security/over-400-arch-linux-packages-compromised-to-push-rootkit-infostealer/", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "6585ca0d3e26c20ced638f46f4a89eea924d411b8753d3fcf434663593c7cf0b", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-26", "title": "Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Credentials, and Wallet Secrets", "link": "https://cybersecuritynews.com/malicious-npm-campaign-steals-ssh-keys-api-tokens/", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "7269c00a6164fd01dd516e0a72b2bd84c82e78feb552e06964e4992ff0479dda", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-26", "title": "Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Credentials, and Wallet Secrets", "link": "https://cybersecuritynews.com/malicious-npm-campaign-steals-ssh-keys-api-tokens/", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "9f4672c1374034ac4556264f0d4bf96ee242c0b5a9edaa4715b5e61fe8d55cc8", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-19", "title": "Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to Launch Stealthy Cyberattacks", "link": "https://cybersecuritynews.com/fancy-bear-hackers-abuse-edgerouters-and-cloud-services/", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "a876f648991711e44a8dcf888a271880c6c930e5138f284cd6ca6128eca56ba1", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-19", "title": "Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to Launch Stealthy Cyberattacks", "link": "https://cybersecuritynews.com/fancy-bear-hackers-abuse-edgerouters-and-cloud-services/", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "a944a09783023a2c6c62d3601cbd5392a03d808a6a51728e07a3270861c2a8ee", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-19", "title": "Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to Launch Stealthy Cyberattacks", "link": "https://cybersecuritynews.com/fancy-bear-hackers-abuse-edgerouters-and-cloud-services/", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "b2ba51b4491da8604ff9410d6e004971e3cd9a321390d0258e294ac42010b546", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-19", "title": "Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to Launch Stealthy Cyberattacks", "link": "https://cybersecuritynews.com/fancy-bear-hackers-abuse-edgerouters-and-cloud-services/", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "bab96257018df49ace8fe8adfadc74cf8327fcf9a9dc8a3a7c9ac8e18881df5f", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-26", "title": "Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Credentials, and Wallet Secrets", "link": "https://cybersecuritynews.com/malicious-npm-campaign-steals-ssh-keys-api-tokens/", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "bb23545380fde9f48ad070f88fe0afd695da5fcae8c5274814858c5a681d8c4e", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-19", "title": "Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to Launch Stealthy Cyberattacks", "link": "https://cybersecuritynews.com/fancy-bear-hackers-abuse-edgerouters-and-cloud-services/", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "c91183175ce77360006f964841eb4048cf37cb82103f2573e262927be4c7607f", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-19", "title": "Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to Launch Stealthy Cyberattacks", "link": "https://cybersecuritynews.com/fancy-bear-hackers-abuse-edgerouters-and-cloud-services/", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "d6abc7003b580472d808b338adef0b28eacc698cd4692f76cb2a91718ab78d88", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-26", "title": "Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Credentials, and Wallet Secrets", "link": "https://cybersecuritynews.com/malicious-npm-campaign-steals-ssh-keys-api-tokens/", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "d7ec660a2a29c1aabcbe9bff1ef29be9a9fab8c7fe7c40df4772dd2b5bdf9666", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-26", "title": "Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Credentials, and Wallet Secrets", "link": "https://cybersecuritynews.com/malicious-npm-campaign-steals-ssh-keys-api-tokens/", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "d94a2444268b339dfda2615f7800322fb318e0a484414bb17016cfcd5eb07c44", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-26", "title": "Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Credentials, and Wallet Secrets", "link": "https://cybersecuritynews.com/malicious-npm-campaign-steals-ssh-keys-api-tokens/", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "e848d73a68e4e8aea00a6257552b5872907dfaf7cce3d94636d7e59d286edeab", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-26", "title": "Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Credentials, and Wallet Secrets", "link": "https://cybersecuritynews.com/malicious-npm-campaign-steals-ssh-keys-api-tokens/", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "fd3f13db41cd5b442fa26ba8bc0e9703ed243b3516374e3ef89be71cbf07436b", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-19", "title": "Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to Launch Stealthy Cyberattacks", "link": "https://cybersecuritynews.com/fancy-bear-hackers-abuse-edgerouters-and-cloud-services/", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "feabf10c8a9ba2775bb0f7f9d0b20203112b7df8e6d333a44d5a11eae0e38e86", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-26", "title": "Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Credentials, and Wallet Secrets", "link": "https://cybersecuritynews.com/malicious-npm-campaign-steals-ssh-keys-api-tokens/", "published": "2026-06-12", "sev": "high" } ], "first_seen": "2026-06-12" }, { "value": "hairdb.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "med", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-23", "title": "Hackers Abuse Legitimate NinjaOne RMM Software to Bypass Traditional Malware Detection", "link": "https://cybersecuritynews.com/hackers-abuse-legitimate-ninjaone-rmm-software/", "published": "2026-06-12", "sev": "med" } ], "first_seen": "2026-06-12" }, { "value": "lazybearpottery.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "med", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-23", "title": "Hackers Abuse Legitimate NinjaOne RMM Software to Bypass Traditional Malware Detection", "link": "https://cybersecuritynews.com/hackers-abuse-legitimate-ninjaone-rmm-software/", "published": "2026-06-12", "sev": "med" } ], "first_seen": "2026-06-12" }, { "value": "matrix.agent.education.tchap.gouv.fr", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "med", "sources": [ "BleepingComputer" ], "articles": [ { "id": "art-35", "title": "Over 73,000 French govt employees affected in Tchap messenger breach", "link": "https://www.bleepingcomputer.com/news/security/french-govt-says-tchap-breach-affected-over-73-000-accounts/", "published": "2026-06-12", "sev": "med" } ], "first_seen": "2026-06-12" }, { "value": "r64.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "med", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-23", "title": "Hackers Abuse Legitimate NinjaOne RMM Software to Bypass Traditional Malware Detection", "link": "https://cybersecuritynews.com/hackers-abuse-legitimate-ninjaone-rmm-software/", "published": "2026-06-12", "sev": "med" } ], "first_seen": "2026-06-12" }, { "value": "reclameaqui.services", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "med", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-23", "title": "Hackers Abuse Legitimate NinjaOne RMM Software to Bypass Traditional Malware Detection", "link": "https://cybersecuritynews.com/hackers-abuse-legitimate-ninjaone-rmm-software/", "published": "2026-06-12", "sev": "med" } ], "first_seen": "2026-06-12" }, { "value": "rectalmania.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "med", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-23", "title": "Hackers Abuse Legitimate NinjaOne RMM Software to Bypass Traditional Malware Detection", "link": "https://cybersecuritynews.com/hackers-abuse-legitimate-ninjaone-rmm-software/", "published": "2026-06-12", "sev": "med" } ], "first_seen": "2026-06-12" }, { "value": "sefaz.services", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "med", "sources": [ "Cyber Security News" ], "articles": [ { "id": "art-23", "title": "Hackers Abuse Legitimate NinjaOne RMM Software to Bypass Traditional Malware Detection", "link": "https://cybersecuritynews.com/hackers-abuse-legitimate-ninjaone-rmm-software/", "published": "2026-06-12", "sev": "med" } ], "first_seen": "2026-06-12" }, { "value": "tchap.gouv.fr", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "med", "sources": [ "BleepingComputer" ], "articles": [ { "id": "art-35", "title": "Over 73,000 French govt employees affected in Tchap messenger breach", "link": "https://www.bleepingcomputer.com/news/security/french-govt-says-tchap-breach-affected-over-73-000-accounts/", "published": "2026-06-12", "sev": "med" } ], "first_seen": "2026-06-12" }, { "value": "CVE-2024-55591", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-44", "title": "The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm", "link": "https://thehackernews.com/2026/06/the-gentlemen-ransomware-claims-478.html", "published": "2026-06-11", "sev": "crit" }, { "id": "art-956", "title": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" }, { "id": "art-1032", "title": "CISA KEV: CVE-2024-55591 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-14", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "CVE-2025-32433", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-44", "title": "The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm", "link": "https://thehackernews.com/2026/06/the-gentlemen-ransomware-claims-478.html", "published": "2026-06-11", "sev": "crit" }, { "id": "art-877", "title": "CISA KEV: CVE-2025-32433 \u2014 Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-09", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "CVE-2025-33073", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-44", "title": "The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm", "link": "https://thehackernews.com/2026/06/the-gentlemen-ransomware-claims-478.html", "published": "2026-06-11", "sev": "crit" }, { "id": "art-742", "title": "CISA KEV: CVE-2025-33073 \u2014 Microsoft Windows SMB Client Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-20", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "CVE-2026-11645", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-44", "title": "The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm", "link": "https://thehackernews.com/2026/06/the-gentlemen-ransomware-claims-478.html", "published": "2026-06-11", "sev": "crit" }, { "id": "art-62", "title": "Langflow Vulnerability CVE-2026-5027 Exploited for Unauthenticated RCE", "link": "https://thehackernews.com/2026/06/unpatched-langflow-flaw-cve-2026-5027.html", "published": "2026-06-10", "sev": "crit" }, { "id": "art-93", "title": "CISA KEV: CVE-2026-11645 \u2014 Google Chromium V8 Out-of-Bounds Read and Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "CVE-2026-20230", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-44", "title": "The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm", "link": "https://thehackernews.com/2026/06/the-gentlemen-ransomware-claims-478.html", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "CVE-2026-23479", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-44", "title": "The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm", "link": "https://thehackernews.com/2026/06/the-gentlemen-ransomware-claims-478.html", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "CVE-2026-45585", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-42", "title": "New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files", "link": "https://thehackernews.com/2026/06/new-greatxml-exploit-bypasses-windows.html", "published": "2026-06-11", "sev": "crit" }, { "id": "art-67", "title": "Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs", "link": "https://thehackernews.com/2026/06/microsoft-patches-record-206-flaws.html", "published": "2026-06-10", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "CVE-2026-48039", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-47", "title": "[GHSA / CRITICAL] CVE-2026-48039: Meta Ads MCP: Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token", "link": "https://github.com/advisories/GHSA-9gw6-46qc-99vr", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "CVE-2026-48062", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-43", "title": "[GHSA / CRITICAL] CVE-2026-48062: CodeIgniter4 has a validation bypass when uploading file extensions via `ext_in` rule", "link": "https://github.com/advisories/GHSA-2gr4-ppc7-7mhx", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "coachcybersecurity.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "ESET WeLiveSecurity" ], "articles": [ { "id": "art-53", "title": "OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack", "link": "https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html", "published": "2026-06-11", "sev": "crit" }, { "id": "art-54", "title": "OceanLotus: From external espionage to domestic targeting", "link": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "financemachinelearning.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "ESET WeLiveSecurity" ], "articles": [ { "id": "art-53", "title": "OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack", "link": "https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html", "published": "2026-06-11", "sev": "crit" }, { "id": "art-54", "title": "OceanLotus: From external espionage to domestic targeting", "link": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "gatewayrvcenter.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "ESET WeLiveSecurity" ], "articles": [ { "id": "art-53", "title": "OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack", "link": "https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html", "published": "2026-06-11", "sev": "crit" }, { "id": "art-54", "title": "OceanLotus: From external espionage to domestic targeting", "link": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "leadingfilipinoteams.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "ESET WeLiveSecurity" ], "articles": [ { "id": "art-53", "title": "OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack", "link": "https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html", "published": "2026-06-11", "sev": "crit" }, { "id": "art-54", "title": "OceanLotus: From external espionage to domestic targeting", "link": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "mxprodesign.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "ESET WeLiveSecurity" ], "articles": [ { "id": "art-53", "title": "OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack", "link": "https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html", "published": "2026-06-11", "sev": "crit" }, { "id": "art-54", "title": "OceanLotus: From external espionage to domestic targeting", "link": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "power-sync-services.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "ESET WeLiveSecurity" ], "articles": [ { "id": "art-53", "title": "OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack", "link": "https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html", "published": "2026-06-11", "sev": "crit" }, { "id": "art-54", "title": "OceanLotus: From external espionage to domestic targeting", "link": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "sfrclak.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Aikido", "StepSecurity", "Snyk" ], "articles": [ { "id": "art-46", "title": "npm v12 delivers one of the biggest security improvements in years", "link": "https://www.aikido.dev/blog/npm-v12-block-postinstall", "published": "2026-06-11", "sev": "high" }, { "id": "art-58", "title": "Code is being written everywhere, and the device is the only constant", "link": "https://www.aikido.dev/blog/code-is-written-everywhere", "published": "2026-06-10", "sev": "high" }, { "id": "art-142", "title": "Why EDR and proxy won\u2019t save you from supply chain malware", "link": "https://www.aikido.dev/blog/edr-proxy-wont-protect-supply-chain-malware", "published": "2026-06-02", "sev": "high" }, { "id": "art-401", "title": "axios Compromised on npm - Malicious Versions Drop Remote Access Trojan", "link": "https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan", "published": "2026-04-09", "sev": "crit" }, { "id": "art-420", "title": "Axios npm Package Compromised: Supply Chain Attack Delivers Cross-Platform RAT", "link": "https://snyk.io/blog/axios-npm-package-compromised-supply-chain-attack-delivers-cross-platform/", "published": "2026-03-30", "sev": "high" }, { "id": "art-421", "title": "axios compromised on npm: maintainer account hijacked, RAT deployed", "link": "https://www.aikido.dev/blog/axios-npm-compromised-maintainer-hijacked-rat", "published": "2026-03-30", "sev": "high" } ], "first_seen": "2026-06-11" }, { "value": "103.119.47.104", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "ESET WeLiveSecurity" ], "articles": [ { "id": "art-53", "title": "OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack", "link": "https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html", "published": "2026-06-11", "sev": "crit" }, { "id": "art-54", "title": "OceanLotus: From external espionage to domestic targeting", "link": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "139.162.11.152", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "ESET WeLiveSecurity" ], "articles": [ { "id": "art-53", "title": "OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack", "link": "https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html", "published": "2026-06-11", "sev": "crit" }, { "id": "art-54", "title": "OceanLotus: From external espionage to domestic targeting", "link": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "139.180.128.42", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "ESET WeLiveSecurity" ], "articles": [ { "id": "art-53", "title": "OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack", "link": "https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html", "published": "2026-06-11", "sev": "crit" }, { "id": "art-54", "title": "OceanLotus: From external espionage to domestic targeting", "link": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "139.99.33.239", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "ESET WeLiveSecurity" ], "articles": [ { "id": "art-53", "title": "OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack", "link": "https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html", "published": "2026-06-11", "sev": "crit" }, { "id": "art-54", "title": "OceanLotus: From external espionage to domestic targeting", "link": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "142.91.98.77", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "ESET WeLiveSecurity" ], "articles": [ { "id": "art-53", "title": "OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack", "link": "https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html", "published": "2026-06-11", "sev": "crit" }, { "id": "art-54", "title": "OceanLotus: From external espionage to domestic targeting", "link": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "166.88.77.186", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "ESET WeLiveSecurity" ], "articles": [ { "id": "art-53", "title": "OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack", "link": "https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html", "published": "2026-06-11", "sev": "crit" }, { "id": "art-54", "title": "OceanLotus: From external espionage to domestic targeting", "link": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "176.120.22.127", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-44", "title": "The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm", "link": "https://thehackernews.com/2026/06/the-gentlemen-ransomware-claims-478.html", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "194.68.26.241", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "ESET WeLiveSecurity" ], "articles": [ { "id": "art-53", "title": "OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack", "link": "https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html", "published": "2026-06-11", "sev": "crit" }, { "id": "art-54", "title": "OceanLotus: From external espionage to domestic targeting", "link": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "38.60.245.37", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "ESET WeLiveSecurity" ], "articles": [ { "id": "art-53", "title": "OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack", "link": "https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html", "published": "2026-06-11", "sev": "crit" }, { "id": "art-54", "title": "OceanLotus: From external espionage to domestic targeting", "link": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "7bdbd180c081fa63ca94f9c22c457376", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos", "CISA KEV" ], "articles": [ { "id": "art-40", "title": "A tale of two eras", "link": "https://blog.talosintelligence.com/a-tale-of-two-eras/", "published": "2026-06-11", "sev": "high" }, { "id": "art-126", "title": "Reporting from Vegas: Networking, AI, and good boys", "link": "https://blog.talosintelligence.com/reporting-from-vegas-networking-ai-and-good-boys/", "published": "2026-06-04", "sev": "high" }, { "id": "art-1151", "title": "CISA KEV: CVE-2024-6670 \u2014 Progress WhatsUp Gold SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-16", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "0037DBB0FEA981D02F6F76DE81EBAEFCB68B7D20", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-54", "title": "OceanLotus: From external espionage to domestic targeting", "link": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "19A69F856EFA811C376F68E4FEB0997B4724F8BD", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-54", "title": "OceanLotus: From external espionage to domestic targeting", "link": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "41CB8CD78B8DB76563E4F972ABE817CEEE9CF9B0", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-54", "title": "OceanLotus: From external espionage to domestic targeting", "link": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "48FEBB91A10D1462461A012FAFC0918BB028E947", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-53", "title": "OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack", "link": "https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "490194E9BB5128ECA8693AD9E610891C2ED185AF", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-54", "title": "OceanLotus: From external espionage to domestic targeting", "link": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "4AD36AD6C165B5174967020CB1A3358F78D7A283", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-54", "title": "OceanLotus: From external espionage to domestic targeting", "link": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "51176139B0B2220B802C1578A4994DF68DF5BCD1", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-54", "title": "OceanLotus: From external espionage to domestic targeting", "link": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "511B77459673EC42163F19E300FF1D233B6C39FB", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-53", "title": "OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack", "link": "https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "57352B3CEEE32216E5AA20BAA848483D7AB5A6FB", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-54", "title": "OceanLotus: From external espionage to domestic targeting", "link": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "59A8553A4F8130F576AB234E0B220BE4D4DA0E98", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-54", "title": "OceanLotus: From external espionage to domestic targeting", "link": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "5D6194BB48FEBB91A10D1462461A012FAFC0918B", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-54", "title": "OceanLotus: From external espionage to domestic targeting", "link": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "865A1739337D3303B3AB02C5E694C22B79C42B7D", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "ESET WeLiveSecurity" ], "articles": [ { "id": "art-53", "title": "OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack", "link": "https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html", "published": "2026-06-11", "sev": "crit" }, { "id": "art-54", "title": "OceanLotus: From external espionage to domestic targeting", "link": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "8CD78B8DB76563E4F972ABE817CEEE9CF9B00037", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-53", "title": "OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack", "link": "https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "91F042F59BE4BDCB6E5EA21B91DECD731C175B54", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-54", "title": "OceanLotus: From external espionage to domestic targeting", "link": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "9BC06DF9F932746A05EE728C8B103BD3BA6BF395", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-54", "title": "OceanLotus: From external espionage to domestic targeting", "link": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "9CA1A5C7F79882DB913534C1E62B26BCDCB9F6DD", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-54", "title": "OceanLotus: From external espionage to domestic targeting", "link": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "A177ED0BFFEB1EFE1D9D31D72A82EF2625AE646D", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-54", "title": "OceanLotus: From external espionage to domestic targeting", "link": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "A8E2BBBFCB86500322D2367744FA12755AB0C165", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-54", "title": "OceanLotus: From external espionage to domestic targeting", "link": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "B028E947150764A71DEEF498DE6F8C95ECCCB445", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-54", "title": "OceanLotus: From external espionage to domestic targeting", "link": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "B0FEA981D02F6F76DE81EBAEFCB68B7D205D6194", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-53", "title": "OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack", "link": "https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "B7B2D2DB544F9EEA74453CDF2B8BEEA58CF07C48", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-54", "title": "OceanLotus: From external espionage to domestic targeting", "link": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "D511B77459673EC42163F19E300FF1D233B6C39F", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-54", "title": "OceanLotus: From external espionage to domestic targeting", "link": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "F74F1FEB62B662CDA489FDB2453727824E55ACB9", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-54", "title": "OceanLotus: From external espionage to domestic targeting", "link": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "F8F8209987CA7F139DE6A62F9E6EE21BD2AE93A9", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-54", "title": "OceanLotus: From external espionage to domestic targeting", "link": "https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/", "published": "2026-06-11", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "7069e28a5806db4ab0273639667d203f5e31b401d403af7e36d9f360c1f6d655", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity", "Microsoft Security Blog" ], "articles": [ { "id": "art-45", "title": "Miasma and Hades Are Spreading Now: Detect Them on Developer Machines with Suspicious Files", "link": "https://www.stepsecurity.io/blog/miasma-and-hades-are-spreading-now-detect-them-on-developer-machines-with-suspicious-files", "published": "2026-06-11", "sev": "high" }, { "id": "art-139", "title": "Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign", "link": "https://www.microsoft.com/en-us/security/blog/2026/06/02/preinstall-persistence-inside-red-hat-npm-miasma-credential-stealing-campaign/", "published": "2026-06-03", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos", "CISA KEV" ], "articles": [ { "id": "art-40", "title": "A tale of two eras", "link": "https://blog.talosintelligence.com/a-tale-of-two-eras/", "published": "2026-06-11", "sev": "high" }, { "id": "art-126", "title": "Reporting from Vegas: Networking, AI, and good boys", "link": "https://blog.talosintelligence.com/reporting-from-vegas-networking-ai-and-good-boys/", "published": "2026-06-04", "sev": "high" }, { "id": "art-1151", "title": "CISA KEV: CVE-2024-6670 \u2014 Progress WhatsUp Gold SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-16", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "b86c5ae9e95bd841a595440faa3eb6317441e746f241ae8fd641ab59ed1d1966", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity", "Microsoft Security Blog" ], "articles": [ { "id": "art-45", "title": "Miasma and Hades Are Spreading Now: Detect Them on Developer Machines with Suspicious Files", "link": "https://www.stepsecurity.io/blog/miasma-and-hades-are-spreading-now-detect-them-on-developer-machines-with-suspicious-files", "published": "2026-06-11", "sev": "high" }, { "id": "art-139", "title": "Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign", "link": "https://www.microsoft.com/en-us/security/blog/2026/06/02/preinstall-persistence-inside-red-hat-npm-miasma-credential-stealing-campaign/", "published": "2026-06-03", "sev": "crit" } ], "first_seen": "2026-06-11" }, { "value": "imperva_artifactory.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-41", "title": "New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets", "link": "https://thehackernews.com/2026/06/new-attacks-trick-openclaw-ai-agent.html", "published": "2026-06-11", "sev": "high" } ], "first_seen": "2026-06-11" }, { "value": "zerodayclock.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-51", "title": "AI Broke Vulnerability Management. That's Why CISOs Are Moving Budget to BAS.", "link": "https://thehackernews.com/2026/06/ai-broke-vulnerability-management-thats.html", "published": "2026-06-11", "sev": "high" } ], "first_seen": "2026-06-11" }, { "value": "142.11.206.73", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Aikido", "Snyk" ], "articles": [ { "id": "art-46", "title": "npm v12 delivers one of the biggest security improvements in years", "link": "https://www.aikido.dev/blog/npm-v12-block-postinstall", "published": "2026-06-11", "sev": "high" }, { "id": "art-58", "title": "Code is being written everywhere, and the device is the only constant", "link": "https://www.aikido.dev/blog/code-is-written-everywhere", "published": "2026-06-10", "sev": "high" }, { "id": "art-142", "title": "Why EDR and proxy won\u2019t save you from supply chain malware", "link": "https://www.aikido.dev/blog/edr-proxy-wont-protect-supply-chain-malware", "published": "2026-06-02", "sev": "high" }, { "id": "art-420", "title": "Axios npm Package Compromised: Supply Chain Attack Delivers Cross-Platform RAT", "link": "https://snyk.io/blog/axios-npm-package-compromised-supply-chain-attack-delivers-cross-platform/", "published": "2026-03-30", "sev": "high" }, { "id": "art-421", "title": "axios compromised on npm: maintainer account hijacked, RAT deployed", "link": "https://www.aikido.dev/blog/axios-npm-compromised-maintainer-hijacked-rat", "published": "2026-03-30", "sev": "high" } ], "first_seen": "2026-06-11" }, { "value": "2915b3f8b703eb744fc54c81f4a9c67f", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-40", "title": "A tale of two eras", "link": "https://blog.talosintelligence.com/a-tale-of-two-eras/", "published": "2026-06-11", "sev": "high" }, { "id": "art-126", "title": "Reporting from Vegas: Networking, AI, and good boys", "link": "https://blog.talosintelligence.com/reporting-from-vegas-networking-ai-and-good-boys/", "published": "2026-06-04", "sev": "high" }, { "id": "art-185", "title": "Less panic patching, more precision", "link": "https://blog.talosintelligence.com/less-panic-patching-more-precision/", "published": "2026-05-28", "sev": "high" }, { "id": "art-228", "title": "The art of being ungovernable", "link": "https://blog.talosintelligence.com/the-art-of-being-ungovernable/", "published": "2026-05-21", "sev": "high" }, { "id": "art-296", "title": "The time of much patching is coming", "link": "https://blog.talosintelligence.com/the-time-of-much-patching-is-coming/", "published": "2026-05-14", "sev": "high" } ], "first_seen": "2026-06-11" }, { "value": "38de5b216c33833af710e88f7f64fc98", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-40", "title": "A tale of two eras", "link": "https://blog.talosintelligence.com/a-tale-of-two-eras/", "published": "2026-06-11", "sev": "high" }, { "id": "art-126", "title": "Reporting from Vegas: Networking, AI, and good boys", "link": "https://blog.talosintelligence.com/reporting-from-vegas-networking-ai-and-good-boys/", "published": "2026-06-04", "sev": "high" }, { "id": "art-185", "title": "Less panic patching, more precision", "link": "https://blog.talosintelligence.com/less-panic-patching-more-precision/", "published": "2026-05-28", "sev": "high" }, { "id": "art-228", "title": "The art of being ungovernable", "link": "https://blog.talosintelligence.com/the-art-of-being-ungovernable/", "published": "2026-05-21", "sev": "high" } ], "first_seen": "2026-06-11" }, { "value": "aac3165ece2959f39ff98334618d10d9", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-40", "title": "A tale of two eras", "link": "https://blog.talosintelligence.com/a-tale-of-two-eras/", "published": "2026-06-11", "sev": "high" }, { "id": "art-228", "title": "The art of being ungovernable", "link": "https://blog.talosintelligence.com/the-art-of-being-ungovernable/", "published": "2026-05-21", "sev": "high" }, { "id": "art-296", "title": "The time of much patching is coming", "link": "https://blog.talosintelligence.com/the-time-of-much-patching-is-coming/", "published": "2026-05-14", "sev": "high" } ], "first_seen": "2026-06-11" }, { "value": "07d889e2dadce6f3910dcbc253317d28ca61c766", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Aikido", "Snyk" ], "articles": [ { "id": "art-46", "title": "npm v12 delivers one of the biggest security improvements in years", "link": "https://www.aikido.dev/blog/npm-v12-block-postinstall", "published": "2026-06-11", "sev": "high" }, { "id": "art-58", "title": "Code is being written everywhere, and the device is the only constant", "link": "https://www.aikido.dev/blog/code-is-written-everywhere", "published": "2026-06-10", "sev": "high" }, { "id": "art-142", "title": "Why EDR and proxy won\u2019t save you from supply chain malware", "link": "https://www.aikido.dev/blog/edr-proxy-wont-protect-supply-chain-malware", "published": "2026-06-02", "sev": "high" }, { "id": "art-420", "title": "Axios npm Package Compromised: Supply Chain Attack Delivers Cross-Platform RAT", "link": "https://snyk.io/blog/axios-npm-package-compromised-supply-chain-attack-delivers-cross-platform/", "published": "2026-03-30", "sev": "high" }, { "id": "art-421", "title": "axios compromised on npm: maintainer account hijacked, RAT deployed", "link": "https://www.aikido.dev/blog/axios-npm-compromised-maintainer-hijacked-rat", "published": "2026-03-30", "sev": "high" } ], "first_seen": "2026-06-11" }, { "value": "2553649f2322049666871cea80a5d0d6adc700ca", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Aikido", "Snyk" ], "articles": [ { "id": "art-46", "title": "npm v12 delivers one of the biggest security improvements in years", "link": "https://www.aikido.dev/blog/npm-v12-block-postinstall", "published": "2026-06-11", "sev": "high" }, { "id": "art-58", "title": "Code is being written everywhere, and the device is the only constant", "link": "https://www.aikido.dev/blog/code-is-written-everywhere", "published": "2026-06-10", "sev": "high" }, { "id": "art-142", "title": "Why EDR and proxy won\u2019t save you from supply chain malware", "link": "https://www.aikido.dev/blog/edr-proxy-wont-protect-supply-chain-malware", "published": "2026-06-02", "sev": "high" }, { "id": "art-420", "title": "Axios npm Package Compromised: Supply Chain Attack Delivers Cross-Platform RAT", "link": "https://snyk.io/blog/axios-npm-package-compromised-supply-chain-attack-delivers-cross-platform/", "published": "2026-03-30", "sev": "high" }, { "id": "art-421", "title": "axios compromised on npm: maintainer account hijacked, RAT deployed", "link": "https://www.aikido.dev/blog/axios-npm-compromised-maintainer-hijacked-rat", "published": "2026-03-30", "sev": "high" } ], "first_seen": "2026-06-11" }, { "value": "d6f3f62fd3b9f5432f5782b62d8cfd5247d5ee71", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Aikido", "Snyk" ], "articles": [ { "id": "art-46", "title": "npm v12 delivers one of the biggest security improvements in years", "link": "https://www.aikido.dev/blog/npm-v12-block-postinstall", "published": "2026-06-11", "sev": "high" }, { "id": "art-58", "title": "Code is being written everywhere, and the device is the only constant", "link": "https://www.aikido.dev/blog/code-is-written-everywhere", "published": "2026-06-10", "sev": "high" }, { "id": "art-142", "title": "Why EDR and proxy won\u2019t save you from supply chain malware", "link": "https://www.aikido.dev/blog/edr-proxy-wont-protect-supply-chain-malware", "published": "2026-06-02", "sev": "high" }, { "id": "art-420", "title": "Axios npm Package Compromised: Supply Chain Attack Delivers Cross-Platform RAT", "link": "https://snyk.io/blog/axios-npm-package-compromised-supply-chain-attack-delivers-cross-platform/", "published": "2026-03-30", "sev": "high" }, { "id": "art-421", "title": "axios compromised on npm: maintainer account hijacked, RAT deployed", "link": "https://www.aikido.dev/blog/axios-npm-compromised-maintainer-hijacked-rat", "published": "2026-03-30", "sev": "high" } ], "first_seen": "2026-06-11" }, { "value": "96fa6a7714670823c83099ea01d24d6d3ae8fef027f01a4ddac14f123b1c9974", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-40", "title": "A tale of two eras", "link": "https://blog.talosintelligence.com/a-tale-of-two-eras/", "published": "2026-06-11", "sev": "high" }, { "id": "art-228", "title": "The art of being ungovernable", "link": "https://blog.talosintelligence.com/the-art-of-being-ungovernable/", "published": "2026-05-21", "sev": "high" }, { "id": "art-296", "title": "The time of much patching is coming", "link": "https://blog.talosintelligence.com/the-time-of-much-patching-is-coming/", "published": "2026-05-14", "sev": "high" } ], "first_seen": "2026-06-11" }, { "value": "9896a6fcb9bb5ac1ec5297b4a65be3f647589adf7c37b45f3f7466decd6a4a7f", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-40", "title": "A tale of two eras", "link": "https://blog.talosintelligence.com/a-tale-of-two-eras/", "published": "2026-06-11", "sev": "high" }, { "id": "art-126", "title": "Reporting from Vegas: Networking, AI, and good boys", "link": "https://blog.talosintelligence.com/reporting-from-vegas-networking-ai-and-good-boys/", "published": "2026-06-04", "sev": "high" }, { "id": "art-185", "title": "Less panic patching, more precision", "link": "https://blog.talosintelligence.com/less-panic-patching-more-precision/", "published": "2026-05-28", "sev": "high" }, { "id": "art-228", "title": "The art of being ungovernable", "link": "https://blog.talosintelligence.com/the-art-of-being-ungovernable/", "published": "2026-05-21", "sev": "high" } ], "first_seen": "2026-06-11" }, { "value": "9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-40", "title": "A tale of two eras", "link": "https://blog.talosintelligence.com/a-tale-of-two-eras/", "published": "2026-06-11", "sev": "high" }, { "id": "art-126", "title": "Reporting from Vegas: Networking, AI, and good boys", "link": "https://blog.talosintelligence.com/reporting-from-vegas-networking-ai-and-good-boys/", "published": "2026-06-04", "sev": "high" }, { "id": "art-185", "title": "Less panic patching, more precision", "link": "https://blog.talosintelligence.com/less-panic-patching-more-precision/", "published": "2026-05-28", "sev": "high" }, { "id": "art-228", "title": "The art of being ungovernable", "link": "https://blog.talosintelligence.com/the-art-of-being-ungovernable/", "published": "2026-05-21", "sev": "high" }, { "id": "art-296", "title": "The time of much patching is coming", "link": "https://blog.talosintelligence.com/the-time-of-much-patching-is-coming/", "published": "2026-05-14", "sev": "high" } ], "first_seen": "2026-06-11" }, { "value": "c539766062555d47716f8432e73adbe3a0c0c954a0b6c4005017a668975e275c", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "StepSecurity", "The Hacker News" ], "articles": [ { "id": "art-45", "title": "Miasma and Hades Are Spreading Now: Detect Them on Developer Machines with Suspicious Files", "link": "https://www.stepsecurity.io/blog/miasma-and-hades-are-spreading-now-detect-them-on-developer-machines-with-suspicious-files", "published": "2026-06-11", "sev": "high" }, { "id": "art-90", "title": "Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer", "link": "https://thehackernews.com/2026/06/hades-pypi-attack-19-packages-poisoned.html", "published": "2026-06-09", "sev": "high" } ], "first_seen": "2026-06-11" }, { "value": "dc48b09b2a5954f7ff79ab8a2fd80202bd3b59c08c7cdbc6025aa923cb4c0efe", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "StepSecurity", "The Hacker News" ], "articles": [ { "id": "art-45", "title": "Miasma and Hades Are Spreading Now: Detect Them on Developer Machines with Suspicious Files", "link": "https://www.stepsecurity.io/blog/miasma-and-hades-are-spreading-now-detect-them-on-developer-machines-with-suspicious-files", "published": "2026-06-11", "sev": "high" }, { "id": "art-90", "title": "Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer", "link": "https://thehackernews.com/2026/06/hades-pypi-attack-19-packages-poisoned.html", "published": "2026-06-09", "sev": "high" } ], "first_seen": "2026-06-11" }, { "value": "e1342a80d4b5e83d2c7c22e1e0aaa95f2d88e3dbf0d853a4994b180c93a4b17d", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "StepSecurity", "The Hacker News" ], "articles": [ { "id": "art-45", "title": "Miasma and Hades Are Spreading Now: Detect Them on Developer Machines with Suspicious Files", "link": "https://www.stepsecurity.io/blog/miasma-and-hades-are-spreading-now-detect-them-on-developer-machines-with-suspicious-files", "published": "2026-06-11", "sev": "high" }, { "id": "art-90", "title": "Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer", "link": "https://thehackernews.com/2026/06/hades-pypi-attack-19-packages-poisoned.html", "published": "2026-06-09", "sev": "high" } ], "first_seen": "2026-06-11" }, { "value": "CVE-2020-17103", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-67", "title": "Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs", "link": "https://thehackernews.com/2026/06/microsoft-patches-record-206-flaws.html", "published": "2026-06-10", "sev": "crit" } ], "first_seen": "2026-06-10" }, { "value": "CVE-2025-10263", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-67", "title": "Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs", "link": "https://thehackernews.com/2026/06/microsoft-patches-record-206-flaws.html", "published": "2026-06-10", "sev": "crit" } ], "first_seen": "2026-06-10" }, { "value": "CVE-2026-20245", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-62", "title": "Langflow Vulnerability CVE-2026-5027 Exploited for Unauthenticated RCE", "link": "https://thehackernews.com/2026/06/unpatched-langflow-flaw-cve-2026-5027.html", "published": "2026-06-10", "sev": "crit" }, { "id": "art-95", "title": "CISA KEV: CVE-2026-20245 \u2014 Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-10" }, { "value": "CVE-2026-22732", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-61", "title": "Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities", "link": "https://thehackernews.com/2026/06/ivanti-fortinet-and-sap-release-patches.html", "published": "2026-06-10", "sev": "crit" } ], "first_seen": "2026-06-10" }, { "value": "CVE-2026-25089", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-61", "title": "Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities", "link": "https://thehackernews.com/2026/06/ivanti-fortinet-and-sap-release-patches.html", "published": "2026-06-10", "sev": "crit" } ], "first_seen": "2026-06-10" }, { "value": "CVE-2026-27671", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-61", "title": "Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities", "link": "https://thehackernews.com/2026/06/ivanti-fortinet-and-sap-release-patches.html", "published": "2026-06-10", "sev": "crit" } ], "first_seen": "2026-06-10" }, { "value": "CVE-2026-33825", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-71", "title": "Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows", "link": "https://thehackernews.com/2026/06/microsoft-defender-rogueplanet-zero-day.html", "published": "2026-06-10", "sev": "crit" }, { "id": "art-368", "title": "CISA KEV: CVE-2026-33825 \u2014 Microsoft Defender Insufficient Granularity of Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-22", "sev": "crit" } ], "first_seen": "2026-06-10" }, { "value": "CVE-2026-35616", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-59", "title": "China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance", "link": "https://thehackernews.com/2026/06/china-linked-jdy-botnet-expands-to-1500.html", "published": "2026-06-10", "sev": "crit" }, { "id": "art-411", "title": "CISA KEV: CVE-2026-35616 \u2014 Fortinet FortiClient EMS Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-06", "sev": "crit" } ], "first_seen": "2026-06-10" }, { "value": "CVE-2026-40128", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-61", "title": "Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities", "link": "https://thehackernews.com/2026/06/ivanti-fortinet-and-sap-release-patches.html", "published": "2026-06-10", "sev": "crit" } ], "first_seen": "2026-06-10" }, { "value": "CVE-2026-41091", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-71", "title": "Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows", "link": "https://thehackernews.com/2026/06/microsoft-defender-rogueplanet-zero-day.html", "published": "2026-06-10", "sev": "crit" }, { "id": "art-246", "title": "CISA KEV: CVE-2026-41091 \u2014 Microsoft Defender Link Following Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-20", "sev": "crit" } ], "first_seen": "2026-06-10" }, { "value": "CVE-2026-44748", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-61", "title": "Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities", "link": "https://thehackernews.com/2026/06/ivanti-fortinet-and-sap-release-patches.html", "published": "2026-06-10", "sev": "crit" } ], "first_seen": "2026-06-10" }, { "value": "CVE-2026-44815", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "Cisco Talos" ], "articles": [ { "id": "art-67", "title": "Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs", "link": "https://thehackernews.com/2026/06/microsoft-patches-record-206-flaws.html", "published": "2026-06-10", "sev": "crit" }, { "id": "art-76", "title": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prominent vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-10" }, { "value": "CVE-2026-45498", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-71", "title": "Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows", "link": "https://thehackernews.com/2026/06/microsoft-defender-rogueplanet-zero-day.html", "published": "2026-06-10", "sev": "crit" }, { "id": "art-247", "title": "CISA KEV: CVE-2026-45498 \u2014 Microsoft Defender Denial of Service Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-20", "sev": "crit" } ], "first_seen": "2026-06-10" }, { "value": "CVE-2026-45586", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-67", "title": "Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs", "link": "https://thehackernews.com/2026/06/microsoft-patches-record-206-flaws.html", "published": "2026-06-10", "sev": "crit" } ], "first_seen": "2026-06-10" }, { "value": "CVE-2026-45655", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-67", "title": "Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs", "link": "https://thehackernews.com/2026/06/microsoft-patches-record-206-flaws.html", "published": "2026-06-10", "sev": "crit" } ], "first_seen": "2026-06-10" }, { "value": "CVE-2026-45657", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "Cisco Talos" ], "articles": [ { "id": "art-67", "title": "Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs", "link": "https://thehackernews.com/2026/06/microsoft-patches-record-206-flaws.html", "published": "2026-06-10", "sev": "crit" }, { "id": "art-76", "title": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prominent vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-10" }, { "value": "CVE-2026-45658", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-67", "title": "Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs", "link": "https://thehackernews.com/2026/06/microsoft-patches-record-206-flaws.html", "published": "2026-06-10", "sev": "crit" } ], "first_seen": "2026-06-10" }, { "value": "CVE-2026-47291", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "Cisco Talos" ], "articles": [ { "id": "art-67", "title": "Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs", "link": "https://thehackernews.com/2026/06/microsoft-patches-record-206-flaws.html", "published": "2026-06-10", "sev": "crit" }, { "id": "art-76", "title": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prominent vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-10" }, { "value": "CVE-2026-48031", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-64", "title": "[GHSA / CRITICAL] CVE-2026-48031: Go Restful API Boilerplate: Hardcoded JWT Secret \"random\" Allows Token Forgery", "link": "https://github.com/advisories/GHSA-mqq6-462x-jxmm", "published": "2026-06-10", "sev": "crit" } ], "first_seen": "2026-06-10" }, { "value": "CVE-2026-48063", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-57", "title": "[GHSA / CRITICAL] CVE-2026-48063: Baileys has message upsert / hist sync spoofing and app state corruption when using maliciously crafted protocolMessage payload", "link": "https://github.com/advisories/GHSA-qvv5-jq5g-4cgg", "published": "2026-06-10", "sev": "crit" } ], "first_seen": "2026-06-10" }, { "value": "CVE-2026-49160", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-67", "title": "Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs", "link": "https://thehackernews.com/2026/06/microsoft-patches-record-206-flaws.html", "published": "2026-06-10", "sev": "crit" } ], "first_seen": "2026-06-10" }, { "value": "CVE-2026-50507", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-67", "title": "Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs", "link": "https://thehackernews.com/2026/06/microsoft-patches-record-206-flaws.html", "published": "2026-06-10", "sev": "crit" } ], "first_seen": "2026-06-10" }, { "value": "CVE-2026-7473", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-62", "title": "Langflow Vulnerability CVE-2026-5027 Exploited for Unauthenticated RCE", "link": "https://thehackernews.com/2026/06/unpatched-langflow-flaw-cve-2026-5027.html", "published": "2026-06-10", "sev": "crit" }, { "id": "art-94", "title": "CISA KEV: CVE-2026-7473 \u2014 Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-10" }, { "value": "CVE-2026-8863", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-67", "title": "Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs", "link": "https://thehackernews.com/2026/06/microsoft-patches-record-206-flaws.html", "published": "2026-06-10", "sev": "crit" } ], "first_seen": "2026-06-10" }, { "value": "o4511539639222272.ingest.de.sentry.io", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Aikido" ], "articles": [ { "id": "art-66", "title": "Compromised Rust crate onering performs code exfiltration", "link": "https://www.aikido.dev/blog/compromised-rust-crate-onering-performs-code-exfiltration", "published": "2026-06-10", "sev": "crit" } ], "first_seen": "2026-06-10" }, { "value": "projectnightcrawler.dev", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-71", "title": "Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows", "link": "https://thehackernews.com/2026/06/microsoft-defender-rogueplanet-zero-day.html", "published": "2026-06-10", "sev": "crit" } ], "first_seen": "2026-06-10" }, { "value": "45.32.150.251", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Aikido" ], "articles": [ { "id": "art-58", "title": "Code is being written everywhere, and the device is the only constant", "link": "https://www.aikido.dev/blog/code-is-written-everywhere", "published": "2026-06-10", "sev": "high" }, { "id": "art-458", "title": "GlassWorm Hides a RAT Inside a Malicious Chrome Extension", "link": "https://www.aikido.dev/blog/glassworm-chrome-extension-rat", "published": "2026-03-18", "sev": "crit" }, { "id": "art-466", "title": "Glassworm Strikes Popular React Native Phone Number Packages", "link": "https://www.aikido.dev/blog/glassworm-strikes-react-packages-phone-numbers", "published": "2026-03-16", "sev": "high" } ], "first_seen": "2026-06-10" }, { "value": "CVE-2026-29199", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-69", "title": "10 year old critical vulnerability in phpBB affecting tens of millions of users across thousands of forums", "link": "https://www.aikido.dev/blog/phpbb-authentication-bypass-rce", "published": "2026-06-10", "sev": "high" } ], "first_seen": "2026-06-10" }, { "value": "giftshop.club", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Aikido", "Snyk" ], "articles": [ { "id": "art-58", "title": "Code is being written everywhere, and the device is the only constant", "link": "https://www.aikido.dev/blog/code-is-written-everywhere", "published": "2026-06-10", "sev": "high" }, { "id": "art-186", "title": "What MDM can't protect on developer machines (and what to do about it)", "link": "https://www.aikido.dev/blog/what-mdm-cant-protect", "published": "2026-05-28", "sev": "high" }, { "id": "art-776", "title": "Malicious MCP Server on npm postmark-mcp Harvests Emails", "link": "https://snyk.io/blog/malicious-mcp-server-on-npm-postmark-mcp-harvests-emails/", "published": "2025-09-25", "sev": "high" } ], "first_seen": "2026-06-10" }, { "value": "45.32.151.157", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-58", "title": "Code is being written everywhere, and the device is the only constant", "link": "https://www.aikido.dev/blog/code-is-written-everywhere", "published": "2026-06-10", "sev": "high" } ], "first_seen": "2026-06-10" }, { "value": "70.34.242.255", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-58", "title": "Code is being written everywhere, and the device is the only constant", "link": "https://www.aikido.dev/blog/code-is-written-everywhere", "published": "2026-06-10", "sev": "high" } ], "first_seen": "2026-06-10" }, { "value": "CVE-2024-21182", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-87", "title": "Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models", "link": "https://thehackernews.com/2026/06/researchers-build-self-replicating-ai.html", "published": "2026-06-09", "sev": "crit" }, { "id": "art-160", "title": "CISA KEV: CVE-2024-21182 \u2014 Oracle WebLogic Server Unspecified Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-06-01", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2025-8088", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "ESET WeLiveSecurity", "CISA KEV" ], "articles": [ { "id": "art-86", "title": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine", "link": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html", "published": "2026-06-09", "sev": "crit" }, { "id": "art-714", "title": "The who, where, and how of APT attacks in Q2 2025\u2013Q3 2025", "link": "https://www.welivesecurity.com/en/videos/who-where-how-apt-attacks-q2-2025-q3-2025/", "published": "2025-11-07", "sev": "crit" }, { "id": "art-715", "title": "ESET APT Activity Report Q2 2025\u2013Q3 2025", "link": "https://www.welivesecurity.com/en/eset-research/eset-apt-activity-report-q2-2025-q3-2025/", "published": "2025-11-06", "sev": "crit" }, { "id": "art-820", "title": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-0257", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "Unit 42 (Palo Alto)", "CISA KEV" ], "articles": [ { "id": "art-84", "title": "Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now", "link": "https://thehackernews.com/2026/06/chrome-v8-zero-day-cve-2026-11645.html", "published": "2026-06-09", "sev": "crit" }, { "id": "art-87", "title": "Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models", "link": "https://thehackernews.com/2026/06/researchers-build-self-replicating-ai.html", "published": "2026-06-09", "sev": "crit" }, { "id": "art-184", "title": "CISA KEV: CVE-2026-0257 \u2014 Palo Alto Networks PAN-OS Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-29", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-20122", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV", "Cisco Talos" ], "articles": [ { "id": "art-95", "title": "CISA KEV: CVE-2026-20245 \u2014 Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-06-09", "sev": "crit" }, { "id": "art-302", "title": "Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities", "link": "https://blog.talosintelligence.com/sd-wan-ongoing-exploitation/", "published": "2026-05-14", "sev": "crit" }, { "id": "art-371", "title": "CISA KEV: CVE-2026-20122 \u2014 Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-20127", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV", "Cisco Talos" ], "articles": [ { "id": "art-95", "title": "CISA KEV: CVE-2026-20245 \u2014 Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-06-09", "sev": "crit" }, { "id": "art-302", "title": "Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities", "link": "https://blog.talosintelligence.com/sd-wan-ongoing-exploitation/", "published": "2026-05-14", "sev": "crit" }, { "id": "art-505", "title": "CISA KEV: CVE-2026-20127 \u2014 Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-25", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-20128", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV", "Cisco Talos" ], "articles": [ { "id": "art-95", "title": "CISA KEV: CVE-2026-20245 \u2014 Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-06-09", "sev": "crit" }, { "id": "art-302", "title": "Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities", "link": "https://blog.talosintelligence.com/sd-wan-ongoing-exploitation/", "published": "2026-05-14", "sev": "crit" }, { "id": "art-376", "title": "CISA KEV: CVE-2026-20128 \u2014 Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-20133", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV", "Cisco Talos" ], "articles": [ { "id": "art-95", "title": "CISA KEV: CVE-2026-20245 \u2014 Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-06-09", "sev": "crit" }, { "id": "art-302", "title": "Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities", "link": "https://blog.talosintelligence.com/sd-wan-ongoing-exploitation/", "published": "2026-05-14", "sev": "crit" }, { "id": "art-372", "title": "CISA KEV: CVE-2026-20133 \u2014 Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-20182", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV", "Cisco Talos" ], "articles": [ { "id": "art-95", "title": "CISA KEV: CVE-2026-20245 \u2014 Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-06-09", "sev": "crit" }, { "id": "art-302", "title": "Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities", "link": "https://blog.talosintelligence.com/sd-wan-ongoing-exploitation/", "published": "2026-05-14", "sev": "crit" }, { "id": "art-310", "title": "CISA KEV: CVE-2026-20182 \u2014 Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-26142", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-76", "title": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prominent vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-31431", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-87", "title": "Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models", "link": "https://thehackernews.com/2026/06/researchers-build-self-replicating-ai.html", "published": "2026-06-09", "sev": "crit" }, { "id": "art-338", "title": "CISA KEV: CVE-2026-31431 \u2014 Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-01", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-32193", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-76", "title": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prominent vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-39987", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-87", "title": "Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models", "link": "https://thehackernews.com/2026/06/researchers-build-self-replicating-ai.html", "published": "2026-06-09", "sev": "crit" }, { "id": "art-365", "title": "CISA KEV: CVE-2026-39987 \u2014 Marimo Remote Code Execution Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-42208", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-92", "title": "LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE", "link": "https://thehackernews.com/2026/06/litellm-flaw-cve-2026-42271-exploited.html", "published": "2026-06-09", "sev": "crit" }, { "id": "art-320", "title": "CISA KEV: CVE-2026-42208 \u2014 BerriAI LiteLLM SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-08", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-42271", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-92", "title": "LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE", "link": "https://thehackernews.com/2026/06/litellm-flaw-cve-2026-42271-exploited.html", "published": "2026-06-09", "sev": "crit" }, { "id": "art-110", "title": "CISA KEV: CVE-2026-42271 \u2014 BerriAI LiteLLM Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-42985", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-76", "title": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prominent vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-42987", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-76", "title": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prominent vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-42992", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-76", "title": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prominent vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-43284", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-87", "title": "Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models", "link": "https://thehackernews.com/2026/06/researchers-build-self-replicating-ai.html", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-43500", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-87", "title": "Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models", "link": "https://thehackernews.com/2026/06/researchers-build-self-replicating-ai.html", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-44799", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-76", "title": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prominent vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-44801", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-76", "title": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prominent vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-44803", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-76", "title": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prominent vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-44810", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-76", "title": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prominent vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-44812", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-76", "title": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prominent vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-45321", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity", "Unit 42 (Palo Alto)", "CISA KEV", "Aikido", "Snyk" ], "articles": [ { "id": "art-79", "title": "Miasma Worm Hits Microsoft Again: Azure Functions Action and 72 Other Repositories Disabled After Supply Chain Attack Targeting AI Coding Agents", "link": "https://www.stepsecurity.io/blog/miasma-worm-hits-microsoft-again-azure-functions-action-and-72-other-repositories-disabled-after-supply-chain-attack-targeting-ai-coding-agents", "published": "2026-06-09", "sev": "crit" }, { "id": "art-193", "title": "Out of the Crypt: The Evolving Cyber Extortion Economy", "link": "https://unit42.paloaltonetworks.com/cyber-extortion-economy/", "published": "2026-05-27", "sev": "crit" }, { "id": "art-203", "title": "CISA KEV: CVE-2026-48027 \u2014 Nx Console Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-27", "sev": "crit" }, { "id": "art-204", "title": "CISA KEV: CVE-2026-45321 \u2014 TanStack Unspecified Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-27", "sev": "crit" }, { "id": "art-312", "title": "TeamPCP's Mini Shai-Hulud Is Back: A Self-Spreading Supply Chain Attack Compromises TanStack npm Packages", "link": "https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem", "published": "2026-05-12", "sev": "crit" }, { "id": "art-315", "title": "Mini Shai-Hulud Is Back: npm Worm Hits over 160 Packages, including Mistral and Tanstack", "link": "https://www.aikido.dev/blog/mini-shai-hulud-is-back-tanstack-compromised", "published": "2026-05-11", "sev": "crit" }, { "id": "art-318", "title": "TanStack Npm Packages Compromised Inside The Mini Shai Hulud Supply Chain Attack", "link": "https://snyk.io/blog/tanstack-npm-packages-compromised/", "published": "2026-05-11", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-45456", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-76", "title": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prominent vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-45458", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-76", "title": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prominent vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-45461", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-76", "title": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prominent vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-45463", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-76", "title": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prominent vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-45472", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-76", "title": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prominent vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-45474", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-76", "title": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prominent vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-45476", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-76", "title": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prominent vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-45607", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-76", "title": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prominent vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-45641", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-76", "title": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prominent vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-45648", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-76", "title": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prominent vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-45659", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-87", "title": "Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models", "link": "https://thehackernews.com/2026/06/researchers-build-self-replicating-ai.html", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-47288", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-76", "title": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prominent vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-47289", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-76", "title": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prominent vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-47635", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-76", "title": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prominent vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-47644", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-76", "title": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prominent vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-47652", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-76", "title": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prominent vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-48030", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-73", "title": "[GHSA / CRITICAL] CVE-2026-48030: Pheditor: OS Command Injection in terminal handler via unsanitized 'dir' parameter", "link": "https://github.com/advisories/GHSA-jvc5-6g7q-c843", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-48563", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-76", "title": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prominent vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-48574", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-76", "title": "Microsoft Patch Tuesday for June 2026 \u2014 Snort rules and prominent vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-48710", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-92", "title": "LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE", "link": "https://thehackernews.com/2026/06/litellm-flaw-cve-2026-42271-exploited.html", "published": "2026-06-09", "sev": "crit" }, { "id": "art-110", "title": "CISA KEV: CVE-2026-42271 \u2014 BerriAI LiteLLM Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-8467", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-75", "title": "[GHSA / CRITICAL] CVE-2026-8467: PhoenixStorybook: Unauthenticated remote code execution via HEEx template injection in phoenix_storybook playground", "link": "https://github.com/advisories/GHSA-55hg-8qxv-qj4p", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "check.git-service.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "StepSecurity", "The Hacker News", "Aikido" ], "articles": [ { "id": "art-79", "title": "Miasma Worm Hits Microsoft Again: Azure Functions Action and 72 Other Repositories Disabled After Supply Chain Attack Targeting AI Coding Agents", "link": "https://www.stepsecurity.io/blog/miasma-worm-hits-microsoft-again-azure-functions-action-and-72-other-repositories-disabled-after-supply-chain-attack-targeting-ai-coding-agents", "published": "2026-06-09", "sev": "crit" }, { "id": "art-82", "title": "Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues", "link": "https://thehackernews.com/2026/06/microsoft-restores-some-github-repos.html", "published": "2026-06-09", "sev": "crit" }, { "id": "art-142", "title": "Why EDR and proxy won\u2019t save you from supply chain malware", "link": "https://www.aikido.dev/blog/edr-proxy-wont-protect-supply-chain-malware", "published": "2026-06-02", "sev": "high" }, { "id": "art-230", "title": "5 Supply Chain Attacks in 48 Hours: Why Securing One Layer Is Not Enough", "link": "https://www.stepsecurity.io/blog/5-supply-chain-attacks-in-48-hours-why-securing-one-layer-is-not-enough", "published": "2026-05-21", "sev": "crit" }, { "id": "art-238", "title": "GitHub breached via a malicious VS Code extension: why developer devices are the real target", "link": "https://www.aikido.dev/blog/github-breached-vs-code-extension", "published": "2026-05-20", "sev": "high" }, { "id": "art-254", "title": "Microsoft's durabletask package on PyPi Compromised. Mini Shai Hulud attacks again... again!", "link": "https://www.aikido.dev/blog/durabletask-package-compromised-mini-shai-hulud", "published": "2026-05-19", "sev": "high" } ], "first_seen": "2026-06-09" }, { "value": "csxvl00328.workers.dev", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-86", "title": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine", "link": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "dayobtvoyu.ru", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-86", "title": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine", "link": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "e097.yggjf81487.workers.dev", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-86", "title": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine", "link": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "git-service.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "StepSecurity", "The Hacker News", "Aikido" ], "articles": [ { "id": "art-79", "title": "Miasma Worm Hits Microsoft Again: Azure Functions Action and 72 Other Repositories Disabled After Supply Chain Attack Targeting AI Coding Agents", "link": "https://www.stepsecurity.io/blog/miasma-worm-hits-microsoft-again-azure-functions-action-and-72-other-repositories-disabled-after-supply-chain-attack-targeting-ai-coding-agents", "published": "2026-06-09", "sev": "crit" }, { "id": "art-82", "title": "Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues", "link": "https://thehackernews.com/2026/06/microsoft-restores-some-github-repos.html", "published": "2026-06-09", "sev": "crit" }, { "id": "art-254", "title": "Microsoft's durabletask package on PyPi Compromised. Mini Shai Hulud attacks again... again!", "link": "https://www.aikido.dev/blog/durabletask-package-compromised-mini-shai-hulud", "published": "2026-05-19", "sev": "high" } ], "first_seen": "2026-06-09" }, { "value": "https://malicious.app", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-89", "title": "New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing", "link": "https://thehackernews.com/2026/06/new-frost-attack-lets-websites-track.html", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "https://receiver.app", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-89", "title": "New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing", "link": "https://thehackernews.com/2026/06/new-frost-attack-lets-websites-track.html", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "https://sender.app", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-89", "title": "New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing", "link": "https://thehackernews.com/2026/06/new-frost-attack-lets-websites-track.html", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "https://victim.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-89", "title": "New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing", "link": "https://thehackernews.com/2026/06/new-frost-attack-lets-websites-track.html", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "insight-sweet-drainage-appreciated.trycloudflare.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-86", "title": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine", "link": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "snterval.selltosell.ru", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-86", "title": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine", "link": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "sweet.csxvl00328.workers.dev", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-86", "title": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine", "link": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "t.m-kosche.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "StepSecurity", "The Hacker News", "GitHub Security Advisories", "Aikido", "Snyk" ], "articles": [ { "id": "art-79", "title": "Miasma Worm Hits Microsoft Again: Azure Functions Action and 72 Other Repositories Disabled After Supply Chain Attack Targeting AI Coding Agents", "link": "https://www.stepsecurity.io/blog/miasma-worm-hits-microsoft-again-azure-functions-action-and-72-other-repositories-disabled-after-supply-chain-attack-targeting-ai-coding-agents", "published": "2026-06-09", "sev": "crit" }, { "id": "art-82", "title": "Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues", "link": "https://thehackernews.com/2026/06/microsoft-restores-some-github-repos.html", "published": "2026-06-09", "sev": "crit" }, { "id": "art-123", "title": "[GHSA / CRITICAL] GHSA-jpvj-wpmj-h7rv: Supply chain compromise via malicious @cap-js/openapi", "link": "https://github.com/advisories/GHSA-jpvj-wpmj-h7rv", "published": "2026-06-04", "sev": "crit" }, { "id": "art-142", "title": "Why EDR and proxy won\u2019t save you from supply chain malware", "link": "https://www.aikido.dev/blog/edr-proxy-wont-protect-supply-chain-malware", "published": "2026-06-02", "sev": "high" }, { "id": "art-230", "title": "5 Supply Chain Attacks in 48 Hours: Why Securing One Layer Is Not Enough", "link": "https://www.stepsecurity.io/blog/5-supply-chain-attacks-in-48-hours-why-securing-one-layer-is-not-enough", "published": "2026-05-21", "sev": "crit" }, { "id": "art-254", "title": "Microsoft's durabletask package on PyPi Compromised. Mini Shai Hulud attacks again... again!", "link": "https://www.aikido.dev/blog/durabletask-package-compromised-mini-shai-hulud", "published": "2026-05-19", "sev": "high" }, { "id": "art-267", "title": "Mini Shai-Hulud strikes again: npm worm compromises hundreds of @antv packages", "link": "https://www.aikido.dev/blog/mini-shai-hulud-antv-npm-supply-chain-attack", "published": "2026-05-19", "sev": "crit" }, { "id": "art-268", "title": "actions-cool/issues-helper GitHub Action Compromised: All Tags Point to Imposter Commit That Exfiltrates CI/CD Credentials", "link": "https://www.stepsecurity.io/blog/actions-cool-issues-helper-github-action-compromised-all-tags-point-to-imposter-commit-that-exfiltrates-ci-cd-credentials", "published": "2026-05-19", "sev": "med" }, { "id": "art-270", "title": "Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Published via Compromised Maintainer Account", "link": "https://snyk.io/blog/mini-shai-hulud-antv-npm-supply-chain-attack/", "published": "2026-05-18", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "vids-road-christina-guards.trycloudflare.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-86", "title": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine", "link": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "104.207.144.154", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-84", "title": "Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now", "link": "https://thehackernews.com/2026/06/chrome-v8-zero-day-cve-2026-11645.html", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "144.172.88.24", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-86", "title": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine", "link": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "146.19.216.119", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-84", "title": "Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now", "link": "https://thehackernews.com/2026/06/chrome-v8-zero-day-cve-2026-11645.html", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "146.19.216.120", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-84", "title": "Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now", "link": "https://thehackernews.com/2026/06/chrome-v8-zero-day-cve-2026-11645.html", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "146.19.216.125", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-84", "title": "Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now", "link": "https://thehackernews.com/2026/06/chrome-v8-zero-day-cve-2026-11645.html", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "172.86.72.243", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-86", "title": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine", "link": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "172.86.76.132", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-86", "title": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine", "link": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "179.43.172.213", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-84", "title": "Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now", "link": "https://thehackernews.com/2026/06/chrome-v8-zero-day-cve-2026-11645.html", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "185.195.232.139", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-84", "title": "Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now", "link": "https://thehackernews.com/2026/06/chrome-v8-zero-day-cve-2026-11645.html", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "198.12.106.60", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-84", "title": "Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now", "link": "https://thehackernews.com/2026/06/chrome-v8-zero-day-cve-2026-11645.html", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "202.144.192.47", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-84", "title": "Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now", "link": "https://thehackernews.com/2026/06/chrome-v8-zero-day-cve-2026-11645.html", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "209.99.191.137", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-84", "title": "Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now", "link": "https://thehackernews.com/2026/06/chrome-v8-zero-day-cve-2026-11645.html", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "23.128.228.6", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-84", "title": "Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now", "link": "https://thehackernews.com/2026/06/chrome-v8-zero-day-cve-2026-11645.html", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "79.130.26.202", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-84", "title": "Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now", "link": "https://thehackernews.com/2026/06/chrome-v8-zero-day-cve-2026-11645.html", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "a2c6e01001c62f6198e31a9d603977c6", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-86", "title": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine", "link": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "bf94f4056627907d86ce1cae8b44c67a", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-86", "title": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine", "link": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "d2a6009587b3cb73355c2d1e53d5cdfa", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-86", "title": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine", "link": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "272c86c6db95f1ef8b83f672b65e64df16494cae261e1aba1aeb1e59dcb68524", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-86", "title": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine", "link": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html", "published": "2026-06-09", "sev": "crit" }, { "id": "art-820", "title": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "288f26c2eadcb1a7923fe376d16f5404216cce15d9fc162a4a78574dc7df399a", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Aikido", "Snyk" ], "articles": [ { "id": "art-85", "title": "Wait, binding.gyp Can Do What? Exploring npm's Weirdest Build System", "link": "https://www.aikido.dev/blog/exploring-binding-gyp-npm-build-system", "published": "2026-06-09", "sev": "crit" }, { "id": "art-130", "title": "Node-gyp Supply Chain Compromise: A Self-Propagating npm Worm That Hides in binding.gyp", "link": "https://snyk.io/blog/node-gyp-supply-chain-compromise-self-propagating-npm-worm-binding-gyp/", "published": "2026-06-04", "sev": "high" } ], "first_seen": "2026-06-09" }, { "value": "33580073680016f23bf474e6e62c61bf6a776e561385bfb06788a4713114ba9d", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-86", "title": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine", "link": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html", "published": "2026-06-09", "sev": "crit" }, { "id": "art-820", "title": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "498961237cf1c48f1e7764829818c5ba0af24a234c2f29c4420fb80276aec676", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-86", "title": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine", "link": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html", "published": "2026-06-09", "sev": "crit" }, { "id": "art-820", "title": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "4f4567abe9ff520797b04b04255bbbe07ecdddb594559d436ac53314ec62c1b3", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-86", "title": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine", "link": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html", "published": "2026-06-09", "sev": "crit" }, { "id": "art-820", "title": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "53f1b841d323c211c715b8f80d0efb9529440caae921a60340de027052946dd9", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-86", "title": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine", "link": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html", "published": "2026-06-09", "sev": "crit" }, { "id": "art-820", "title": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "6506d31707a39949f89534bf9705bcf889f1ecae3dbc6f4ff88d67a8be3d01b2", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-82", "title": "Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues", "link": "https://thehackernews.com/2026/06/microsoft-restores-some-github-repos.html", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "6d332f814f15f19758d65026bbfd0a8c49671b319ec77b8fa1b27fc48afff7d9", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-82", "title": "Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues", "link": "https://thehackernews.com/2026/06/microsoft-restores-some-github-repos.html", "published": "2026-06-09", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "aea13e5871b683a19a05015ff0369b412b985d47eb67a3af93f44400a026b4b0", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-86", "title": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine", "link": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html", "published": "2026-06-09", "sev": "crit" }, { "id": "art-820", "title": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "b53069a380a9dd3dc1c758888d0e50dd43935f16df0f7124c77569375a9f44f5", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-86", "title": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine", "link": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html", "published": "2026-06-09", "sev": "crit" }, { "id": "art-820", "title": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "ba86b6e0199b8907427364246f049efd67dc4eda0b5078f4bc7607253634cf24", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-86", "title": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine", "link": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html", "published": "2026-06-09", "sev": "crit" }, { "id": "art-820", "title": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "ceff7c51d70832c3ec8dd2744b606a23b3c924ef664ae23439b9b742ea154108", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Aikido", "Snyk" ], "articles": [ { "id": "art-85", "title": "Wait, binding.gyp Can Do What? Exploring npm's Weirdest Build System", "link": "https://www.aikido.dev/blog/exploring-binding-gyp-npm-build-system", "published": "2026-06-09", "sev": "crit" }, { "id": "art-130", "title": "Node-gyp Supply Chain Compromise: A Self-Propagating npm Worm That Hides in binding.gyp", "link": "https://snyk.io/blog/node-gyp-supply-chain-compromise-self-propagating-npm-worm-binding-gyp/", "published": "2026-06-04", "sev": "high" } ], "first_seen": "2026-06-09" }, { "value": "defe25e400d4925d8a2bb4b1181044d06a8bf61688fd9c9ea59f1e0bb7bc21d8", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-86", "title": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine", "link": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html", "published": "2026-06-09", "sev": "crit" }, { "id": "art-820", "title": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "e3dbe63aded45278f49c4746ab938ed9472b36def79b43e2dd2d7eff014481d1", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Aikido", "Snyk" ], "articles": [ { "id": "art-85", "title": "Wait, binding.gyp Can Do What? Exploring npm's Weirdest Build System", "link": "https://www.aikido.dev/blog/exploring-binding-gyp-npm-build-system", "published": "2026-06-09", "sev": "crit" }, { "id": "art-130", "title": "Node-gyp Supply Chain Compromise: A Self-Propagating npm Worm That Hides in binding.gyp", "link": "https://snyk.io/blog/node-gyp-supply-chain-compromise-self-propagating-npm-worm-binding-gyp/", "published": "2026-06-04", "sev": "high" } ], "first_seen": "2026-06-09" }, { "value": "edc1f7528ca93ec432daca820f47e08d218b79cceca1ee764966f8f90d6a58bd", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-86", "title": "WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine", "link": "https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html", "published": "2026-06-09", "sev": "crit" }, { "id": "art-820", "title": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2026-06-09" }, { "value": "ef641e956f91d501b748085996303c96a64d67f63bfeef0dda175e5aa19cca90", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Aikido", "Snyk" ], "articles": [ { "id": "art-85", "title": "Wait, binding.gyp Can Do What? Exploring npm's Weirdest Build System", "link": "https://www.aikido.dev/blog/exploring-binding-gyp-npm-build-system", "published": "2026-06-09", "sev": "crit" }, { "id": "art-130", "title": "Node-gyp Supply Chain Compromise: A Self-Propagating npm Worm That Hides in binding.gyp", "link": "https://snyk.io/blog/node-gyp-supply-chain-compromise-self-propagating-npm-worm-binding-gyp/", "published": "2026-06-04", "sev": "high" } ], "first_seen": "2026-06-09" }, { "value": "CVE-2026-22769", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-107", "title": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances", "link": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html", "published": "2026-06-08", "sev": "crit" }, { "id": "art-524", "title": "CISA KEV: CVE-2026-22769 \u2014 Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-18", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "CVE-2026-23111", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-100", "title": "One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public", "link": "https://thehackernews.com/2026/06/one-character-linux-kernel-flaw-enables.html", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "CVE-2026-34084", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-99", "title": "[GHSA / CRITICAL] CVE-2026-45034: PHPSpreadsheet has a patch bypass for CVE-2026-34084", "link": "https://github.com/advisories/GHSA-87m4-826x-3crx", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "CVE-2026-45034", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-99", "title": "[GHSA / CRITICAL] CVE-2026-45034: PHPSpreadsheet has a patch bypass for CVE-2026-34084", "link": "https://github.com/advisories/GHSA-87m4-826x-3crx", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "CVE-2026-47252", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-97", "title": "[GHSA / CRITICAL] CVE-2026-47252: Anyquery: AppleScript/JXA Code Injection via Unescaped URL in macOS Chrome Plugin", "link": "https://github.com/advisories/GHSA-hrj8-hjv8-mgwc", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "CVE-2026-47430", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-105", "title": "[GHSA / CRITICAL] CVE-2026-47430: Cordova Plugin InAppBrowser: iOS: Arbitrary Cordova callback IDs can be dispatched without validation from InAppBrowser WebViews.", "link": "https://github.com/advisories/GHSA-q42j-x8rq-pjg6", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "CVE-2026-47724", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-96", "title": "[GHSA / CRITICAL] CVE-2026-47724: nebula-mesh: API endpoints lack ownership checks, enabling cross-operator privilege escalation", "link": "https://github.com/advisories/GHSA-598g-h2vc-h5vg", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "CVE-2026-50751", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-101", "title": "Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files Contempt Order", "link": "https://thehackernews.com/2026/06/meta-blocks-nso-groups-new-whatsapp.html", "published": "2026-06-08", "sev": "crit" }, { "id": "art-111", "title": "CISA KEV: CVE-2026-50751 \u2014 Check Point Security Gateway Improper Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "CVE-2026-50752", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-101", "title": "Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files Contempt Order", "link": "https://thehackernews.com/2026/06/meta-blocks-nso-groups-new-whatsapp.html", "published": "2026-06-08", "sev": "crit" }, { "id": "art-111", "title": "CISA KEV: CVE-2026-50751 \u2014 Check Point Security Gateway Improper Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "awaydouble.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Microsoft Security Blog" ], "articles": [ { "id": "art-102", "title": "AI brands as bait: How threat actors are using the AI hype in social engineering", "link": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "blog.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-103", "title": "AI Phishing Is Crushing SOCs with Alert Volume: How to Reduce Tier 1 Overload", "link": "https://thehackernews.com/2026/06/ai-phishing-is-crushing-socs-with-alert.html", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "brokeapt.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Microsoft Security Blog" ], "articles": [ { "id": "art-102", "title": "AI brands as bait: How threat actors are using the AI hype in social engineering", "link": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "business-data-leaks.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-108", "title": "UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign", "link": "https://thehackernews.com/2026/06/unc3753-used-vishing-and-physical.html", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "dash.awaydouble.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Microsoft Security Blog" ], "articles": [ { "id": "art-102", "title": "AI brands as bait: How threat actors are using the AI hype in social engineering", "link": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "epleyonlineo.za.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-103", "title": "AI Phishing Is Crushing SOCs with Alert Volume: How to Reduce Tier 1 Overload", "link": "https://thehackernews.com/2026/06/ai-phishing-is-crushing-socs-with-alert.html", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "legendarytrendsbay.shop", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Microsoft Security Blog" ], "articles": [ { "id": "art-102", "title": "AI brands as bait: How threat actors are using the AI hype in social engineering", "link": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "openvpn.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-103", "title": "AI Phishing Is Crushing SOCs with Alert Volume: How to Reduce Tier 1 Overload", "link": "https://thehackernews.com/2026/06/ai-phishing-is-crushing-socs-with-alert.html", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "pan.rongtv.xyz", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Microsoft Security Blog" ], "articles": [ { "id": "art-102", "title": "AI brands as bait: How threat actors are using the AI hype in social engineering", "link": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "pan.ssffaa19.xyz", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Microsoft Security Blog" ], "articles": [ { "id": "art-102", "title": "AI brands as bait: How threat actors are using the AI hype in social engineering", "link": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "pureplantcravings.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Microsoft Security Blog" ], "articles": [ { "id": "art-102", "title": "AI brands as bait: How threat actors are using the AI hype in social engineering", "link": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "rongtv.xyz", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Microsoft Security Blog" ], "articles": [ { "id": "art-102", "title": "AI brands as bait: How threat actors are using the AI hype in social engineering", "link": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "servicing.pureplantcravings.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Microsoft Security Blog" ], "articles": [ { "id": "art-102", "title": "AI brands as bait: How threat actors are using the AI hype in social engineering", "link": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "ssffaa19.xyz", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Microsoft Security Blog" ], "articles": [ { "id": "art-102", "title": "AI brands as bait: How threat actors are using the AI hype in social engineering", "link": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "13.107.213.44", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-103", "title": "AI Phishing Is Crushing SOCs with Alert Volume: How to Reduce Tier 1 Overload", "link": "https://thehackernews.com/2026/06/ai-phishing-is-crushing-socs-with-alert.html", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "143.204.203.52", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-103", "title": "AI Phishing Is Crushing SOCs with Alert Volume: How to Reduce Tier 1 Overload", "link": "https://thehackernews.com/2026/06/ai-phishing-is-crushing-socs-with-alert.html", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "144.208.127.155", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-101", "title": "Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files Contempt Order", "link": "https://thehackernews.com/2026/06/meta-blocks-nso-groups-new-whatsapp.html", "published": "2026-06-08", "sev": "crit" }, { "id": "art-111", "title": "CISA KEV: CVE-2026-50751 \u2014 Check Point Security Gateway Improper Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "149.248.11.71", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-107", "title": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances", "link": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "162.33.177.101", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-101", "title": "Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files Contempt Order", "link": "https://thehackernews.com/2026/06/meta-blocks-nso-groups-new-whatsapp.html", "published": "2026-06-08", "sev": "crit" }, { "id": "art-111", "title": "CISA KEV: CVE-2026-50751 \u2014 Check Point Security Gateway Improper Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "174.169.162.62", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-108", "title": "UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign", "link": "https://thehackernews.com/2026/06/unc3753-used-vishing-and-physical.html", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "192.236.146.173", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-108", "title": "UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign", "link": "https://thehackernews.com/2026/06/unc3753-used-vishing-and-physical.html", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "192.236.147.131", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-108", "title": "UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign", "link": "https://thehackernews.com/2026/06/unc3753-used-vishing-and-physical.html", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "192.236.147.138", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-108", "title": "UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign", "link": "https://thehackernews.com/2026/06/unc3753-used-vishing-and-physical.html", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "192.236.154.158", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-108", "title": "UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign", "link": "https://thehackernews.com/2026/06/unc3753-used-vishing-and-physical.html", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "193.141.60.212", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-108", "title": "UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign", "link": "https://thehackernews.com/2026/06/unc3753-used-vishing-and-physical.html", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "209.182.225.136", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-101", "title": "Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files Contempt Order", "link": "https://thehackernews.com/2026/06/meta-blocks-nso-groups-new-whatsapp.html", "published": "2026-06-08", "sev": "crit" }, { "id": "art-111", "title": "CISA KEV: CVE-2026-50751 \u2014 Check Point Security Gateway Improper Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "38.54.107.167", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-101", "title": "Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files Contempt Order", "link": "https://thehackernews.com/2026/06/meta-blocks-nso-groups-new-whatsapp.html", "published": "2026-06-08", "sev": "crit" }, { "id": "art-111", "title": "CISA KEV: CVE-2026-50751 \u2014 Check Point Security Gateway Improper Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "38.54.88.201", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-101", "title": "Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files Contempt Order", "link": "https://thehackernews.com/2026/06/meta-blocks-nso-groups-new-whatsapp.html", "published": "2026-06-08", "sev": "crit" }, { "id": "art-111", "title": "CISA KEV: CVE-2026-50751 \u2014 Check Point Security Gateway Improper Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "38.60.157.139", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-101", "title": "Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files Contempt Order", "link": "https://thehackernews.com/2026/06/meta-blocks-nso-groups-new-whatsapp.html", "published": "2026-06-08", "sev": "crit" }, { "id": "art-111", "title": "CISA KEV: CVE-2026-50751 \u2014 Check Point Security Gateway Improper Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "45.61.136.173", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-111", "title": "CISA KEV: CVE-2026-50751 \u2014 Check Point Security Gateway Improper Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "45.63.104.106", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-111", "title": "CISA KEV: CVE-2026-50751 \u2014 Check Point Security Gateway Improper Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "45.76.26.42", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-101", "title": "Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files Contempt Order", "link": "https://thehackernews.com/2026/06/meta-blocks-nso-groups-new-whatsapp.html", "published": "2026-06-08", "sev": "crit" }, { "id": "art-111", "title": "CISA KEV: CVE-2026-50751 \u2014 Check Point Security Gateway Improper Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "45.77.149.152", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-101", "title": "Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files Contempt Order", "link": "https://thehackernews.com/2026/06/meta-blocks-nso-groups-new-whatsapp.html", "published": "2026-06-08", "sev": "crit" }, { "id": "art-111", "title": "CISA KEV: CVE-2026-50751 \u2014 Check Point Security Gateway Improper Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "64.94.84.97", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-108", "title": "UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign", "link": "https://thehackernews.com/2026/06/unc3753-used-vishing-and-physical.html", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "66.42.99.200", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-101", "title": "Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files Contempt Order", "link": "https://thehackernews.com/2026/06/meta-blocks-nso-groups-new-whatsapp.html", "published": "2026-06-08", "sev": "crit" }, { "id": "art-111", "title": "CISA KEV: CVE-2026-50751 \u2014 Check Point Security Gateway Improper Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "22c0c7d441fd22432cfe7854b59ba82b", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Microsoft Security Blog" ], "articles": [ { "id": "art-102", "title": "AI brands as bait: How threat actors are using the AI hype in social engineering", "link": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "51d39aa39478beeac94f2d12f682ecce", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-101", "title": "Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files Contempt Order", "link": "https://thehackernews.com/2026/06/meta-blocks-nso-groups-new-whatsapp.html", "published": "2026-06-08", "sev": "crit" }, { "id": "art-111", "title": "CISA KEV: CVE-2026-50751 \u2014 Check Point Security Gateway Improper Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "52fda5c1b9704544f32ee98d9060e689", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-101", "title": "Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files Contempt Order", "link": "https://thehackernews.com/2026/06/meta-blocks-nso-groups-new-whatsapp.html", "published": "2026-06-08", "sev": "crit" }, { "id": "art-111", "title": "CISA KEV: CVE-2026-50751 \u2014 Check Point Security Gateway Improper Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "562d48524313d414b5a419fed6ca10aa", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Microsoft Security Blog" ], "articles": [ { "id": "art-102", "title": "AI brands as bait: How threat actors are using the AI hype in social engineering", "link": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "58d4eccc982c9e9b1b98aa62c514e53a", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-107", "title": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances", "link": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "84ad78b2bab946c3677fdc28ebd8a774", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-107", "title": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances", "link": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "95dc2289427ed29b8b996d0e3d1b78cb", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-107", "title": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances", "link": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "98ee964edeb5a988c3bba8ea1e57fe0e", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-107", "title": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances", "link": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "b96c0d609c1b7e74f8cb1442bf0b5418", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Microsoft Security Blog" ], "articles": [ { "id": "art-102", "title": "AI brands as bait: How threat actors are using the AI hype in social engineering", "link": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "dbaa133fd3d1a834460206d83b480f80", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Microsoft Security Blog" ], "articles": [ { "id": "art-102", "title": "AI brands as bait: How threat actors are using the AI hype in social engineering", "link": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "fbfe7513685913e6f878647eec429d45", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Microsoft Security Blog" ], "articles": [ { "id": "art-102", "title": "AI brands as bait: How threat actors are using the AI hype in social engineering", "link": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "4f5c5b3ef45cfff7721754487a86aeff9a2e6e32", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Microsoft Security Blog" ], "articles": [ { "id": "art-102", "title": "AI brands as bait: How threat actors are using the AI hype in social engineering", "link": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "681075027553546c119ec447eb8df84633dcffce", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-107", "title": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances", "link": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "e952c18272efa1c3d73d0a5381bcf443c02743fe", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-107", "title": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances", "link": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "f4d77958a12a0778283d3e679b24b18f82e332c4", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-107", "title": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances", "link": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "f8d93c1769e877aae7e7d5c289a467b5ae371c7a", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-107", "title": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances", "link": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "0a26238f6c516de5885457c93042531aa59bc206a9537cebf5267cedc6c68531", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Microsoft Security Blog" ], "articles": [ { "id": "art-102", "title": "AI brands as bait: How threat actors are using the AI hype in social engineering", "link": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "2388ed7aee0b6b392778e8f9e98871c06499f476c9e7eae6ca0916f827fe65df", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-107", "title": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances", "link": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "24a11a26a2586f4fba7bfe89df2e21a0809ad85069e442da98c37c4add369a0c", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-107", "title": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances", "link": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "25270cc429ada8028b5b33220ed412c47907ecceea7377d608fac5af01bed56a", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Microsoft Security Blog" ], "articles": [ { "id": "art-102", "title": "AI brands as bait: How threat actors are using the AI hype in social engineering", "link": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "320a0b5d4900697e125cebb5ff03dee7368f8f087db1c1570b0b62f5a986d759", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-107", "title": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances", "link": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "40d264cf9c73923932c3dfd52d20f46ff602be3fea8dc6ecc71aca46e6067bf5", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-107", "title": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances", "link": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "45313a6745803a7f57ff35f5397fdf117eaec008a76417e6e2ac8a6280f7d830", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-107", "title": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances", "link": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "5455341ed1bbe75a664fca2dd0794c508e1874f75360253a7ff5bc119bc92d80", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Microsoft Security Blog" ], "articles": [ { "id": "art-102", "title": "AI brands as bait: How threat actors are using the AI hype in social engineering", "link": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "56d722b0331bf0aaa86bb37483486c6dff6ad9427fc473ed7c3226c21a9bdd23", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Microsoft Security Blog" ], "articles": [ { "id": "art-102", "title": "AI brands as bait: How threat actors are using the AI hype in social engineering", "link": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "791efb555eefb7215e96659a1353a97416743b66bdd72705493129c64057d40e", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Microsoft Security Blog" ], "articles": [ { "id": "art-102", "title": "AI brands as bait: How threat actors are using the AI hype in social engineering", "link": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "8610d4fb0ec5b525071c2aaec4df0f8fcbb3673aba58a7e1959fc44e83c0e2ca", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Microsoft Security Blog" ], "articles": [ { "id": "art-102", "title": "AI brands as bait: How threat actors are using the AI hype in social engineering", "link": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "90b760ed1d0dcb3ef0f2b6d6195c9d852bcb65eca293578982a8c4b64f51b035", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-107", "title": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances", "link": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "92fb4ad6dee9362d0596fda7bbcfe1ba353f812ea801d1870e37bfc6376e624a", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-107", "title": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances", "link": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "99231deb373997364381d1eb513d2d42231d418c3a2db9007c5af9bd56ab9371", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Microsoft Security Blog" ], "articles": [ { "id": "art-102", "title": "AI brands as bait: How threat actors are using the AI hype in social engineering", "link": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "aa688682d44f0c6b0ed7f30b981a609100107f2d414a3a6e5808671b112d1878", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-107", "title": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances", "link": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "c7c5072df9f83f4c440a5c3bb4be1d5f6c67bbf78f196406ca20d27b43b975b8", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Microsoft Security Blog" ], "articles": [ { "id": "art-102", "title": "AI brands as bait: How threat actors are using the AI hype in social engineering", "link": "https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "dfb37247d12351ef9708cb6631ce2d7017897503657c6b882a711c0da8a9a591", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-107", "title": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances", "link": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "eb141a43958802727a6c813452450c10b92704bea4474ee5fd87c0a1be326e2e", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-107", "title": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances", "link": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "ee41e06ed96182ce80cd4544a6abd5d7719c4a5c0e5ddb266a83842d39b99b0a", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-107", "title": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances", "link": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "f70abe93121637d3ec2f6c5e058ccac0307ebf63e496f38588cbfc17a8f8a264", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-107", "title": "VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances", "link": "https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html", "published": "2026-06-08", "sev": "crit" } ], "first_seen": "2026-06-08" }, { "value": "ommicrosoft.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-98", "title": "When \u201cHi, This Is IT\u201d Comes Through Microsoft Teams", "link": "https://unit42.paloaltonetworks.com/microsoft-teams-phishing/", "published": "2026-06-08", "sev": "high" } ], "first_seen": "2026-06-08" }, { "value": "clientsdk.brdtnet.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-114", "title": "Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI", "link": "https://thehackernews.com/2026/06/free-apps-are-quietly-turning-smart-tvs.html", "published": "2026-06-06", "sev": "high" } ], "first_seen": "2026-06-06" }, { "value": "clientsdk.bright-sdk.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-114", "title": "Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI", "link": "https://thehackernews.com/2026/06/free-apps-are-quietly-turning-smart-tvs.html", "published": "2026-06-06", "sev": "high" } ], "first_seen": "2026-06-06" }, { "value": "proxyjs.brdtnet.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-114", "title": "Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI", "link": "https://thehackernews.com/2026/06/free-apps-are-quietly-turning-smart-tvs.html", "published": "2026-06-06", "sev": "high" } ], "first_seen": "2026-06-06" }, { "value": "proxyjs.bright-sdk.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-114", "title": "Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI", "link": "https://thehackernews.com/2026/06/free-apps-are-quietly-turning-smart-tvs.html", "published": "2026-06-06", "sev": "high" } ], "first_seen": "2026-06-06" }, { "value": "proxyjs.luminatinet.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-114", "title": "Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI", "link": "https://thehackernews.com/2026/06/free-apps-are-quietly-turning-smart-tvs.html", "published": "2026-06-06", "sev": "high" } ], "first_seen": "2026-06-06" }, { "value": "CVE-2026-28318", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-121", "title": "CISA KEV: CVE-2026-28318 \u2014 SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-06-05", "sev": "crit" } ], "first_seen": "2026-06-05" }, { "value": "CVE-2026-47668", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-120", "title": "[GHSA / CRITICAL] CVE-2026-47668: DbGate: Unauthenticated Remote Code Execution via JSON Script Runner", "link": "https://github.com/advisories/GHSA-8v3q-9vmx-36vc", "published": "2026-06-05", "sev": "crit" } ], "first_seen": "2026-06-05" }, { "value": "CVE-2026-47669", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-119", "title": "[GHSA / CRITICAL] CVE-2026-47669: DbGate: Zip Slip in archive/unzip allows arbitrary file write leading to RCE", "link": "https://github.com/advisories/GHSA-h535-j5hr-mv56", "published": "2026-06-05", "sev": "crit" } ], "first_seen": "2026-06-05" }, { "value": "CVE-2026-47670", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-118", "title": "[GHSA / CRITICAL] CVE-2026-47670: Authenticated Remote Code Execution via loadReader functionName code injection in DbGate", "link": "https://github.com/advisories/GHSA-wm5r-5qp3-5vxf", "published": "2026-06-05", "sev": "crit" } ], "first_seen": "2026-06-05" }, { "value": "CVE-2026-47731", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-116", "title": "[GHSA / CRITICAL] CVE-2026-47731: NASA AMMOS Instrument Toolkit: Path traversal resulting in arbitrary file append (can be triggered over the network by unauthenticated attacker)", "link": "https://github.com/advisories/GHSA-p462-prxw-mjx4", "published": "2026-06-05", "sev": "crit" } ], "first_seen": "2026-06-05" }, { "value": "CVE-2026-47744", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-115", "title": "[GHSA / CRITICAL] CVE-2026-47744: Shopper: Authorization bypass and RBAC privilege escalation in team settings", "link": "https://github.com/advisories/GHSA-c3qp-2ggw-xjg7", "published": "2026-06-05", "sev": "crit" } ], "first_seen": "2026-06-05" }, { "value": "CVE-2026-47708", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-122", "title": "[GHSA / CRITICAL] CVE-2026-47708: MCP-for-Stata: Command injection via log_file_name parameter in Stata command wrapper", "link": "https://github.com/advisories/GHSA-4p62-hqp5-g644", "published": "2026-06-04", "sev": "crit" } ], "first_seen": "2026-06-04" }, { "value": "608d01124cd6b5b8c55888e984b4c4d9b06fa686", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Snyk", "Microsoft Security Blog" ], "articles": [ { "id": "art-130", "title": "Node-gyp Supply Chain Compromise: A Self-Propagating npm Worm That Hides in binding.gyp", "link": "https://snyk.io/blog/node-gyp-supply-chain-compromise-self-propagating-npm-worm-binding-gyp/", "published": "2026-06-04", "sev": "high" }, { "id": "art-139", "title": "Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign", "link": "https://www.microsoft.com/en-us/security/blog/2026/06/02/preinstall-persistence-inside-red-hat-npm-miasma-credential-stealing-campaign/", "published": "2026-06-03", "sev": "crit" } ], "first_seen": "2026-06-04" }, { "value": "8bf051251ec3b973e39a313547e53421a2f8d2f6", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Snyk", "Microsoft Security Blog" ], "articles": [ { "id": "art-130", "title": "Node-gyp Supply Chain Compromise: A Self-Propagating npm Worm That Hides in binding.gyp", "link": "https://snyk.io/blog/node-gyp-supply-chain-compromise-self-propagating-npm-worm-binding-gyp/", "published": "2026-06-04", "sev": "high" }, { "id": "art-139", "title": "Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign", "link": "https://www.microsoft.com/en-us/security/blog/2026/06/02/preinstall-persistence-inside-red-hat-npm-miasma-credential-stealing-campaign/", "published": "2026-06-03", "sev": "crit" } ], "first_seen": "2026-06-04" }, { "value": "ab9903d9edc720d1e11ea7d3d3e7a1c456f44ff7", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Snyk", "Microsoft Security Blog" ], "articles": [ { "id": "art-130", "title": "Node-gyp Supply Chain Compromise: A Self-Propagating npm Worm That Hides in binding.gyp", "link": "https://snyk.io/blog/node-gyp-supply-chain-compromise-self-propagating-npm-worm-binding-gyp/", "published": "2026-06-04", "sev": "high" }, { "id": "art-139", "title": "Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign", "link": "https://www.microsoft.com/en-us/security/blog/2026/06/02/preinstall-persistence-inside-red-hat-npm-miasma-credential-stealing-campaign/", "published": "2026-06-03", "sev": "crit" } ], "first_seen": "2026-06-04" }, { "value": "d78c25443ec4a0d7f0a85776461f3b1163132537", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-123", "title": "[GHSA / CRITICAL] GHSA-jpvj-wpmj-h7rv: Supply chain compromise via malicious @cap-js/openapi", "link": "https://github.com/advisories/GHSA-jpvj-wpmj-h7rv", "published": "2026-06-04", "sev": "crit" } ], "first_seen": "2026-06-04" }, { "value": "7c24b4d9a8f448832f3752d7f67dcdbf1b7f0f41e10bf633efa175e627144e8b", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-123", "title": "[GHSA / CRITICAL] GHSA-jpvj-wpmj-h7rv: Supply chain compromise via malicious @cap-js/openapi", "link": "https://github.com/advisories/GHSA-jpvj-wpmj-h7rv", "published": "2026-06-04", "sev": "crit" } ], "first_seen": "2026-06-04" }, { "value": "CVE-2025-6514", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-131", "title": "So You Have an AI Security Budget. Now what?", "link": "https://snyk.io/blog/ai-security-budget/", "published": "2026-06-04", "sev": "high" } ], "first_seen": "2026-06-04" }, { "value": "kongtuke.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-126", "title": "Reporting from Vegas: Networking, AI, and good boys", "link": "https://blog.talosintelligence.com/reporting-from-vegas-networking-ai-and-good-boys/", "published": "2026-06-04", "sev": "high" } ], "first_seen": "2026-06-04" }, { "value": "144.31.221.82", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-126", "title": "Reporting from Vegas: Networking, AI, and good boys", "link": "https://blog.talosintelligence.com/reporting-from-vegas-networking-ai-and-good-boys/", "published": "2026-06-04", "sev": "high" }, { "id": "art-129", "title": "Hypotheses, telemetry, and human judgment: Inside Cisco Talos Threat Hunting", "link": "https://blog.talosintelligence.com/hypotheses-telemetry-and-human-judgment-inside-cisco-talos-threat-hunting/", "published": "2026-06-04", "sev": "high" } ], "first_seen": "2026-06-04" }, { "value": "bf9672ec85283fdf002d83662f0b08b7", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-126", "title": "Reporting from Vegas: Networking, AI, and good boys", "link": "https://blog.talosintelligence.com/reporting-from-vegas-networking-ai-and-good-boys/", "published": "2026-06-04", "sev": "high" } ], "first_seen": "2026-06-04" }, { "value": "cc4d231df34e57f59eb970353c7d9de2", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-126", "title": "Reporting from Vegas: Networking, AI, and good boys", "link": "https://blog.talosintelligence.com/reporting-from-vegas-networking-ai-and-good-boys/", "published": "2026-06-04", "sev": "high" }, { "id": "art-185", "title": "Less panic patching, more precision", "link": "https://blog.talosintelligence.com/less-panic-patching-more-precision/", "published": "2026-05-28", "sev": "high" } ], "first_seen": "2026-06-04" }, { "value": "5926b86b642e00672252953eb30d8f75cfb7797fe3118bd6fa2cfbee92905d61", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-130", "title": "Node-gyp Supply Chain Compromise: A Self-Propagating npm Worm That Hides in binding.gyp", "link": "https://snyk.io/blog/node-gyp-supply-chain-compromise-self-propagating-npm-worm-binding-gyp/", "published": "2026-06-04", "sev": "high" } ], "first_seen": "2026-06-04" }, { "value": "82d83274680df928fdda296a348e01802f595e412308c399565c320df444052a", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-130", "title": "Node-gyp Supply Chain Compromise: A Self-Propagating npm Worm That Hides in binding.gyp", "link": "https://snyk.io/blog/node-gyp-supply-chain-compromise-self-propagating-npm-worm-binding-gyp/", "published": "2026-06-04", "sev": "high" } ], "first_seen": "2026-06-04" }, { "value": "afc8a00883a4ea07df2dc1d4ed02f8a23b35c9456413b438a2d9ce3ae5076638", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-126", "title": "Reporting from Vegas: Networking, AI, and good boys", "link": "https://blog.talosintelligence.com/reporting-from-vegas-networking-ai-and-good-boys/", "published": "2026-06-04", "sev": "high" }, { "id": "art-185", "title": "Less panic patching, more precision", "link": "https://blog.talosintelligence.com/less-panic-patching-more-precision/", "published": "2026-05-28", "sev": "high" } ], "first_seen": "2026-06-04" }, { "value": "c0ad494457dcd9e964378760fb6aca86a23622045bca851d8f3ab49ec33978fe", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-126", "title": "Reporting from Vegas: Networking, AI, and good boys", "link": "https://blog.talosintelligence.com/reporting-from-vegas-networking-ai-and-good-boys/", "published": "2026-06-04", "sev": "high" } ], "first_seen": "2026-06-04" }, { "value": "da39146ef451d1b174a24d00b1e2a45cd38d54e849737f8f35333dcb22175707", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-130", "title": "Node-gyp Supply Chain Compromise: A Self-Propagating npm Worm That Hides in binding.gyp", "link": "https://snyk.io/blog/node-gyp-supply-chain-compromise-self-propagating-npm-worm-binding-gyp/", "published": "2026-06-04", "sev": "high" } ], "first_seen": "2026-06-04" }, { "value": "CVE-2026-44180", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-135", "title": "[GHSA / CRITICAL] CVE-2026-44180: Jupyter Enterprise Gateway: ContainerProcessProxy._enforce_prohibited_ids Bypass", "link": "https://github.com/advisories/GHSA-chq7-94j8-cj28", "published": "2026-06-03", "sev": "crit" } ], "first_seen": "2026-06-03" }, { "value": "CVE-2026-44181", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-134", "title": "[GHSA / CRITICAL] CVE-2026-44181: Jupyter Enterprise Gateway: Jinja2 Template Server Side Template Injection resulting in Remote Code Execution", "link": "https://github.com/advisories/GHSA-f49j-v924-fx9w", "published": "2026-06-03", "sev": "crit" } ], "first_seen": "2026-06-03" }, { "value": "CVE-2026-44182", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-133", "title": "[GHSA / CRITICAL] CVE-2026-44182: Jupyter Enterprise Gateway: Kubernetes Manifest Injection in Jinja2 Template Rendering", "link": "https://github.com/advisories/GHSA-cfw7-6c5v-2wjq", "published": "2026-06-03", "sev": "crit" } ], "first_seen": "2026-06-03" }, { "value": "CVE-2026-45247", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-141", "title": "CISA KEV: CVE-2026-45247 \u2014 Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-06-03", "sev": "crit" } ], "first_seen": "2026-06-03" }, { "value": "asper1.freeddns.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-137", "title": "Argamal: Malware hidden in hentai games", "link": "https://securelist.com/argamal-rat-distributed-with-hentai-games/119999/", "published": "2026-06-03", "sev": "high" } ], "first_seen": "2026-06-03" }, { "value": "country1.ignorelist.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-137", "title": "Argamal: Malware hidden in hentai games", "link": "https://securelist.com/argamal-rat-distributed-with-hentai-games/119999/", "published": "2026-06-03", "sev": "high" } ], "first_seen": "2026-06-03" }, { "value": "winst0.kozow.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-137", "title": "Argamal: Malware hidden in hentai games", "link": "https://securelist.com/argamal-rat-distributed-with-hentai-games/119999/", "published": "2026-06-03", "sev": "high" } ], "first_seen": "2026-06-03" }, { "value": "186.158.223.35", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-137", "title": "Argamal: Malware hidden in hentai games", "link": "https://securelist.com/argamal-rat-distributed-with-hentai-games/119999/", "published": "2026-06-03", "sev": "high" } ], "first_seen": "2026-06-03" }, { "value": "42add9475e67a1ccc6a6af94b5475d3defc01b85", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-137", "title": "Argamal: Malware hidden in hentai games", "link": "https://securelist.com/argamal-rat-distributed-with-hentai-games/119999/", "published": "2026-06-03", "sev": "high" } ], "first_seen": "2026-06-03" }, { "value": "edce72f59e4c1d136cd1946af70d334c19df858d", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-137", "title": "Argamal: Malware hidden in hentai games", "link": "https://securelist.com/argamal-rat-distributed-with-hentai-games/119999/", "published": "2026-06-03", "sev": "high" } ], "first_seen": "2026-06-03" }, { "value": "CVE-2022-0492", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV", "Securelist (Kaspersky)", "Aikido" ], "articles": [ { "id": "art-152", "title": "CISA KEV: CVE-2022-0492 \u2014 Linux Kernel Improper Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-06-02", "sev": "crit" }, { "id": "art-158", "title": "Containers on fire: from container escapes to supply chain attacks", "link": "https://securelist.com/container-attack-vectors/120010/", "published": "2026-06-01", "sev": "crit" } ], "first_seen": "2026-06-02" }, { "value": "CVE-2025-48595", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-153", "title": "CISA KEV: CVE-2025-48595 \u2014 Android Framework Integer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-06-02", "sev": "crit" } ], "first_seen": "2026-06-02" }, { "value": "ads-parkpro.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-150", "title": "Operation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell Backdoor", "link": "https://unit42.paloaltonetworks.com/flutterbridge-new-fluttershell-backdoor/", "published": "2026-06-02", "sev": "crit" } ], "first_seen": "2026-06-02" }, { "value": "adsparkpro.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-150", "title": "Operation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell Backdoor", "link": "https://unit42.paloaltonetworks.com/flutterbridge-new-fluttershell-backdoor/", "published": "2026-06-02", "sev": "crit" } ], "first_seen": "2026-06-02" }, { "value": "adsparkpro.top", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-150", "title": "Operation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell Backdoor", "link": "https://unit42.paloaltonetworks.com/flutterbridge-new-fluttershell-backdoor/", "published": "2026-06-02", "sev": "crit" } ], "first_seen": "2026-06-02" }, { "value": "atsheisdomestic.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-150", "title": "Operation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell Backdoor", "link": "https://unit42.paloaltonetworks.com/flutterbridge-new-fluttershell-backdoor/", "published": "2026-06-02", "sev": "crit" } ], "first_seen": "2026-06-02" }, { "value": "audit.checkmarx.cx", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)", "StepSecurity", "Securelist (Kaspersky)", "Aikido" ], "articles": [ { "id": "art-143", "title": "The npm Threat Landscape: Attack Surface and Mitigations (Updated June 2)", "link": "https://unit42.paloaltonetworks.com/monitoring-npm-supply-chain-attacks/", "published": "2026-06-02", "sev": "crit" }, { "id": "art-158", "title": "Containers on fire: from container escapes to supply chain attacks", "link": "https://securelist.com/container-attack-vectors/120010/", "published": "2026-06-01", "sev": "crit" }, { "id": "art-335", "title": "Bitwarden CLI Hijacked on npm: Bun-Staged Credential Stealer Targets Developers, GitHub Actions, and AI Tools", "link": "https://www.stepsecurity.io/blog/bitwarden-cli-hijacked-on-npm-bun-staged-credential-stealer-targets-developers-github-actions-and-ai-tools", "published": "2026-05-04", "sev": "crit" }, { "id": "art-361", "title": "Is Shai-Hulud Back? Compromised Bitwarden CLI Contains a Self-Propagating npm Worm", "link": "https://www.aikido.dev/blog/shai-hulud-npm-bitwarden-cli-compromise", "published": "2026-04-23", "sev": "high" } ], "first_seen": "2026-06-02" }, { "value": "etoftheappyrince.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-150", "title": "Operation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell Backdoor", "link": "https://unit42.paloaltonetworks.com/flutterbridge-new-fluttershell-backdoor/", "published": "2026-06-02", "sev": "crit" } ], "first_seen": "2026-06-02" }, { "value": "flipboxstudio.info", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "StepSecurity", "Snyk", "Aikido" ], "articles": [ { "id": "art-145", "title": "Laravel-Lang Supply Chain Attack: Every Tag Across Multiple Composer Packages Rewritten to Steal CI Secrets", "link": "https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack", "published": "2026-06-02", "sev": "high" }, { "id": "art-211", "title": "Laravel Lang Supply Chain Advisory", "link": "https://snyk.io/blog/laravel-lang-supply-chain-advisory/", "published": "2026-05-23", "sev": "crit" }, { "id": "art-212", "title": "Supply Chain Attack Targets Laravel-Lang Packages with Credential Stealer", "link": "https://www.aikido.dev/blog/supply-chain-attack-targets-laravel-lang-packages-with-credential-stealer", "published": "2026-05-23", "sev": "high" } ], "first_seen": "2026-06-02" }, { "value": "healightejustb.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-150", "title": "Operation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell Backdoor", "link": "https://unit42.paloaltonetworks.com/flutterbridge-new-fluttershell-backdoor/", "published": "2026-06-02", "sev": "crit" } ], "first_seen": "2026-06-02" }, { "value": "sinterfumesco.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-150", "title": "Operation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell Backdoor", "link": "https://unit42.paloaltonetworks.com/flutterbridge-new-fluttershell-backdoor/", "published": "2026-06-02", "sev": "crit" } ], "first_seen": "2026-06-02" }, { "value": "softwe.art", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-150", "title": "Operation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell Backdoor", "link": "https://unit42.paloaltonetworks.com/flutterbridge-new-fluttershell-backdoor/", "published": "2026-06-02", "sev": "crit" } ], "first_seen": "2026-06-02" }, { "value": "94.154.172.43", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)", "StepSecurity", "Securelist (Kaspersky)", "Aikido", "GitHub Security Advisories" ], "articles": [ { "id": "art-143", "title": "The npm Threat Landscape: Attack Surface and Mitigations (Updated June 2)", "link": "https://unit42.paloaltonetworks.com/monitoring-npm-supply-chain-attacks/", "published": "2026-06-02", "sev": "crit" }, { "id": "art-158", "title": "Containers on fire: from container escapes to supply chain attacks", "link": "https://securelist.com/container-attack-vectors/120010/", "published": "2026-06-01", "sev": "crit" }, { "id": "art-235", "title": "[GHSA / CRITICAL] CVE-2026-46421: Supply chain compromise via malicious package versions (@cap-js/sqlite, @cap-js/postgres, @cap-js/db-service)", "link": "https://github.com/advisories/GHSA-pvw4-cvr4-97p8", "published": "2026-05-20", "sev": "crit" }, { "id": "art-335", "title": "Bitwarden CLI Hijacked on npm: Bun-Staged Credential Stealer Targets Developers, GitHub Actions, and AI Tools", "link": "https://www.stepsecurity.io/blog/bitwarden-cli-hijacked-on-npm-bun-staged-credential-stealer-targets-developers-github-actions-and-ai-tools", "published": "2026-05-04", "sev": "crit" } ], "first_seen": "2026-06-02" }, { "value": "556d2b335d4d6d92139822017ee461b668afe375", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity", "Snyk" ], "articles": [ { "id": "art-145", "title": "Laravel-Lang Supply Chain Attack: Every Tag Across Multiple Composer Packages Rewritten to Steal CI Secrets", "link": "https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack", "published": "2026-06-02", "sev": "high" }, { "id": "art-211", "title": "Laravel Lang Supply Chain Advisory", "link": "https://snyk.io/blog/laravel-lang-supply-chain-advisory/", "published": "2026-05-23", "sev": "crit" } ], "first_seen": "2026-06-02" }, { "value": "a5ea2e8fa92ccf29cdb1d2dadbeb27722b2bff37", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity", "Snyk" ], "articles": [ { "id": "art-145", "title": "Laravel-Lang Supply Chain Attack: Every Tag Across Multiple Composer Packages Rewritten to Steal CI Secrets", "link": "https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack", "published": "2026-06-02", "sev": "high" }, { "id": "art-211", "title": "Laravel Lang Supply Chain Advisory", "link": "https://snyk.io/blog/laravel-lang-supply-chain-advisory/", "published": "2026-05-23", "sev": "crit" } ], "first_seen": "2026-06-02" }, { "value": "bba2e443dc7ff1f8704f52a5375383e3f4f643b8", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity", "Snyk" ], "articles": [ { "id": "art-145", "title": "Laravel-Lang Supply Chain Attack: Every Tag Across Multiple Composer Packages Rewritten to Steal CI Secrets", "link": "https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack", "published": "2026-06-02", "sev": "high" }, { "id": "art-211", "title": "Laravel Lang Supply Chain Advisory", "link": "https://snyk.io/blog/laravel-lang-supply-chain-advisory/", "published": "2026-05-23", "sev": "crit" } ], "first_seen": "2026-06-02" }, { "value": "021666417de8b9972c179783fe60d4c4ad2d93224e3a0f16137065c960b1b845", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-150", "title": "Operation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell Backdoor", "link": "https://unit42.paloaltonetworks.com/flutterbridge-new-fluttershell-backdoor/", "published": "2026-06-02", "sev": "crit" } ], "first_seen": "2026-06-02" }, { "value": "069ac1dc7f7649b76bc72a11ac700f373804bfd81dab7e561157b703999f44ce", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Aikido", "StepSecurity" ], "articles": [ { "id": "art-142", "title": "Why EDR and proxy won\u2019t save you from supply chain malware", "link": "https://www.aikido.dev/blog/edr-proxy-wont-protect-supply-chain-malware", "published": "2026-06-02", "sev": "high" }, { "id": "art-230", "title": "5 Supply Chain Attacks in 48 Hours: Why Securing One Layer Is Not Enough", "link": "https://www.stepsecurity.io/blog/5-supply-chain-attacks-in-48-hours-why-securing-one-layer-is-not-enough", "published": "2026-05-21", "sev": "crit" }, { "id": "art-254", "title": "Microsoft's durabletask package on PyPi Compromised. Mini Shai Hulud attacks again... again!", "link": "https://www.aikido.dev/blog/durabletask-package-compromised-mini-shai-hulud", "published": "2026-05-19", "sev": "high" } ], "first_seen": "2026-06-02" }, { "value": "1a4afce34918bdc74ae3f31edaffffaa0ee074d83618f53edfd88137927340b8", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity", "Aikido" ], "articles": [ { "id": "art-146", "title": "Nx Console VS Code Extension Compromised", "link": "https://www.stepsecurity.io/blog/nx-console-vs-code-extension-compromised", "published": "2026-06-02", "sev": "high" }, { "id": "art-186", "title": "What MDM can't protect on developer machines (and what to do about it)", "link": "https://www.aikido.dev/blog/what-mdm-cant-protect", "published": "2026-05-28", "sev": "high" }, { "id": "art-230", "title": "5 Supply Chain Attacks in 48 Hours: Why Securing One Layer Is Not Enough", "link": "https://www.stepsecurity.io/blog/5-supply-chain-attacks-in-48-hours-why-securing-one-layer-is-not-enough", "published": "2026-05-21", "sev": "crit" }, { "id": "art-236", "title": "The Wild West of VS Code extensions and how a poisoned extension breached GitHub", "link": "https://www.aikido.dev/blog/vs-code-extension-github-breach", "published": "2026-05-20", "sev": "crit" }, { "id": "art-238", "title": "GitHub breached via a malicious VS Code extension: why developer devices are the real target", "link": "https://www.aikido.dev/blog/github-breached-vs-code-extension", "published": "2026-05-20", "sev": "high" } ], "first_seen": "2026-06-02" }, { "value": "30448686ec900d5213d74f08f0d2b7924c5336a29445b2a434aba8d8b19d7530", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-150", "title": "Operation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell Backdoor", "link": "https://unit42.paloaltonetworks.com/flutterbridge-new-fluttershell-backdoor/", "published": "2026-06-02", "sev": "crit" } ], "first_seen": "2026-06-02" }, { "value": "363923500ce942bf1a953e8a4e943fbf1fb1b5ed6e5d247964c345b3ad5bfc34", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-150", "title": "Operation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell Backdoor", "link": "https://unit42.paloaltonetworks.com/flutterbridge-new-fluttershell-backdoor/", "published": "2026-06-02", "sev": "crit" } ], "first_seen": "2026-06-02" }, { "value": "48047c34bbd57fe1e24bc538bc2ce9e0ac4c4eb48d3b0c195b414f0379dc0745", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-150", "title": "Operation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell Backdoor", "link": "https://unit42.paloaltonetworks.com/flutterbridge-new-fluttershell-backdoor/", "published": "2026-06-02", "sev": "crit" } ], "first_seen": "2026-06-02" }, { "value": "644fc49fa1006a2a2acace694e5fb83753164e2617051ece6d9dc9ea32329e70", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-150", "title": "Operation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell Backdoor", "link": "https://unit42.paloaltonetworks.com/flutterbridge-new-fluttershell-backdoor/", "published": "2026-06-02", "sev": "crit" } ], "first_seen": "2026-06-02" }, { "value": "7d80b3ef74ad7992b93c31966962612e4e2ceb93e7727cdbd1d2a9af47d44ba8", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Aikido", "StepSecurity" ], "articles": [ { "id": "art-142", "title": "Why EDR and proxy won\u2019t save you from supply chain malware", "link": "https://www.aikido.dev/blog/edr-proxy-wont-protect-supply-chain-malware", "published": "2026-06-02", "sev": "high" }, { "id": "art-230", "title": "5 Supply Chain Attacks in 48 Hours: Why Securing One Layer Is Not Enough", "link": "https://www.stepsecurity.io/blog/5-supply-chain-attacks-in-48-hours-why-securing-one-layer-is-not-enough", "published": "2026-05-21", "sev": "crit" } ], "first_seen": "2026-06-02" }, { "value": "8421c902364980e3d762ec6dbbe6b0f40577c27bd79b48c57d098328b2533109", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-150", "title": "Operation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell Backdoor", "link": "https://unit42.paloaltonetworks.com/flutterbridge-new-fluttershell-backdoor/", "published": "2026-06-02", "sev": "crit" } ], "first_seen": "2026-06-02" }, { "value": "9053e8ddaecca1f960c041c944ca8799fc71dc86a4b50d2639ee4e0d2cb82f47", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-150", "title": "Operation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell Backdoor", "link": "https://unit42.paloaltonetworks.com/flutterbridge-new-fluttershell-backdoor/", "published": "2026-06-02", "sev": "crit" } ], "first_seen": "2026-06-02" }, { "value": "9425e8e39fa8a7212cdd07f0917cb3dfde38a90b87297de2c82a5850aff1e4de", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-150", "title": "Operation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell Backdoor", "link": "https://unit42.paloaltonetworks.com/flutterbridge-new-fluttershell-backdoor/", "published": "2026-06-02", "sev": "crit" } ], "first_seen": "2026-06-02" }, { "value": "aeaf583e20347bf850e2fabdcd6f4982996ba023f8c2cd56bbd299cfd56516f5", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Aikido", "StepSecurity" ], "articles": [ { "id": "art-142", "title": "Why EDR and proxy won\u2019t save you from supply chain malware", "link": "https://www.aikido.dev/blog/edr-proxy-wont-protect-supply-chain-malware", "published": "2026-06-02", "sev": "high" }, { "id": "art-230", "title": "5 Supply Chain Attacks in 48 Hours: Why Securing One Layer Is Not Enough", "link": "https://www.stepsecurity.io/blog/5-supply-chain-attacks-in-48-hours-why-securing-one-layer-is-not-enough", "published": "2026-05-21", "sev": "crit" } ], "first_seen": "2026-06-02" }, { "value": "b0cefb66b953e5184b6adb3035e9e267335ac5eabfe1848e07834777b9397b74", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity", "Aikido" ], "articles": [ { "id": "art-146", "title": "Nx Console VS Code Extension Compromised", "link": "https://www.stepsecurity.io/blog/nx-console-vs-code-extension-compromised", "published": "2026-06-02", "sev": "high" }, { "id": "art-186", "title": "What MDM can't protect on developer machines (and what to do about it)", "link": "https://www.aikido.dev/blog/what-mdm-cant-protect", "published": "2026-05-28", "sev": "high" }, { "id": "art-230", "title": "5 Supply Chain Attacks in 48 Hours: Why Securing One Layer Is Not Enough", "link": "https://www.stepsecurity.io/blog/5-supply-chain-attacks-in-48-hours-why-securing-one-layer-is-not-enough", "published": "2026-05-21", "sev": "crit" }, { "id": "art-236", "title": "The Wild West of VS Code extensions and how a poisoned extension breached GitHub", "link": "https://www.aikido.dev/blog/vs-code-extension-github-breach", "published": "2026-05-20", "sev": "crit" }, { "id": "art-238", "title": "GitHub breached via a malicious VS Code extension: why developer devices are the real target", "link": "https://www.aikido.dev/blog/github-breached-vs-code-extension", "published": "2026-05-20", "sev": "high" } ], "first_seen": "2026-06-02" }, { "value": "b60074d1ea2008a581f432f2dee5f84f78668d9dd8e66f75d03c42dabd89bdea", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-150", "title": "Operation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell Backdoor", "link": "https://unit42.paloaltonetworks.com/flutterbridge-new-fluttershell-backdoor/", "published": "2026-06-02", "sev": "crit" } ], "first_seen": "2026-06-02" }, { "value": "e7347d90653efc565f03733a95e9209d78f9cfa81e31ff2b2dd9d48d75a4b8b1", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity", "Aikido" ], "articles": [ { "id": "art-146", "title": "Nx Console VS Code Extension Compromised", "link": "https://www.stepsecurity.io/blog/nx-console-vs-code-extension-compromised", "published": "2026-06-02", "sev": "high" }, { "id": "art-186", "title": "What MDM can't protect on developer machines (and what to do about it)", "link": "https://www.aikido.dev/blog/what-mdm-cant-protect", "published": "2026-05-28", "sev": "high" }, { "id": "art-230", "title": "5 Supply Chain Attacks in 48 Hours: Why Securing One Layer Is Not Enough", "link": "https://www.stepsecurity.io/blog/5-supply-chain-attacks-in-48-hours-why-securing-one-layer-is-not-enough", "published": "2026-05-21", "sev": "crit" }, { "id": "art-236", "title": "The Wild West of VS Code extensions and how a poisoned extension breached GitHub", "link": "https://www.aikido.dev/blog/vs-code-extension-github-breach", "published": "2026-05-20", "sev": "crit" }, { "id": "art-238", "title": "GitHub breached via a malicious VS Code extension: why developer devices are the real target", "link": "https://www.aikido.dev/blog/github-breached-vs-code-extension", "published": "2026-05-20", "sev": "high" } ], "first_seen": "2026-06-02" }, { "value": "packages.npm.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-142", "title": "Why EDR and proxy won\u2019t save you from supply chain malware", "link": "https://www.aikido.dev/blog/edr-proxy-wont-protect-supply-chain-malware", "published": "2026-06-02", "sev": "high" } ], "first_seen": "2026-06-02" }, { "value": "160.119.64.3", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-142", "title": "Why EDR and proxy won\u2019t save you from supply chain malware", "link": "https://www.aikido.dev/blog/edr-proxy-wont-protect-supply-chain-malware", "published": "2026-06-02", "sev": "high" } ], "first_seen": "2026-06-02" }, { "value": "1713b19cbf609cb101ff5e216be41f7224269082", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-145", "title": "Laravel-Lang Supply Chain Attack: Every Tag Across Multiple Composer Packages Rewritten to Steal CI Secrets", "link": "https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack", "published": "2026-06-02", "sev": "high" } ], "first_seen": "2026-06-02" }, { "value": "26c233e1a0d4fd2331e8e0f175e18f8eed904aa3", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-145", "title": "Laravel-Lang Supply Chain Attack: Every Tag Across Multiple Composer Packages Rewritten to Steal CI Secrets", "link": "https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack", "published": "2026-06-02", "sev": "high" } ], "first_seen": "2026-06-02" }, { "value": "50ac0db454d19234c835716f297bbc5363c0a25c", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-145", "title": "Laravel-Lang Supply Chain Attack: Every Tag Across Multiple Composer Packages Rewritten to Steal CI Secrets", "link": "https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack", "published": "2026-06-02", "sev": "high" } ], "first_seen": "2026-06-02" }, { "value": "6b1d5782a8c8c199d070857802d39bfe609eb6f2", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-145", "title": "Laravel-Lang Supply Chain Attack: Every Tag Across Multiple Composer Packages Rewritten to Steal CI Secrets", "link": "https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack", "published": "2026-06-02", "sev": "high" } ], "first_seen": "2026-06-02" }, { "value": "722cee67326d932e7f71ba3438f62a255d779aa9", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-145", "title": "Laravel-Lang Supply Chain Attack: Every Tag Across Multiple Composer Packages Rewritten to Steal CI Secrets", "link": "https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack", "published": "2026-06-02", "sev": "high" } ], "first_seen": "2026-06-02" }, { "value": "9ee599d248cc322fa26054694a83a1f4558cc716", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-145", "title": "Laravel-Lang Supply Chain Attack: Every Tag Across Multiple Composer Packages Rewritten to Steal CI Secrets", "link": "https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack", "published": "2026-06-02", "sev": "high" } ], "first_seen": "2026-06-02" }, { "value": "a9f8d88cf98e35988d3d0fd6d79547f980853041", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-145", "title": "Laravel-Lang Supply Chain Attack: Every Tag Across Multiple Composer Packages Rewritten to Steal CI Secrets", "link": "https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack", "published": "2026-06-02", "sev": "high" } ], "first_seen": "2026-06-02" }, { "value": "ad24b980db8f0dca50ccb3ba6badb3c2331e0ef4", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-145", "title": "Laravel-Lang Supply Chain Attack: Every Tag Across Multiple Composer Packages Rewritten to Steal CI Secrets", "link": "https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack", "published": "2026-06-02", "sev": "high" } ], "first_seen": "2026-06-02" }, { "value": "c45764e70285146da37025cd8601a921ab8a7eda", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-145", "title": "Laravel-Lang Supply Chain Attack: Every Tag Across Multiple Composer Packages Rewritten to Steal CI Secrets", "link": "https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack", "published": "2026-06-02", "sev": "high" } ], "first_seen": "2026-06-02" }, { "value": "d59561727927117e65b35f0183cae131baad19fe", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-145", "title": "Laravel-Lang Supply Chain Attack: Every Tag Across Multiple Composer Packages Rewritten to Steal CI Secrets", "link": "https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack", "published": "2026-06-02", "sev": "high" } ], "first_seen": "2026-06-02" }, { "value": "daa5212264bb73fb39fe7a36618b62717dc564a5", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-145", "title": "Laravel-Lang Supply Chain Attack: Every Tag Across Multiple Composer Packages Rewritten to Steal CI Secrets", "link": "https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack", "published": "2026-06-02", "sev": "high" } ], "first_seen": "2026-06-02" }, { "value": "db0c3ef246103fd0f6c318e0d48f26b5289044c3", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-145", "title": "Laravel-Lang Supply Chain Attack: Every Tag Across Multiple Composer Packages Rewritten to Steal CI Secrets", "link": "https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack", "published": "2026-06-02", "sev": "high" } ], "first_seen": "2026-06-02" }, { "value": "3de04fe2a76262743ed089efa7115f4508619838e77d60b9a1aab8b20d2cc8bf", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-142", "title": "Why EDR and proxy won\u2019t save you from supply chain malware", "link": "https://www.aikido.dev/blog/edr-proxy-wont-protect-supply-chain-malware", "published": "2026-06-02", "sev": "high" }, { "id": "art-254", "title": "Microsoft's durabletask package on PyPi Compromised. Mini Shai Hulud attacks again... again!", "link": "https://www.aikido.dev/blog/durabletask-package-compromised-mini-shai-hulud", "published": "2026-05-19", "sev": "high" } ], "first_seen": "2026-06-02" }, { "value": "85f54c089d78ebfb101454ec934c767065a342a43c9ee1beac8430cdd3b2086f", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-142", "title": "Why EDR and proxy won\u2019t save you from supply chain malware", "link": "https://www.aikido.dev/blog/edr-proxy-wont-protect-supply-chain-malware", "published": "2026-06-02", "sev": "high" }, { "id": "art-254", "title": "Microsoft's durabletask package on PyPi Compromised. Mini Shai Hulud attacks again... again!", "link": "https://www.aikido.dev/blog/durabletask-package-compromised-mini-shai-hulud", "published": "2026-05-19", "sev": "high" } ], "first_seen": "2026-06-02" }, { "value": "877ff2531a63393c4cb9a3c86908b62d9c4fc3db971bc231c48537faae6cb3ec", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-142", "title": "Why EDR and proxy won\u2019t save you from supply chain malware", "link": "https://www.aikido.dev/blog/edr-proxy-wont-protect-supply-chain-malware", "published": "2026-06-02", "sev": "high" } ], "first_seen": "2026-06-02" }, { "value": "970ba1a06bfabaf7a7f17df75f12a19e48ad4667c938bc7949a6a0502f6160b6", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-151", "title": "Protestware by open source maintainer to hinder agentic coding: The jqwik 1.10.0 Prompt Injection", "link": "https://snyk.io/blog/protestware-open-source-maintainer-qwik-1-10-0-prompt-injection/", "published": "2026-06-02", "sev": "high" } ], "first_seen": "2026-06-02" }, { "value": "c0b094e46842260936d4b97ce63e4539b99a3eae48b736798c700217c52569dc", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-142", "title": "Why EDR and proxy won\u2019t save you from supply chain malware", "link": "https://www.aikido.dev/blog/edr-proxy-wont-protect-supply-chain-malware", "published": "2026-06-02", "sev": "high" }, { "id": "art-254", "title": "Microsoft's durabletask package on PyPi Compromised. Mini Shai Hulud attacks again... again!", "link": "https://www.aikido.dev/blog/durabletask-package-compromised-mini-shai-hulud", "published": "2026-05-19", "sev": "high" } ], "first_seen": "2026-06-02" }, { "value": "CVE-2019-5736", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)", "Aikido" ], "articles": [ { "id": "art-158", "title": "Containers on fire: from container escapes to supply chain attacks", "link": "https://securelist.com/container-attack-vectors/120010/", "published": "2026-06-01", "sev": "crit" } ], "first_seen": "2026-06-01" }, { "value": "CVE-2024-21626", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)", "Aikido" ], "articles": [ { "id": "art-158", "title": "Containers on fire: from container escapes to supply chain attacks", "link": "https://securelist.com/container-attack-vectors/120010/", "published": "2026-06-01", "sev": "crit" } ], "first_seen": "2026-06-01" }, { "value": "CVE-2026-47413", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-155", "title": "[GHSA / CRITICAL] CVE-2026-47413: praisonai-platform: Any workspace member can add arbitrary user as owner via POST /workspaces/{id}/members", "link": "https://github.com/advisories/GHSA-8g2p-pqm3-fcfh", "published": "2026-06-01", "sev": "crit" } ], "first_seen": "2026-06-01" }, { "value": "CVE-2026-47429", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-157", "title": "[GHSA / CRITICAL] CVE-2026-47429: When Vitest UI server is listening, arbitrary file can be read and executed", "link": "https://github.com/advisories/GHSA-5xrq-8626-4rwp", "published": "2026-06-01", "sev": "crit" } ], "first_seen": "2026-06-01" }, { "value": "d47de3772f2d61a043e7047431ef4cf4", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)", "Aikido" ], "articles": [ { "id": "art-158", "title": "Containers on fire: from container escapes to supply chain attacks", "link": "https://securelist.com/container-attack-vectors/120010/", "published": "2026-06-01", "sev": "crit" } ], "first_seen": "2026-06-01" }, { "value": "e1023db24a29ab0229d99764e2c8deba", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)", "Aikido" ], "articles": [ { "id": "art-158", "title": "Containers on fire: from container escapes to supply chain attacks", "link": "https://securelist.com/container-attack-vectors/120010/", "published": "2026-06-01", "sev": "crit" } ], "first_seen": "2026-06-01" }, { "value": "250f3633529457477a9f8fd3db3472e94383606a", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)", "Aikido" ], "articles": [ { "id": "art-158", "title": "Containers on fire: from container escapes to supply chain attacks", "link": "https://securelist.com/container-attack-vectors/120010/", "published": "2026-06-01", "sev": "crit" } ], "first_seen": "2026-06-01" }, { "value": "2b12cc5cc91ec483048abcbd6d523cdc9ebae3f3", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)", "Aikido" ], "articles": [ { "id": "art-158", "title": "Containers on fire: from container escapes to supply chain attacks", "link": "https://securelist.com/container-attack-vectors/120010/", "published": "2026-06-01", "sev": "crit" } ], "first_seen": "2026-06-01" }, { "value": "24680027afadea90c7c713821e214b15cb6c922e67ac01109fb1edb3ee4741d9", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)", "Aikido" ], "articles": [ { "id": "art-158", "title": "Containers on fire: from container escapes to supply chain attacks", "link": "https://securelist.com/container-attack-vectors/120010/", "published": "2026-06-01", "sev": "crit" } ], "first_seen": "2026-06-01" }, { "value": "2a6a35f06118ff7d61bfd36a5788557b695095e7c9a609b4a01956883f146f50", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)", "Aikido" ], "articles": [ { "id": "art-158", "title": "Containers on fire: from container escapes to supply chain attacks", "link": "https://securelist.com/container-attack-vectors/120010/", "published": "2026-06-01", "sev": "crit" } ], "first_seen": "2026-06-01" }, { "value": "cloudplatform-single-spa.io", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Microsoft Security Blog" ], "articles": [ { "id": "art-161", "title": "Malicious npm packages abuse dependency confusion to profile developer environments", "link": "https://www.microsoft.com/en-us/security/blog/2026/05/29/33-malicious-npm-packages-abuse-dependency-confusion-profile-developer-environments/", "published": "2026-05-30", "sev": "crit" } ], "first_seen": "2026-05-30" }, { "value": "docs.cloudplatform-single-spa.io", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Microsoft Security Blog" ], "articles": [ { "id": "art-161", "title": "Malicious npm packages abuse dependency confusion to profile developer environments", "link": "https://www.microsoft.com/en-us/security/blog/2026/05/29/33-malicious-npm-packages-abuse-dependency-confusion-profile-developer-environments/", "published": "2026-05-30", "sev": "crit" } ], "first_seen": "2026-05-30" }, { "value": "docs.t-in-one.io", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Microsoft Security Blog" ], "articles": [ { "id": "art-161", "title": "Malicious npm packages abuse dependency confusion to profile developer environments", "link": "https://www.microsoft.com/en-us/security/blog/2026/05/29/33-malicious-npm-packages-abuse-dependency-confusion-profile-developer-environments/", "published": "2026-05-30", "sev": "crit" } ], "first_seen": "2026-05-30" }, { "value": "github.cloudplatform-single-spa.io", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Microsoft Security Blog" ], "articles": [ { "id": "art-161", "title": "Malicious npm packages abuse dependency confusion to profile developer environments", "link": "https://www.microsoft.com/en-us/security/blog/2026/05/29/33-malicious-npm-packages-abuse-dependency-confusion-profile-developer-environments/", "published": "2026-05-30", "sev": "crit" } ], "first_seen": "2026-05-30" }, { "value": "jira.cloudplatform-single-spa.io", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Microsoft Security Blog" ], "articles": [ { "id": "art-161", "title": "Malicious npm packages abuse dependency confusion to profile developer environments", "link": "https://www.microsoft.com/en-us/security/blog/2026/05/29/33-malicious-npm-packages-abuse-dependency-confusion-profile-developer-environments/", "published": "2026-05-30", "sev": "crit" } ], "first_seen": "2026-05-30" }, { "value": "jira.t-in-one.io", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Microsoft Security Blog" ], "articles": [ { "id": "art-161", "title": "Malicious npm packages abuse dependency confusion to profile developer environments", "link": "https://www.microsoft.com/en-us/security/blog/2026/05/29/33-malicious-npm-packages-abuse-dependency-confusion-profile-developer-environments/", "published": "2026-05-30", "sev": "crit" } ], "first_seen": "2026-05-30" }, { "value": "moika.tech", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Microsoft Security Blog" ], "articles": [ { "id": "art-161", "title": "Malicious npm packages abuse dependency confusion to profile developer environments", "link": "https://www.microsoft.com/en-us/security/blog/2026/05/29/33-malicious-npm-packages-abuse-dependency-confusion-profile-developer-environments/", "published": "2026-05-30", "sev": "crit" } ], "first_seen": "2026-05-30" }, { "value": "npm.t-in-one.io", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Microsoft Security Blog" ], "articles": [ { "id": "art-161", "title": "Malicious npm packages abuse dependency confusion to profile developer environments", "link": "https://www.microsoft.com/en-us/security/blog/2026/05/29/33-malicious-npm-packages-abuse-dependency-confusion-profile-developer-environments/", "published": "2026-05-30", "sev": "crit" } ], "first_seen": "2026-05-30" }, { "value": "oob.moika.tech", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Microsoft Security Blog" ], "articles": [ { "id": "art-161", "title": "Malicious npm packages abuse dependency confusion to profile developer environments", "link": "https://www.microsoft.com/en-us/security/blog/2026/05/29/33-malicious-npm-packages-abuse-dependency-confusion-profile-developer-environments/", "published": "2026-05-30", "sev": "crit" } ], "first_seen": "2026-05-30" }, { "value": "t-in-one.io", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Microsoft Security Blog" ], "articles": [ { "id": "art-161", "title": "Malicious npm packages abuse dependency confusion to profile developer environments", "link": "https://www.microsoft.com/en-us/security/blog/2026/05/29/33-malicious-npm-packages-abuse-dependency-confusion-profile-developer-environments/", "published": "2026-05-30", "sev": "crit" } ], "first_seen": "2026-05-30" }, { "value": "telemetry.cloudplatform-single-spa.io", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Microsoft Security Blog" ], "articles": [ { "id": "art-161", "title": "Malicious npm packages abuse dependency confusion to profile developer environments", "link": "https://www.microsoft.com/en-us/security/blog/2026/05/29/33-malicious-npm-packages-abuse-dependency-confusion-profile-developer-environments/", "published": "2026-05-30", "sev": "crit" } ], "first_seen": "2026-05-30" }, { "value": "CVE-2017-9841", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-180", "title": "What\u2019s in the container? Analyzing vulnerabilities, risks and protection with Kaspersky Container Security and the KIRA AI assistant", "link": "https://securelist.com/container-security-typical-issues/119974/", "published": "2026-05-29", "sev": "crit" } ], "first_seen": "2026-05-29" }, { "value": "CVE-2021-4034", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-180", "title": "What\u2019s in the container? Analyzing vulnerabilities, risks and protection with Kaspersky Container Security and the KIRA AI assistant", "link": "https://securelist.com/container-security-typical-issues/119974/", "published": "2026-05-29", "sev": "crit" } ], "first_seen": "2026-05-29" }, { "value": "CVE-2023-33246", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-180", "title": "What\u2019s in the container? Analyzing vulnerabilities, risks and protection with Kaspersky Container Security and the KIRA AI assistant", "link": "https://securelist.com/container-security-typical-issues/119974/", "published": "2026-05-29", "sev": "crit" } ], "first_seen": "2026-05-29" }, { "value": "CVE-2023-37903", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-175", "title": "[GHSA / CRITICAL] CVE-2026-47137: vm2 has a CVE-2023-37903 patch bypass: nesting:true without explicit require still allows full RCE", "link": "https://github.com/advisories/GHSA-m4wx-m65x-ghrr", "published": "2026-05-29", "sev": "crit" } ], "first_seen": "2026-05-29" }, { "value": "CVE-2023-4911", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-180", "title": "What\u2019s in the container? Analyzing vulnerabilities, risks and protection with Kaspersky Container Security and the KIRA AI assistant", "link": "https://securelist.com/container-security-typical-issues/119974/", "published": "2026-05-29", "sev": "crit" } ], "first_seen": "2026-05-29" }, { "value": "CVE-2025-32463", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)", "CISA KEV" ], "articles": [ { "id": "art-180", "title": "What\u2019s in the container? Analyzing vulnerabilities, risks and protection with Kaspersky Container Security and the KIRA AI assistant", "link": "https://securelist.com/container-security-typical-issues/119974/", "published": "2026-05-29", "sev": "crit" }, { "id": "art-771", "title": "CISA KEV: CVE-2025-32463 \u2014 Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-29", "sev": "crit" } ], "first_seen": "2026-05-29" }, { "value": "CVE-2025-49844", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-180", "title": "What\u2019s in the container? Analyzing vulnerabilities, risks and protection with Kaspersky Container Security and the KIRA AI assistant", "link": "https://securelist.com/container-security-typical-issues/119974/", "published": "2026-05-29", "sev": "crit" } ], "first_seen": "2026-05-29" }, { "value": "CVE-2025-55182", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)", "SentinelLabs", "StepSecurity", "CISA KEV", "Snyk" ], "articles": [ { "id": "art-180", "title": "What\u2019s in the container? Analyzing vulnerabilities, risks and protection with Kaspersky Container Security and the KIRA AI assistant", "link": "https://securelist.com/container-security-typical-issues/119974/", "published": "2026-05-29", "sev": "crit" }, { "id": "art-322", "title": "PCPJack | Cloud Worm Evicts TeamPCP and Steals Credentials at Scale", "link": "https://www.sentinelone.com/labs/cloud-worm-evicts-teampcp-and-steals-credentials-at-scale/", "published": "2026-05-07", "sev": "crit" }, { "id": "art-651", "title": "Critical Remote Code Execution Vulnerabilities Discovered in React Server Components and Next.js", "link": "https://www.stepsecurity.io/blog/critical-remote-code-execution-vulnerabilities-discovered-in-react-server-components-and-next-js", "published": "2025-12-15", "sev": "high" }, { "id": "art-670", "title": "CISA KEV: CVE-2025-55182 \u2014 Meta React Server Components Remote Code Execution Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-05", "sev": "crit" }, { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2026-05-29" }, { "value": "CVE-2026-24061", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)", "CISA KEV" ], "articles": [ { "id": "art-180", "title": "What\u2019s in the container? Analyzing vulnerabilities, risks and protection with Kaspersky Container Security and the KIRA AI assistant", "link": "https://securelist.com/container-security-typical-issues/119974/", "published": "2026-05-29", "sev": "crit" }, { "id": "art-601", "title": "CISA KEV: CVE-2026-24061 \u2014 GNU InetUtils Argument Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-01-26", "sev": "crit" } ], "first_seen": "2026-05-29" }, { "value": "CVE-2026-34938", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-166", "title": "[GHSA / CRITICAL] CVE-2026-47392: PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)", "link": "https://github.com/advisories/GHSA-4mr5-g6f9-cfrh", "published": "2026-05-29", "sev": "crit" } ], "first_seen": "2026-05-29" }, { "value": "CVE-2026-39888", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-166", "title": "[GHSA / CRITICAL] CVE-2026-47392: PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)", "link": "https://github.com/advisories/GHSA-4mr5-g6f9-cfrh", "published": "2026-05-29", "sev": "crit" } ], "first_seen": "2026-05-29" }, { "value": "CVE-2026-40158", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-166", "title": "[GHSA / CRITICAL] CVE-2026-47392: PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)", "link": "https://github.com/advisories/GHSA-4mr5-g6f9-cfrh", "published": "2026-05-29", "sev": "crit" } ], "first_seen": "2026-05-29" }, { "value": "CVE-2026-44338", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-167", "title": "[GHSA / CRITICAL] CVE-2026-47393: PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default", "link": "https://github.com/advisories/GHSA-8444-4fhq-fxpq", "published": "2026-05-29", "sev": "crit" } ], "first_seen": "2026-05-29" }, { "value": "CVE-2026-47131", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-177", "title": "[GHSA / CRITICAL] CVE-2026-47131: vm2 has a Sandbox Escape issue", "link": "https://github.com/advisories/GHSA-v6mx-mf47-r5wg", "published": "2026-05-29", "sev": "crit" } ], "first_seen": "2026-05-29" }, { "value": "CVE-2026-47137", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-175", "title": "[GHSA / CRITICAL] CVE-2026-47137: vm2 has a CVE-2023-37903 patch bypass: nesting:true without explicit require still allows full RCE", "link": "https://github.com/advisories/GHSA-m4wx-m65x-ghrr", "published": "2026-05-29", "sev": "crit" } ], "first_seen": "2026-05-29" }, { "value": "CVE-2026-47140", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-173", "title": "[GHSA / CRITICAL] CVE-2026-47140: NodeVM builtin denylist bypass via process and inspector/promises allows host code execution", "link": "https://github.com/advisories/GHSA-rp36-8xq3-r6c4", "published": "2026-05-29", "sev": "crit" } ], "first_seen": "2026-05-29" }, { "value": "CVE-2026-47208", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-176", "title": "[GHSA / CRITICAL] CVE-2026-47208: vm2 is Vulnerable to Sandbox Breakout Through Promise Species", "link": "https://github.com/advisories/GHSA-76w7-j9cq-rx2j", "published": "2026-05-29", "sev": "crit" } ], "first_seen": "2026-05-29" }, { "value": "CVE-2026-47210", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-174", "title": "[GHSA / CRITICAL] CVE-2026-47210: vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass", "link": "https://github.com/advisories/GHSA-6j2x-vhqr-qr7q", "published": "2026-05-29", "sev": "crit" } ], "first_seen": "2026-05-29" }, { "value": "CVE-2026-47391", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-165", "title": "[GHSA / CRITICAL] CVE-2026-47391: PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool execution", "link": "https://github.com/advisories/GHSA-vg22-4gmj-prxw", "published": "2026-05-29", "sev": "crit" } ], "first_seen": "2026-05-29" }, { "value": "CVE-2026-47392", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-166", "title": "[GHSA / CRITICAL] CVE-2026-47392: PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)", "link": "https://github.com/advisories/GHSA-4mr5-g6f9-cfrh", "published": "2026-05-29", "sev": "crit" } ], "first_seen": "2026-05-29" }, { "value": "CVE-2026-47393", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-167", "title": "[GHSA / CRITICAL] CVE-2026-47393: PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default", "link": "https://github.com/advisories/GHSA-8444-4fhq-fxpq", "published": "2026-05-29", "sev": "crit" } ], "first_seen": "2026-05-29" }, { "value": "CVE-2026-47407", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-164", "title": "[GHSA / CRITICAL] CVE-2026-47407: PraisonAI Platform has a cross-workspace IDOR + member-role privilege escalation", "link": "https://github.com/advisories/GHSA-h8q5-cp56-rr65", "published": "2026-05-29", "sev": "crit" } ], "first_seen": "2026-05-29" }, { "value": "CVE-2026-47410", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-163", "title": "[GHSA / CRITICAL] CVE-2026-47410: praisonai-platform: JWT signing key defaults to hardcoded \"dev-secret-change-me\", allowing token forgery for any user when PLATFORM_ENV is unset", "link": "https://github.com/advisories/GHSA-3qg8-5g3r-79v5", "published": "2026-05-29", "sev": "crit" } ], "first_seen": "2026-05-29" }, { "value": "CVE-2026-47416", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-162", "title": "[GHSA / CRITICAL] CVE-2026-47416: praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id}", "link": "https://github.com/advisories/GHSA-c2m8-4gcg-v22g", "published": "2026-05-29", "sev": "crit" } ], "first_seen": "2026-05-29" }, { "value": "146.190.133.49", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-167", "title": "[GHSA / CRITICAL] CVE-2026-47393: PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default", "link": "https://github.com/advisories/GHSA-8444-4fhq-fxpq", "published": "2026-05-29", "sev": "crit" } ], "first_seen": "2026-05-29" }, { "value": "aab.sportsontheweb.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Microsoft Security Blog" ], "articles": [ { "id": "art-183", "title": "Typosquatted npm packages used to steal cloud and CI/CD secrets", "link": "https://www.microsoft.com/en-us/security/blog/2026/05/28/typosquatted-npm-packages-used-steal-cloud-ci-cd-secrets/", "published": "2026-05-29", "sev": "high" } ], "first_seen": "2026-05-29" }, { "value": "filev2.getsession.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Aikido", "CISA KEV", "StepSecurity", "Snyk", "GitHub Security Advisories" ], "articles": [ { "id": "art-186", "title": "What MDM can't protect on developer machines (and what to do about it)", "link": "https://www.aikido.dev/blog/what-mdm-cant-protect", "published": "2026-05-28", "sev": "high" }, { "id": "art-204", "title": "CISA KEV: CVE-2026-45321 \u2014 TanStack Unspecified Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-27", "sev": "crit" }, { "id": "art-208", "title": "Why developer machines are now the number one target for supply chain attacks", "link": "https://www.aikido.dev/blog/developer-machines-supply-chain-attacks", "published": "2026-05-26", "sev": "high" }, { "id": "art-230", "title": "5 Supply Chain Attacks in 48 Hours: Why Securing One Layer Is Not Enough", "link": "https://www.stepsecurity.io/blog/5-supply-chain-attacks-in-48-hours-why-securing-one-layer-is-not-enough", "published": "2026-05-21", "sev": "crit" }, { "id": "art-248", "title": "The AntV Supply Chain Campaign Expands: Microsoft's `durabletask` PyPI Package Compromised", "link": "https://snyk.io/blog/durabletask-pypi-supply-chain-attack/", "published": "2026-05-19", "sev": "crit" }, { "id": "art-263", "title": "[GHSA / CRITICAL] GHSA-27f5-xjrr-q9ff: Malware in @opensearch-project/opensearch", "link": "https://github.com/advisories/GHSA-27f5-xjrr-q9ff", "published": "2026-05-19", "sev": "crit" }, { "id": "art-270", "title": "Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Published via Compromised Maintainer Account", "link": "https://snyk.io/blog/mini-shai-hulud-antv-npm-supply-chain-attack/", "published": "2026-05-18", "sev": "crit" }, { "id": "art-312", "title": "TeamPCP's Mini Shai-Hulud Is Back: A Self-Spreading Supply Chain Attack Compromises TanStack npm Packages", "link": "https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem", "published": "2026-05-12", "sev": "crit" }, { "id": "art-315", "title": "Mini Shai-Hulud Is Back: npm Worm Hits over 160 Packages, including Mistral and Tanstack", "link": "https://www.aikido.dev/blog/mini-shai-hulud-is-back-tanstack-compromised", "published": "2026-05-11", "sev": "crit" } ], "first_seen": "2026-05-28" }, { "value": "558b09d7ad0d1660e2a0fb8a06da81a6f42e06d2", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Aikido", "StepSecurity" ], "articles": [ { "id": "art-186", "title": "What MDM can't protect on developer machines (and what to do about it)", "link": "https://www.aikido.dev/blog/what-mdm-cant-protect", "published": "2026-05-28", "sev": "high" }, { "id": "art-230", "title": "5 Supply Chain Attacks in 48 Hours: Why Securing One Layer Is Not Enough", "link": "https://www.stepsecurity.io/blog/5-supply-chain-attacks-in-48-hours-why-securing-one-layer-is-not-enough", "published": "2026-05-21", "sev": "crit" }, { "id": "art-236", "title": "The Wild West of VS Code extensions and how a poisoned extension breached GitHub", "link": "https://www.aikido.dev/blog/vs-code-extension-github-breach", "published": "2026-05-20", "sev": "crit" } ], "first_seen": "2026-05-28" }, { "value": "ba642fe2c7c65e42dd7f6444b83023dc6827e08c", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Aikido" ], "articles": [ { "id": "art-186", "title": "What MDM can't protect on developer machines (and what to do about it)", "link": "https://www.aikido.dev/blog/what-mdm-cant-protect", "published": "2026-05-28", "sev": "high" }, { "id": "art-236", "title": "The Wild West of VS Code extensions and how a poisoned extension breached GitHub", "link": "https://www.aikido.dev/blog/vs-code-extension-github-breach", "published": "2026-05-20", "sev": "crit" } ], "first_seen": "2026-05-28" }, { "value": "2ec78d556d696e208927cc503d48e4b5eb56b31abc2870c2ed2e98d6be27fc96", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Aikido", "CISA KEV", "Snyk", "GitHub Security Advisories", "StepSecurity" ], "articles": [ { "id": "art-186", "title": "What MDM can't protect on developer machines (and what to do about it)", "link": "https://www.aikido.dev/blog/what-mdm-cant-protect", "published": "2026-05-28", "sev": "high" }, { "id": "art-204", "title": "CISA KEV: CVE-2026-45321 \u2014 TanStack Unspecified Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-27", "sev": "crit" }, { "id": "art-208", "title": "Why developer machines are now the number one target for supply chain attacks", "link": "https://www.aikido.dev/blog/developer-machines-supply-chain-attacks", "published": "2026-05-26", "sev": "high" }, { "id": "art-248", "title": "The AntV Supply Chain Campaign Expands: Microsoft's `durabletask` PyPI Package Compromised", "link": "https://snyk.io/blog/durabletask-pypi-supply-chain-attack/", "published": "2026-05-19", "sev": "crit" }, { "id": "art-263", "title": "[GHSA / CRITICAL] GHSA-27f5-xjrr-q9ff: Malware in @opensearch-project/opensearch", "link": "https://github.com/advisories/GHSA-27f5-xjrr-q9ff", "published": "2026-05-19", "sev": "crit" }, { "id": "art-312", "title": "TeamPCP's Mini Shai-Hulud Is Back: A Self-Spreading Supply Chain Attack Compromises TanStack npm Packages", "link": "https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem", "published": "2026-05-12", "sev": "crit" }, { "id": "art-315", "title": "Mini Shai-Hulud Is Back: npm Worm Hits over 160 Packages, including Mistral and Tanstack", "link": "https://www.aikido.dev/blog/mini-shai-hulud-is-back-tanstack-compromised", "published": "2026-05-11", "sev": "crit" } ], "first_seen": "2026-05-28" }, { "value": "ab4fcadaec49c03278063dd269ea5eef82d24f2124a8e15d7b90f2fa8601266c", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Aikido", "CISA KEV", "Snyk", "GitHub Security Advisories", "StepSecurity" ], "articles": [ { "id": "art-186", "title": "What MDM can't protect on developer machines (and what to do about it)", "link": "https://www.aikido.dev/blog/what-mdm-cant-protect", "published": "2026-05-28", "sev": "high" }, { "id": "art-204", "title": "CISA KEV: CVE-2026-45321 \u2014 TanStack Unspecified Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-27", "sev": "crit" }, { "id": "art-208", "title": "Why developer machines are now the number one target for supply chain attacks", "link": "https://www.aikido.dev/blog/developer-machines-supply-chain-attacks", "published": "2026-05-26", "sev": "high" }, { "id": "art-248", "title": "The AntV Supply Chain Campaign Expands: Microsoft's `durabletask` PyPI Package Compromised", "link": "https://snyk.io/blog/durabletask-pypi-supply-chain-attack/", "published": "2026-05-19", "sev": "crit" }, { "id": "art-263", "title": "[GHSA / CRITICAL] GHSA-27f5-xjrr-q9ff: Malware in @opensearch-project/opensearch", "link": "https://github.com/advisories/GHSA-27f5-xjrr-q9ff", "published": "2026-05-19", "sev": "crit" }, { "id": "art-312", "title": "TeamPCP's Mini Shai-Hulud Is Back: A Self-Spreading Supply Chain Attack Compromises TanStack npm Packages", "link": "https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem", "published": "2026-05-12", "sev": "crit" }, { "id": "art-315", "title": "Mini Shai-Hulud Is Back: npm Worm Hits over 160 Packages, including Mistral and Tanstack", "link": "https://www.aikido.dev/blog/mini-shai-hulud-is-back-tanstack-compromised", "published": "2026-05-11", "sev": "crit" } ], "first_seen": "2026-05-28" }, { "value": "cyberhavenext.pro", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-186", "title": "What MDM can't protect on developer machines (and what to do about it)", "link": "https://www.aikido.dev/blog/what-mdm-cant-protect", "published": "2026-05-28", "sev": "high" } ], "first_seen": "2026-05-28" }, { "value": "a2cf85d22a54e26794cbc7be16840bb1", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-185", "title": "Less panic patching, more precision", "link": "https://blog.talosintelligence.com/less-panic-patching-more-precision/", "published": "2026-05-28", "sev": "high" } ], "first_seen": "2026-05-28" }, { "value": "5e6060df7e8114cb7b412260870efd1dc05979454bd907d8750c669ae6fcbcfe", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-185", "title": "Less panic patching, more precision", "link": "https://blog.talosintelligence.com/less-panic-patching-more-precision/", "published": "2026-05-28", "sev": "high" } ], "first_seen": "2026-05-28" }, { "value": "5d14vnfb.space", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "med", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-190", "title": "Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years", "link": "https://securelist.com/video-books-pirates-miners-rat/119943/", "published": "2026-05-28", "sev": "med" } ], "first_seen": "2026-05-28" }, { "value": "file.ipfs.us.69.mu", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "med", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-190", "title": "Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years", "link": "https://securelist.com/video-books-pirates-miners-rat/119943/", "published": "2026-05-28", "sev": "med" } ], "first_seen": "2026-05-28" }, { "value": "jeaw520i.space", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "med", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-190", "title": "Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years", "link": "https://securelist.com/video-books-pirates-miners-rat/119943/", "published": "2026-05-28", "sev": "med" } ], "first_seen": "2026-05-28" }, { "value": "kristina.quest", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "med", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-190", "title": "Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years", "link": "https://securelist.com/video-books-pirates-miners-rat/119943/", "published": "2026-05-28", "sev": "med" } ], "first_seen": "2026-05-28" }, { "value": "m4yuri.online", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "med", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-190", "title": "Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years", "link": "https://securelist.com/video-books-pirates-miners-rat/119943/", "published": "2026-05-28", "sev": "med" } ], "first_seen": "2026-05-28" }, { "value": "qdmagva5.space", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "med", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-190", "title": "Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years", "link": "https://securelist.com/video-books-pirates-miners-rat/119943/", "published": "2026-05-28", "sev": "med" } ], "first_seen": "2026-05-28" }, { "value": "r7mvjl67.space", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "med", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-190", "title": "Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years", "link": "https://securelist.com/video-books-pirates-miners-rat/119943/", "published": "2026-05-28", "sev": "med" } ], "first_seen": "2026-05-28" }, { "value": "urush1bar4.online", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "med", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-190", "title": "Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years", "link": "https://securelist.com/video-books-pirates-miners-rat/119943/", "published": "2026-05-28", "sev": "med" } ], "first_seen": "2026-05-28" }, { "value": "zgj1tam9.space", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "med", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-190", "title": "Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years", "link": "https://securelist.com/video-books-pirates-miners-rat/119943/", "published": "2026-05-28", "sev": "med" } ], "first_seen": "2026-05-28" }, { "value": "107.172.212.235", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "med", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-190", "title": "Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years", "link": "https://securelist.com/video-books-pirates-miners-rat/119943/", "published": "2026-05-28", "sev": "med" } ], "first_seen": "2026-05-28" }, { "value": "02a43b3423367b9dddc24cc7dfc070df", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "med", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-190", "title": "Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years", "link": "https://securelist.com/video-books-pirates-miners-rat/119943/", "published": "2026-05-28", "sev": "med" } ], "first_seen": "2026-05-28" }, { "value": "6a0fe6065d76715feebc1526d456db73", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "med", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-190", "title": "Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years", "link": "https://securelist.com/video-books-pirates-miners-rat/119943/", "published": "2026-05-28", "sev": "med" } ], "first_seen": "2026-05-28" }, { "value": "7f624407ae489324e96a708a09c17e6f", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "med", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-190", "title": "Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years", "link": "https://securelist.com/video-books-pirates-miners-rat/119943/", "published": "2026-05-28", "sev": "med" } ], "first_seen": "2026-05-28" }, { "value": "CVE-2025-61882", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)", "CISA KEV" ], "articles": [ { "id": "art-193", "title": "Out of the Crypt: The Evolving Cyber Extortion Economy", "link": "https://unit42.paloaltonetworks.com/cyber-extortion-economy/", "published": "2026-05-27", "sev": "crit" }, { "id": "art-743", "title": "CISA KEV: CVE-2025-61884 \u2014 Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-20", "sev": "crit" }, { "id": "art-764", "title": "CISA KEV: CVE-2025-61882 \u2014 Oracle E-Business Suite Unspecified Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-06", "sev": "crit" } ], "first_seen": "2026-05-27" }, { "value": "CVE-2026-44632", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-202", "title": "[GHSA / CRITICAL] CVE-2026-44632: Yamcs Vulnerable to Server-Side Code Injection (RCE) via Janino Expression Engine in `JavaExprAlgorithmExecutionFactory`", "link": "https://github.com/advisories/GHSA-524g-x36v-9wm6", "published": "2026-05-27", "sev": "crit" } ], "first_seen": "2026-05-27" }, { "value": "CVE-2026-45618", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-196", "title": "[GHSA / CRITICAL] CVE-2026-45618: LiquidJS is Vulnerable to Remote Code Execution", "link": "https://github.com/advisories/GHSA-gf2q-c269-pqgc", "published": "2026-05-27", "sev": "crit" } ], "first_seen": "2026-05-27" }, { "value": "CVE-2026-46562", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-192", "title": "[GHSA / CRITICAL] CVE-2026-46562: Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override", "link": "https://github.com/advisories/GHSA-vmwp-vh32-rj75", "published": "2026-05-27", "sev": "crit" } ], "first_seen": "2026-05-27" }, { "value": "CVE-2026-46621", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-191", "title": "[GHSA / CRITICAL] CVE-2026-46621: Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection", "link": "https://github.com/advisories/GHSA-2g95-6x5q-xjwj", "published": "2026-05-27", "sev": "crit" } ], "first_seen": "2026-05-27" }, { "value": "CVE-2026-48027", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV", "Aikido" ], "articles": [ { "id": "art-203", "title": "CISA KEV: CVE-2026-48027 \u2014 Nx Console Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-27", "sev": "crit" }, { "id": "art-236", "title": "The Wild West of VS Code extensions and how a poisoned extension breached GitHub", "link": "https://www.aikido.dev/blog/vs-code-extension-github-breach", "published": "2026-05-20", "sev": "crit" } ], "first_seen": "2026-05-27" }, { "value": "CVE-2026-8398", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-205", "title": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-27", "sev": "crit" } ], "first_seen": "2026-05-27" }, { "value": "api.masscan.cloud", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV", "Aikido", "StepSecurity", "GitHub Security Advisories" ], "articles": [ { "id": "art-204", "title": "CISA KEV: CVE-2026-45321 \u2014 TanStack Unspecified Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-27", "sev": "crit" }, { "id": "art-208", "title": "Why developer machines are now the number one target for supply chain attacks", "link": "https://www.aikido.dev/blog/developer-machines-supply-chain-attacks", "published": "2026-05-26", "sev": "high" }, { "id": "art-230", "title": "5 Supply Chain Attacks in 48 Hours: Why Securing One Layer Is Not Enough", "link": "https://www.stepsecurity.io/blog/5-supply-chain-attacks-in-48-hours-why-securing-one-layer-is-not-enough", "published": "2026-05-21", "sev": "crit" }, { "id": "art-263", "title": "[GHSA / CRITICAL] GHSA-27f5-xjrr-q9ff: Malware in @opensearch-project/opensearch", "link": "https://github.com/advisories/GHSA-27f5-xjrr-q9ff", "published": "2026-05-19", "sev": "crit" }, { "id": "art-312", "title": "TeamPCP's Mini Shai-Hulud Is Back: A Self-Spreading Supply Chain Attack Compromises TanStack npm Packages", "link": "https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem", "published": "2026-05-12", "sev": "crit" } ], "first_seen": "2026-05-27" }, { "value": "env-check.daemontools.cc", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-205", "title": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-27", "sev": "crit" } ], "first_seen": "2026-05-27" }, { "value": "git-tanstack.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV", "Aikido", "GitHub Security Advisories", "StepSecurity" ], "articles": [ { "id": "art-204", "title": "CISA KEV: CVE-2026-45321 \u2014 TanStack Unspecified Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-27", "sev": "crit" }, { "id": "art-208", "title": "Why developer machines are now the number one target for supply chain attacks", "link": "https://www.aikido.dev/blog/developer-machines-supply-chain-attacks", "published": "2026-05-26", "sev": "high" }, { "id": "art-255", "title": "[GHSA / CRITICAL] CVE-2026-45758: Malicious code in guardrails-ai 0.10.1 (supply chain compromise)", "link": "https://github.com/advisories/GHSA-xmpw-2vmm-p4p6", "published": "2026-05-19", "sev": "crit" }, { "id": "art-263", "title": "[GHSA / CRITICAL] GHSA-27f5-xjrr-q9ff: Malware in @opensearch-project/opensearch", "link": "https://github.com/advisories/GHSA-27f5-xjrr-q9ff", "published": "2026-05-19", "sev": "crit" }, { "id": "art-312", "title": "TeamPCP's Mini Shai-Hulud Is Back: A Self-Spreading Supply Chain Attack Compromises TanStack npm Packages", "link": "https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem", "published": "2026-05-12", "sev": "crit" }, { "id": "art-315", "title": "Mini Shai-Hulud Is Back: npm Worm Hits over 160 Packages, including Mistral and Tanstack", "link": "https://www.aikido.dev/blog/mini-shai-hulud-is-back-tanstack-compromised", "published": "2026-05-11", "sev": "crit" } ], "first_seen": "2026-05-27" }, { "value": "litter.catbox.moe", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV", "StepSecurity" ], "articles": [ { "id": "art-204", "title": "CISA KEV: CVE-2026-45321 \u2014 TanStack Unspecified Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-27", "sev": "crit" }, { "id": "art-312", "title": "TeamPCP's Mini Shai-Hulud Is Back: A Self-Spreading Supply Chain Attack Compromises TanStack npm Packages", "link": "https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem", "published": "2026-05-12", "sev": "crit" } ], "first_seen": "2026-05-27" }, { "value": "seed1.getsession.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV", "Aikido", "GitHub Security Advisories" ], "articles": [ { "id": "art-204", "title": "CISA KEV: CVE-2026-45321 \u2014 TanStack Unspecified Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-27", "sev": "crit" }, { "id": "art-208", "title": "Why developer machines are now the number one target for supply chain attacks", "link": "https://www.aikido.dev/blog/developer-machines-supply-chain-attacks", "published": "2026-05-26", "sev": "high" }, { "id": "art-263", "title": "[GHSA / CRITICAL] GHSA-27f5-xjrr-q9ff: Malware in @opensearch-project/opensearch", "link": "https://github.com/advisories/GHSA-27f5-xjrr-q9ff", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-27" }, { "value": "seed2.getsession.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-204", "title": "CISA KEV: CVE-2026-45321 \u2014 TanStack Unspecified Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-27", "sev": "crit" } ], "first_seen": "2026-05-27" }, { "value": "seed3.getsession.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-204", "title": "CISA KEV: CVE-2026-45321 \u2014 TanStack Unspecified Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-27", "sev": "crit" } ], "first_seen": "2026-05-27" }, { "value": "38.180.107.76", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-205", "title": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-27", "sev": "crit" } ], "first_seen": "2026-05-27" }, { "value": "00e2df8f42d14072e4385e500d4669ec783aa517", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-205", "title": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-27", "sev": "crit" } ], "first_seen": "2026-05-27" }, { "value": "0456e2f5f56ec8ed16078941248e7cbba9f1c8eb", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-205", "title": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-27", "sev": "crit" } ], "first_seen": "2026-05-27" }, { "value": "0c1d3da9c7a651ba40b40e12d48ebd32b3f31820", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-205", "title": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-27", "sev": "crit" } ], "first_seen": "2026-05-27" }, { "value": "15ed5c3384e12fe4314ad6edbd1dcccf5ac1ee29", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-205", "title": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-27", "sev": "crit" } ], "first_seen": "2026-05-27" }, { "value": "28b72576d67ae21d9587d782942628ea46dcc870", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-205", "title": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-27", "sev": "crit" } ], "first_seen": "2026-05-27" }, { "value": "295ce86226b933e7262c2ce4b36bdd6c389aaaef", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-205", "title": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-27", "sev": "crit" } ], "first_seen": "2026-05-27" }, { "value": "2d4eb55b01f59c62c6de9aacba9b47267d398fe4", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-205", "title": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-27", "sev": "crit" } ], "first_seen": "2026-05-27" }, { "value": "2ecb292d27c36c1d4e47fb5cafa42af7ffbdda99", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-205", "title": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-27", "sev": "crit" } ], "first_seen": "2026-05-27" }, { "value": "3ee71d75020b2634b2c23866211a0c91b942c8d4", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-205", "title": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-27", "sev": "crit" } ], "first_seen": "2026-05-27" }, { "value": "427f1728682ebc7ffe3300fef67d0e3cb6b62948", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-205", "title": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-27", "sev": "crit" } ], "first_seen": "2026-05-27" }, { "value": "46b90bf370e60d61075d3472828fdc0b85ab0492", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-205", "title": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-27", "sev": "crit" } ], "first_seen": "2026-05-27" }, { "value": "50d47adb6dd45215c7cb4c68bae28b129ca09645", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-205", "title": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-27", "sev": "crit" } ], "first_seen": "2026-05-27" }, { "value": "524d2d92909eef80c406e87a0fc37d7bb4dadc14", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-205", "title": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-27", "sev": "crit" } ], "first_seen": "2026-05-27" }, { "value": "6325179f442e5b1a716580cd70dea644ac9ecd18", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-205", "title": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-27", "sev": "crit" } ], "first_seen": "2026-05-27" }, { "value": "64462f751788f529c1eb09023b26a47792ecdc54", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-205", "title": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-27", "sev": "crit" } ], "first_seen": "2026-05-27" }, { "value": "8d435918d304fc38d54b104a13f2e33e8e598c82", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-205", "title": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-27", "sev": "crit" } ], "first_seen": "2026-05-27" }, { "value": "8e7eb0f5ac60dd3b4a9474d2544348c3bda48045", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-205", "title": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-27", "sev": "crit" } ], "first_seen": "2026-05-27" }, { "value": "98de8147394b74b27158e02ce9e7b0e25eb6e98a", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-205", "title": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-27", "sev": "crit" } ], "first_seen": "2026-05-27" }, { "value": "9a09ad7b7e9ff7a465aa1150541e231189911afb", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-205", "title": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-27", "sev": "crit" } ], "first_seen": "2026-05-27" }, { "value": "9ccd769624de98eeeb12714ff1707ec4f5bf196d", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-205", "title": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-27", "sev": "crit" } ], "first_seen": "2026-05-27" }, { "value": "9dbfc23ebf36b3c0b56d2f93116abb32656c42e4", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-205", "title": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-27", "sev": "crit" } ], "first_seen": "2026-05-27" }, { "value": "a3e90653bd0a81ebe2ae387a67a59bb8d07ce7b5", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-205", "title": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-27", "sev": "crit" } ], "first_seen": "2026-05-27" }, { "value": "aea55e42c4436236278e5692d3dcbcbe5fe6ce0b", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-205", "title": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-27", "sev": "crit" } ], "first_seen": "2026-05-27" }, { "value": "bd8fbb5e6842df8683163adbd6a36136164eac58", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-205", "title": "CISA KEV: CVE-2026-8398 \u2014 Daemon Tools Lite Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-27", "sev": "crit" } ], "first_seen": "2026-05-27" }, { "value": "7c12d8614c624c70d6dd6fc2ee289332474abaa38f70ebe2cdef064923ca3a9b", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV", "Aikido", "GitHub Security Advisories" ], "articles": [ { "id": "art-204", "title": "CISA KEV: CVE-2026-45321 \u2014 TanStack Unspecified Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-27", "sev": "crit" }, { "id": "art-208", "title": "Why developer machines are now the number one target for supply chain attacks", "link": "https://www.aikido.dev/blog/developer-machines-supply-chain-attacks", "published": "2026-05-26", "sev": "high" }, { "id": "art-263", "title": "[GHSA / CRITICAL] GHSA-27f5-xjrr-q9ff: Malware in @opensearch-project/opensearch", "link": "https://github.com/advisories/GHSA-27f5-xjrr-q9ff", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-27" }, { "value": "anyclaw.store", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-194", "title": "Legitimate-Looking Codex Remote UI Secretly Steals Your AI Tokens", "link": "https://www.aikido.dev/blog/codex-remote-ui-steals-ai-tokens", "published": "2026-05-27", "sev": "high" } ], "first_seen": "2026-05-27" }, { "value": "gyx.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-194", "title": "Legitimate-Looking Codex Remote UI Secretly Steals Your AI Tokens", "link": "https://www.aikido.dev/blog/codex-remote-ui-steals-ai-tokens", "published": "2026-05-27", "sev": "high" } ], "first_seen": "2026-05-27" }, { "value": "sentry.anyclaw.store", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-194", "title": "Legitimate-Looking Codex Remote UI Secretly Steals Your AI Tokens", "link": "https://www.aikido.dev/blog/codex-remote-ui-steals-ai-tokens", "published": "2026-05-27", "sev": "high" } ], "first_seen": "2026-05-27" }, { "value": "CVE-2026-33137", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-206", "title": "[GHSA / CRITICAL] CVE-2026-33137: XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}", "link": "https://github.com/advisories/GHSA-qrvh-r3f2-9h4r", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "CVE-2026-48172", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-210", "title": "CISA KEV: CVE-2026-48172 \u2014 LiteSpeed cPanel Plugin Privilege Escalation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "arbsniper.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "104.21.64.137", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "142.251.183.138", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "173.194.193.138", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "173.194.194.94", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "173.194.206.106", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "178.156.177.192", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "191.101.131.250", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "191.96.224.87", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "191.96.225.241", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "191.96.78.172", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "191.96.78.28", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "191.96.79.133", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "191.96.79.179", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "191.96.79.41", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "192.178.209.95", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "195.160.221.203", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "200.9.155.153", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "74.125.132.95", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "74.125.202.103", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "78.135.93.123", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "79.133.57.141", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "02A52C4CC11748D44C9B49D508EE4E46425661981FA1406F30EC0830CB69DDC5", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "0A542751724A432A8448324613E0CE10393E41739A1800CBB7D5A2C648FCDC35", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "140A7F995B0336942691A2E93E2017FD575267C017C7D0728D69169306F91963", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "168F50BF9A87099094EF410E3AC33E676A6A8740A5437CD09E7B63D73DF8431A", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "1A60CB5F7E2FB7C09FC3DC8459108B26AC98EE73131F37A28CFDAD5FC75B7A7D", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "244D81FD9908CD17815501D4EDADEB1BAF1C421AA25D8BD61C7CB481C939540E", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "2525D1E427A9983B0B4CA0906A4B44FFB9814B23D53FD8A2E3AB6512B027C733", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "26A2268281E8043125EF72B92F8980B42912048753D56894BC378FB54C7C188A", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "512EDE9F2FA794907999F3C26165557FDFD383B7AAD71BA022CE2C8BA6C0019D", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "58AC130A8EBB09E37592AC69841483EDC5695D1545B1F04F23D5B760AC17CD94", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "5AAAF972C8BF39A98F2748E526DE3CC0370BA831997D7D9765CDABA599645C0D", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "6101D1E1811DB052F869F7EB3402DAD28DA7E92103D4A44EE43F95846A075012", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "676CB2D0A60403AFC06CEA1B572CB7261F706365FAC65621B5A4907893E7AC0D", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "6AE94CE710016D86ED7457236DEEF2C4C51478587F3609B6E827A348828B3931", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "6BBA64FA9E8A7B11CB2476CD071DE08986DB44B0783EFF211C68FA5594EF8143", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "6F9832EBB4C3054BEE4A6CE5CCB69C00E2020053E1308353343097E6A4041109", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "702261BA38B57ECC3A5407FED28B2F0611A74C2EC0C116AEA4F9E6DEF0899AED", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "75DD4FB011ED598374A46FC0D9C0D1D64A298341C34AFC83A56A6983CFD27764", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "7AC974899E8E05AAACD417577C97E382D5E8C5F7F4A85632CFFB47EC2F6AE4E0", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "8F09274E808E0063D51F34CAC82A5770B3DF30C792E426DA2F6A80657F27AFFC", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "97A0497DE585D3BE6EC75064AB3BD0979CD85561193C1F0669CCF4DB31330687", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "998A7ED1572AD9DC11375BC25294E1954E606B7CFF9FABC5C120713E597CD274", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "A1E457C52EAB430C20D48F2AC476E080386313F16EFB135A0471902CF68CE475", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "A764D73795ABE47AE640BA09999A18C47B5340E5ECC7B897AFEBF34F3F37638F", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "C6199E175FB988CBBEACDF0F5ACDF9ED83F5BDAAE5C95B7A6C27EE72CD11B0B1", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "C99139B0053C4C698EA0246D26D747F2A984C7ABA4613DA818ECD9F97899EF3A", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "D55057CD9110D12A192281356F06B94F342B9FEBB305CF0A5898A7E6AF40758F", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "DDCE0219923D152B8FACD303F058A6286CF1F6924992B9FB9F5BF4D96436CC39", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "E5A9FDFF900DD502E8F3DCE52D2D1B69AA9AFAFB5094A28F9037E8770DB0E63B", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "F76B13040C634F82A8332FF9443D84C89A5BCED51AE9ADAD7FD15C05FADB4324", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-209", "title": "BTMOB: A stealthy RAT burrowing deep into Android devices", "link": "https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/", "published": "2026-05-26", "sev": "crit" } ], "first_seen": "2026-05-26" }, { "value": "CVE-2026-46716", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-213", "title": "[GHSA / CRITICAL] CVE-2026-46716: Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron", "link": "https://github.com/advisories/GHSA-99gv-2m7h-3hh9", "published": "2026-05-23", "sev": "crit" } ], "first_seen": "2026-05-23" }, { "value": "CVE-2018-0802", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "CVE-2026-44542", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-214", "title": "[GHSA / CRITICAL] CVE-2026-48777: FileBrowser Quantum: Path traversal in public share PATCH allows file ops outside shared directory", "link": "https://github.com/advisories/GHSA-qqqm-5547-774x", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "CVE-2026-46670", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-216", "title": "[GHSA / CRITICAL] CVE-2026-46670: YesWiki: Unauthenticated SQL Injection", "link": "https://github.com/advisories/GHSA-jwvv-qr7q-cv8j", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "CVE-2026-48777", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-214", "title": "[GHSA / CRITICAL] CVE-2026-48777: FileBrowser Quantum: Path traversal in public share PATCH allows file ops outside shared directory", "link": "https://github.com/advisories/GHSA-qqqm-5547-774x", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "CVE-2026-9082", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-222", "title": "CISA KEV: CVE-2026-9082 \u2014 Drupal Core SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "agenciakharis.com.br", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "allgoodsdirect.com.au", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "alnakhlah.com.sa", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "amerikastaj.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "bigbang.me", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "buisness-centeral-transportation.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-217", "title": "Tracking Iranian APT Screening Serpens\u2019 2026 Espionage Campaigns", "link": "https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "business-startup.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-217", "title": "Tracking Iranian APT Screening Serpens\u2019 2026 Espionage Campaigns", "link": "https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "cloudguide.in", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "firsai.tipshub.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "fishingflytackle.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "goverru.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "humanitas.si", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "internationalcommoditiesllc.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "investika-club.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "istochnik.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "kommando.live", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "kufar.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "lafortunaitalian.co.uk", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "landscapeuganda.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "mamurjor.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "onedrivesupport.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "paleturquoise-dragonfly-364512.hostingersite.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "premierhealthadvisory.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-217", "title": "Tracking Iranian APT Screening Serpens\u2019 2026 Espionage Campaigns", "link": "https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "ramiltonsfinance.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-217", "title": "Tracking Iranian APT Screening Serpens\u2019 2026 Espionage Campaigns", "link": "https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "spbnews.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "tenkoff.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "totallegacy.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "ultimatecore.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "wizzifi.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "znews.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "146.70.53.171", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "185.126.239.77", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "185.22.154.73", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "185.250.181.207", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "185.53.179.136", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "194.102.104.207", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "194.87.196.163", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "195.58.49.9", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "37.228.129.224", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "45.15.65.134", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "45.87.219.116", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "46.17.44.125", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "46.17.44.212", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "46.17.45.49", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "46.17.45.56", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "5.181.21.75", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "81.30.105.71", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "93.125.114.193", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "93.125.114.57", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "1a11b26dd0261ef27a112ce8b361c247", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "1b39e86eb772a0e40060b672b7f574f1", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "1d401d6e6fc0b00aaa2c65a0ac0cfd6b", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "25c8ed0511375dca57ef136ac3fa0cca", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "2b4ba4facf8c299749771a3a4369782e", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "2cabb721681455dae1b6a26709def453", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "3c75cedb1196df5eab91f31411ed4b33", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "40a562b8600f843b717bc5951b2e3c29", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "42ac350bfbc5b4eb0fedba16c81919c7", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "493b901d1b33eb577db64aadd948f9ce", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "5329f7bff9d0d5db28821b86c26d628f", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "63b6be9ae8d8024a40b200cccb438f1d", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "6aa586bcc45ca2e92a4f0ef47e086fa1", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "6d7b2d1172bbdb7340972d844f6f0717", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "7a95360b7e0eb5b107a3d231abbc541a", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "9769f43b9de8d19e803263267fa6d62e", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "b4e183627b7399006c1bc47b3711e419", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "ba9ce06641067742f2afc9691faff1dc", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "bbf1fa694122e07635deeac11ad712f8", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "c0d1eaa15a2cefbab9735787575c8d8e", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "d3c8afd22baa306ff659db1fac28574a", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "d5b38b252cf212a4a32763de36732d40", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "eba3bcdb19a7e256bf8e2cc5b9c1cca9", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "f301aa3d62b5095eec4d8e34201a4769", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "f56b31a4b47ad3365b18a7e922fba1a8", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "f6f62456fb0fcc396fb654cbed339bc3", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "f721a76deb28fd0b80d27fce6b8f5016", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "f9c3bbe108566d1a6b070f9c5fb03160", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "fb0f8027acf1b1e47e07a63d8812ed50", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-219", "title": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload", "link": "https://securelist.com/cloud-atlas-2026/119895/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "0db36a04d304ad96f9e6f97b531934594cd95a5cea9ff2c9af249201089dc864", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-217", "title": "Tracking Iranian APT Screening Serpens\u2019 2026 Espionage Campaigns", "link": "https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "332ba2f0297dfb1599adecc3e9067893e7cf243aa23aedce4906a4c480574c17", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-217", "title": "Tracking Iranian APT Screening Serpens\u2019 2026 Espionage Campaigns", "link": "https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "38bd137c672bd58d08c4f0502f993a6561e2c3411773d1ae57ee0151a0a9d11d", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-217", "title": "Tracking Iranian APT Screening Serpens\u2019 2026 Espionage Campaigns", "link": "https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "43dc62cef52ebdd69e79f10015b3e13890f26c058325c0ff139c70f8d8eadcfa", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-217", "title": "Tracking Iranian APT Screening Serpens\u2019 2026 Espionage Campaigns", "link": "https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "44f4f7aca7f1d9bfdaf7b3736934cbe19f851a707662f8f0b0c49b383e054250", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-217", "title": "Tracking Iranian APT Screening Serpens\u2019 2026 Espionage Campaigns", "link": "https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "74882085db2088356ed7f72f01e0404a0a98cda88ef56fb15ce74c1f36b26d27", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-217", "title": "Tracking Iranian APT Screening Serpens\u2019 2026 Espionage Campaigns", "link": "https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "8808c794c24367438f183e4be941876f1d3ecd0c8d2eb43b10d2380841d2283b", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-217", "title": "Tracking Iranian APT Screening Serpens\u2019 2026 Espionage Campaigns", "link": "https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "9cf029daca89523d917dafed0568d11d00e45ec96b5b90b4a1f7fd4018c7da84", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-217", "title": "Tracking Iranian APT Screening Serpens\u2019 2026 Espionage Campaigns", "link": "https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "9e4a658e6d831c9e9bdfe11884a75b7c64812ed0a80e8495ddf6b316505acac1", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-217", "title": "Tracking Iranian APT Screening Serpens\u2019 2026 Espionage Campaigns", "link": "https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "b19e06da580cf91691eda066ac9ee4b09c6e5dc26c367af12660fe1f9306eec4", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-217", "title": "Tracking Iranian APT Screening Serpens\u2019 2026 Espionage Campaigns", "link": "https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "bc3b44154518c5794ce639108e7b9c5fecb0c189607a26de1aaed518d890c7ad", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-217", "title": "Tracking Iranian APT Screening Serpens\u2019 2026 Espionage Campaigns", "link": "https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "d4a7e9f107fe40c1a5d0139c6c6e25bf6bf57f61feff090bee28f476bb3cc3c2", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-217", "title": "Tracking Iranian APT Screening Serpens\u2019 2026 Espionage Campaigns", "link": "https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens/", "published": "2026-05-22", "sev": "crit" } ], "first_seen": "2026-05-22" }, { "value": "actions-bot.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-215", "title": "Megalodon: Mass GitHub Actions Secret Exfiltration Across 5,500+ Public Repositories", "link": "https://www.stepsecurity.io/blog/megalodon-mass-github-actions-secret-exfiltration-across-5-500-public-repositories", "published": "2026-05-22", "sev": "high" } ], "first_seen": "2026-05-22" }, { "value": "github-ci.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-215", "title": "Megalodon: Mass GitHub Actions Secret Exfiltration Across 5,500+ Public Repositories", "link": "https://www.stepsecurity.io/blog/megalodon-mass-github-actions-secret-exfiltration-across-5-500-public-repositories", "published": "2026-05-22", "sev": "high" } ], "first_seen": "2026-05-22" }, { "value": "216.126.225.129", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-215", "title": "Megalodon: Mass GitHub Actions Secret Exfiltration Across 5,500+ Public Repositories", "link": "https://www.stepsecurity.io/blog/megalodon-mass-github-actions-secret-exfiltration-across-5-500-public-repositories", "published": "2026-05-22", "sev": "high" } ], "first_seen": "2026-05-22" }, { "value": "acac5a9854650c4ae2883c4740bf87d34120c038", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-215", "title": "Megalodon: Mass GitHub Actions Secret Exfiltration Across 5,500+ Public Repositories", "link": "https://www.stepsecurity.io/blog/megalodon-mass-github-actions-secret-exfiltration-across-5-500-public-repositories", "published": "2026-05-22", "sev": "high" } ], "first_seen": "2026-05-22" }, { "value": "fifa26.shop", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "med", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-220", "title": "Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise", "link": "https://www.welivesecurity.com/en/cybersecurity/foul-play-fake-fifa-world-cup-websites-tickets/", "published": "2026-05-22", "sev": "med" } ], "first_seen": "2026-05-22" }, { "value": "fifaworldcup26.hospitality.fifa.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "med", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-220", "title": "Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise", "link": "https://www.welivesecurity.com/en/cybersecurity/foul-play-fake-fifa-world-cup-websites-tickets/", "published": "2026-05-22", "sev": "med" } ], "first_seen": "2026-05-22" }, { "value": "CVE-2025-34291", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-232", "title": "CISA KEV: CVE-2025-34291 \u2014 Langflow Origin Validation Error Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-21", "sev": "crit" } ], "first_seen": "2026-05-21" }, { "value": "CVE-2026-34926", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-233", "title": "CISA KEV: CVE-2026-34926 \u2014 Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-21", "sev": "crit" } ], "first_seen": "2026-05-21" }, { "value": "CVE-2026-46614", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-227", "title": "[GHSA / CRITICAL] CVE-2026-46614: Fission router exposes /fission-function// on its public listener, allowing invocation of any function without an HTTPTrigger", "link": "https://github.com/advisories/GHSA-3g33-6vg6-27m8", "published": "2026-05-21", "sev": "crit" } ], "first_seen": "2026-05-21" }, { "value": "CVE-2026-46633", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-225", "title": "[GHSA / CRITICAL] CVE-2026-46633: Twig: PHP code injection via `{% use %}` template name", "link": "https://github.com/advisories/GHSA-7p85-w9px-jpjp", "published": "2026-05-21", "sev": "crit" } ], "first_seen": "2026-05-21" }, { "value": "CVE-2026-46703", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-223", "title": "[GHSA / CRITICAL] CVE-2026-46703: Boxlite: Path Traversal Vulnerability Leads to Arbitrary File Write on the Host", "link": "https://github.com/advisories/GHSA-f396-4rp4-7v2j", "published": "2026-05-21", "sev": "crit" } ], "first_seen": "2026-05-21" }, { "value": "83.142.209.194", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "StepSecurity", "GitHub Security Advisories", "Aikido" ], "articles": [ { "id": "art-230", "title": "5 Supply Chain Attacks in 48 Hours: Why Securing One Layer Is Not Enough", "link": "https://www.stepsecurity.io/blog/5-supply-chain-attacks-in-48-hours-why-securing-one-layer-is-not-enough", "published": "2026-05-21", "sev": "crit" }, { "id": "art-255", "title": "[GHSA / CRITICAL] CVE-2026-45758: Malicious code in guardrails-ai 0.10.1 (supply chain compromise)", "link": "https://github.com/advisories/GHSA-xmpw-2vmm-p4p6", "published": "2026-05-19", "sev": "crit" }, { "id": "art-272", "title": "[GHSA / CRITICAL] GHSA-wx9m-wx4f-4cmg: Malicious dropper in mistralai 2.4.6 PyPI package", "link": "https://github.com/advisories/GHSA-wx9m-wx4f-4cmg", "published": "2026-05-18", "sev": "crit" }, { "id": "art-312", "title": "TeamPCP's Mini Shai-Hulud Is Back: A Self-Spreading Supply Chain Attack Compromises TanStack npm Packages", "link": "https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem", "published": "2026-05-12", "sev": "crit" }, { "id": "art-315", "title": "Mini Shai-Hulud Is Back: npm Worm Hits over 160 Packages, including Mistral and Tanstack", "link": "https://www.aikido.dev/blog/mini-shai-hulud-is-back-tanstack-compromised", "published": "2026-05-11", "sev": "crit" } ], "first_seen": "2026-05-21" }, { "value": "1c9e803c80cc7fed000022d4c94f4b5bc2e90062", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-230", "title": "5 Supply Chain Attacks in 48 Hours: Why Securing One Layer Is Not Enough", "link": "https://www.stepsecurity.io/blog/5-supply-chain-attacks-in-48-hours-why-securing-one-layer-is-not-enough", "published": "2026-05-21", "sev": "crit" } ], "first_seen": "2026-05-21" }, { "value": "5c267592a87e92c2b005b338bd0d2724c2f64acb", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-230", "title": "5 Supply Chain Attacks in 48 Hours: Why Securing One Layer Is Not Enough", "link": "https://www.stepsecurity.io/blog/5-supply-chain-attacks-in-48-hours-why-securing-one-layer-is-not-enough", "published": "2026-05-21", "sev": "crit" } ], "first_seen": "2026-05-21" }, { "value": "7f6120bb10c870b9fde146961a18e5bf0b3d4401", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-230", "title": "5 Supply Chain Attacks in 48 Hours: Why Securing One Layer Is Not Enough", "link": "https://www.stepsecurity.io/blog/5-supply-chain-attacks-in-48-hours-why-securing-one-layer-is-not-enough", "published": "2026-05-21", "sev": "crit" } ], "first_seen": "2026-05-21" }, { "value": "99b7f41bf9e14a2a2c7cc524731336543f552178", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-230", "title": "5 Supply Chain Attacks in 48 Hours: Why Securing One Layer Is Not Enough", "link": "https://www.stepsecurity.io/blog/5-supply-chain-attacks-in-48-hours-why-securing-one-layer-is-not-enough", "published": "2026-05-21", "sev": "crit" } ], "first_seen": "2026-05-21" }, { "value": "b9c83f01929e190cda300e76f688bf7ea7e37a7a", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-230", "title": "5 Supply Chain Attacks in 48 Hours: Why Securing One Layer Is Not Enough", "link": "https://www.stepsecurity.io/blog/5-supply-chain-attacks-in-48-hours-why-securing-one-layer-is-not-enough", "published": "2026-05-21", "sev": "crit" } ], "first_seen": "2026-05-21" }, { "value": "f0448c62fc57b8a5ce23d8acd6e795cdd76a3b6c", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-230", "title": "5 Supply Chain Attacks in 48 Hours: Why Securing One Layer Is Not Enough", "link": "https://www.stepsecurity.io/blog/5-supply-chain-attacks-in-48-hours-why-securing-one-layer-is-not-enough", "published": "2026-05-21", "sev": "crit" } ], "first_seen": "2026-05-21" }, { "value": "43f2b001846c4966073ebffa5be8f15e491a1e7d32bbd805d57406ff540e0dd9", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity", "Aikido" ], "articles": [ { "id": "art-230", "title": "5 Supply Chain Attacks in 48 Hours: Why Securing One Layer Is Not Enough", "link": "https://www.stepsecurity.io/blog/5-supply-chain-attacks-in-48-hours-why-securing-one-layer-is-not-enough", "published": "2026-05-21", "sev": "crit" }, { "id": "art-236", "title": "The Wild West of VS Code extensions and how a poisoned extension breached GitHub", "link": "https://www.aikido.dev/blog/vs-code-extension-github-breach", "published": "2026-05-20", "sev": "crit" }, { "id": "art-238", "title": "GitHub breached via a malicious VS Code extension: why developer devices are the real target", "link": "https://www.aikido.dev/blog/github-breached-vs-code-extension", "published": "2026-05-20", "sev": "high" } ], "first_seen": "2026-05-21" }, { "value": "877ff2531a63393c4cb9c3c86908b62d9c4fc3db971bc231c48537faae6cb3ec", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-230", "title": "5 Supply Chain Attacks in 48 Hours: Why Securing One Layer Is Not Enough", "link": "https://www.stepsecurity.io/blog/5-supply-chain-attacks-in-48-hours-why-securing-one-layer-is-not-enough", "published": "2026-05-21", "sev": "crit" } ], "first_seen": "2026-05-21" }, { "value": "b673b4e3400c71bd72464c98610c952e2164f70f946873b82adf3e6212851d54", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-223", "title": "[GHSA / CRITICAL] CVE-2026-46703: Boxlite: Path Traversal Vulnerability Leads to Arbitrary File Write on the Host", "link": "https://github.com/advisories/GHSA-f396-4rp4-7v2j", "published": "2026-05-21", "sev": "crit" } ], "first_seen": "2026-05-21" }, { "value": "cb86f4f223daa54467c7782a0d8607e9c84e2bb633e6f0e51d9a19579e200990", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-230", "title": "5 Supply Chain Attacks in 48 Hours: Why Securing One Layer Is Not Enough", "link": "https://www.stepsecurity.io/blog/5-supply-chain-attacks-in-48-hours-why-securing-one-layer-is-not-enough", "published": "2026-05-21", "sev": "crit" } ], "first_seen": "2026-05-21" }, { "value": "0f03f72a92aef6d63eb74e73f8ac201d", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-228", "title": "The art of being ungovernable", "link": "https://blog.talosintelligence.com/the-art-of-being-ungovernable/", "published": "2026-05-21", "sev": "high" } ], "first_seen": "2026-05-21" }, { "value": "362498c3e71eeaa066a67e4a3f981d1c", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-228", "title": "The art of being ungovernable", "link": "https://blog.talosintelligence.com/the-art-of-being-ungovernable/", "published": "2026-05-21", "sev": "high" } ], "first_seen": "2026-05-21" }, { "value": "acd55c44b8b0d66d66defed85ca18082c092f048d3621da827fce593305c11fd", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-228", "title": "The art of being ungovernable", "link": "https://blog.talosintelligence.com/the-art-of-being-ungovernable/", "published": "2026-05-21", "sev": "high" } ], "first_seen": "2026-05-21" }, { "value": "d87e8d9d43758ce67a8052cb2334b99cc24f9b0437ee44815f360be0b22d835a", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-228", "title": "The art of being ungovernable", "link": "https://blog.talosintelligence.com/the-art-of-being-ungovernable/", "published": "2026-05-21", "sev": "high" } ], "first_seen": "2026-05-21" }, { "value": "CVE-2008-4250", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-242", "title": "CISA KEV: CVE-2008-4250 \u2014 Microsoft Windows Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-20", "sev": "crit" } ], "first_seen": "2026-05-20" }, { "value": "CVE-2009-1537", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-243", "title": "CISA KEV: CVE-2009-1537 \u2014 Microsoft DirectX NULL Byte Overwrite Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-20", "sev": "crit" } ], "first_seen": "2026-05-20" }, { "value": "CVE-2009-3459", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-244", "title": "CISA KEV: CVE-2009-3459 \u2014 Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-20", "sev": "crit" } ], "first_seen": "2026-05-20" }, { "value": "CVE-2010-0249", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-245", "title": "CISA KEV: CVE-2010-0249 \u2014 Microsoft Internet Explorer Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-20", "sev": "crit" } ], "first_seen": "2026-05-20" }, { "value": "CVE-2010-0806", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-245", "title": "CISA KEV: CVE-2010-0249 \u2014 Microsoft Internet Explorer Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-20", "sev": "crit" } ], "first_seen": "2026-05-20" }, { "value": "CVE-2017-7692", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-240", "title": "Webworm: New burrowing techniques", "link": "https://www.welivesecurity.com/en/eset-research/webworm-new-burrowing-techniques/", "published": "2026-05-20", "sev": "crit" } ], "first_seen": "2026-05-20" }, { "value": "CVE-2026-46421", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-235", "title": "[GHSA / CRITICAL] CVE-2026-46421: Supply chain compromise via malicious package versions (@cap-js/sqlite, @cap-js/postgres, @cap-js/db-service)", "link": "https://github.com/advisories/GHSA-pvw4-cvr4-97p8", "published": "2026-05-20", "sev": "crit" } ], "first_seen": "2026-05-20" }, { "value": "appsuites.ai", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-237", "title": "Tracking TamperedChef Clusters via Certificate and Code Reuse", "link": "https://unit42.paloaltonetworks.com/tracking-tampered-chef-clusters/", "published": "2026-05-20", "sev": "crit" } ], "first_seen": "2026-05-20" }, { "value": "crystalpdf.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-237", "title": "Tracking TamperedChef Clusters via Certificate and Code Reuse", "link": "https://unit42.paloaltonetworks.com/tracking-tampered-chef-clusters/", "published": "2026-05-20", "sev": "crit" } ], "first_seen": "2026-05-20" }, { "value": "freeonlinetools.info", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-237", "title": "Tracking TamperedChef Clusters via Certificate and Code Reuse", "link": "https://unit42.paloaltonetworks.com/tracking-tampered-chef-clusters/", "published": "2026-05-20", "sev": "crit" } ], "first_seen": "2026-05-20" }, { "value": "github.com/anjsdgasdf/WordPress", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-240", "title": "Webworm: New burrowing techniques", "link": "https://www.welivesecurity.com/en/eset-research/webworm-new-burrowing-techniques/", "published": "2026-05-20", "sev": "crit" } ], "first_seen": "2026-05-20" }, { "value": "pdf-tool.appsuites.ai", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-237", "title": "Tracking TamperedChef Clusters via Certificate and Code Reuse", "link": "https://unit42.paloaltonetworks.com/tracking-tampered-chef-clusters/", "published": "2026-05-20", "sev": "crit" } ], "first_seen": "2026-05-20" }, { "value": "vault.appsuites.ai", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-237", "title": "Tracking TamperedChef Clusters via Certificate and Code Reuse", "link": "https://unit42.paloaltonetworks.com/tracking-tampered-chef-clusters/", "published": "2026-05-20", "sev": "crit" } ], "first_seen": "2026-05-20" }, { "value": "zero.masscan.cloud", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-235", "title": "[GHSA / CRITICAL] CVE-2026-46421: Supply chain compromise via malicious package versions (@cap-js/sqlite, @cap-js/postgres, @cap-js/db-service)", "link": "https://github.com/advisories/GHSA-pvw4-cvr4-97p8", "published": "2026-05-20", "sev": "crit" } ], "first_seen": "2026-05-20" }, { "value": "104.243.23.43", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-240", "title": "Webworm: New burrowing techniques", "link": "https://www.welivesecurity.com/en/eset-research/webworm-new-burrowing-techniques/", "published": "2026-05-20", "sev": "crit" } ], "first_seen": "2026-05-20" }, { "value": "108.61.200.151", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-240", "title": "Webworm: New burrowing techniques", "link": "https://www.welivesecurity.com/en/eset-research/webworm-new-burrowing-techniques/", "published": "2026-05-20", "sev": "crit" } ], "first_seen": "2026-05-20" }, { "value": "144.168.60.233", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-240", "title": "Webworm: New burrowing techniques", "link": "https://www.welivesecurity.com/en/eset-research/webworm-new-burrowing-techniques/", "published": "2026-05-20", "sev": "crit" } ], "first_seen": "2026-05-20" }, { "value": "45.77.13.67", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-240", "title": "Webworm: New burrowing techniques", "link": "https://www.welivesecurity.com/en/eset-research/webworm-new-burrowing-techniques/", "published": "2026-05-20", "sev": "crit" } ], "first_seen": "2026-05-20" }, { "value": "64.176.85.158", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-240", "title": "Webworm: New burrowing techniques", "link": "https://www.welivesecurity.com/en/eset-research/webworm-new-burrowing-techniques/", "published": "2026-05-20", "sev": "crit" } ], "first_seen": "2026-05-20" }, { "value": "1DF40A4A31B30B62EC33DC6FECC2C4408302ADC7", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-240", "title": "Webworm: New burrowing techniques", "link": "https://www.welivesecurity.com/en/eset-research/webworm-new-burrowing-techniques/", "published": "2026-05-20", "sev": "crit" } ], "first_seen": "2026-05-20" }, { "value": "77F1970D620216C5FFF4E14A6CCC13FCCC267217", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-240", "title": "Webworm: New burrowing techniques", "link": "https://www.welivesecurity.com/en/eset-research/webworm-new-burrowing-techniques/", "published": "2026-05-20", "sev": "crit" } ], "first_seen": "2026-05-20" }, { "value": "7DCFE9EE25841DFD58D3D6871BF867FE32141DFB", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-240", "title": "Webworm: New burrowing techniques", "link": "https://www.welivesecurity.com/en/eset-research/webworm-new-burrowing-techniques/", "published": "2026-05-20", "sev": "crit" } ], "first_seen": "2026-05-20" }, { "value": "948159A7FC2E688386864BEA59FD40DFFC4B24D6", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-240", "title": "Webworm: New burrowing techniques", "link": "https://www.welivesecurity.com/en/eset-research/webworm-new-burrowing-techniques/", "published": "2026-05-20", "sev": "crit" } ], "first_seen": "2026-05-20" }, { "value": "9d88f040c44b5f4d5f9db15ff89310776c168e99", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Aikido" ], "articles": [ { "id": "art-236", "title": "The Wild West of VS Code extensions and how a poisoned extension breached GitHub", "link": "https://www.aikido.dev/blog/vs-code-extension-github-breach", "published": "2026-05-20", "sev": "crit" } ], "first_seen": "2026-05-20" }, { "value": "A3C077BDF8898E612CCD65BC82E7960834ADB2A9", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-240", "title": "Webworm: New burrowing techniques", "link": "https://www.welivesecurity.com/en/eset-research/webworm-new-burrowing-techniques/", "published": "2026-05-20", "sev": "crit" } ], "first_seen": "2026-05-20" }, { "value": "acfc3f957a63b4cde93ff645f2b6bf26a8ed1bbf", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Aikido" ], "articles": [ { "id": "art-236", "title": "The Wild West of VS Code extensions and how a poisoned extension breached GitHub", "link": "https://www.aikido.dev/blog/vs-code-extension-github-breach", "published": "2026-05-20", "sev": "crit" } ], "first_seen": "2026-05-20" }, { "value": "CB4E50433336707381429707F59C3CBE8D497D98", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-240", "title": "Webworm: New burrowing techniques", "link": "https://www.welivesecurity.com/en/eset-research/webworm-new-burrowing-techniques/", "published": "2026-05-20", "sev": "crit" } ], "first_seen": "2026-05-20" }, { "value": "4066781fa830224c8bbcc3aa005a396657f9c8f9016f9a64ad44a9d7f5f45e34", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories", "StepSecurity", "Aikido", "Snyk" ], "articles": [ { "id": "art-235", "title": "[GHSA / CRITICAL] CVE-2026-46421: Supply chain compromise via malicious package versions (@cap-js/sqlite, @cap-js/postgres, @cap-js/db-service)", "link": "https://github.com/advisories/GHSA-pvw4-cvr4-97p8", "published": "2026-05-20", "sev": "crit" }, { "id": "art-333", "title": "Shai-Hulud Worm Pivots to Multi-Cloud: intercom-client@7.0.4 Hijacked \u2014 361,000 Weekly Downloads, AWS, GCP, and Azure Credentials Now in Scope", "link": "https://www.stepsecurity.io/blog/shai-hulud-worm-pivots-to-multi-cloud-intercom-client-hijacked", "published": "2026-05-04", "sev": "crit" }, { "id": "art-345", "title": "Mini Shai-Hulud Targets SAP npm Packages With a Bun-Based Secret Stealer", "link": "https://www.aikido.dev/blog/mini-shai-hulud-has-appeared", "published": "2026-04-29", "sev": "crit" }, { "id": "art-348", "title": "\"A Mini Shai-Hulud Has Appeared\": Bun-Based Stealer Hits SAP @cap-js and mbt npm Packages", "link": "https://snyk.io/blog/bun-based-stealer-hits-sap-cap-js-mbt-npm-packages/", "published": "2026-04-29", "sev": "high" } ], "first_seen": "2026-05-20" }, { "value": "6f933d00b7d05678eb43c90963a80b8947c4ae6830182f89df31da9f568fea95", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories", "Aikido", "Snyk" ], "articles": [ { "id": "art-235", "title": "[GHSA / CRITICAL] CVE-2026-46421: Supply chain compromise via malicious package versions (@cap-js/sqlite, @cap-js/postgres, @cap-js/db-service)", "link": "https://github.com/advisories/GHSA-pvw4-cvr4-97p8", "published": "2026-05-20", "sev": "crit" }, { "id": "art-345", "title": "Mini Shai-Hulud Targets SAP npm Packages With a Bun-Based Secret Stealer", "link": "https://www.aikido.dev/blog/mini-shai-hulud-has-appeared", "published": "2026-04-29", "sev": "crit" }, { "id": "art-348", "title": "\"A Mini Shai-Hulud Has Appeared\": Bun-Based Stealer Hits SAP @cap-js and mbt npm Packages", "link": "https://snyk.io/blog/bun-based-stealer-hits-sap-cap-js-mbt-npm-packages/", "published": "2026-04-29", "sev": "high" } ], "first_seen": "2026-05-20" }, { "value": "eb6eb4154b03ec73218727dc643d26f4e14dfda2438112926bb5daf37ae8bcdb", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-235", "title": "[GHSA / CRITICAL] CVE-2026-46421: Supply chain compromise via malicious package versions (@cap-js/sqlite, @cap-js/postgres, @cap-js/db-service)", "link": "https://github.com/advisories/GHSA-pvw4-cvr4-97p8", "published": "2026-05-20", "sev": "crit" } ], "first_seen": "2026-05-20" }, { "value": "CVE-2025-27636", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-259", "title": "[GHSA / CRITICAL] CVE-2026-47323: Camel-CXF and Camel-Knative Message Header are Vulnerable to Injection via Missing Inbound Filtering", "link": "https://github.com/advisories/GHSA-8364-hfqj-pwm6", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "CVE-2025-29891", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-259", "title": "[GHSA / CRITICAL] CVE-2026-47323: Camel-CXF and Camel-Knative Message Header are Vulnerable to Injection via Missing Inbound Filtering", "link": "https://github.com/advisories/GHSA-8364-hfqj-pwm6", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "CVE-2025-30177", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-259", "title": "[GHSA / CRITICAL] CVE-2026-47323: Camel-CXF and Camel-Knative Message Header are Vulnerable to Injection via Missing Inbound Filtering", "link": "https://github.com/advisories/GHSA-8364-hfqj-pwm6", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "CVE-2026-2587", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-257", "title": "[GHSA / CRITICAL] CVE-2026-2587: GlassFish's gadget handler is vulnerable to RCE", "link": "https://github.com/advisories/GHSA-29wv-cv7p-xjc2", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "CVE-2026-2611", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-264", "title": "[GHSA / CRITICAL] CVE-2026-2611: MLflow: Improper Origin Validation in MLflow Assistant /ajax-api Endpoints Enables Browser-Mediated Local Command Execution", "link": "https://github.com/advisories/GHSA-67c5-x5mf-rppq", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "CVE-2026-40453", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-259", "title": "[GHSA / CRITICAL] CVE-2026-47323: Camel-CXF and Camel-Knative Message Header are Vulnerable to Injection via Missing Inbound Filtering", "link": "https://github.com/advisories/GHSA-8364-hfqj-pwm6", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "CVE-2026-45568", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-260", "title": "[GHSA / CRITICAL] CVE-2026-45568: rok Python ProxyShare can be used as an SSRF proxy through absolute URL paths", "link": "https://github.com/advisories/GHSA-jh67-hwqw-m5r7", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "CVE-2026-45695", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-252", "title": "[GHSA / CRITICAL] CVE-2026-45695: Kopia: RCE via SSH ProxyCommand Injection", "link": "https://github.com/advisories/GHSA-2q4c-3mrw-63c3", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "CVE-2026-45721", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-262", "title": "[GHSA / CRITICAL] CVE-2026-45721: Algernon: handler.lua discovery walks parent directories above the server root", "link": "https://github.com/advisories/GHSA-xwcr-wm99-g9jc", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "CVE-2026-45758", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-255", "title": "[GHSA / CRITICAL] CVE-2026-45758: Malicious code in guardrails-ai 0.10.1 (supply chain compromise)", "link": "https://github.com/advisories/GHSA-xmpw-2vmm-p4p6", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "CVE-2026-46339", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-251", "title": "[GHSA / CRITICAL] CVE-2026-46339: 9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes", "link": "https://github.com/advisories/GHSA-fhh6-4qxv-rpqj", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "CVE-2026-46354", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-249", "title": "[GHSA / CRITICAL] CVE-2026-46354: Coder: PKCS#7 signature bypass in Azure instance identity allows unauthenticated agent token theft", "link": "https://github.com/advisories/GHSA-6x44-w3xg-hqqf", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "CVE-2026-46395", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-261", "title": "[GHSA / CRITICAL] CVE-2026-46395: HAXcms: Private Key Disclosure via Broken HMAC Implementation", "link": "https://github.com/advisories/GHSA-6c8g-9hfh-pq5h", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "CVE-2026-46412", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Snyk", "GitHub Security Advisories" ], "articles": [ { "id": "art-248", "title": "The AntV Supply Chain Campaign Expands: Microsoft's `durabletask` PyPI Package Compromised", "link": "https://snyk.io/blog/durabletask-pypi-supply-chain-attack/", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "CVE-2026-47323", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-259", "title": "[GHSA / CRITICAL] CVE-2026-47323: Camel-CXF and Camel-Knative Message Header are Vulnerable to Injection via Missing Inbound Filtering", "link": "https://github.com/advisories/GHSA-8364-hfqj-pwm6", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "iis.01nmwe.xyz", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-265", "title": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat", "link": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "lee.6686ty.vip", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-265", "title": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat", "link": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "sh.azurestaticprovider.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "StepSecurity", "Snyk" ], "articles": [ { "id": "art-269", "title": "Active Supply Chain Attack: Malicious node-ipc Versions Published to npm", "link": "https://www.stepsecurity.io/blog/node-ipc-npm-supply-chain-attack", "published": "2026-05-19", "sev": "crit" }, { "id": "art-284", "title": "Malicious node-ipc versions published to npm in suspected maintainer account compromise", "link": "https://snyk.io/blog/malicious-node-ipc-versions-published-npm/", "published": "2026-05-15", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "143.92.36.109", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-265", "title": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat", "link": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "154.23.186.99", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-265", "title": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat", "link": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "154.36.149.4", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-265", "title": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat", "link": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "38.181.52.147", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-265", "title": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat", "link": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "45.194.17.133", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-265", "title": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat", "link": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "833fd59ebe66a4449982c6d18db656b4", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Snyk", "GitHub Security Advisories", "Aikido" ], "articles": [ { "id": "art-248", "title": "The AntV Supply Chain Campaign Expands: Microsoft's `durabletask` PyPI Package Compromised", "link": "https://snyk.io/blog/durabletask-pypi-supply-chain-attack/", "published": "2026-05-19", "sev": "crit" }, { "id": "art-315", "title": "Mini Shai-Hulud Is Back: npm Worm Hits over 160 Packages, including Mistral and Tanstack", "link": "https://www.aikido.dev/blog/mini-shai-hulud-is-back-tanstack-compromised", "published": "2026-05-11", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "b82e54923f7e440664d2d75bd31588ca", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Snyk", "GitHub Security Advisories", "Aikido" ], "articles": [ { "id": "art-248", "title": "The AntV Supply Chain Campaign Expands: Microsoft's `durabletask` PyPI Package Compromised", "link": "https://snyk.io/blog/durabletask-pypi-supply-chain-attack/", "published": "2026-05-19", "sev": "crit" }, { "id": "art-315", "title": "Mini Shai-Hulud Is Back: npm Worm Hits over 160 Packages, including Mistral and Tanstack", "link": "https://www.aikido.dev/blog/mini-shai-hulud-is-back-tanstack-compromised", "published": "2026-05-11", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "12ed9a3c1f73617aefdb740480695c04405d7b4b", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Snyk", "GitHub Security Advisories", "Aikido" ], "articles": [ { "id": "art-248", "title": "The AntV Supply Chain Campaign Expands: Microsoft's `durabletask` PyPI Package Compromised", "link": "https://snyk.io/blog/durabletask-pypi-supply-chain-attack/", "published": "2026-05-19", "sev": "crit" }, { "id": "art-315", "title": "Mini Shai-Hulud Is Back: npm Worm Hits over 160 Packages, including Mistral and Tanstack", "link": "https://www.aikido.dev/blog/mini-shai-hulud-is-back-tanstack-compromised", "published": "2026-05-11", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "e7d582b98ca80690883175470e96f703ef6dc497", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Snyk", "GitHub Security Advisories", "StepSecurity", "Aikido" ], "articles": [ { "id": "art-248", "title": "The AntV Supply Chain Campaign Expands: Microsoft's `durabletask` PyPI Package Compromised", "link": "https://snyk.io/blog/durabletask-pypi-supply-chain-attack/", "published": "2026-05-19", "sev": "crit" }, { "id": "art-312", "title": "TeamPCP's Mini Shai-Hulud Is Back: A Self-Spreading Supply Chain Attack Compromises TanStack npm Packages", "link": "https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem", "published": "2026-05-12", "sev": "crit" }, { "id": "art-315", "title": "Mini Shai-Hulud Is Back: npm Worm Hits over 160 Packages, including Mistral and Tanstack", "link": "https://www.aikido.dev/blog/mini-shai-hulud-is-back-tanstack-compromised", "published": "2026-05-11", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "01577f5b0869154fb678bcf86eef50afceb5fc189c87b2085fe5fcdf74cd6ff0", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-265", "title": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat", "link": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "03fef9805e2e7dfd31d9277253fbc1a5c3eddeedee4e1950e42f860b7e936287", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-265", "title": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat", "link": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "0ebe923b7bc39489532b377c69ce808c38206dd931286d0b0b4bf7b245020174", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-265", "title": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat", "link": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "144129f42081dbbacbbd15688dc5f4dcb97c3dd17cc1352abe80b524c0ea7ca8", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-265", "title": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat", "link": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "1bb1187daff9610a0c142b48bc04d3e883344ca0eca8fe915d6a02fb3e7571ff", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-265", "title": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat", "link": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "402c616229aa0c7f98cfc3f4e9781c2468bd79c2d23da1cdf38172cb082a8a9c", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-265", "title": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat", "link": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "4091ddc3560fb60bd3ef071367fd833d67c3c6e3e81165aa3d93519b93959658", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-265", "title": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat", "link": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "44bfb9f0e13dd72ed111b5b5600b80b305ab153a0ee2224957e76391b28ac037", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-265", "title": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat", "link": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "521869f9ee6066c33fb1615cbcad66de157876bd08cec05597e4d3a0405efac8", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-265", "title": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat", "link": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "524a9dfe12299ec9cc3148692b620130c7e767ed0430f211be4128a82c0fdafc", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-265", "title": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat", "link": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "5904b42d8099a6657ea21a6af0ae9bd50ae7ca4b619fee125df133051cff2b8a", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-265", "title": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat", "link": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "59b416efff07208dc8b1c98a6f754e3abc14e55d71971ddc5581f6bc7ca45837", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-265", "title": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat", "link": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "65967f471440449d2f1b615ff1338b8082b0481b617eda4d9f21a9f102b98859", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-265", "title": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat", "link": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "79b3c217f5b7c257d8c7f4c8166102e9754208e60306aa3f4bf917e765fac8ea", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-265", "title": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat", "link": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "7a0e2aee8141c06558347dc4800daba06ab337c5619ba501da49ed03adf8175e", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-265", "title": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat", "link": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "80e9a39292b7af7b9831563799776808e597bade3fba4f4d7b25b6833a8c7e5a", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-265", "title": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat", "link": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "9eb45f6f529f9f385a87b13c41351800a1046718d45e7d99e1feb053c26d469f", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-265", "title": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat", "link": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "a68dd1e6a6e35ec3771e1f94fe796f55dfe65a2b94560516ff4ac189390dfa1c", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Aikido", "StepSecurity", "Snyk" ], "articles": [ { "id": "art-267", "title": "Mini Shai-Hulud strikes again: npm worm compromises hundreds of @antv packages", "link": "https://www.aikido.dev/blog/mini-shai-hulud-antv-npm-supply-chain-attack", "published": "2026-05-19", "sev": "crit" }, { "id": "art-270", "title": "Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Published via Compromised Maintainer Account", "link": "https://snyk.io/blog/mini-shai-hulud-antv-npm-supply-chain-attack/", "published": "2026-05-18", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "b0f419467a36a9ab71fe0aa8e1587377d668789b18907ec0993cb549c61c9d42", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-265", "title": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat", "link": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "b9ba4c4fff3f5042805b2d75484fdf4e0a7e067cfa560b07544570e20775457e", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-265", "title": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat", "link": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "bbf9d7dafba979ef9c1e8531a20d3bea1adcdbb628816ce8781d7eeb6292f265", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-265", "title": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat", "link": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "bf9d8c0c3ed3ceaa831a13de27f1b1c7c7b7f01d2db4103bfdba4191940b0301", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-269", "title": "Active Supply Chain Attack: Malicious node-ipc Versions Published to npm", "link": "https://www.stepsecurity.io/blog/node-ipc-npm-supply-chain-attack", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "c732067b3d8763c248051366ab7beeae0d7fbe105884d4d3f8647e3427f36daf", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-265", "title": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat", "link": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "d0da3be9de8e7068a65247b8195d73e88f454820e13c1de62675e1f845d6fabf", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-265", "title": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat", "link": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "e1c117bfa71d0cf5e9305839d56c73752be53bd6426d4c2b4f5d51ee3735d8e6", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-265", "title": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat", "link": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "e7d8b5647917589949634155d936d8aa4dd25307a9292fb43d47281001859a9b", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-265", "title": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat", "link": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "eda7a7edc01392706a872a5a275940b4a4b9471dc562eb70128ee672872d1407", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-265", "title": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat", "link": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "f1dcd2809a001a0d0ea3221939f7afd2ef9e5bf468709bd91abd70c902c42d45", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-265", "title": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat", "link": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "f9017361349421728fc1ac1bc1549b3d23b35bd795f0a83be2e9e517bccaccdc", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-265", "title": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat", "link": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "fa15ba707356cb474c16ce04abd86ae9d074763ab965e3766d6af56f37003dda", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-265", "title": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat", "link": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "fb5c97557230a27460fdab01fafcfabeaa49590bafd5b6ef30501aa9e0a51142", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Aikido", "StepSecurity", "Snyk" ], "articles": [ { "id": "art-267", "title": "Mini Shai-Hulud strikes again: npm worm compromises hundreds of @antv packages", "link": "https://www.aikido.dev/blog/mini-shai-hulud-antv-npm-supply-chain-attack", "published": "2026-05-19", "sev": "crit" }, { "id": "art-270", "title": "Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Published via Compromised Maintainer Account", "link": "https://snyk.io/blog/mini-shai-hulud-antv-npm-supply-chain-attack/", "published": "2026-05-18", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "fdbe78935bd3f56df43a4702b83a568881f119e43236e92ecf10ca19eac6b87f", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-265", "title": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat", "link": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "ff8095aba365885b0886da894794ac45ae5e0c3363a45ae106383e5bd1353941", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-265", "title": "From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat", "link": "https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/", "published": "2026-05-19", "sev": "crit" } ], "first_seen": "2026-05-19" }, { "value": "CVE-2026-20131", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)", "CISA KEV" ], "articles": [ { "id": "art-278", "title": "IT threat evolution in Q1 2026. Mobile statistics", "link": "https://securelist.com/malware-report-q1-2026-mobile-statistics/119819/", "published": "2026-05-18", "sev": "crit" }, { "id": "art-457", "title": "CISA KEV: CVE-2026-20131 \u2014 Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-19", "sev": "crit" } ], "first_seen": "2026-05-18" }, { "value": "CVE-2026-45625", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-274", "title": "[GHSA / CRITICAL] CVE-2026-45625: Arcane Backend: Missing admin authorization on git repository endpoints allows non-admin users to exfiltrate stored Git credentials and tamper with GitOps confi", "link": "https://github.com/advisories/GHSA-7h26-hg47-p9hx", "published": "2026-05-18", "sev": "crit" } ], "first_seen": "2026-05-18" }, { "value": "CVE-2026-45697", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-273", "title": "[GHSA / CRITICAL] CVE-2026-45697: Formie: Pre-authenticated server-side template injection in Hidden fields", "link": "https://github.com/advisories/GHSA-x7m9-mwc2-g6w2", "published": "2026-05-18", "sev": "crit" } ], "first_seen": "2026-05-18" }, { "value": "CVE-2026-45829", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-271", "title": "[GHSA / CRITICAL] CVE-2026-45829: ChromaDB Python project has a pre-authentication code injection vulnerability", "link": "https://github.com/advisories/GHSA-f4j7-r4q5-qw2c", "published": "2026-05-18", "sev": "crit" } ], "first_seen": "2026-05-18" }, { "value": "CVE-2026-7301", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-276", "title": "[GHSA / CRITICAL] CVE-2026-7301: SGLanG: Multimodal scheduler deserializes untrusted pickle data on 0.0.0.0 ROUTER socket", "link": "https://github.com/advisories/GHSA-gwv6-pq6m-p3rq", "published": "2026-05-18", "sev": "crit" } ], "first_seen": "2026-05-18" }, { "value": "CVE-2026-7302", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-275", "title": "[GHSA / CRITICAL] CVE-2026-7302: SGLang's multimodal generation runtime has an unauthenticated path traversal vulnerability", "link": "https://github.com/advisories/GHSA-qwrp-wghp-94q2", "published": "2026-05-18", "sev": "crit" } ], "first_seen": "2026-05-18" }, { "value": "CVE-2026-7304", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-277", "title": "[GHSA / CRITICAL] CVE-2026-7304: SGLang: Unauthenticated RCE via --enable-custom-logit-processor", "link": "https://github.com/advisories/GHSA-36m8-w8qf-g76p", "published": "2026-05-18", "sev": "crit" } ], "first_seen": "2026-05-18" }, { "value": "m-kosche.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-270", "title": "Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Published via Compromised Maintainer Account", "link": "https://snyk.io/blog/mini-shai-hulud-antv-npm-supply-chain-attack/", "published": "2026-05-18", "sev": "crit" } ], "first_seen": "2026-05-18" }, { "value": "185.95.159.32", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-270", "title": "Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Published via Compromised Maintainer Account", "link": "https://snyk.io/blog/mini-shai-hulud-antv-npm-supply-chain-attack/", "published": "2026-05-18", "sev": "crit" } ], "first_seen": "2026-05-18" }, { "value": "b06b126b9e26af03a7ef2f8b8e90d446", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-270", "title": "Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Published via Compromised Maintainer Account", "link": "https://snyk.io/blog/mini-shai-hulud-antv-npm-supply-chain-attack/", "published": "2026-05-18", "sev": "crit" } ], "first_seen": "2026-05-18" }, { "value": "783b4019fc5b942a29846132d28441c8fc31bed8", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-270", "title": "Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Published via Compromised Maintainer Account", "link": "https://snyk.io/blog/mini-shai-hulud-antv-npm-supply-chain-attack/", "published": "2026-05-18", "sev": "crit" } ], "first_seen": "2026-05-18" }, { "value": "6dbaa43bf2f3c0d3cddbca74967e952da563fb974c1ef9d4ecbb2e58e41fe81b", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-272", "title": "[GHSA / CRITICAL] GHSA-wx9m-wx4f-4cmg: Malicious dropper in mistralai 2.4.6 PyPI package", "link": "https://github.com/advisories/GHSA-wx9m-wx4f-4cmg", "published": "2026-05-18", "sev": "crit" } ], "first_seen": "2026-05-18" }, { "value": "CVE-2026-42897", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-285", "title": "CISA KEV: CVE-2026-42897 \u2014 Microsoft Exchange Server Cross-Site Scripting Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-15", "sev": "crit" } ], "first_seen": "2026-05-15" }, { "value": "azurestaticprovider.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-284", "title": "Malicious node-ipc versions published to npm in suspected maintainer account compromise", "link": "https://snyk.io/blog/malicious-node-ipc-versions-published-npm/", "published": "2026-05-15", "sev": "crit" } ], "first_seen": "2026-05-15" }, { "value": "37.16.75.69", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-284", "title": "Malicious node-ipc versions published to npm in suspected maintainer account compromise", "link": "https://snyk.io/blog/malicious-node-ipc-versions-published-npm/", "published": "2026-05-15", "sev": "crit" } ], "first_seen": "2026-05-15" }, { "value": "194.87.92.109", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-281", "title": "Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files", "link": "https://unit42.paloaltonetworks.com/gremlin-stealer-evolution/", "published": "2026-05-15", "sev": "high" } ], "first_seen": "2026-05-15" }, { "value": "2172dae9a5a695e00e0e4609e7db0207d8566d225f7e815fada246ae995c0f9b", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-281", "title": "Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files", "link": "https://unit42.paloaltonetworks.com/gremlin-stealer-evolution/", "published": "2026-05-15", "sev": "high" } ], "first_seen": "2026-05-15" }, { "value": "CVE-2023-38831", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-309", "title": "FrostyNeighbor: Fresh mischief and digital shenanigans", "link": "https://www.welivesecurity.com/en/eset-research/frostyneighbor-fresh-mischief-digital-shenanigans/", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "CVE-2024-42009", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity", "CISA KEV" ], "articles": [ { "id": "art-309", "title": "FrostyNeighbor: Fresh mischief and digital shenanigans", "link": "https://www.welivesecurity.com/en/eset-research/frostyneighbor-fresh-mischief-digital-shenanigans/", "published": "2026-05-14", "sev": "crit" }, { "id": "art-715", "title": "ESET APT Activity Report Q2 2025\u2013Q3 2025", "link": "https://www.welivesecurity.com/en/eset-research/eset-apt-activity-report-q2-2025-q3-2025/", "published": "2025-11-06", "sev": "crit" }, { "id": "art-876", "title": "CISA KEV: CVE-2024-42009 \u2014 RoundCube Webmail Cross-Site Scripting Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-09", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "CVE-2026-27886", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-305", "title": "[GHSA / CRITICAL] CVE-2026-27886: Strapi may leak sensitive data via relational filtering due to lack of query sanitization", "link": "https://github.com/advisories/GHSA-rjg2-95x7-8qmx", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "CVE-2026-44789", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-301", "title": "[GHSA / CRITICAL] CVE-2026-44789: n8n: HTTP Request Node Pagination Prototype Pollution to RCE", "link": "https://github.com/advisories/GHSA-c8xv-5998-g76h", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "CVE-2026-44791", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-299", "title": "[GHSA / CRITICAL] CVE-2026-44791: n8n Has an XML Node Prototype Pollution Patch Bypass", "link": "https://github.com/advisories/GHSA-wrwr-h859-xh2r", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "CVE-2026-44848", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-298", "title": "[GHSA / CRITICAL] CVE-2026-44848: Portainer missing authorization on Docker plugin endpoints, which allows host RCE", "link": "https://github.com/advisories/GHSA-rrmm-9v76-h3p4", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "CVE-2026-44849", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-297", "title": "[GHSA / CRITICAL] CVE-2026-44849: Portainer has an endpoint security bypass via Swarm service create/update", "link": "https://github.com/advisories/GHSA-5fxq-qcf3-244w", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "CVE-2026-44990", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-295", "title": "[GHSA / CRITICAL] CVE-2026-44990: Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html`", "link": "https://github.com/advisories/GHSA-rpr9-rxv7-x643", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "CVE-2026-45288", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-289", "title": "[GHSA / CRITICAL] CVE-2026-45288: Marten has an injection vulnerability in its full-text search regConfig parameter", "link": "https://github.com/advisories/GHSA-vmw2-qwm8-x84c", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "CVE-2026-45311", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-293", "title": "[GHSA / CRITICAL] CVE-2026-45311: DeepSeek TUI: run_tests Tool Enables RCE via Malicious Repository Without Approval", "link": "https://github.com/advisories/GHSA-wx44-2q6h-j6p8", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "CVE-2026-45369", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-288", "title": "[GHSA / CRITICAL] CVE-2026-45369: utcp-cli Vulnerable to Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol", "link": "https://github.com/advisories/GHSA-33p6-5jxp-p3x4", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "CVE-2026-45374", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-292", "title": "[GHSA / CRITICAL] CVE-2026-45374: DeepSeek TUI: task_create Insecure Defaults Enable RCE via Prompt Injection in Project Files", "link": "https://github.com/advisories/GHSA-72w5-pf8h-xfp4", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "CVE-2026-45411", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-287", "title": "[GHSA / CRITICAL] CVE-2026-45411: vm2 Has a Sandbox Breakout Using Async Generator", "link": "https://github.com/advisories/GHSA-248r-7h7q-cr24", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "CVE-2026-46442", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-304", "title": "[GHSA / CRITICAL] CVE-2026-46442: FlowiseAI: Authenticated Host RCE via POST /api/v1/node-custom-function and NodeVM Sandbox Escape", "link": "https://github.com/advisories/GHSA-9rvc-vf7m-pgm2", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "CVE-2026-8178", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "GitHub Security Advisories" ], "articles": [ { "id": "art-306", "title": "[GHSA / CRITICAL] CVE-2026-8178: Amazon Redshift Vulnerable to Remote Code Execution via Unsafe Class Loading", "link": "https://github.com/advisories/GHSA-wmmv-vvg5-993q", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "book-happy.needbinding.icu", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-309", "title": "FrostyNeighbor: Fresh mischief and digital shenanigans", "link": "https://www.welivesecurity.com/en/eset-research/frostyneighbor-fresh-mischief-digital-shenanigans/", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "female-disorder-beta-metropolitan.trycloudflare.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-308", "title": "Kimsuky targets organizations with PebbleDash-based tools", "link": "https://securelist.com/kimsuky-appleseed-pebbledash-campaigns/119785/", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "nama-belakang.nebao.icu", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-309", "title": "FrostyNeighbor: Fresh mischief and digital shenanigans", "link": "https://www.welivesecurity.com/en/eset-research/frostyneighbor-fresh-mischief-digital-shenanigans/", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "nebao.icu", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-309", "title": "FrostyNeighbor: Fresh mischief and digital shenanigans", "link": "https://www.welivesecurity.com/en/eset-research/frostyneighbor-fresh-mischief-digital-shenanigans/", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "needbinding.icu", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-309", "title": "FrostyNeighbor: Fresh mischief and digital shenanigans", "link": "https://www.welivesecurity.com/en/eset-research/frostyneighbor-fresh-mischief-digital-shenanigans/", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "104.233.156.1", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-302", "title": "Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities", "link": "https://blog.talosintelligence.com/sd-wan-ongoing-exploitation/", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "13.62.52.206", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-302", "title": "Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities", "link": "https://blog.talosintelligence.com/sd-wan-ongoing-exploitation/", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "194.163.175.135", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-302", "title": "Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities", "link": "https://blog.talosintelligence.com/sd-wan-ongoing-exploitation/", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "194.233.100.40", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-302", "title": "Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities", "link": "https://blog.talosintelligence.com/sd-wan-ongoing-exploitation/", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "212.83.162.37", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-302", "title": "Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities", "link": "https://blog.talosintelligence.com/sd-wan-ongoing-exploitation/", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "23.27.143.170", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-302", "title": "Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities", "link": "https://blog.talosintelligence.com/sd-wan-ongoing-exploitation/", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "38.181.52.89", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-302", "title": "Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities", "link": "https://blog.talosintelligence.com/sd-wan-ongoing-exploitation/", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "38.60.214.92", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-302", "title": "Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities", "link": "https://blog.talosintelligence.com/sd-wan-ongoing-exploitation/", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "65.20.67.134", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-302", "title": "Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities", "link": "https://blog.talosintelligence.com/sd-wan-ongoing-exploitation/", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "71.80.85.135", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-302", "title": "Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities", "link": "https://blog.talosintelligence.com/sd-wan-ongoing-exploitation/", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "79.135.105.208", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-302", "title": "Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities", "link": "https://blog.talosintelligence.com/sd-wan-ongoing-exploitation/", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "83.229.126.195", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-302", "title": "Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities", "link": "https://blog.talosintelligence.com/sd-wan-ongoing-exploitation/", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "89.125.244.33", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-302", "title": "Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities", "link": "https://blog.talosintelligence.com/sd-wan-ongoing-exploitation/", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "89.125.244.51", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-302", "title": "Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities", "link": "https://blog.talosintelligence.com/sd-wan-ongoing-exploitation/", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "52f1ff082e981cbdfd1f045c6021c63f", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-308", "title": "Kimsuky targets organizations with PebbleDash-based tools", "link": "https://securelist.com/kimsuky-appleseed-pebbledash-campaigns/119785/", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "65fc9f06de5603e2c1af9b4f288bb22c", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-308", "title": "Kimsuky targets organizations with PebbleDash-based tools", "link": "https://securelist.com/kimsuky-appleseed-pebbledash-campaigns/119785/", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "8983ffa6da23e0b99ccc58c17b9788c7", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-308", "title": "Kimsuky targets organizations with PebbleDash-based tools", "link": "https://securelist.com/kimsuky-appleseed-pebbledash-campaigns/119785/", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "8e15c4d4f71bdd9dbc48cd2cabc87806", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-308", "title": "Kimsuky targets organizations with PebbleDash-based tools", "link": "https://securelist.com/kimsuky-appleseed-pebbledash-campaigns/119785/", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "995a0a49ae4b244928b3f67e2bfd7a6e", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-308", "title": "Kimsuky targets organizations with PebbleDash-based tools", "link": "https://securelist.com/kimsuky-appleseed-pebbledash-campaigns/119785/", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "43E30BE82D82B24A6496F6943ECB6877E83F88AB", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-309", "title": "FrostyNeighbor: Fresh mischief and digital shenanigans", "link": "https://www.welivesecurity.com/en/eset-research/frostyneighbor-fresh-mischief-digital-shenanigans/", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "776A43E46C36A539C916ED426745EE96E2392B39", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-309", "title": "FrostyNeighbor: Fresh mischief and digital shenanigans", "link": "https://www.welivesecurity.com/en/eset-research/frostyneighbor-fresh-mischief-digital-shenanigans/", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "8D1F2A6DF51C7783F2EAF1A0FC0FF8D032E5B57F", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-309", "title": "FrostyNeighbor: Fresh mischief and digital shenanigans", "link": "https://www.welivesecurity.com/en/eset-research/frostyneighbor-fresh-mischief-digital-shenanigans/", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "B65551D339AECE718EA1465BF3542C794C445EFC", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-309", "title": "FrostyNeighbor: Fresh mischief and digital shenanigans", "link": "https://www.welivesecurity.com/en/eset-research/frostyneighbor-fresh-mischief-digital-shenanigans/", "published": "2026-05-14", "sev": "crit" } ], "first_seen": "2026-05-14" }, { "value": "c2efb2dcacba6d3ccc175b6ce1b7ed0a", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-296", "title": "The time of much patching is coming", "link": "https://blog.talosintelligence.com/the-time-of-much-patching-is-coming/", "published": "2026-05-14", "sev": "high" } ], "first_seen": "2026-05-14" }, { "value": "dbd8dbecaa80795c135137d69921fdba", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-296", "title": "The time of much patching is coming", "link": "https://blog.talosintelligence.com/the-time-of-much-patching-is-coming/", "published": "2026-05-14", "sev": "high" } ], "first_seen": "2026-05-14" }, { "value": "90b1456cdbe6bc2779ea0b4736ed9a998a71ae37390331b6ba87e389a49d3d59", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-296", "title": "The time of much patching is coming", "link": "https://blog.talosintelligence.com/the-time-of-much-patching-is-coming/", "published": "2026-05-14", "sev": "high" } ], "first_seen": "2026-05-14" }, { "value": "e60ab99da105ee27ee09ea64ed8eb46d8edc92ee37f039dbc3e2bb9f587a33ba", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-296", "title": "The time of much patching is coming", "link": "https://blog.talosintelligence.com/the-time-of-much-patching-is-coming/", "published": "2026-05-14", "sev": "high" } ], "first_seen": "2026-05-14" }, { "value": "12f35b1081b17d21815b35feb57ab03d02482116", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity", "Aikido" ], "articles": [ { "id": "art-312", "title": "TeamPCP's Mini Shai-Hulud Is Back: A Self-Spreading Supply Chain Attack Compromises TanStack npm Packages", "link": "https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem", "published": "2026-05-12", "sev": "crit" }, { "id": "art-315", "title": "Mini Shai-Hulud Is Back: npm Worm Hits over 160 Packages, including Mistral and Tanstack", "link": "https://www.aikido.dev/blog/mini-shai-hulud-is-back-tanstack-compromised", "published": "2026-05-11", "sev": "crit" } ], "first_seen": "2026-05-12" }, { "value": "820fa07a7328b6cf2b417078e103721d4d8f2e79", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity", "Aikido" ], "articles": [ { "id": "art-312", "title": "TeamPCP's Mini Shai-Hulud Is Back: A Self-Spreading Supply Chain Attack Compromises TanStack npm Packages", "link": "https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem", "published": "2026-05-12", "sev": "crit" }, { "id": "art-315", "title": "Mini Shai-Hulud Is Back: npm Worm Hits over 160 Packages, including Mistral and Tanstack", "link": "https://www.aikido.dev/blog/mini-shai-hulud-is-back-tanstack-compromised", "published": "2026-05-11", "sev": "crit" } ], "first_seen": "2026-05-12" }, { "value": "1e8538c6e0563d50da0f2e097e979ebd5294ce1defe01d0b9fe361ba3bed1898", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-312", "title": "TeamPCP's Mini Shai-Hulud Is Back: A Self-Spreading Supply Chain Attack Compromises TanStack npm Packages", "link": "https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem", "published": "2026-05-12", "sev": "crit" } ], "first_seen": "2026-05-12" }, { "value": "2258284d65f63829bd67eaba01ef6f1ada2f593f9bbe41678b2df360bd90d3df", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity", "Aikido" ], "articles": [ { "id": "art-312", "title": "TeamPCP's Mini Shai-Hulud Is Back: A Self-Spreading Supply Chain Attack Compromises TanStack npm Packages", "link": "https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem", "published": "2026-05-12", "sev": "crit" }, { "id": "art-315", "title": "Mini Shai-Hulud Is Back: npm Worm Hits over 160 Packages, including Mistral and Tanstack", "link": "https://www.aikido.dev/blog/mini-shai-hulud-is-back-tanstack-compromised", "published": "2026-05-11", "sev": "crit" } ], "first_seen": "2026-05-12" }, { "value": "CVE-2022-26923", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-316", "title": "Inside AD CS Escalation: Unpacking Advanced Misuse Techniques and Tools", "link": "https://unit42.paloaltonetworks.com/active-directory-certificate-services-exploitation/", "published": "2026-05-11", "sev": "crit" } ], "first_seen": "2026-05-11" }, { "value": "CVE-2025-29927", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs", "Snyk" ], "articles": [ { "id": "art-322", "title": "PCPJack | Cloud Worm Evicts TeamPCP and Steals Credentials at Scale", "link": "https://www.sentinelone.com/labs/cloud-worm-evicts-teampcp-and-steals-credentials-at-scale/", "published": "2026-05-07", "sev": "crit" }, { "id": "art-948", "title": "CVE-2025-29927 Authorization Bypass in Next.js Middleware", "link": "https://snyk.io/blog/cve-2025-29927-authorization-bypass-in-next-js-middleware/", "published": "2025-03-23", "sev": "high" } ], "first_seen": "2026-05-07" }, { "value": "CVE-2025-48703", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs", "CISA KEV" ], "articles": [ { "id": "art-322", "title": "PCPJack | Cloud Worm Evicts TeamPCP and Steals Credentials at Scale", "link": "https://www.sentinelone.com/labs/cloud-worm-evicts-teampcp-and-steals-credentials-at-scale/", "published": "2026-05-07", "sev": "crit" }, { "id": "art-720", "title": "CISA KEV: CVE-2025-48703 \u2014 CWP Control Web Panel OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-04", "sev": "crit" } ], "first_seen": "2026-05-07" }, { "value": "CVE-2025-9501", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-322", "title": "PCPJack | Cloud Worm Evicts TeamPCP and Steals Credentials at Scale", "link": "https://www.sentinelone.com/labs/cloud-worm-evicts-teampcp-and-steals-credentials-at-scale/", "published": "2026-05-07", "sev": "crit" } ], "first_seen": "2026-05-07" }, { "value": "CVE-2026-0300", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)", "CISA KEV" ], "articles": [ { "id": "art-325", "title": "Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution", "link": "https://unit42.paloaltonetworks.com/captive-portal-zero-day/", "published": "2026-05-07", "sev": "crit" }, { "id": "art-330", "title": "CISA KEV: CVE-2026-0300 \u2014 Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-06", "sev": "crit" } ], "first_seen": "2026-05-07" }, { "value": "CVE-2026-1357", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-322", "title": "PCPJack | Cloud Worm Evicts TeamPCP and Steals Credentials at Scale", "link": "https://www.sentinelone.com/labs/cloud-worm-evicts-teampcp-and-steals-credentials-at-scale/", "published": "2026-05-07", "sev": "crit" } ], "first_seen": "2026-05-07" }, { "value": "CVE-2026-6973", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-326", "title": "CISA KEV: CVE-2026-6973 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-05-07", "sev": "crit" } ], "first_seen": "2026-05-07" }, { "value": "136.0.8.48", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-325", "title": "Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution", "link": "https://unit42.paloaltonetworks.com/captive-portal-zero-day/", "published": "2026-05-07", "sev": "crit" } ], "first_seen": "2026-05-07" }, { "value": "146.70.100.69", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-325", "title": "Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution", "link": "https://unit42.paloaltonetworks.com/captive-portal-zero-day/", "published": "2026-05-07", "sev": "crit" } ], "first_seen": "2026-05-07" }, { "value": "149.104.66.84", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-325", "title": "Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution", "link": "https://unit42.paloaltonetworks.com/captive-portal-zero-day/", "published": "2026-05-07", "sev": "crit" } ], "first_seen": "2026-05-07" }, { "value": "67.206.213.86", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-325", "title": "Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution", "link": "https://unit42.paloaltonetworks.com/captive-portal-zero-day/", "published": "2026-05-07", "sev": "crit" } ], "first_seen": "2026-05-07" }, { "value": "799BB5127CA54239D3D4A14367DB3B712012CF14", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-323", "title": "Fake call logs, real payments: How CallPhantom tricks Android users", "link": "https://www.welivesecurity.com/en/eset-research/fake-call-logs-real-payments-how-callphantom-tricks-android-users/", "published": "2026-05-07", "sev": "crit" } ], "first_seen": "2026-05-07" }, { "value": "e11f69b49b6f2e829454371c31ebf86893f82a042dae3f2faf63dcd84f97a584", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-325", "title": "Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution", "link": "https://unit42.paloaltonetworks.com/captive-portal-zero-day/", "published": "2026-05-07", "sev": "crit" } ], "first_seen": "2026-05-07" }, { "value": "sqgame.com.cn", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-332", "title": "A rigged game: ScarCruft compromises gaming platform in a supply-chain attack", "link": "https://www.welivesecurity.com/en/eset-research/rigged-game-scarcruft-compromises-gaming-platform-supply-chain-attack/", "published": "2026-05-05", "sev": "crit" } ], "first_seen": "2026-05-05" }, { "value": "sqgame.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-332", "title": "A rigged game: ScarCruft compromises gaming platform in a supply-chain attack", "link": "https://www.welivesecurity.com/en/eset-research/rigged-game-scarcruft-compromises-gaming-platform-supply-chain-attack/", "published": "2026-05-05", "sev": "crit" } ], "first_seen": "2026-05-05" }, { "value": "xiazai.sqgame.com.cn", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-332", "title": "A rigged game: ScarCruft compromises gaming platform in a supply-chain attack", "link": "https://www.welivesecurity.com/en/eset-research/rigged-game-scarcruft-compromises-gaming-platform-supply-chain-attack/", "published": "2026-05-05", "sev": "crit" } ], "first_seen": "2026-05-05" }, { "value": "03E3ECE9F48CF4104AAFC535790CA2FB3C6B26CF", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-332", "title": "A rigged game: ScarCruft compromises gaming platform in a supply-chain attack", "link": "https://www.welivesecurity.com/en/eset-research/rigged-game-scarcruft-compromises-gaming-platform-supply-chain-attack/", "published": "2026-05-05", "sev": "crit" } ], "first_seen": "2026-05-05" }, { "value": "FC0C691DB7E2D2BD3B0B4C1E24D18DF72168B7D9", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-332", "title": "A rigged game: ScarCruft compromises gaming platform in a supply-chain attack", "link": "https://www.welivesecurity.com/en/eset-research/rigged-game-scarcruft-compromises-gaming-platform-supply-chain-attack/", "published": "2026-05-05", "sev": "crit" } ], "first_seen": "2026-05-05" }, { "value": "cjn37-uyaaa-aaaac-qgnva-cai.raw.icp0.io", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-336", "title": "CanisterSprawl: pgserve Compromised on npm: Malicious Versions Harvest Credentials and Exfiltrate to a Decentralized ICP Canister", "link": "https://www.stepsecurity.io/blog/pgserve-compromised-on-npm-malicious-versions-harvest-credentials", "published": "2026-05-04", "sev": "crit" } ], "first_seen": "2026-05-04" }, { "value": "telemetry.api-monitor.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-336", "title": "CanisterSprawl: pgserve Compromised on npm: Malicious Versions Harvest Credentials and Exfiltrate to a Decentralized ICP Canister", "link": "https://www.stepsecurity.io/blog/pgserve-compromised-on-npm-malicious-versions-harvest-credentials", "published": "2026-05-04", "sev": "crit" } ], "first_seen": "2026-05-04" }, { "value": "18f784b3bc9a0bcdcb1a8d7f51bc5f54323fc40cbd874119354ab609bef6e4cb", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity", "Aikido" ], "articles": [ { "id": "art-335", "title": "Bitwarden CLI Hijacked on npm: Bun-Staged Credential Stealer Targets Developers, GitHub Actions, and AI Tools", "link": "https://www.stepsecurity.io/blog/bitwarden-cli-hijacked-on-npm-bun-staged-credential-stealer-targets-developers-github-actions-and-ai-tools", "published": "2026-05-04", "sev": "crit" }, { "id": "art-361", "title": "Is Shai-Hulud Back? Compromised Bitwarden CLI Contains a Self-Propagating npm Worm", "link": "https://www.aikido.dev/blog/shai-hulud-npm-bitwarden-cli-compromise", "published": "2026-04-23", "sev": "high" } ], "first_seen": "2026-05-04" }, { "value": "80a3d2877813968ef847ae73b5eeeb70b9435254e74d7f07d8cf4057f0a710ac", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity", "Aikido", "Snyk" ], "articles": [ { "id": "art-333", "title": "Shai-Hulud Worm Pivots to Multi-Cloud: intercom-client@7.0.4 Hijacked \u2014 361,000 Weekly Downloads, AWS, GCP, and Azure Credentials Now in Scope", "link": "https://www.stepsecurity.io/blog/shai-hulud-worm-pivots-to-multi-cloud-intercom-client-hijacked", "published": "2026-05-04", "sev": "crit" }, { "id": "art-345", "title": "Mini Shai-Hulud Targets SAP npm Packages With a Bun-Based Secret Stealer", "link": "https://www.aikido.dev/blog/mini-shai-hulud-has-appeared", "published": "2026-04-29", "sev": "crit" }, { "id": "art-348", "title": "\"A Mini Shai-Hulud Has Appeared\": Bun-Based Stealer Hits SAP @cap-js and mbt npm Packages", "link": "https://snyk.io/blog/bun-based-stealer-hits-sap-cap-js-mbt-npm-packages/", "published": "2026-04-29", "sev": "high" } ], "first_seen": "2026-05-04" }, { "value": "8605e365edf11160aad517c7d79a3b26b62290e5072ef97b102a01ddbb343f14", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-335", "title": "Bitwarden CLI Hijacked on npm: Bun-Staged Credential Stealer Targets Developers, GitHub Actions, and AI Tools", "link": "https://www.stepsecurity.io/blog/bitwarden-cli-hijacked-on-npm-bun-staged-credential-stealer-targets-developers-github-actions-and-ai-tools", "published": "2026-05-04", "sev": "crit" } ], "first_seen": "2026-05-04" }, { "value": "igotnofriendsonlineorirl-imgonnakmslmao.skyhanni.cloud", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "StepSecurity", "Snyk" ], "articles": [ { "id": "art-334", "title": "elementary-data Compromised on PyPI and GHCR: Forged Release Pushed via GitHub Actions Script Injection", "link": "https://www.stepsecurity.io/blog/elementary-data-compromised-on-pypi-and-ghcr-forged-release-pushed-via-github-actions-script-injection", "published": "2026-05-04", "sev": "high" }, { "id": "art-352", "title": "Malicious Release of elementary-data PyPI Package Steals Cloud Credentials from Data Engineers", "link": "https://snyk.io/blog/malicious-release-of-elementary-data-pypi-package-steals-cloud-credentials-from-data-engineers/", "published": "2026-04-27", "sev": "high" } ], "first_seen": "2026-05-04" }, { "value": "CVE-2026-41940", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-344", "title": "CISA KEV: CVE-2026-41940 \u2014 WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "22evxpggnkyrxpluewqsrv5j4jtde6hut2peq3w44d6ase676qlkoead.onion", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-343", "title": "lightning PyPI Compromise: A Bun-Based Credential Stealer in Python", "link": "https://snyk.io/blog/lightning-pypi-compromise-bun-based-credential-stealer/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "40d0f21b64ec8fb3a7a1959897252e09", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-343", "title": "lightning PyPI Compromise: A Bun-Based Credential Stealer in Python", "link": "https://snyk.io/blog/lightning-pypi-compromise-bun-based-credential-stealer/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "f1b3e7b3eec3294c4d6b5f87854a52471f03997f", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-343", "title": "lightning PyPI Compromise: A Bun-Based Credential Stealer in Python", "link": "https://snyk.io/blog/lightning-pypi-compromise-bun-based-credential-stealer/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "56070a9d8de0c0ffb1ec5c309953cf4679432df5a78df9aeb020fbb73d2be9fb", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-343", "title": "lightning PyPI Compromise: A Bun-Based Credential Stealer in Python", "link": "https://snyk.io/blog/lightning-pypi-compromise-bun-based-credential-stealer/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "5f5852b5f604369945118937b058e49064612ac69826e0adadca39a357dfb5b1", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Aikido", "Snyk" ], "articles": [ { "id": "art-339", "title": "Popular PyTorch Lightning Package Compromised by Mini Shai-Hulud", "link": "https://www.aikido.dev/blog/pytorch-lightning-pypi-compromise-mini-shai-hulud", "published": "2026-04-30", "sev": "high" }, { "id": "art-343", "title": "lightning PyPI Compromise: A Bun-Based Credential Stealer in Python", "link": "https://snyk.io/blog/lightning-pypi-compromise-bun-based-credential-stealer/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "8046a11187c135da6959862ff3846e99ad15462d2ec8a2f77a30ad53ebd5dcf2", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Aikido", "Snyk" ], "articles": [ { "id": "art-339", "title": "Popular PyTorch Lightning Package Compromised by Mini Shai-Hulud", "link": "https://www.aikido.dev/blog/pytorch-lightning-pypi-compromise-mini-shai-hulud", "published": "2026-04-30", "sev": "high" }, { "id": "art-343", "title": "lightning PyPI Compromise: A Bun-Based Credential Stealer in Python", "link": "https://snyk.io/blog/lightning-pypi-compromise-bun-based-credential-stealer/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "0af7415d65753f6aede8c9c0f39be478666b9c12", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Aikido", "Snyk" ], "articles": [ { "id": "art-345", "title": "Mini Shai-Hulud Targets SAP npm Packages With a Bun-Based Secret Stealer", "link": "https://www.aikido.dev/blog/mini-shai-hulud-has-appeared", "published": "2026-04-29", "sev": "crit" }, { "id": "art-348", "title": "\"A Mini Shai-Hulud Has Appeared\": Bun-Based Stealer Hits SAP @cap-js and mbt npm Packages", "link": "https://snyk.io/blog/bun-based-stealer-hits-sap-cap-js-mbt-npm-packages/", "published": "2026-04-29", "sev": "high" } ], "first_seen": "2026-04-29" }, { "value": "4b04304f6d51392e3f43856c94ca95800518a694", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Aikido", "Snyk" ], "articles": [ { "id": "art-345", "title": "Mini Shai-Hulud Targets SAP npm Packages With a Bun-Based Secret Stealer", "link": "https://www.aikido.dev/blog/mini-shai-hulud-has-appeared", "published": "2026-04-29", "sev": "crit" }, { "id": "art-348", "title": "\"A Mini Shai-Hulud Has Appeared\": Bun-Based Stealer Hits SAP @cap-js and mbt npm Packages", "link": "https://snyk.io/blog/bun-based-stealer-hits-sap-cap-js-mbt-npm-packages/", "published": "2026-04-29", "sev": "high" } ], "first_seen": "2026-04-29" }, { "value": "7b6a28e92149637e5d7c7f4a2d3e54acd507c929", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Aikido", "Snyk" ], "articles": [ { "id": "art-345", "title": "Mini Shai-Hulud Targets SAP npm Packages With a Bun-Based Secret Stealer", "link": "https://www.aikido.dev/blog/mini-shai-hulud-has-appeared", "published": "2026-04-29", "sev": "crit" }, { "id": "art-348", "title": "\"A Mini Shai-Hulud Has Appeared\": Bun-Based Stealer Hits SAP @cap-js and mbt npm Packages", "link": "https://snyk.io/blog/bun-based-stealer-hits-sap-cap-js-mbt-npm-packages/", "published": "2026-04-29", "sev": "high" } ], "first_seen": "2026-04-29" }, { "value": "e80824a19f48d778a746571bb15279b5679fd61c", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Aikido", "Snyk" ], "articles": [ { "id": "art-345", "title": "Mini Shai-Hulud Targets SAP npm Packages With a Bun-Based Secret Stealer", "link": "https://www.aikido.dev/blog/mini-shai-hulud-has-appeared", "published": "2026-04-29", "sev": "crit" }, { "id": "art-348", "title": "\"A Mini Shai-Hulud Has Appeared\": Bun-Based Stealer Hits SAP @cap-js and mbt npm Packages", "link": "https://snyk.io/blog/bun-based-stealer-hits-sap-cap-js-mbt-npm-packages/", "published": "2026-04-29", "sev": "high" } ], "first_seen": "2026-04-29" }, { "value": "29ac906c8bd801dfe1cb39596197df49f80fff2270b3e7fbab52278c24e4f1a7", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Aikido" ], "articles": [ { "id": "art-345", "title": "Mini Shai-Hulud Targets SAP npm Packages With a Bun-Based Secret Stealer", "link": "https://www.aikido.dev/blog/mini-shai-hulud-has-appeared", "published": "2026-04-29", "sev": "crit" } ], "first_seen": "2026-04-29" }, { "value": "CVE-2026-40478", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-349", "title": "Don't Panic: The Thymeleaf Template Injection That Only Hurts If You Let It (CVE-2026-40478)", "link": "https://snyk.io/blog/thymeleaf-injection/", "published": "2026-04-29", "sev": "high" } ], "first_seen": "2026-04-29" }, { "value": "api.svix.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-346", "title": "Someone published four versions of a fake \"tanstack\" package in 27 minutes to steal your .env files", "link": "https://www.aikido.dev/blog/fake-tanstack-packages-steal-env-files", "published": "2026-04-29", "sev": "high" } ], "first_seen": "2026-04-29" }, { "value": "35baf8316645372eea40b91d48acb067", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-348", "title": "\"A Mini Shai-Hulud Has Appeared\": Bun-Based Stealer Hits SAP @cap-js and mbt npm Packages", "link": "https://snyk.io/blog/bun-based-stealer-hits-sap-cap-js-mbt-npm-packages/", "published": "2026-04-29", "sev": "high" } ], "first_seen": "2026-04-29" }, { "value": "307d0fa7407d40e67d14e9d5a4c61ac5b4f20431", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-348", "title": "\"A Mini Shai-Hulud Has Appeared\": Bun-Based Stealer Hits SAP @cap-js and mbt npm Packages", "link": "https://snyk.io/blog/bun-based-stealer-hits-sap-cap-js-mbt-npm-packages/", "published": "2026-04-29", "sev": "high" } ], "first_seen": "2026-04-29" }, { "value": "04ee5325c8900c9d644ed81c9012525b6fc19f21c65cef85b6ba98b6a0a23566", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-346", "title": "Someone published four versions of a fake \"tanstack\" package in 27 minutes to steal your .env files", "link": "https://www.aikido.dev/blog/fake-tanstack-packages-steal-env-files", "published": "2026-04-29", "sev": "high" } ], "first_seen": "2026-04-29" }, { "value": "72ec4571e27c06f1d48737477c2b38a4f90d699950dab8946b48591133dc4f90", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-346", "title": "Someone published four versions of a fake \"tanstack\" package in 27 minutes to steal your .env files", "link": "https://www.aikido.dev/blog/fake-tanstack-packages-steal-env-files", "published": "2026-04-29", "sev": "high" } ], "first_seen": "2026-04-29" }, { "value": "7bb84e6ba893248814cd3bac70b7bdc115740fba9e13419940c73460cbcd7b6f", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-346", "title": "Someone published four versions of a fake \"tanstack\" package in 27 minutes to steal your .env files", "link": "https://www.aikido.dev/blog/fake-tanstack-packages-steal-env-files", "published": "2026-04-29", "sev": "high" } ], "first_seen": "2026-04-29" }, { "value": "abc164807947b102164488a08161adb4ee08be6b78a371350a6b156eed0d97d9", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-346", "title": "Someone published four versions of a fake \"tanstack\" package in 27 minutes to steal your .env files", "link": "https://www.aikido.dev/blog/fake-tanstack-packages-steal-env-files", "published": "2026-04-29", "sev": "high" } ], "first_seen": "2026-04-29" }, { "value": "CVE-2024-1708", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-350", "title": "CISA KEV: CVE-2024-1708 \u2014 ConnectWise ScreenConnect Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-28", "sev": "crit" } ], "first_seen": "2026-04-28" }, { "value": "CVE-2026-32202", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-351", "title": "CISA KEV: CVE-2026-32202 \u2014 Microsoft Windows Protection Mechanism Failure Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-28", "sev": "crit" } ], "first_seen": "2026-04-28" }, { "value": "CVE-2026-3965", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-353", "title": "Qinglong task scheduler RCE vulnerabilities exploited in the wild for cryptomining", "link": "https://snyk.io/blog/qinglong-task-scheduler-rce-vulnerabilities/", "published": "2026-04-27", "sev": "high" } ], "first_seen": "2026-04-27" }, { "value": "CVE-2026-4047", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-353", "title": "Qinglong task scheduler RCE vulnerabilities exploited in the wild for cryptomining", "link": "https://snyk.io/blog/qinglong-task-scheduler-rce-vulnerabilities/", "published": "2026-04-27", "sev": "high" } ], "first_seen": "2026-04-27" }, { "value": "file.551911.xyz", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-353", "title": "Qinglong task scheduler RCE vulnerabilities exploited in the wild for cryptomining", "link": "https://snyk.io/blog/qinglong-task-scheduler-rce-vulnerabilities/", "published": "2026-04-27", "sev": "high" } ], "first_seen": "2026-04-27" }, { "value": "b1e4b1f3aad0d489ab0e9208031c67402bbb8480", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-352", "title": "Malicious Release of elementary-data PyPI Package Steals Cloud Credentials from Data Engineers", "link": "https://snyk.io/blog/malicious-release-of-elementary-data-pypi-package-steals-cloud-credentials-from-data-engineers/", "published": "2026-04-27", "sev": "high" } ], "first_seen": "2026-04-27" }, { "value": "31ecc5939de6d24cf60c50d4ca26cf7a8c322db82a8ce4bd122ebd89cf634255", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-352", "title": "Malicious Release of elementary-data PyPI Package Steals Cloud Credentials from Data Engineers", "link": "https://snyk.io/blog/malicious-release-of-elementary-data-pypi-package-steals-cloud-credentials-from-data-engineers/", "published": "2026-04-27", "sev": "high" } ], "first_seen": "2026-04-27" }, { "value": "CVE-2024-57726", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-359", "title": "CISA KEV: CVE-2024-57726 \u2014 SimpleHelp Missing Authorization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-24", "sev": "crit" }, { "id": "art-999", "title": "CISA KEV: CVE-2024-57727 \u2014 SimpleHelp Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-13", "sev": "crit" } ], "first_seen": "2026-04-24" }, { "value": "CVE-2024-57728", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-358", "title": "CISA KEV: CVE-2024-57728 \u2014 SimpleHelp Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-24", "sev": "crit" }, { "id": "art-999", "title": "CISA KEV: CVE-2024-57727 \u2014 SimpleHelp Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-13", "sev": "crit" } ], "first_seen": "2026-04-24" }, { "value": "CVE-2024-7399", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-357", "title": "CISA KEV: CVE-2024-7399 \u2014 Samsung MagicINFO 9 Server Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-24", "sev": "crit" }, { "id": "art-897", "title": "CISA KEV: CVE-2025-4632 \u2014 Samsung MagicINFO 9 Server Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-22", "sev": "crit" } ], "first_seen": "2026-04-24" }, { "value": "CVE-2025-29635", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-356", "title": "CISA KEV: CVE-2025-29635 \u2014 D-Link DIR-823X Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-24", "sev": "crit" } ], "first_seen": "2026-04-24" }, { "value": "38.147.173.172", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-365", "title": "CISA KEV: CVE-2026-39987 \u2014 Marimo Remote Code Execution Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "43.231.113.50", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-362", "title": "GopherWhisper: A burrow full of malware", "link": "https://www.welivesecurity.com/en/eset-research/gopherwhisper-burrow-full-malware/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "0ff6abe0252d4f37a196a1231fae5f26", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-360", "title": "fast16 | Mystery Shadow Brokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "410eddfc19de44249897986ecc8ac449", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-360", "title": "fast16 | Mystery Shadow Brokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "dbe51eabebf9d4ef9581ef99844a2944", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-360", "title": "fast16 | Mystery Shadow Brokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "039eb329a173fce7efeca18611a8f2c0f7d24609", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-362", "title": "GopherWhisper: A burrow full of malware", "link": "https://www.welivesecurity.com/en/eset-research/gopherwhisper-burrow-full-malware/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "57c2490e4db194d3503ee85635fb1d6f26e8c534", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-362", "title": "GopherWhisper: A burrow full of malware", "link": "https://www.welivesecurity.com/en/eset-research/gopherwhisper-burrow-full-malware/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "5a1bbb40c442b12594a913431f8c6757a3a66e8f", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-362", "title": "GopherWhisper: A burrow full of malware", "link": "https://www.welivesecurity.com/en/eset-research/gopherwhisper-burrow-full-malware/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "716554dc580a82cc17a1035add302c0766590964", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-362", "title": "GopherWhisper: A burrow full of malware", "link": "https://www.welivesecurity.com/en/eset-research/gopherwhisper-burrow-full-malware/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "926974facfd0383c65458d6ef1f31fbb7c769e18", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-362", "title": "GopherWhisper: A burrow full of malware", "link": "https://www.welivesecurity.com/en/eset-research/gopherwhisper-burrow-full-malware/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "ad7e264eb08415871617e45f21d03f7d71e4c36f", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-362", "title": "GopherWhisper: A burrow full of malware", "link": "https://www.welivesecurity.com/en/eset-research/gopherwhisper-burrow-full-malware/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "c72e7540d6f12d74d8e737b02f31568385f575d7", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-362", "title": "GopherWhisper: A burrow full of malware", "link": "https://www.welivesecurity.com/en/eset-research/gopherwhisper-burrow-full-malware/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "de584703c78a60a56028f9834086facd1401b355", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-360", "title": "fast16 | Mystery Shadow Brokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "fa9e65e58eb8fa41fde0a0a870b7d24b298026d9", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-362", "title": "GopherWhisper: A burrow full of malware", "link": "https://www.welivesecurity.com/en/eset-research/gopherwhisper-burrow-full-malware/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "07c69fc33271cf5a2ce03ac1fed7a3b16357aec093c5bf9ef61fbfa4348d0529", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-360", "title": "fast16 | Mystery Shadow Brokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "8fcb4d3d4df61719ee3da98241393779290e0efcd88a49e363e2a2dfbc04dae9", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-360", "title": "fast16 | Mystery Shadow Brokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "9a10e1faa86a5d39417cae44da5adf38824dfb9a16432e34df766aa1dc9e3525", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-360", "title": "fast16 | Mystery Shadow Brokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "37f34aa3b86db6898065f3ca886031978580a15251f2576f6d24c3b778907336", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-361", "title": "Is Shai-Hulud Back? Compromised Bitwarden CLI Contains a Self-Propagating npm Worm", "link": "https://www.aikido.dev/blog/shai-hulud-npm-bitwarden-cli-compromise", "published": "2026-04-23", "sev": "high" } ], "first_seen": "2026-04-23" }, { "value": "sync.geeker.indevs.in", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-367", "title": "GPT-Proxy Backdoor in npm and PyPI turns Servers into Chinese LLM Relays", "link": "https://www.aikido.dev/blog/gpt-proxy-backdoor-npm-pypi-chinese-llm-relay", "published": "2026-04-22", "sev": "high" } ], "first_seen": "2026-04-22" }, { "value": "3a3d8f8636fa1db21871005a49ecd7fa59688fa763622fa737ce6b899558b300", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-367", "title": "GPT-Proxy Backdoor in npm and PyPI turns Servers into Chinese LLM Relays", "link": "https://www.aikido.dev/blog/gpt-proxy-backdoor-npm-pypi-chinese-llm-relay", "published": "2026-04-22", "sev": "high" } ], "first_seen": "2026-04-22" }, { "value": "5d58ce3119c37f2bd552f4d883a4f4896dfcb8fb04875f844f999497e4ca846d", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-367", "title": "GPT-Proxy Backdoor in npm and PyPI turns Servers into Chinese LLM Relays", "link": "https://www.aikido.dev/blog/gpt-proxy-backdoor-npm-pypi-chinese-llm-relay", "published": "2026-04-22", "sev": "high" } ], "first_seen": "2026-04-22" }, { "value": "b3405b8456f4e82f192cdff6fdd5b290a58fafda01fbc08174105b922bd7b3cf", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-367", "title": "GPT-Proxy Backdoor in npm and PyPI turns Servers into Chinese LLM Relays", "link": "https://www.aikido.dev/blog/gpt-proxy-backdoor-npm-pypi-chinese-llm-relay", "published": "2026-04-22", "sev": "high" } ], "first_seen": "2026-04-22" }, { "value": "fb3ae78d09c119ec335c3b99a95c97d9bb6f92fd2c7c9b0d3e875347e2f25bb2", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-367", "title": "GPT-Proxy Backdoor in npm and PyPI turns Servers into Chinese LLM Relays", "link": "https://www.aikido.dev/blog/gpt-proxy-backdoor-npm-pypi-chinese-llm-relay", "published": "2026-04-22", "sev": "high" } ], "first_seen": "2026-04-22" }, { "value": "CVE-2023-27351", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-374", "title": "CISA KEV: CVE-2023-27351 \u2014 PaperCut NG/MF Improper Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "CVE-2024-27199", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-378", "title": "CISA KEV: CVE-2024-27199 \u2014 JetBrains TeamCity Relative Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "CVE-2025-2749", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-373", "title": "CISA KEV: CVE-2025-2749 \u2014 Kentico Xperience Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-20", "sev": "crit" }, { "id": "art-741", "title": "CISA KEV: CVE-2025-2746 \u2014 Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "CVE-2025-32975", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-377", "title": "CISA KEV: CVE-2025-32975 \u2014 Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "CVE-2025-48700", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-375", "title": "CISA KEV: CVE-2025-48700 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "CVE-2026-34197", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-383", "title": "CISA KEV: CVE-2026-34197 \u2014 Apache ActiveMQ Improper Input Validation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-16", "sev": "crit" } ], "first_seen": "2026-04-16" }, { "value": "CVE-2009-0238", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-385", "title": "CISA KEV: CVE-2009-0238 \u2014 Microsoft Office Remote Code Execution", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-14", "sev": "crit" } ], "first_seen": "2026-04-14" }, { "value": "CVE-2026-32201", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-386", "title": "CISA KEV: CVE-2026-32201 \u2014 Microsoft SharePoint Server Improper Input Validation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-14", "sev": "crit" } ], "first_seen": "2026-04-14" }, { "value": "CVE-2012-1854", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-388", "title": "CISA KEV: CVE-2012-1854 \u2014 Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-13", "sev": "crit" } ], "first_seen": "2026-04-13" }, { "value": "CVE-2020-9715", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-392", "title": "CISA KEV: CVE-2020-9715 \u2014 Adobe Acrobat Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-13", "sev": "crit" } ], "first_seen": "2026-04-13" }, { "value": "CVE-2023-21529", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-390", "title": "CISA KEV: CVE-2023-21529 \u2014 Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-13", "sev": "crit" } ], "first_seen": "2026-04-13" }, { "value": "CVE-2023-36424", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-391", "title": "CISA KEV: CVE-2023-36424 \u2014 Microsoft Windows Out-of-Bounds Read Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-13", "sev": "crit" } ], "first_seen": "2026-04-13" }, { "value": "CVE-2025-60710", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-389", "title": "CISA KEV: CVE-2025-60710 \u2014 Microsoft Windows Link Following Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-13", "sev": "crit" } ], "first_seen": "2026-04-13" }, { "value": "CVE-2026-21643", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-393", "title": "CISA KEV: CVE-2026-21643 \u2014 Fortinet FortiClient EMS SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-13", "sev": "crit" } ], "first_seen": "2026-04-13" }, { "value": "CVE-2026-34621", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-394", "title": "CISA KEV: CVE-2026-34621 \u2014 Adobe Acrobat and Reader Prototype Pollution Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-13", "sev": "crit" } ], "first_seen": "2026-04-13" }, { "value": "api.metrics-trustwallet.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-395", "title": "Securing Vibe Coding and AI Coding Agents: An End-to-End Approach with StepSecurity", "link": "https://www.stepsecurity.io/blog/securing-vibe-coding-and-ai-coding-agents-an-end-to-end-approach-with-stepsecurity", "published": "2026-04-12", "sev": "high" } ], "first_seen": "2026-04-12" }, { "value": "metrics-trustwallet.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-395", "title": "Securing Vibe Coding and AI Coding Agents: An End-to-End Approach with StepSecurity", "link": "https://www.stepsecurity.io/blog/securing-vibe-coding-and-ai-coding-agents-an-end-to-end-approach-with-stepsecurity", "published": "2026-04-12", "sev": "high" } ], "first_seen": "2026-04-12" }, { "value": "CVE-2026-25253", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-404", "title": "Cline Supply Chain Attack Detected: cline@2.3.0 Silently Installs OpenClaw", "link": "https://www.stepsecurity.io/blog/cline-supply-chain-attack-detected-cline-2-3-0-silently-installs-openclaw", "published": "2026-04-09", "sev": "crit" } ], "first_seen": "2026-04-09" }, { "value": "checkmarx.zone", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "StepSecurity", "Snyk", "Aikido" ], "articles": [ { "id": "art-400", "title": "Behind the Scenes: How StepSecurity Detected and Helped Remediate the Largest npm Supply Chain Attack", "link": "https://www.stepsecurity.io/blog/behind-the-scenes-how-stepsecurity-detected-and-helped-remediate-the-largest-npm-supply-chain-attack", "published": "2026-04-09", "sev": "crit" }, { "id": "art-414", "title": "You Patched LiteLLM, But Do You Know Your AI Blast Radius?", "link": "https://snyk.io/blog/litellm-ai-blast-radius/", "published": "2026-04-02", "sev": "high" }, { "id": "art-423", "title": "litellm: Credential Stealer Hidden in PyPI Wheel", "link": "https://www.stepsecurity.io/blog/litellm-credential-stealer-hidden-in-pypi-wheel", "published": "2026-03-28", "sev": "crit" }, { "id": "art-425", "title": "Popular telnyx package compromised on PyPI by TeamPCP", "link": "https://www.aikido.dev/blog/telnyx-pypi-compromised-teampcp-canisterworm", "published": "2026-03-27", "sev": "crit" }, { "id": "art-428", "title": "Checkmarx KICS GitHub Action Compromised: Malware Injected in All Git Tags", "link": "https://www.stepsecurity.io/blog/checkmarx-kics-github-action-compromised-malware-injected-in-all-git-tags", "published": "2026-03-26", "sev": "high" }, { "id": "art-443", "title": "How a Poisoned Security Scanner Became the Key to Backdooring LiteLLM", "link": "https://snyk.io/blog/poisoned-security-scanner-backdooring-litellm/", "published": "2026-03-24", "sev": "crit" } ], "first_seen": "2026-04-09" }, { "value": "models.litellm.cloud", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "StepSecurity", "Snyk" ], "articles": [ { "id": "art-400", "title": "Behind the Scenes: How StepSecurity Detected and Helped Remediate the Largest npm Supply Chain Attack", "link": "https://www.stepsecurity.io/blog/behind-the-scenes-how-stepsecurity-detected-and-helped-remediate-the-largest-npm-supply-chain-attack", "published": "2026-04-09", "sev": "crit" }, { "id": "art-414", "title": "You Patched LiteLLM, But Do You Know Your AI Blast Radius?", "link": "https://snyk.io/blog/litellm-ai-blast-radius/", "published": "2026-04-02", "sev": "high" }, { "id": "art-423", "title": "litellm: Credential Stealer Hidden in PyPI Wheel", "link": "https://www.stepsecurity.io/blog/litellm-credential-stealer-hidden-in-pypi-wheel", "published": "2026-03-28", "sev": "crit" }, { "id": "art-443", "title": "How a Poisoned Security Scanner Became the Key to Backdooring LiteLLM", "link": "https://snyk.io/blog/poisoned-security-scanner-backdooring-litellm/", "published": "2026-03-24", "sev": "crit" } ], "first_seen": "2026-04-09" }, { "value": "plug-tab-protective-relay.trycloudflare.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-400", "title": "Behind the Scenes: How StepSecurity Detected and Helped Remediate the Largest npm Supply Chain Attack", "link": "https://www.stepsecurity.io/blog/behind-the-scenes-how-stepsecurity-detected-and-helped-remediate-the-largest-npm-supply-chain-attack", "published": "2026-04-09", "sev": "crit" } ], "first_seen": "2026-04-09" }, { "value": "scan.aquasecurtiy.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-400", "title": "Behind the Scenes: How StepSecurity Detected and Helped Remediate the Largest npm Supply Chain Attack", "link": "https://www.stepsecurity.io/blog/behind-the-scenes-how-stepsecurity-detected-and-helped-remediate-the-largest-npm-supply-chain-attack", "published": "2026-04-09", "sev": "crit" }, { "id": "art-429", "title": "CanisterWorm: How a Self-Propagating npm Worm Is Spreading Backdoors Across the Ecosystem", "link": "https://www.stepsecurity.io/blog/canisterworm-how-a-self-propagating-npm-worm-is-spreading-backdoors-across-the-ecosystem", "published": "2026-03-26", "sev": "high" }, { "id": "art-430", "title": "Trivy Compromised a Second Time - Malicious v0.69.4 Release, aquasecurity/setup-trivy, aquasecurity/trivy-action GitHub Actions Compromised", "link": "https://www.stepsecurity.io/blog/trivy-compromised-a-second-time---malicious-v0-69-4-release", "published": "2026-03-26", "sev": "high" } ], "first_seen": "2026-04-09" }, { "value": "tdtqy-oyaaa-aaaae-af2dq-cai.raw.icp0.io", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "StepSecurity", "Snyk", "Aikido" ], "articles": [ { "id": "art-400", "title": "Behind the Scenes: How StepSecurity Detected and Helped Remediate the Largest npm Supply Chain Attack", "link": "https://www.stepsecurity.io/blog/behind-the-scenes-how-stepsecurity-detected-and-helped-remediate-the-largest-npm-supply-chain-attack", "published": "2026-04-09", "sev": "crit" }, { "id": "art-414", "title": "You Patched LiteLLM, But Do You Know Your AI Blast Radius?", "link": "https://snyk.io/blog/litellm-ai-blast-radius/", "published": "2026-04-02", "sev": "high" }, { "id": "art-429", "title": "CanisterWorm: How a Self-Propagating npm Worm Is Spreading Backdoors Across the Ecosystem", "link": "https://www.stepsecurity.io/blog/canisterworm-how-a-self-propagating-npm-worm-is-spreading-backdoors-across-the-ecosystem", "published": "2026-03-26", "sev": "high" }, { "id": "art-444", "title": "CanisterWorm Gets Teeth: TeamPCP's Kubernetes Wiper Targets Iran", "link": "https://www.aikido.dev/blog/teampcp-stage-payload-canisterworm-iran", "published": "2026-03-22", "sev": "high" }, { "id": "art-445", "title": "TeamPCP deploys CanisterWorm on NPM following Trivy compromise", "link": "https://www.aikido.dev/blog/teampcp-deploys-worm-npm-trivy-compromise", "published": "2026-03-20", "sev": "high" } ], "first_seen": "2026-04-09" }, { "value": "45.148.10.212", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-400", "title": "Behind the Scenes: How StepSecurity Detected and Helped Remediate the Largest npm Supply Chain Attack", "link": "https://www.stepsecurity.io/blog/behind-the-scenes-how-stepsecurity-detected-and-helped-remediate-the-largest-npm-supply-chain-attack", "published": "2026-04-09", "sev": "crit" } ], "first_seen": "2026-04-09" }, { "value": "0880819ef821cff918960a39c1c1aada55a5593c61c608ea9215da858a86e349", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-400", "title": "Behind the Scenes: How StepSecurity Detected and Helped Remediate the Largest npm Supply Chain Attack", "link": "https://www.stepsecurity.io/blog/behind-the-scenes-how-stepsecurity-detected-and-helped-remediate-the-largest-npm-supply-chain-attack", "published": "2026-04-09", "sev": "crit" } ], "first_seen": "2026-04-09" }, { "value": "6328a34b26a63423b555a61f89a6a0525a534e9c88584c815d937910f1ddd538", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-400", "title": "Behind the Scenes: How StepSecurity Detected and Helped Remediate the Largest npm Supply Chain Attack", "link": "https://www.stepsecurity.io/blog/behind-the-scenes-how-stepsecurity-detected-and-helped-remediate-the-largest-npm-supply-chain-attack", "published": "2026-04-09", "sev": "crit" } ], "first_seen": "2026-04-09" }, { "value": "822dd269ec10459572dfaaefe163dae693c344249a0161953f0d5cdd110bd2a0", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-400", "title": "Behind the Scenes: How StepSecurity Detected and Helped Remediate the Largest npm Supply Chain Attack", "link": "https://www.stepsecurity.io/blog/behind-the-scenes-how-stepsecurity-detected-and-helped-remediate-the-largest-npm-supply-chain-attack", "published": "2026-04-09", "sev": "crit" } ], "first_seen": "2026-04-09" }, { "value": "887e1f5b5b50162a60bd03b66269e0ae545d0aef0583c1c5b00972152ad7e073", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-400", "title": "Behind the Scenes: How StepSecurity Detected and Helped Remediate the Largest npm Supply Chain Attack", "link": "https://www.stepsecurity.io/blog/behind-the-scenes-how-stepsecurity-detected-and-helped-remediate-the-largest-npm-supply-chain-attack", "published": "2026-04-09", "sev": "crit" } ], "first_seen": "2026-04-09" }, { "value": "bef7e2c5a92c4fa4af17791efc1e46311c0f304796f1172fce192f5efc40f5d7", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-400", "title": "Behind the Scenes: How StepSecurity Detected and Helped Remediate the Largest npm Supply Chain Attack", "link": "https://www.stepsecurity.io/blog/behind-the-scenes-how-stepsecurity-detected-and-helped-remediate-the-largest-npm-supply-chain-attack", "published": "2026-04-09", "sev": "crit" } ], "first_seen": "2026-04-09" }, { "value": "d5edd791021b966fb6af0ace09319ace7b97d6642363ef27b3d5056ca654a94c", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-400", "title": "Behind the Scenes: How StepSecurity Detected and Helped Remediate the Largest npm Supply Chain Attack", "link": "https://www.stepsecurity.io/blog/behind-the-scenes-how-stepsecurity-detected-and-helped-remediate-the-largest-npm-supply-chain-attack", "published": "2026-04-09", "sev": "crit" } ], "first_seen": "2026-04-09" }, { "value": "e6310d8a003d7ac101a6b1cd39ff6c6a88ee454b767c1bdce143e04bc1111343", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-400", "title": "Behind the Scenes: How StepSecurity Detected and Helped Remediate the Largest npm Supply Chain Attack", "link": "https://www.stepsecurity.io/blog/behind-the-scenes-how-stepsecurity-detected-and-helped-remediate-the-largest-npm-supply-chain-attack", "published": "2026-04-09", "sev": "crit" } ], "first_seen": "2026-04-09" }, { "value": "e64e152afe2c722d750f10259626f357cdea40420c5eedab37969fbf13abbecf", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-400", "title": "Behind the Scenes: How StepSecurity Detected and Helped Remediate the Largest npm Supply Chain Attack", "link": "https://www.stepsecurity.io/blog/behind-the-scenes-how-stepsecurity-detected-and-helped-remediate-the-largest-npm-supply-chain-attack", "published": "2026-04-09", "sev": "crit" } ], "first_seen": "2026-04-09" }, { "value": "ecce7ae5ffc9f57bb70efd3ea136a2923f701334a8cd47d4fbf01a97fd22859c", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-400", "title": "Behind the Scenes: How StepSecurity Detected and Helped Remediate the Largest npm Supply Chain Attack", "link": "https://www.stepsecurity.io/blog/behind-the-scenes-how-stepsecurity-detected-and-helped-remediate-the-largest-npm-supply-chain-attack", "published": "2026-04-09", "sev": "crit" } ], "first_seen": "2026-04-09" }, { "value": "f7084b0229dce605ccc5506b14acd4d954a496da4b6134a294844ca8d601970d", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-400", "title": "Behind the Scenes: How StepSecurity Detected and Helped Remediate the Largest npm Supply Chain Attack", "link": "https://www.stepsecurity.io/blog/behind-the-scenes-how-stepsecurity-detected-and-helped-remediate-the-largest-npm-supply-chain-attack", "published": "2026-04-09", "sev": "crit" } ], "first_seen": "2026-04-09" }, { "value": "hackmoltrepeat.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-403", "title": "hackerbot-claw: An AI-Powered Bot Actively Exploiting GitHub Actions - Microsoft, DataDog, and CNCF Projects Hit So Far", "link": "https://www.stepsecurity.io/blog/hackerbot-claw-github-actions-exploitation", "published": "2026-04-09", "sev": "high" } ], "first_seen": "2026-04-09" }, { "value": "recv.hackmoltrepeat.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-403", "title": "hackerbot-claw: An AI-Powered Bot Actively Exploiting GitHub Actions - Microsoft, DataDog, and CNCF Projects Hit So Far", "link": "https://www.stepsecurity.io/blog/hackerbot-claw-github-actions-exploitation", "published": "2026-04-09", "sev": "high" } ], "first_seen": "2026-04-09" }, { "value": "89.36.224.5", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-399", "title": "@velora-dex/sdk Compromised on npm: Malicious Version Drops macOS Backdoor via launchctl Persistence", "link": "https://www.stepsecurity.io/blog/velora-dex-sdk-compromised-on-npm-malicious-version-drops-macos-backdoor-via-launchctl-persistence", "published": "2026-04-09", "sev": "high" } ], "first_seen": "2026-04-09" }, { "value": "CVE-2026-1340", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-407", "title": "CISA KEV: CVE-2026-1340 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-08", "sev": "crit" } ], "first_seen": "2026-04-08" }, { "value": "github.com/ColossusQuailPray/oiegjqde", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-405", "title": "GlassWorm goes native: New Zig dropper infects every IDE on your machine", "link": "https://www.aikido.dev/blog/glassworm-zig-dropper-infects-every-ide-on-your-machine", "published": "2026-04-08", "sev": "high" } ], "first_seen": "2026-04-08" }, { "value": "112d1b33dd9b0244525f51e59e6a79ac5ae452bf6e98c310e7b4fa7902e4db44", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-405", "title": "GlassWorm goes native: New Zig dropper infects every IDE on your machine", "link": "https://www.aikido.dev/blog/glassworm-zig-dropper-infects-every-ide-on-your-machine", "published": "2026-04-08", "sev": "high" } ], "first_seen": "2026-04-08" }, { "value": "2819ea44e22b9c47049e86894e544f3fd0de1d8afc7b545314bd3bc718bf2e02", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-405", "title": "GlassWorm goes native: New Zig dropper infects every IDE on your machine", "link": "https://www.aikido.dev/blog/glassworm-zig-dropper-infects-every-ide-on-your-machine", "published": "2026-04-08", "sev": "high" } ], "first_seen": "2026-04-08" }, { "value": "CVE-2026-3502", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-415", "title": "CISA KEV: CVE-2026-3502 \u2014 TrueConf Client Download of Code Without Integrity Check Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-02", "sev": "crit" } ], "first_seen": "2026-04-02" }, { "value": "83.142.209.11", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-414", "title": "You Patched LiteLLM, But Do You Know Your AI Blast Radius?", "link": "https://snyk.io/blog/litellm-ai-blast-radius/", "published": "2026-04-02", "sev": "high" }, { "id": "art-443", "title": "How a Poisoned Security Scanner Became the Key to Backdooring LiteLLM", "link": "https://snyk.io/blog/poisoned-security-scanner-backdooring-litellm/", "published": "2026-03-24", "sev": "crit" } ], "first_seen": "2026-04-02" }, { "value": "83.142.209.203", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "StepSecurity", "Snyk", "Aikido" ], "articles": [ { "id": "art-413", "title": "TeamPCP Plants WAV Steganography Credential Stealer in telnyx PyPI Package", "link": "https://www.stepsecurity.io/blog/teampcp-plants-wav-steganography-credential-stealer-in-telnyx-pypi-package", "published": "2026-04-02", "sev": "crit" }, { "id": "art-414", "title": "You Patched LiteLLM, But Do You Know Your AI Blast Radius?", "link": "https://snyk.io/blog/litellm-ai-blast-radius/", "published": "2026-04-02", "sev": "high" }, { "id": "art-425", "title": "Popular telnyx package compromised on PyPI by TeamPCP", "link": "https://www.aikido.dev/blog/telnyx-pypi-compromised-teampcp-canisterworm", "published": "2026-03-27", "sev": "crit" } ], "first_seen": "2026-04-02" }, { "value": "aquasecurtiy.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-414", "title": "You Patched LiteLLM, But Do You Know Your AI Blast Radius?", "link": "https://snyk.io/blog/litellm-ai-blast-radius/", "published": "2026-04-02", "sev": "high" } ], "first_seen": "2026-04-02" }, { "value": "cdn.rraghh.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-412", "title": "Malicious IoliteLabs VSCode Extensions Target Solidity Developers on Windows, macOS, and Linux with Backdoor", "link": "https://www.stepsecurity.io/blog/malicious-iolitelabs-vscode-extensions-target-solidity-developers-on-windows-macos-and-linux-with-backdoor", "published": "2026-04-02", "sev": "high" } ], "first_seen": "2026-04-02" }, { "value": "championships-peoples-point-cassette.trycloudflare.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk", "Aikido" ], "articles": [ { "id": "art-414", "title": "You Patched LiteLLM, But Do You Know Your AI Blast Radius?", "link": "https://snyk.io/blog/litellm-ai-blast-radius/", "published": "2026-04-02", "sev": "high" }, { "id": "art-444", "title": "CanisterWorm Gets Teeth: TeamPCP's Kubernetes Wiper Targets Iran", "link": "https://www.aikido.dev/blog/teampcp-stage-payload-canisterworm-iran", "published": "2026-03-22", "sev": "high" } ], "first_seen": "2026-04-02" }, { "value": "investigation-launches-hearings-copying.trycloudflare.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-414", "title": "You Patched LiteLLM, But Do You Know Your AI Blast Radius?", "link": "https://snyk.io/blog/litellm-ai-blast-radius/", "published": "2026-04-02", "sev": "high" } ], "first_seen": "2026-04-02" }, { "value": "oortt.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-412", "title": "Malicious IoliteLabs VSCode Extensions Target Solidity Developers on Windows, macOS, and Linux with Backdoor", "link": "https://www.stepsecurity.io/blog/malicious-iolitelabs-vscode-extensions-target-solidity-developers-on-windows-macos-and-linux-with-backdoor", "published": "2026-04-02", "sev": "high" } ], "first_seen": "2026-04-02" }, { "value": "rraghh.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-412", "title": "Malicious IoliteLabs VSCode Extensions Target Solidity Developers on Windows, macOS, and Linux with Backdoor", "link": "https://www.stepsecurity.io/blog/malicious-iolitelabs-vscode-extensions-target-solidity-developers-on-windows-macos-and-linux-with-backdoor", "published": "2026-04-02", "sev": "high" } ], "first_seen": "2026-04-02" }, { "value": "souls-entire-defined-routes.trycloudflare.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk", "Aikido" ], "articles": [ { "id": "art-414", "title": "You Patched LiteLLM, But Do You Know Your AI Blast Radius?", "link": "https://snyk.io/blog/litellm-ai-blast-radius/", "published": "2026-04-02", "sev": "high" }, { "id": "art-444", "title": "CanisterWorm Gets Teeth: TeamPCP's Kubernetes Wiper Targets Iran", "link": "https://www.aikido.dev/blog/teampcp-stage-payload-canisterworm-iran", "published": "2026-03-22", "sev": "high" } ], "first_seen": "2026-04-02" }, { "value": "46.151.182.203", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-414", "title": "You Patched LiteLLM, But Do You Know Your AI Blast Radius?", "link": "https://snyk.io/blog/litellm-ai-blast-radius/", "published": "2026-04-02", "sev": "high" } ], "first_seen": "2026-04-02" }, { "value": "e903ae267bf7ed1d02b218c1dc7cf6d87257e87de9fbda411a13f9154716bfa3", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-412", "title": "Malicious IoliteLabs VSCode Extensions Target Solidity Developers on Windows, macOS, and Linux with Backdoor", "link": "https://www.stepsecurity.io/blog/malicious-iolitelabs-vscode-extensions-target-solidity-developers-on-windows-macos-and-linux-with-backdoor", "published": "2026-04-02", "sev": "high" } ], "first_seen": "2026-04-02" }, { "value": "fcd398abc51fd16e8bc93ef8d88a23d7dec28081b6dfce4b933020322a610508", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-412", "title": "Malicious IoliteLabs VSCode Extensions Target Solidity Developers on Windows, macOS, and Linux with Backdoor", "link": "https://www.stepsecurity.io/blog/malicious-iolitelabs-vscode-extensions-target-solidity-developers-on-windows-macos-and-linux-with-backdoor", "published": "2026-04-02", "sev": "high" } ], "first_seen": "2026-04-02" }, { "value": "CVE-2026-5281", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-418", "title": "CISA KEV: CVE-2026-5281 \u2014 Google Dawn Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-01", "sev": "crit" } ], "first_seen": "2026-04-01" }, { "value": "CVE-2026-3055", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-422", "title": "CISA KEV: CVE-2026-3055 \u2014 Citrix NetScaler Out-of-Bounds Read Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-30", "sev": "crit" } ], "first_seen": "2026-03-30" }, { "value": "617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk", "Aikido" ], "articles": [ { "id": "art-420", "title": "Axios npm Package Compromised: Supply Chain Attack Delivers Cross-Platform RAT", "link": "https://snyk.io/blog/axios-npm-package-compromised-supply-chain-attack-delivers-cross-platform/", "published": "2026-03-30", "sev": "high" }, { "id": "art-421", "title": "axios compromised on npm: maintainer account hijacked, RAT deployed", "link": "https://www.aikido.dev/blog/axios-npm-compromised-maintainer-hijacked-rat", "published": "2026-03-30", "sev": "high" } ], "first_seen": "2026-03-30" }, { "value": "92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk", "Aikido" ], "articles": [ { "id": "art-420", "title": "Axios npm Package Compromised: Supply Chain Attack Delivers Cross-Platform RAT", "link": "https://snyk.io/blog/axios-npm-package-compromised-supply-chain-attack-delivers-cross-platform/", "published": "2026-03-30", "sev": "high" }, { "id": "art-421", "title": "axios compromised on npm: maintainer account hijacked, RAT deployed", "link": "https://www.aikido.dev/blog/axios-npm-compromised-maintainer-hijacked-rat", "published": "2026-03-30", "sev": "high" } ], "first_seen": "2026-03-30" }, { "value": "ed8560c1ac7ceb6983ba995124d5917dc1a00288912387a6389296637d5f815c", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-421", "title": "axios compromised on npm: maintainer account hijacked, RAT deployed", "link": "https://www.aikido.dev/blog/axios-npm-compromised-maintainer-hijacked-rat", "published": "2026-03-30", "sev": "high" } ], "first_seen": "2026-03-30" }, { "value": "f7d335205b8d7b20208fb3ef93ee6dc817905dc3ae0c10a0b164f4e7d07121cd", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-421", "title": "axios compromised on npm: maintainer account hijacked, RAT deployed", "link": "https://www.aikido.dev/blog/axios-npm-compromised-maintainer-hijacked-rat", "published": "2026-03-30", "sev": "high" } ], "first_seen": "2026-03-30" }, { "value": "fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk", "Aikido" ], "articles": [ { "id": "art-420", "title": "Axios npm Package Compromised: Supply Chain Attack Delivers Cross-Platform RAT", "link": "https://snyk.io/blog/axios-npm-package-compromised-supply-chain-attack-delivers-cross-platform/", "published": "2026-03-30", "sev": "high" }, { "id": "art-421", "title": "axios compromised on npm: maintainer account hijacked, RAT deployed", "link": "https://www.aikido.dev/blog/axios-npm-compromised-maintainer-hijacked-rat", "published": "2026-03-30", "sev": "high" } ], "first_seen": "2026-03-30" }, { "value": "CVE-2025-53521", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-427", "title": "CISA KEV: CVE-2025-53521 \u2014 F5 BIG-IP Stack-Based Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-27", "sev": "crit" } ], "first_seen": "2026-03-27" }, { "value": "7321caa303fe96ded0492c747d2f353c4f7d17185656fe292ab0a59e2bd0b8d9", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Aikido" ], "articles": [ { "id": "art-425", "title": "Popular telnyx package compromised on PyPI by TeamPCP", "link": "https://www.aikido.dev/blog/telnyx-pypi-compromised-teampcp-canisterworm", "published": "2026-03-27", "sev": "crit" } ], "first_seen": "2026-03-27" }, { "value": "cd08115806662469bbedec4b03f8427b97c8a4b3bc1442dc18b72b4e19395fe3", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Aikido" ], "articles": [ { "id": "art-425", "title": "Popular telnyx package compromised on PyPI by TeamPCP", "link": "https://www.aikido.dev/blog/telnyx-pypi-compromised-teampcp-canisterworm", "published": "2026-03-27", "sev": "crit" } ], "first_seen": "2026-03-27" }, { "value": "cloudflareguard.vercel.app", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-433", "title": "Malicious Polymarket Bot Hides in Hijacked dev-protocol GitHub Org and Steals Wallet Keys", "link": "https://www.stepsecurity.io/blog/malicious-polymarket-bot-hides-in-hijacked-dev-protocol-github-org-and-steals-wallet-keys", "published": "2026-03-26", "sev": "crit" } ], "first_seen": "2026-03-26" }, { "value": "cloudflareinsights.vercel.app", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-433", "title": "Malicious Polymarket Bot Hides in Hijacked dev-protocol GitHub Org and Steals Wallet Keys", "link": "https://www.stepsecurity.io/blog/malicious-polymarket-bot-hides-in-hijacked-dev-protocol-github-org-and-steals-wallet-keys", "published": "2026-03-26", "sev": "crit" } ], "first_seen": "2026-03-26" }, { "value": "finney.metagraph-stats.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-431", "title": "bittensor-wallet 4.0.2 Compromised on PyPI - Backdoor Exfiltrates Private Keys", "link": "https://www.stepsecurity.io/blog/bittensor-wallet-4-0-2-compromised-on-pypi---backdoor-exfiltrates-private-keys", "published": "2026-03-26", "sev": "crit" } ], "first_seen": "2026-03-26" }, { "value": "finney.opentensor-metrics.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-431", "title": "bittensor-wallet 4.0.2 Compromised on PyPI - Backdoor Exfiltrates Private Keys", "link": "https://www.stepsecurity.io/blog/bittensor-wallet-4-0-2-compromised-on-pypi---backdoor-exfiltrates-private-keys", "published": "2026-03-26", "sev": "crit" } ], "first_seen": "2026-03-26" }, { "value": "finney.subtensor-telemetry.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-431", "title": "bittensor-wallet 4.0.2 Compromised on PyPI - Backdoor Exfiltrates Private Keys", "link": "https://www.stepsecurity.io/blog/bittensor-wallet-4-0-2-compromised-on-pypi---backdoor-exfiltrates-private-keys", "published": "2026-03-26", "sev": "crit" } ], "first_seen": "2026-03-26" }, { "value": "opentensor-cdn.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-431", "title": "bittensor-wallet 4.0.2 Compromised on PyPI - Backdoor Exfiltrates Private Keys", "link": "https://www.stepsecurity.io/blog/bittensor-wallet-4-0-2-compromised-on-pypi---backdoor-exfiltrates-private-keys", "published": "2026-03-26", "sev": "crit" } ], "first_seen": "2026-03-26" }, { "value": "t.opentensor-cdn.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-431", "title": "bittensor-wallet 4.0.2 Compromised on PyPI - Backdoor Exfiltrates Private Keys", "link": "https://www.stepsecurity.io/blog/bittensor-wallet-4-0-2-compromised-on-pypi---backdoor-exfiltrates-private-keys", "published": "2026-03-26", "sev": "crit" } ], "first_seen": "2026-03-26" }, { "value": "tbqcbkpbhy.opentensor-cdn.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-431", "title": "bittensor-wallet 4.0.2 Compromised on PyPI - Backdoor Exfiltrates Private Keys", "link": "https://www.stepsecurity.io/blog/bittensor-wallet-4-0-2-compromised-on-pypi---backdoor-exfiltrates-private-keys", "published": "2026-03-26", "sev": "crit" } ], "first_seen": "2026-03-26" }, { "value": "tuwyqibtvy.opentensor-cdn.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-431", "title": "bittensor-wallet 4.0.2 Compromised on PyPI - Backdoor Exfiltrates Private Keys", "link": "https://www.stepsecurity.io/blog/bittensor-wallet-4-0-2-compromised-on-pypi---backdoor-exfiltrates-private-keys", "published": "2026-03-26", "sev": "crit" } ], "first_seen": "2026-03-26" }, { "value": "yccansiwfr.opentensor-cdn.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-431", "title": "bittensor-wallet 4.0.2 Compromised on PyPI - Backdoor Exfiltrates Private Keys", "link": "https://www.stepsecurity.io/blog/bittensor-wallet-4-0-2-compromised-on-pypi---backdoor-exfiltrates-private-keys", "published": "2026-03-26", "sev": "crit" } ], "first_seen": "2026-03-26" }, { "value": "217.69.0.159", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "StepSecurity", "Aikido" ], "articles": [ { "id": "art-434", "title": "ForceMemo: Hundreds of GitHub Python Repos Compromised via Account Takeover and Force-Push", "link": "https://www.stepsecurity.io/blog/forcememo-hundreds-of-github-python-repos-compromised-via-account-takeover-and-force-push", "published": "2026-03-26", "sev": "crit" }, { "id": "art-458", "title": "GlassWorm Hides a RAT Inside a Malicious Chrome Extension", "link": "https://www.aikido.dev/blog/glassworm-chrome-extension-rat", "published": "2026-03-18", "sev": "crit" } ], "first_seen": "2026-03-26" }, { "value": "6a416b72ff24804abc12484a3b41413a8580acedd8a5f8c84224fcf0732c2f8e", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-431", "title": "bittensor-wallet 4.0.2 Compromised on PyPI - Backdoor Exfiltrates Private Keys", "link": "https://www.stepsecurity.io/blog/bittensor-wallet-4-0-2-compromised-on-pypi---backdoor-exfiltrates-private-keys", "published": "2026-03-26", "sev": "crit" } ], "first_seen": "2026-03-26" }, { "value": "security-verify.91.214.78.178.nip.io", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-435", "title": "xygeni-action Compromised: C2 Reverse Shell Backdoor Injected via Tag Poisoning", "link": "https://www.stepsecurity.io/blog/xygeni-action-compromised-c2-reverse-shell-backdoor-injected-via-tag-poisoning", "published": "2026-03-26", "sev": "high" } ], "first_seen": "2026-03-26" }, { "value": "91.214.78.178", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-435", "title": "xygeni-action Compromised: C2 Reverse Shell Backdoor Injected via Tag Poisoning", "link": "https://www.stepsecurity.io/blog/xygeni-action-compromised-c2-reverse-shell-backdoor-injected-via-tag-poisoning", "published": "2026-03-26", "sev": "high" } ], "first_seen": "2026-03-26" }, { "value": "CVE-2026-33017", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-440", "title": "CISA KEV: CVE-2026-33017 \u2014 Langflow Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-25", "sev": "crit" } ], "first_seen": "2026-03-25" }, { "value": "CVE-2025-31277", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-450", "title": "CISA KEV: CVE-2025-43510 \u2014 Apple Multiple Products Improper Locking Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-20", "sev": "crit" } ], "first_seen": "2026-03-20" }, { "value": "CVE-2025-32432", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-448", "title": "CISA KEV: CVE-2025-32432 \u2014 Craft CMS Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-20", "sev": "crit" }, { "id": "art-888", "title": "CISA KEV: CVE-2025-35939 \u2014 Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-02", "sev": "crit" }, { "id": "art-919", "title": "CISA KEV: CVE-2024-58136 \u2014 Yiiframework Yii Improper Protection of Alternate Path Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-02", "sev": "crit" } ], "first_seen": "2026-03-20" }, { "value": "CVE-2025-43510", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-450", "title": "CISA KEV: CVE-2025-43510 \u2014 Apple Multiple Products Improper Locking Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-20", "sev": "crit" } ], "first_seen": "2026-03-20" }, { "value": "CVE-2025-43520", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-451", "title": "CISA KEV: CVE-2025-43520 \u2014 Apple Multiple Products Classic Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-20", "sev": "crit" } ], "first_seen": "2026-03-20" }, { "value": "CVE-2025-54068", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-449", "title": "CISA KEV: CVE-2025-54068 \u2014 Laravel Livewire Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-20", "sev": "crit" } ], "first_seen": "2026-03-20" }, { "value": "CVE-2025-12420", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-456", "title": "AI Is Building Your Attack Surface. Are You Testing It?", "link": "https://snyk.io/blog/ai-is-building-your-attack-surface-are-you-testing-it/", "published": "2026-03-19", "sev": "high" }, { "id": "art-514", "title": "Claude Code Security: A Welcome Evolution in the Remediation Loop", "link": "https://snyk.io/blog/claude-code-remediation-loop-evolution/", "published": "2026-02-23", "sev": "high" }, { "id": "art-624", "title": "ServiceNow's Virtual Agent Vulnerability Shows Why AI Security Needs Traditional AppSec Foundations", "link": "https://snyk.io/blog/servicenow-virtual-agent-vulnerability/", "published": "2026-01-14", "sev": "high" } ], "first_seen": "2026-03-19" }, { "value": "CVE-2025-66376", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-461", "title": "CISA KEV: CVE-2025-66376 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-18", "sev": "crit" } ], "first_seen": "2026-03-18" }, { "value": "CVE-2026-20963", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-462", "title": "CISA KEV: CVE-2026-20963 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-18", "sev": "crit" } ], "first_seen": "2026-03-18" }, { "value": "raw.githubusercontent.com/BlokTrooper/extension", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Aikido" ], "articles": [ { "id": "art-459", "title": "fast-draft Open VSX Extension Compromised by BlokTrooper", "link": "https://www.aikido.dev/blog/fast-draft-open-vsx-bloktrooper", "published": "2026-03-18", "sev": "crit" } ], "first_seen": "2026-03-18" }, { "value": "195.201.104.53", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Aikido" ], "articles": [ { "id": "art-459", "title": "fast-draft Open VSX Extension Compromised by BlokTrooper", "link": "https://www.aikido.dev/blog/fast-draft-open-vsx-bloktrooper", "published": "2026-03-18", "sev": "crit" } ], "first_seen": "2026-03-18" }, { "value": "217.69.3.152", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Aikido" ], "articles": [ { "id": "art-458", "title": "GlassWorm Hides a RAT Inside a Malicious Chrome Extension", "link": "https://www.aikido.dev/blog/glassworm-chrome-extension-rat", "published": "2026-03-18", "sev": "crit" }, { "id": "art-466", "title": "Glassworm Strikes Popular React Native Phone Number Packages", "link": "https://www.aikido.dev/blog/glassworm-strikes-react-packages-phone-numbers", "published": "2026-03-16", "sev": "high" } ], "first_seen": "2026-03-18" }, { "value": "45.150.34.158", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Aikido" ], "articles": [ { "id": "art-458", "title": "GlassWorm Hides a RAT Inside a Malicious Chrome Extension", "link": "https://www.aikido.dev/blog/glassworm-chrome-extension-rat", "published": "2026-03-18", "sev": "crit" } ], "first_seen": "2026-03-18" }, { "value": "06fab21dc276e3ab9b5d0a1532398979fd377b080c86d74f2c53a04603a43b1d", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Aikido" ], "articles": [ { "id": "art-458", "title": "GlassWorm Hides a RAT Inside a Malicious Chrome Extension", "link": "https://www.aikido.dev/blog/glassworm-chrome-extension-rat", "published": "2026-03-18", "sev": "crit" } ], "first_seen": "2026-03-18" }, { "value": "CVE-2025-47813", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-467", "title": "CISA KEV: CVE-2025-47813 \u2014 Wing FTP Server Information Disclosure Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-16", "sev": "crit" } ], "first_seen": "2026-03-16" }, { "value": "59221aa9623d86c930357dba7e3f54138c7ccbd0daa9c483d766cd8ce1b6ad26", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-466", "title": "Glassworm Strikes Popular React Native Phone Number Packages", "link": "https://www.aikido.dev/blog/glassworm-strikes-react-packages-phone-numbers", "published": "2026-03-16", "sev": "high" } ], "first_seen": "2026-03-16" }, { "value": "CVE-2026-3909", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-472", "title": "CISA KEV: CVE-2026-3909 \u2014 Google Skia Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-13", "sev": "crit" } ], "first_seen": "2026-03-13" }, { "value": "CVE-2026-3910", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-471", "title": "CISA KEV: CVE-2026-3910 \u2014 Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-13", "sev": "crit" } ], "first_seen": "2026-03-13" }, { "value": "iili.io", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Lab52" ], "articles": [ { "id": "art-470", "title": "DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear", "link": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/", "published": "2026-03-13", "sev": "high" } ], "first_seen": "2026-03-13" }, { "value": "short-link.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Lab52" ], "articles": [ { "id": "art-470", "title": "DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear", "link": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/", "published": "2026-03-13", "sev": "high" } ], "first_seen": "2026-03-13" }, { "value": "188.137.228.162", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Lab52" ], "articles": [ { "id": "art-470", "title": "DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear", "link": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/", "published": "2026-03-13", "sev": "high" } ], "first_seen": "2026-03-13" }, { "value": "80.89.224.13", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Lab52" ], "articles": [ { "id": "art-470", "title": "DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear", "link": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/", "published": "2026-03-13", "sev": "high" } ], "first_seen": "2026-03-13" }, { "value": "107b2badfc93fcdd3ffda7d3999477ced3f39f43f458dd0f6a424c9ab52681c3", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Lab52" ], "articles": [ { "id": "art-470", "title": "DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear", "link": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/", "published": "2026-03-13", "sev": "high" } ], "first_seen": "2026-03-13" }, { "value": "21fefc3913d3d2dfde7f0dff54800ca7512eb5df9513b1a457a2af25fdd51b26", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Lab52" ], "articles": [ { "id": "art-470", "title": "DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear", "link": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/", "published": "2026-03-13", "sev": "high" } ], "first_seen": "2026-03-13" }, { "value": "2b5d8f8db5fd38ae1c34807dcba35b057cffa61eb14ba3b558f82eb630480c3f", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Lab52" ], "articles": [ { "id": "art-470", "title": "DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear", "link": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/", "published": "2026-03-13", "sev": "high" } ], "first_seen": "2026-03-13" }, { "value": "32973ef02e10a585a4a0196b013265e29fc57d8e1c50752f7b39e43b9f388715", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Lab52" ], "articles": [ { "id": "art-470", "title": "DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear", "link": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/", "published": "2026-03-13", "sev": "high" } ], "first_seen": "2026-03-13" }, { "value": "352f34ea5cc40e2b3ec056ae60fa19a368dbd42503ef225cb1ca57956eb05e81", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Lab52" ], "articles": [ { "id": "art-470", "title": "DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear", "link": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/", "published": "2026-03-13", "sev": "high" } ], "first_seen": "2026-03-13" }, { "value": "51e86408904c0ca3778361cde746783a0f2b9fd2a6782aa7e062aa597151876e", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Lab52" ], "articles": [ { "id": "art-470", "title": "DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear", "link": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/", "published": "2026-03-13", "sev": "high" } ], "first_seen": "2026-03-13" }, { "value": "5b978cdc46afa28d83e532cd19622d9097bebedf87efc4c87bd35d8ffad9e672", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Lab52" ], "articles": [ { "id": "art-470", "title": "DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear", "link": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/", "published": "2026-03-13", "sev": "high" } ], "first_seen": "2026-03-13" }, { "value": "6178b1af51057c0bac75a842afff500a8fa3ed957d79a712a6ef089bec7e7a8b", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Lab52" ], "articles": [ { "id": "art-470", "title": "DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear", "link": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/", "published": "2026-03-13", "sev": "high" } ], "first_seen": "2026-03-13" }, { "value": "66a7828bc8c6c783b2ffa3c906d53f6dae1bbddc019283cc369d7d73247c5181", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Lab52" ], "articles": [ { "id": "art-470", "title": "DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear", "link": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/", "published": "2026-03-13", "sev": "high" } ], "first_seen": "2026-03-13" }, { "value": "6fea579685d2433cedb1c32ef704575dcbc1d0a623769e824023ffccd0dedaae", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Lab52" ], "articles": [ { "id": "art-470", "title": "DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear", "link": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/", "published": "2026-03-13", "sev": "high" } ], "first_seen": "2026-03-13" }, { "value": "76eb713e38f145ee68b89f2febd8f9a28bbb2b464da61cb029d84433a0b2c746", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Lab52" ], "articles": [ { "id": "art-470", "title": "DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear", "link": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/", "published": "2026-03-13", "sev": "high" } ], "first_seen": "2026-03-13" }, { "value": "801c47550799831bfb1ac6c5c3fd698be95da19fc85bd65f5d8639f26244d2a9", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Lab52" ], "articles": [ { "id": "art-470", "title": "DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear", "link": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/", "published": "2026-03-13", "sev": "high" } ], "first_seen": "2026-03-13" }, { "value": "886df55794cbca146de96dcc626471b3c097a5c20ba488033b24f4347aa20a14", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Lab52" ], "articles": [ { "id": "art-470", "title": "DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear", "link": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/", "published": "2026-03-13", "sev": "high" } ], "first_seen": "2026-03-13" }, { "value": "8c6ea44ce7f4ed4e4e7e19e11b3b345d58785c93b33aa795ddd1b0d753236b05", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Lab52" ], "articles": [ { "id": "art-470", "title": "DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear", "link": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/", "published": "2026-03-13", "sev": "high" } ], "first_seen": "2026-03-13" }, { "value": "9367f4b4d2775ff47279d143dd9a0ef544ddff81946aab33da9350a49f14e1e1", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Lab52" ], "articles": [ { "id": "art-470", "title": "DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear", "link": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/", "published": "2026-03-13", "sev": "high" } ], "first_seen": "2026-03-13" }, { "value": "993d55f60414bf2092f421c3d0ac6af1897a21cc4ea260ae8e610a402bf4c81c", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Lab52" ], "articles": [ { "id": "art-470", "title": "DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear", "link": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/", "published": "2026-03-13", "sev": "high" } ], "first_seen": "2026-03-13" }, { "value": "a545908c931ec47884b5ccfb1f112435f5d0cdac140e664673672c9df9016672", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Lab52" ], "articles": [ { "id": "art-470", "title": "DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear", "link": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/", "published": "2026-03-13", "sev": "high" } ], "first_seen": "2026-03-13" }, { "value": "ac60eefc2607216f8126c0b22b6243f3862ef2bb265c585deee0d00a20a436b3", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Lab52" ], "articles": [ { "id": "art-470", "title": "DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear", "link": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/", "published": "2026-03-13", "sev": "high" } ], "first_seen": "2026-03-13" }, { "value": "b891fa118db5190f07b18be46eb9bc10677f9afab1406a7d52ce587522ab3d28", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Lab52" ], "articles": [ { "id": "art-470", "title": "DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear", "link": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/", "published": "2026-03-13", "sev": "high" } ], "first_seen": "2026-03-13" }, { "value": "bad7c6f6ca25363a02eaceb3ed1e378218dc4a246a63d723cfcc5feee3af5056", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Lab52" ], "articles": [ { "id": "art-470", "title": "DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear", "link": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/", "published": "2026-03-13", "sev": "high" } ], "first_seen": "2026-03-13" }, { "value": "c6905bae088982a2b234451b45db742098f2e2ab4fd6ca62c8f4e801160552aa", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Lab52" ], "articles": [ { "id": "art-470", "title": "DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear", "link": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/", "published": "2026-03-13", "sev": "high" } ], "first_seen": "2026-03-13" }, { "value": "ccb7d999ee4d979e175b8c87e09ccda0cbc93b6140471283e3a1f1f9da33759d", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Lab52" ], "articles": [ { "id": "art-470", "title": "DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear", "link": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/", "published": "2026-03-13", "sev": "high" } ], "first_seen": "2026-03-13" }, { "value": "e20831cecd763d0dc91fb39f3bd61d17002608c5a40a6cf0bd16111f4e50d341", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Lab52" ], "articles": [ { "id": "art-470", "title": "DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear", "link": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/", "published": "2026-03-13", "sev": "high" } ], "first_seen": "2026-03-13" }, { "value": "eb9c1649e01db6a9a94d5d50373e54865d672b14ad6f221c98047c562d3cc0f3", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Lab52" ], "articles": [ { "id": "art-470", "title": "DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear", "link": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/", "published": "2026-03-13", "sev": "high" } ], "first_seen": "2026-03-13" }, { "value": "ee90b01b16099e0bb23d4653607a3a559590fc8d0c43120b8456fb1860d2e630", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Lab52" ], "articles": [ { "id": "art-470", "title": "DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear", "link": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/", "published": "2026-03-13", "sev": "high" } ], "first_seen": "2026-03-13" }, { "value": "fb16933b09a4fcca5beff93da05566e924017fb534a2f45caf57b57a633f43a6", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Lab52" ], "articles": [ { "id": "art-470", "title": "DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear", "link": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/", "published": "2026-03-13", "sev": "high" } ], "first_seen": "2026-03-13" }, { "value": "CVE-2025-68613", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-476", "title": "CISA KEV: CVE-2025-68613 \u2014 n8n Improper Control of Dynamically-Managed Code Resources Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-11", "sev": "crit" } ], "first_seen": "2026-03-11" }, { "value": "929c6399c4fde4fe236bd6712b2c53f750d9ad3a", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-475", "title": "kubernetes-el Compromised: How a Pwn Request Exploited a Popular Emacs Package", "link": "https://www.stepsecurity.io/blog/kubernetes-el-compromised-how-a-pwn-request-exploited-a-popular-emacs-package", "published": "2026-03-11", "sev": "high" } ], "first_seen": "2026-03-11" }, { "value": "99B454262DC26B081600E844371982A49D334E5E", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-477", "title": "Sednit reloaded: Back in the trenches", "link": "https://www.welivesecurity.com/en/eset-research/sednit-reloaded-back-trenches/", "published": "2026-03-10", "sev": "crit" } ], "first_seen": "2026-03-10" }, { "value": "D0DB619A7A160949528D46D20FC0151BF9775C32", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-477", "title": "Sednit reloaded: Back in the trenches", "link": "https://www.welivesecurity.com/en/eset-research/sednit-reloaded-back-trenches/", "published": "2026-03-10", "sev": "crit" } ], "first_seen": "2026-03-10" }, { "value": "CVE-2021-22054", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-481", "title": "CISA KEV: CVE-2021-22054 \u2014 Omnissa Workspace ONE Server-Side Request Forgery", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-09", "sev": "crit" } ], "first_seen": "2026-03-09" }, { "value": "CVE-2025-26399", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-482", "title": "CISA KEV: CVE-2025-26399 \u2014 SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-09", "sev": "crit" } ], "first_seen": "2026-03-09" }, { "value": "CVE-2026-1603", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-483", "title": "CISA KEV: CVE-2026-1603 \u2014 Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-09", "sev": "crit" } ], "first_seen": "2026-03-09" }, { "value": "CVE-2017-7921", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-487", "title": "CISA KEV: CVE-2017-7921 \u2014 Hikvision Multiple Products Improper Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-05", "sev": "crit" }, { "id": "art-830", "title": "CISA KEV: CVE-2020-25078 \u2014 D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-05", "sev": "crit" } ], "first_seen": "2026-03-05" }, { "value": "CVE-2021-22681", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-488", "title": "CISA KEV: CVE-2021-22681 \u2014 Rockwell Multiple Products Insufficient Protected Credentials Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-05", "sev": "crit" } ], "first_seen": "2026-03-05" }, { "value": "CVE-2021-30952", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-490", "title": "CISA KEV: CVE-2021-30952 \u2014 Apple Multiple Products Integer Overflow or Wraparound Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-05", "sev": "crit" } ], "first_seen": "2026-03-05" }, { "value": "CVE-2023-43000", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-489", "title": "CISA KEV: CVE-2023-43000 \u2014 Apple Multiple products Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-05", "sev": "crit" } ], "first_seen": "2026-03-05" }, { "value": "CVE-2026-21385", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-497", "title": "CISA KEV: CVE-2026-21385 \u2014 Qualcomm Multiple Chipsets Memory Corruption Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-03", "sev": "crit" } ], "first_seen": "2026-03-03" }, { "value": "CVE-2026-22719", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-496", "title": "CISA KEV: CVE-2026-22719 \u2014 Broadcom VMware Aria Operations Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-03", "sev": "crit" } ], "first_seen": "2026-03-03" }, { "value": "CVE-2026-27148", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Aikido" ], "articles": [ { "id": "art-494", "title": "Persistent XSS/RCE using WebSockets in Storybook\u2019s dev server", "link": "https://www.aikido.dev/blog/storybooks-websockets-attack", "published": "2026-03-03", "sev": "crit" } ], "first_seen": "2026-03-03" }, { "value": "decoorat.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Lab52" ], "articles": [ { "id": "art-503", "title": "PlugX Meeting Invitation via MSBuild and GDATA", "link": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/", "published": "2026-02-26", "sev": "crit" } ], "first_seen": "2026-02-26" }, { "value": "decoraat.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Lab52" ], "articles": [ { "id": "art-503", "title": "PlugX Meeting Invitation via MSBuild and GDATA", "link": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/", "published": "2026-02-26", "sev": "crit" } ], "first_seen": "2026-02-26" }, { "value": "gesecole.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Lab52" ], "articles": [ { "id": "art-503", "title": "PlugX Meeting Invitation via MSBuild and GDATA", "link": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/", "published": "2026-02-26", "sev": "crit" } ], "first_seen": "2026-02-26" }, { "value": "onedow.gesecole.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Lab52" ], "articles": [ { "id": "art-503", "title": "PlugX Meeting Invitation via MSBuild and GDATA", "link": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/", "published": "2026-02-26", "sev": "crit" } ], "first_seen": "2026-02-26" }, { "value": "onedown.gesecole.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Lab52" ], "articles": [ { "id": "art-503", "title": "PlugX Meeting Invitation via MSBuild and GDATA", "link": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/", "published": "2026-02-26", "sev": "crit" } ], "first_seen": "2026-02-26" }, { "value": "381247c1d4c68a406237d7d3aa030930", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Lab52" ], "articles": [ { "id": "art-503", "title": "PlugX Meeting Invitation via MSBuild and GDATA", "link": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/", "published": "2026-02-26", "sev": "crit" } ], "first_seen": "2026-02-26" }, { "value": "769687f93869a70511aac1ef7c752455", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Lab52" ], "articles": [ { "id": "art-503", "title": "PlugX Meeting Invitation via MSBuild and GDATA", "link": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/", "published": "2026-02-26", "sev": "crit" } ], "first_seen": "2026-02-26" }, { "value": "7a75e713db41c28378e823322fdea0fd", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Lab52" ], "articles": [ { "id": "art-503", "title": "PlugX Meeting Invitation via MSBuild and GDATA", "link": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/", "published": "2026-02-26", "sev": "crit" } ], "first_seen": "2026-02-26" }, { "value": "9f331a11a054f33664fe86543fc34cf0", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Lab52" ], "articles": [ { "id": "art-503", "title": "PlugX Meeting Invitation via MSBuild and GDATA", "link": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/", "published": "2026-02-26", "sev": "crit" } ], "first_seen": "2026-02-26" }, { "value": "e7cb954f4bbdbadbd2c0206577621683", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Lab52" ], "articles": [ { "id": "art-503", "title": "PlugX Meeting Invitation via MSBuild and GDATA", "link": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/", "published": "2026-02-26", "sev": "crit" } ], "first_seen": "2026-02-26" }, { "value": "1151100a0aa1ed88f7897709444fd3b3b1044c10", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Lab52" ], "articles": [ { "id": "art-503", "title": "PlugX Meeting Invitation via MSBuild and GDATA", "link": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/", "published": "2026-02-26", "sev": "crit" } ], "first_seen": "2026-02-26" }, { "value": "2336c9a20ecd53ec1be468282bae94c8160eb93a", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Lab52" ], "articles": [ { "id": "art-503", "title": "PlugX Meeting Invitation via MSBuild and GDATA", "link": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/", "published": "2026-02-26", "sev": "crit" } ], "first_seen": "2026-02-26" }, { "value": "ad833604d230b241e180950980ea462b3812f82a", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Lab52" ], "articles": [ { "id": "art-503", "title": "PlugX Meeting Invitation via MSBuild and GDATA", "link": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/", "published": "2026-02-26", "sev": "crit" } ], "first_seen": "2026-02-26" }, { "value": "d1a86ed06b18efef5ce724d2129cf1583b779b44", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Lab52" ], "articles": [ { "id": "art-503", "title": "PlugX Meeting Invitation via MSBuild and GDATA", "link": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/", "published": "2026-02-26", "sev": "crit" } ], "first_seen": "2026-02-26" }, { "value": "f06da8e29c3f0fafabfc3a524ae8b21730b57ed3", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Lab52" ], "articles": [ { "id": "art-503", "title": "PlugX Meeting Invitation via MSBuild and GDATA", "link": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/", "published": "2026-02-26", "sev": "crit" } ], "first_seen": "2026-02-26" }, { "value": "29cd44aa2a51a200d82cca578d97dc13241bc906ea6a33b132c6ca567dc8f3ad", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Lab52" ], "articles": [ { "id": "art-503", "title": "PlugX Meeting Invitation via MSBuild and GDATA", "link": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/", "published": "2026-02-26", "sev": "crit" } ], "first_seen": "2026-02-26" }, { "value": "46314092c8d00ab93cbbdc824b9fc39dec9303169163b9625bae3b1717d70ebc", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Lab52" ], "articles": [ { "id": "art-503", "title": "PlugX Meeting Invitation via MSBuild and GDATA", "link": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/", "published": "2026-02-26", "sev": "crit" } ], "first_seen": "2026-02-26" }, { "value": "5f9af68db10b029453264cfc9b8eee4265549a2855bb79668ccfc571fb11f5fc", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Lab52" ], "articles": [ { "id": "art-503", "title": "PlugX Meeting Invitation via MSBuild and GDATA", "link": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/", "published": "2026-02-26", "sev": "crit" } ], "first_seen": "2026-02-26" }, { "value": "6df8649bf4e233ee86a896ee8e5a3b3179c168ef927ac9283b945186f8629ee7", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Lab52" ], "articles": [ { "id": "art-503", "title": "PlugX Meeting Invitation via MSBuild and GDATA", "link": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/", "published": "2026-02-26", "sev": "crit" } ], "first_seen": "2026-02-26" }, { "value": "8421e7995778faf1f2a902fb2c51d85ae39481f443b7b3186068d5c33c472d99", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Lab52" ], "articles": [ { "id": "art-503", "title": "PlugX Meeting Invitation via MSBuild and GDATA", "link": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/", "published": "2026-02-26", "sev": "crit" } ], "first_seen": "2026-02-26" }, { "value": "d293ded5a63679b81556d2c622c78be6253f500b6751d4eeb271e6500a23b21e", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Lab52" ], "articles": [ { "id": "art-503", "title": "PlugX Meeting Invitation via MSBuild and GDATA", "link": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/", "published": "2026-02-26", "sev": "crit" } ], "first_seen": "2026-02-26" }, { "value": "de8ddc2451fb1305d76ab20661725d11c77625aeeaa1447faf3fbf56706c87f1", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Lab52" ], "articles": [ { "id": "art-503", "title": "PlugX Meeting Invitation via MSBuild and GDATA", "link": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/", "published": "2026-02-26", "sev": "crit" } ], "first_seen": "2026-02-26" }, { "value": "e7ed0cd4115f3ff35c38d36cc50c6a13eba2d845554439a36108789cd1e05b17", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Lab52" ], "articles": [ { "id": "art-503", "title": "PlugX Meeting Invitation via MSBuild and GDATA", "link": "https://lab52.io/blog/plugx-meeting-invitation-via-msbuild-and-gdata/", "published": "2026-02-26", "sev": "crit" } ], "first_seen": "2026-02-26" }, { "value": "CVE-2022-20775", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-504", "title": "CISA KEV: CVE-2022-20775 \u2014 Cisco SD-WAN Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-25", "sev": "crit" } ], "first_seen": "2026-02-25" }, { "value": "CVE-2026-25108", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-509", "title": "CISA KEV: CVE-2026-25108 \u2014 Soliton Systems K.K FileZen OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-24", "sev": "crit" } ], "first_seen": "2026-02-24" }, { "value": "CVE-2026-25545", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-510", "title": "Astro Full-Read SSRF via Host Header Injection", "link": "https://www.aikido.dev/blog/astro-full-read-ssrf-via-host-header-injection", "published": "2026-02-23", "sev": "high" } ], "first_seen": "2026-02-23" }, { "value": "CVE-2025-49113", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-516", "title": "CISA KEV: CVE-2025-49113 \u2014 RoundCube Webmail Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-20", "sev": "crit" } ], "first_seen": "2026-02-20" }, { "value": "CVE-2025-68461", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-517", "title": "CISA KEV: CVE-2025-68461 \u2014 RoundCube Webmail Cross-site Scripting Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-20", "sev": "crit" } ], "first_seen": "2026-02-20" }, { "value": "CVE-2026-27118", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Aikido" ], "articles": [ { "id": "art-518", "title": "SvelteSpill: A Cache Deception Bug in SvelteKit + Vercel", "link": "https://www.aikido.dev/blog/sveltespill-cache-deception-sveltekit-vercel", "published": "2026-02-19", "sev": "crit" } ], "first_seen": "2026-02-19" }, { "value": "attacker.oastify.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-521", "title": "How \u201cClinejection\u201d Turned an AI Bot into a Supply Chain Attack", "link": "https://snyk.io/blog/cline-supply-chain-attack-prompt-injection-github-actions/", "published": "2026-02-19", "sev": "high" } ], "first_seen": "2026-02-19" }, { "value": "CVE-2021-22175", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-523", "title": "CISA KEV: CVE-2021-22175 \u2014 GitLab Server-Side Request Forgery (SSRF) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-18", "sev": "crit" } ], "first_seen": "2026-02-18" }, { "value": "CVE-2008-0015", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-532", "title": "CISA KEV: CVE-2008-0015 \u2014 Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-17", "sev": "crit" } ], "first_seen": "2026-02-17" }, { "value": "CVE-2020-7796", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-530", "title": "CISA KEV: CVE-2020-7796 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-17", "sev": "crit" } ], "first_seen": "2026-02-17" }, { "value": "CVE-2024-7694", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-531", "title": "CISA KEV: CVE-2024-7694 \u2014 TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-17", "sev": "crit" } ], "first_seen": "2026-02-17" }, { "value": "CVE-2026-2441", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-533", "title": "CISA KEV: CVE-2026-2441 \u2014 Google Chromium CSS Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-17", "sev": "crit" } ], "first_seen": "2026-02-17" }, { "value": "gali.web.test.myapptest.top", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-535", "title": "npm backdoor lets hackers hijack gambling outcomes", "link": "https://www.aikido.dev/blog/npm-backdoor-lets-hackers-hijack-gambling-outcomes", "published": "2026-02-16", "sev": "high" } ], "first_seen": "2026-02-16" }, { "value": "gameland.21game.live", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-535", "title": "npm backdoor lets hackers hijack gambling outcomes", "link": "https://www.aikido.dev/blog/npm-backdoor-lets-hackers-hijack-gambling-outcomes", "published": "2026-02-16", "sev": "high" } ], "first_seen": "2026-02-16" }, { "value": "gameland.myapptest.top", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-535", "title": "npm backdoor lets hackers hijack gambling outcomes", "link": "https://www.aikido.dev/blog/npm-backdoor-lets-hackers-hijack-gambling-outcomes", "published": "2026-02-16", "sev": "high" } ], "first_seen": "2026-02-16" }, { "value": "gameland.nbzysp1.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-535", "title": "npm backdoor lets hackers hijack gambling outcomes", "link": "https://www.aikido.dev/blog/npm-backdoor-lets-hackers-hijack-gambling-outcomes", "published": "2026-02-16", "sev": "high" } ], "first_seen": "2026-02-16" }, { "value": "payment.snip-site.cc", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-535", "title": "npm backdoor lets hackers hijack gambling outcomes", "link": "https://www.aikido.dev/blog/npm-backdoor-lets-hackers-hijack-gambling-outcomes", "published": "2026-02-16", "sev": "high" } ], "first_seen": "2026-02-16" }, { "value": "payment.y1pay.vip", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-535", "title": "npm backdoor lets hackers hijack gambling outcomes", "link": "https://www.aikido.dev/blog/npm-backdoor-lets-hackers-hijack-gambling-outcomes", "published": "2026-02-16", "sev": "high" } ], "first_seen": "2026-02-16" }, { "value": "CVE-2024-3094", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity", "Snyk" ], "articles": [ { "id": "art-538", "title": "2024 in Review: The Evolution of CI/CD Security & What's Next", "link": "https://www.stepsecurity.io/blog/2024-in-review-the-evolution-of-ci-cd-security-whats-next", "published": "2026-02-15", "sev": "high" }, { "id": "art-1266", "title": "The XZ backdoor CVE-2024-3094", "link": "https://snyk.io/blog/the-xz-backdoor-cve-2024-3094/", "published": "2024-03-31", "sev": "crit" } ], "first_seen": "2026-02-15" }, { "value": "319feb5a9cddd81955d915b5632b4a5f8f9080281fb46e2f6d69d53f693c23ae", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity", "Snyk" ], "articles": [ { "id": "art-538", "title": "2024 in Review: The Evolution of CI/CD Security & What's Next", "link": "https://www.stepsecurity.io/blog/2024-in-review-the-evolution-of-ci-cd-security-whats-next", "published": "2026-02-15", "sev": "high" }, { "id": "art-1266", "title": "The XZ backdoor CVE-2024-3094", "link": "https://snyk.io/blog/the-xz-backdoor-cve-2024-3094/", "published": "2024-03-31", "sev": "crit" } ], "first_seen": "2026-02-15" }, { "value": "5448850cdc3a7ae41ff53b433c2adbd0ff492515012412ee63a40d2685db3049", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity", "Snyk" ], "articles": [ { "id": "art-538", "title": "2024 in Review: The Evolution of CI/CD Security & What's Next", "link": "https://www.stepsecurity.io/blog/2024-in-review-the-evolution-of-ci-cd-security-whats-next", "published": "2026-02-15", "sev": "high" }, { "id": "art-1266", "title": "The XZ backdoor CVE-2024-3094", "link": "https://snyk.io/blog/the-xz-backdoor-cve-2024-3094/", "published": "2024-03-31", "sev": "crit" } ], "first_seen": "2026-02-15" }, { "value": "605861f833fc181c7cdcabd5577ddb8989bea332648a8f498b4eef89b8f85ad4", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity", "Snyk" ], "articles": [ { "id": "art-538", "title": "2024 in Review: The Evolution of CI/CD Security & What's Next", "link": "https://www.stepsecurity.io/blog/2024-in-review-the-evolution-of-ci-cd-security-whats-next", "published": "2026-02-15", "sev": "high" }, { "id": "art-1266", "title": "The XZ backdoor CVE-2024-3094", "link": "https://snyk.io/blog/the-xz-backdoor-cve-2024-3094/", "published": "2024-03-31", "sev": "crit" } ], "first_seen": "2026-02-15" }, { "value": "8fa641c454c3e0f76de73b7cc3446096b9c8b9d33d406d38b8ac76090b0344fd", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity", "Snyk" ], "articles": [ { "id": "art-538", "title": "2024 in Review: The Evolution of CI/CD Security & What's Next", "link": "https://www.stepsecurity.io/blog/2024-in-review-the-evolution-of-ci-cd-security-whats-next", "published": "2026-02-15", "sev": "high" }, { "id": "art-1266", "title": "The XZ backdoor CVE-2024-3094", "link": "https://snyk.io/blog/the-xz-backdoor-cve-2024-3094/", "published": "2024-03-31", "sev": "crit" } ], "first_seen": "2026-02-15" }, { "value": "b418bfd34aa246b2e7b5cb5d263a640e5d080810f767370c4d2c24662a274963", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity", "Snyk" ], "articles": [ { "id": "art-538", "title": "2024 in Review: The Evolution of CI/CD Security & What's Next", "link": "https://www.stepsecurity.io/blog/2024-in-review-the-evolution-of-ci-cd-security-whats-next", "published": "2026-02-15", "sev": "high" }, { "id": "art-1266", "title": "The XZ backdoor CVE-2024-3094", "link": "https://snyk.io/blog/the-xz-backdoor-cve-2024-3094/", "published": "2024-03-31", "sev": "crit" } ], "first_seen": "2026-02-15" }, { "value": "cbeef92e67bf41ca9c015557d81f39adaba67ca9fb3574139754999030b83537", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity", "Snyk" ], "articles": [ { "id": "art-538", "title": "2024 in Review: The Evolution of CI/CD Security & What's Next", "link": "https://www.stepsecurity.io/blog/2024-in-review-the-evolution-of-ci-cd-security-whats-next", "published": "2026-02-15", "sev": "high" }, { "id": "art-1266", "title": "The XZ backdoor CVE-2024-3094", "link": "https://snyk.io/blog/the-xz-backdoor-cve-2024-3094/", "published": "2024-03-31", "sev": "crit" } ], "first_seen": "2026-02-15" }, { "value": "CVE-2026-1731", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-543", "title": "CISA KEV: CVE-2026-1731 \u2014 BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-13", "sev": "crit" } ], "first_seen": "2026-02-13" }, { "value": "58cfb8b9fee1caa94813c259901dc1baa96bae7d30d79b79a7d441d0ee4e577e", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Lab52" ], "articles": [ { "id": "art-542", "title": "Operation MacroMaze: new APT28 campaign using basic tooling and legit infrastructure", "link": "https://lab52.io/blog/operation-macromaze-new-apt28-campaign-using-basic-tooling-and-legit-infrastructure/", "published": "2026-02-13", "sev": "crit" } ], "first_seen": "2026-02-13" }, { "value": "b0f9f0a34ccab1337fbcca24b4f894de8d6d3a6f5db2e0463e2320215e4262e4", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Lab52" ], "articles": [ { "id": "art-542", "title": "Operation MacroMaze: new APT28 campaign using basic tooling and legit infrastructure", "link": "https://lab52.io/blog/operation-macromaze-new-apt28-campaign-using-basic-tooling-and-legit-infrastructure/", "published": "2026-02-13", "sev": "crit" } ], "first_seen": "2026-02-13" }, { "value": "c3b617e0c6b8f01cf628a2b3db40e8d06ef20a3c71365ccc1799787119246010", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Lab52" ], "articles": [ { "id": "art-542", "title": "Operation MacroMaze: new APT28 campaign using basic tooling and legit infrastructure", "link": "https://lab52.io/blog/operation-macromaze-new-apt28-campaign-using-basic-tooling-and-legit-infrastructure/", "published": "2026-02-13", "sev": "crit" } ], "first_seen": "2026-02-13" }, { "value": "df60fa6008b1a0b79c394b42d3ada6bab18b798f3c2ca1530a3e0cb4fbbbe9f6", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Lab52" ], "articles": [ { "id": "art-542", "title": "Operation MacroMaze: new APT28 campaign using basic tooling and legit infrastructure", "link": "https://lab52.io/blog/operation-macromaze-new-apt28-campaign-using-basic-tooling-and-legit-infrastructure/", "published": "2026-02-13", "sev": "crit" } ], "first_seen": "2026-02-13" }, { "value": "CVE-2024-43468", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-549", "title": "CISA KEV: CVE-2024-43468 \u2014 Microsoft Configuration Manager SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-12", "sev": "crit" } ], "first_seen": "2026-02-12" }, { "value": "CVE-2025-15556", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-550", "title": "CISA KEV: CVE-2025-15556 \u2014 Notepad++ Download of Code Without Integrity Check Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-12", "sev": "crit" } ], "first_seen": "2026-02-12" }, { "value": "CVE-2025-40536", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-551", "title": "CISA KEV: CVE-2025-40536 \u2014 SolarWinds Web Help Desk Security Control Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-12", "sev": "crit" } ], "first_seen": "2026-02-12" }, { "value": "CVE-2026-20700", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-548", "title": "CISA KEV: CVE-2026-20700 \u2014 Apple Multiple Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-12", "sev": "crit" } ], "first_seen": "2026-02-12" }, { "value": "CVE-2025-30066", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity", "CISA KEV", "Snyk" ], "articles": [ { "id": "art-556", "title": "Harden-Runner detection: tj-actions/changed-files action is compromised", "link": "https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised", "published": "2026-02-11", "sev": "high" }, { "id": "art-814", "title": "Suspicious Tag Movement in AWS\u2019s GitHub Action: What Happened and Why It Matters", "link": "https://www.stepsecurity.io/blog/suspicious-tag-movement-in-aws-github-action", "published": "2025-08-15", "sev": "high" }, { "id": "art-815", "title": "When 'Changed Files' Changed Everything: Our Black Hat 2025 Presentation on the tj-actions Supply Chain Breach", "link": "https://www.stepsecurity.io/blog/when-changed-files-changed-everything-our-black-hat-2025-presentation-on-the-tj-actions-supply-chain-breach", "published": "2025-08-15", "sev": "crit" }, { "id": "art-823", "title": "Lessons from AWS CodeBuild\u2019s Memory-Dump Incident (CVE-2025-8217)", "link": "https://www.stepsecurity.io/blog/lessons-from-aws-codebuilds-memory-dump-incident-cve-2025-8217", "published": "2025-08-09", "sev": "crit" }, { "id": "art-947", "title": "CISA KEV: CVE-2025-30154 \u2014 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-24", "sev": "crit" }, { "id": "art-955", "title": "CISA KEV: CVE-2025-30066 \u2014 tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" }, { "id": "art-957", "title": "Reconstructing the TJ Actions Changed Files GitHub Actions Compromise", "link": "https://snyk.io/blog/reconstructing-tj-actions-changed-files-github-actions-compromise/", "published": "2025-03-17", "sev": "crit" } ], "first_seen": "2026-02-11" }, { "value": "0e58ed8671d6b60d0890c21b07f8835ace038e67", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity", "CISA KEV", "Snyk" ], "articles": [ { "id": "art-556", "title": "Harden-Runner detection: tj-actions/changed-files action is compromised", "link": "https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised", "published": "2026-02-11", "sev": "high" }, { "id": "art-814", "title": "Suspicious Tag Movement in AWS\u2019s GitHub Action: What Happened and Why It Matters", "link": "https://www.stepsecurity.io/blog/suspicious-tag-movement-in-aws-github-action", "published": "2025-08-15", "sev": "high" }, { "id": "art-815", "title": "When 'Changed Files' Changed Everything: Our Black Hat 2025 Presentation on the tj-actions Supply Chain Breach", "link": "https://www.stepsecurity.io/blog/when-changed-files-changed-everything-our-black-hat-2025-presentation-on-the-tj-actions-supply-chain-breach", "published": "2025-08-15", "sev": "crit" }, { "id": "art-823", "title": "Lessons from AWS CodeBuild\u2019s Memory-Dump Incident (CVE-2025-8217)", "link": "https://www.stepsecurity.io/blog/lessons-from-aws-codebuilds-memory-dump-incident-cve-2025-8217", "published": "2025-08-09", "sev": "crit" }, { "id": "art-947", "title": "CISA KEV: CVE-2025-30154 \u2014 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-24", "sev": "crit" }, { "id": "art-955", "title": "CISA KEV: CVE-2025-30066 \u2014 tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" }, { "id": "art-957", "title": "Reconstructing the TJ Actions Changed Files GitHub Actions Compromise", "link": "https://snyk.io/blog/reconstructing-tj-actions-changed-files-github-actions-compromise/", "published": "2025-03-17", "sev": "crit" } ], "first_seen": "2026-02-11" }, { "value": "CVE-2026-21513", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-565", "title": "CISA KEV: CVE-2026-21513 \u2014 Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-10", "sev": "crit" } ], "first_seen": "2026-02-10" }, { "value": "CVE-2026-21514", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-569", "title": "CISA KEV: CVE-2026-21514 \u2014 Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-10", "sev": "crit" } ], "first_seen": "2026-02-10" }, { "value": "CVE-2026-21519", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-568", "title": "CISA KEV: CVE-2026-21519 \u2014 Microsoft Windows Type Confusion Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-10", "sev": "crit" } ], "first_seen": "2026-02-10" }, { "value": "CVE-2026-21525", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-566", "title": "CISA KEV: CVE-2026-21525 \u2014 Microsoft Windows NULL Pointer Dereference Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-10", "sev": "crit" } ], "first_seen": "2026-02-10" }, { "value": "CVE-2026-21533", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-567", "title": "CISA KEV: CVE-2026-21533 \u2014 Microsoft Windows Improper Privilege Management Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-10", "sev": "crit" } ], "first_seen": "2026-02-10" }, { "value": "github.com/aztr0nutz/NET_NINJA.v1.2", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-564", "title": "How a Malicious Google Skill on ClawHub Tricks Users Into Installing Malware", "link": "https://snyk.io/blog/clawhub-malicious-google-skill-openclaw-malware/", "published": "2026-02-10", "sev": "crit" } ], "first_seen": "2026-02-10" }, { "value": "github.com/denboss99/openclaw-core", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-564", "title": "How a Malicious Google Skill on ClawHub Tricks Users Into Installing Malware", "link": "https://snyk.io/blog/clawhub-malicious-google-skill-openclaw-malware/", "published": "2026-02-10", "sev": "crit" } ], "first_seen": "2026-02-10" }, { "value": "rentry.co/openclaw-core", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-564", "title": "How a Malicious Google Skill on ClawHub Tricks Users Into Installing Malware", "link": "https://snyk.io/blog/clawhub-malicious-google-skill-openclaw-malware/", "published": "2026-02-10", "sev": "crit" } ], "first_seen": "2026-02-10" }, { "value": "setup-service.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-564", "title": "How a Malicious Google Skill on ClawHub Tricks Users Into Installing Malware", "link": "https://snyk.io/blog/clawhub-malicious-google-skill-openclaw-malware/", "published": "2026-02-10", "sev": "crit" } ], "first_seen": "2026-02-10" }, { "value": "CVE-2025-11953", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-575", "title": "CISA KEV: CVE-2025-11953 \u2014 React Native Community CLI OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-05", "sev": "crit" } ], "first_seen": "2026-02-05" }, { "value": "CVE-2026-24423", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-576", "title": "CISA KEV: CVE-2026-24423 \u2014 SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-05", "sev": "crit" } ], "first_seen": "2026-02-05" }, { "value": "CVE-2019-19006", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-584", "title": "CISA KEV: CVE-2019-19006 \u2014 Sangoma FreePBX Improper Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-03", "sev": "crit" } ], "first_seen": "2026-02-03" }, { "value": "CVE-2021-39935", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-582", "title": "CISA KEV: CVE-2021-39935 \u2014 GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-03", "sev": "crit" } ], "first_seen": "2026-02-03" }, { "value": "CVE-2025-40551", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-585", "title": "CISA KEV: CVE-2025-40551 \u2014 SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-03", "sev": "crit" } ], "first_seen": "2026-02-03" }, { "value": "CVE-2025-64328", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-583", "title": "CISA KEV: CVE-2025-64328 \u2014 Sangoma FreePBX OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-03", "sev": "crit" } ], "first_seen": "2026-02-03" }, { "value": "progamevl.ru", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-590", "title": "DynoWiper update: Technical analysis and attribution", "link": "https://www.welivesecurity.com/en/eset-research/dynowiper-update-technical-analysis-attribution/", "published": "2026-01-30", "sev": "crit" } ], "first_seen": "2026-01-30" }, { "value": "31.172.71.5", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-590", "title": "DynoWiper update: Technical analysis and attribution", "link": "https://www.welivesecurity.com/en/eset-research/dynowiper-update-technical-analysis-attribution/", "published": "2026-01-30", "sev": "crit" } ], "first_seen": "2026-01-30" }, { "value": "CVE-2026-1281", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-592", "title": "CISA KEV: CVE-2026-1281 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-01-29", "sev": "crit" } ], "first_seen": "2026-01-29" }, { "value": "CVE-2026-24858", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-597", "title": "CISA KEV: CVE-2026-24858 \u2014 Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-01-27", "sev": "crit" } ], "first_seen": "2026-01-27" }, { "value": "clawdbot.getintwopc.site", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-594", "title": "Fake Clawdbot VS Code Extension Installs ScreenConnect RAT", "link": "https://www.aikido.dev/blog/fake-clawdbot-vscode-extension-malware", "published": "2026-01-27", "sev": "high" } ], "first_seen": "2026-01-27" }, { "value": "darkgptprivate.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-594", "title": "Fake Clawdbot VS Code Extension Installs ScreenConnect RAT", "link": "https://www.aikido.dev/blog/fake-clawdbot-vscode-extension-malware", "published": "2026-01-27", "sev": "high" } ], "first_seen": "2026-01-27" }, { "value": "meeting.bulletmailer.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-594", "title": "Fake Clawdbot VS Code Extension Installs ScreenConnect RAT", "link": "https://www.aikido.dev/blog/fake-clawdbot-vscode-extension-malware", "published": "2026-01-27", "sev": "high" } ], "first_seen": "2026-01-27" }, { "value": "178.16.54.253", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-594", "title": "Fake Clawdbot VS Code Extension Installs ScreenConnect RAT", "link": "https://www.aikido.dev/blog/fake-clawdbot-vscode-extension-malware", "published": "2026-01-27", "sev": "high" } ], "first_seen": "2026-01-27" }, { "value": "179.43.176.32", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-594", "title": "Fake Clawdbot VS Code Extension Installs ScreenConnect RAT", "link": "https://www.aikido.dev/blog/fake-clawdbot-vscode-extension-malware", "published": "2026-01-27", "sev": "high" } ], "first_seen": "2026-01-27" }, { "value": "d1e0c26774cb8beabaf64f119652719f673fb530368d5b2166178191ad5fcbea", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-594", "title": "Fake Clawdbot VS Code Extension Installs ScreenConnect RAT", "link": "https://www.aikido.dev/blog/fake-clawdbot-vscode-extension-malware", "published": "2026-01-27", "sev": "high" } ], "first_seen": "2026-01-27" }, { "value": "e20b920c7af988aa215c95bbaa365d005dd673544ab7e3577b60fecf11dcdea2", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-594", "title": "Fake Clawdbot VS Code Extension Installs ScreenConnect RAT", "link": "https://www.aikido.dev/blog/fake-clawdbot-vscode-extension-malware", "published": "2026-01-27", "sev": "high" } ], "first_seen": "2026-01-27" }, { "value": "CVE-2018-14634", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-598", "title": "CISA KEV: CVE-2018-14634 \u2014 Linux Kernel Integer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-01-26", "sev": "crit" } ], "first_seen": "2026-01-26" }, { "value": "CVE-2025-52691", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-599", "title": "CISA KEV: CVE-2025-52691 \u2014 SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-01-26", "sev": "crit" } ], "first_seen": "2026-01-26" }, { "value": "CVE-2026-23760", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-600", "title": "CISA KEV: CVE-2026-23760 \u2014 SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-01-26", "sev": "crit" } ], "first_seen": "2026-01-26" }, { "value": "CVE-2024-37079", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-607", "title": "CISA KEV: CVE-2024-37079 \u2014 Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-01-23", "sev": "crit" } ], "first_seen": "2026-01-23" }, { "value": "fra.cloud.appwrite.io", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-604", "title": "G_Wagon: npm Package Deploys Python Stealer Targeting 100+ Crypto Wallets", "link": "https://www.aikido.dev/blog/npm-malware-g-wagon-python-stealer-crypto-wallets", "published": "2026-01-23", "sev": "high" } ], "first_seen": "2026-01-23" }, { "value": "login.siemens-energy.icu", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-605", "title": "Gone Phishin': npm Packages Serving Custom Credential Harvesting Pages", "link": "https://www.aikido.dev/blog/npm-supply-chain-phishing-campaigns", "published": "2026-01-23", "sev": "high" } ], "first_seen": "2026-01-23" }, { "value": "login.siemensergy.icu", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-605", "title": "Gone Phishin': npm Packages Serving Custom Credential Harvesting Pages", "link": "https://www.aikido.dev/blog/npm-supply-chain-phishing-campaigns", "published": "2026-01-23", "sev": "high" } ], "first_seen": "2026-01-23" }, { "value": "nyc.cloud.appwrite.io", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-604", "title": "G_Wagon: npm Package Deploys Python Stealer Targeting 100+ Crypto Wallets", "link": "https://www.aikido.dev/blog/npm-malware-g-wagon-python-stealer-crypto-wallets", "published": "2026-01-23", "sev": "high" } ], "first_seen": "2026-01-23" }, { "value": "oprsys.deno.dev", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-605", "title": "Gone Phishin': npm Packages Serving Custom Credential Harvesting Pages", "link": "https://www.aikido.dev/blog/npm-supply-chain-phishing-campaigns", "published": "2026-01-23", "sev": "high" } ], "first_seen": "2026-01-23" }, { "value": "163.123.236.118", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-605", "title": "Gone Phishin': npm Packages Serving Custom Credential Harvesting Pages", "link": "https://www.aikido.dev/blog/npm-supply-chain-phishing-campaigns", "published": "2026-01-23", "sev": "high" } ], "first_seen": "2026-01-23" }, { "value": "34.120.54.55", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-605", "title": "Gone Phishin': npm Packages Serving Custom Credential Harvesting Pages", "link": "https://www.aikido.dev/blog/npm-supply-chain-phishing-campaigns", "published": "2026-01-23", "sev": "high" } ], "first_seen": "2026-01-23" }, { "value": "4ec3c90846af6b79ee1a5188eefa3fd21f6d4cf6", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-603", "title": "ESET Research: Sandworm behind cyberattack on Poland\u2019s power grid in late 2025", "link": "https://www.welivesecurity.com/en/eset-research/eset-research-sandworm-cyberattack-poland-power-grid-late-2025/", "published": "2026-01-23", "sev": "high" } ], "first_seen": "2026-01-23" }, { "value": "211f88a55e8fe9254f75c358c42bb7e78e014b862de7ea6e8b80ed1f78d13add", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-605", "title": "Gone Phishin': npm Packages Serving Custom Credential Harvesting Pages", "link": "https://www.aikido.dev/blog/npm-supply-chain-phishing-campaigns", "published": "2026-01-23", "sev": "high" } ], "first_seen": "2026-01-23" }, { "value": "3ceb182fb32a8fb0f0fcf056d6ab8de1cf6e789053f1aadc98ba315ae9a96f0c", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-605", "title": "Gone Phishin': npm Packages Serving Custom Credential Harvesting Pages", "link": "https://www.aikido.dev/blog/npm-supply-chain-phishing-campaigns", "published": "2026-01-23", "sev": "high" } ], "first_seen": "2026-01-23" }, { "value": "4631584783d84758ae58bc717b08ac67d99dee30985db18b9d2b08df8721348e", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-605", "title": "Gone Phishin': npm Packages Serving Custom Credential Harvesting Pages", "link": "https://www.aikido.dev/blog/npm-supply-chain-phishing-campaigns", "published": "2026-01-23", "sev": "high" } ], "first_seen": "2026-01-23" }, { "value": "7d7f795ac1fcb5623731a50999f518877fd423a5a98219d0f495c488564a1554", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-605", "title": "Gone Phishin': npm Packages Serving Custom Credential Harvesting Pages", "link": "https://www.aikido.dev/blog/npm-supply-chain-phishing-campaigns", "published": "2026-01-23", "sev": "high" } ], "first_seen": "2026-01-23" }, { "value": "fdb6c79a8d01b528698c53ebd5030f875242e6af93f6ae799dee7f66b452bf3e", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Aikido" ], "articles": [ { "id": "art-605", "title": "Gone Phishin': npm Packages Serving Custom Credential Harvesting Pages", "link": "https://www.aikido.dev/blog/npm-supply-chain-phishing-campaigns", "published": "2026-01-23", "sev": "high" } ], "first_seen": "2026-01-23" }, { "value": "CVE-2025-31125", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-613", "title": "CISA KEV: CVE-2025-31125 \u2014 Vite Vitejs Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-01-22", "sev": "crit" } ], "first_seen": "2026-01-22" }, { "value": "CVE-2025-34026", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-612", "title": "CISA KEV: CVE-2025-34026 \u2014 Versa Concerto Improper Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-01-22", "sev": "crit" } ], "first_seen": "2026-01-22" }, { "value": "CVE-2025-54313", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV", "StepSecurity", "Snyk" ], "articles": [ { "id": "art-614", "title": "CISA KEV: CVE-2025-54313 \u2014 Prettier eslint-config-prettier Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-01-22", "sev": "crit" }, { "id": "art-654", "title": "Supply Chain Security Alert: eslint-config-prettier Package Shows Signs of Compromise", "link": "https://www.stepsecurity.io/blog/supply-chain-security-alert-eslint-config-prettier-package-shows-signs-of-compromise", "published": "2025-12-15", "sev": "crit" }, { "id": "art-837", "title": "Maintainers of ESLint Prettier Plugin Attacked via npm Supply Chain Malware", "link": "https://snyk.io/blog/maintainers-of-eslint-prettier-plugin-attacked-via-npm-supply-chain-malware/", "published": "2025-07-22", "sev": "crit" } ], "first_seen": "2026-01-22" }, { "value": "CVE-2025-68645", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-611", "title": "CISA KEV: CVE-2025-68645 \u2014 Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-01-22", "sev": "crit" } ], "first_seen": "2026-01-22" }, { "value": "dothebest.store", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Aikido" ], "articles": [ { "id": "art-608", "title": "Malicious PyPI Packages spellcheckpy and spellcheckerpy Deliver Python RAT", "link": "https://www.aikido.dev/blog/malicious-pypi-packages-spellcheckpy-and-spellcheckerpy-deliver-python-rat", "published": "2026-01-22", "sev": "crit" } ], "first_seen": "2026-01-22" }, { "value": "updatenet.work", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Aikido" ], "articles": [ { "id": "art-608", "title": "Malicious PyPI Packages spellcheckpy and spellcheckerpy Deliver Python RAT", "link": "https://www.aikido.dev/blog/malicious-pypi-packages-spellcheckpy-and-spellcheckerpy-deliver-python-rat", "published": "2026-01-22", "sev": "crit" } ], "first_seen": "2026-01-22" }, { "value": "172.86.73.139", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Aikido" ], "articles": [ { "id": "art-608", "title": "Malicious PyPI Packages spellcheckpy and spellcheckerpy Deliver Python RAT", "link": "https://www.aikido.dev/blog/malicious-pypi-packages-spellcheckpy-and-spellcheckerpy-deliver-python-rat", "published": "2026-01-22", "sev": "crit" } ], "first_seen": "2026-01-22" }, { "value": "CVE-2026-20045", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-617", "title": "CISA KEV: CVE-2026-20045 \u2014 Cisco Unified Communications Products Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-01-21", "sev": "crit" } ], "first_seen": "2026-01-21" }, { "value": "CVE-2026-20805", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-626", "title": "CISA KEV: CVE-2026-20805 \u2014 Microsoft Windows Information Disclosure Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-01-13", "sev": "crit" } ], "first_seen": "2026-01-13" }, { "value": "CVE-2025-8110", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-627", "title": "CISA KEV: CVE-2025-8110 \u2014 Gogs Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-01-12", "sev": "crit" } ], "first_seen": "2026-01-12" }, { "value": "CVE-2009-0556", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-631", "title": "CISA KEV: CVE-2009-0556 \u2014 Microsoft Office PowerPoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-01-07", "sev": "crit" } ], "first_seen": "2026-01-07" }, { "value": "CVE-2025-37164", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-632", "title": "CISA KEV: CVE-2025-37164 \u2014 Hewlett Packard Enterprise (HPE) OneView Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-01-07", "sev": "crit" } ], "first_seen": "2026-01-07" }, { "value": "CVE-2025-14847", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-636", "title": "CISA KEV: CVE-2025-14847 \u2014 MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-29", "sev": "crit" } ], "first_seen": "2025-12-29" }, { "value": "CVE-2023-52163", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-639", "title": "CISA KEV: CVE-2023-52163 \u2014 Digiever DS-2105 Pro Missing Authorization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-22", "sev": "crit" } ], "first_seen": "2025-12-22" }, { "value": "CVE-2025-50165", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-638", "title": "Revisiting CVE-2025-50165: A critical flaw in Windows Imaging Component", "link": "https://www.welivesecurity.com/en/eset-research/revisiting-cve-2025-50165-critical-flaw-windows-imaging-component/", "published": "2025-12-22", "sev": "high" } ], "first_seen": "2025-12-22" }, { "value": "CVE-2025-14733", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-641", "title": "CISA KEV: CVE-2025-14733 \u2014 WatchGuard Firebox Out of Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-19", "sev": "crit" } ], "first_seen": "2025-12-19" }, { "value": "CVE-2025-20393", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-645", "title": "CISA KEV: CVE-2025-20393 \u2014 Cisco Multiple Products Improper Input Validation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-17", "sev": "crit" } ], "first_seen": "2025-12-17" }, { "value": "CVE-2025-40602", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-644", "title": "CISA KEV: CVE-2025-40602 \u2014 SonicWall SMA1000 Missing Authorization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-17", "sev": "crit" } ], "first_seen": "2025-12-17" }, { "value": "CVE-2025-59374", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-643", "title": "CISA KEV: CVE-2025-59374 \u2014 ASUS Live Update Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-17", "sev": "crit" } ], "first_seen": "2025-12-17" }, { "value": "CVE-2025-59718", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-649", "title": "CISA KEV: CVE-2025-59718 \u2014 Fortinet Multiple Products Improper Verification of Cryptographic Signature Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-16", "sev": "crit" } ], "first_seen": "2025-12-16" }, { "value": "CVE-2025-59719", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-649", "title": "CISA KEV: CVE-2025-59718 \u2014 Fortinet Multiple Products Improper Verification of Cryptographic Signature Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-16", "sev": "crit" } ], "first_seen": "2025-12-16" }, { "value": "CVE-2025-14611", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-655", "title": "CISA KEV: CVE-2025-14611 \u2014 Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-15", "sev": "crit" } ], "first_seen": "2025-12-15" }, { "value": "CVE-2025-43529", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-656", "title": "CISA KEV: CVE-2025-43529 \u2014 Apple Multiple Products Use-After-Free WebKit Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-15", "sev": "crit" } ], "first_seen": "2025-12-15" }, { "value": "npnjs.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "StepSecurity", "Snyk" ], "articles": [ { "id": "art-654", "title": "Supply Chain Security Alert: eslint-config-prettier Package Shows Signs of Compromise", "link": "https://www.stepsecurity.io/blog/supply-chain-security-alert-eslint-config-prettier-package-shows-signs-of-compromise", "published": "2025-12-15", "sev": "crit" }, { "id": "art-837", "title": "Maintainers of ESLint Prettier Plugin Attacked via npm Supply Chain Malware", "link": "https://snyk.io/blog/maintainers-of-eslint-prettier-plugin-attacked-via-npm-supply-chain-malware/", "published": "2025-07-22", "sev": "crit" } ], "first_seen": "2025-12-15" }, { "value": "CVE-2025-66478", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "StepSecurity", "Snyk" ], "articles": [ { "id": "art-651", "title": "Critical Remote Code Execution Vulnerabilities Discovered in React Server Components and Next.js", "link": "https://www.stepsecurity.io/blog/critical-remote-code-execution-vulnerabilities-discovered-in-react-server-components-and-next-js", "published": "2025-12-15", "sev": "high" }, { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-15" }, { "value": "bun.sh", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-652", "title": "How Harden Runner Detected the Sha1-Hulud Supply Chain Attack in CNCF's Backstage Repository", "link": "https://www.stepsecurity.io/blog/how-harden-runner-detected-the-sha1-hulud-supply-chain-attack-in-cncfs-backstage-repository", "published": "2025-12-15", "sev": "high" } ], "first_seen": "2025-12-15" }, { "value": "keychecker.trufflesecurity.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-652", "title": "How Harden Runner Detected the Sha1-Hulud Supply Chain Attack in CNCF's Backstage Repository", "link": "https://www.stepsecurity.io/blog/how-harden-runner-detected-the-sha1-hulud-supply-chain-attack-in-cncfs-backstage-repository", "published": "2025-12-15", "sev": "high" } ], "first_seen": "2025-12-15" }, { "value": "oss.trufflehog.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-652", "title": "How Harden Runner Detected the Sha1-Hulud Supply Chain Attack in CNCF's Backstage Repository", "link": "https://www.stepsecurity.io/blog/how-harden-runner-detected-the-sha1-hulud-supply-chain-attack-in-cncfs-backstage-repository", "published": "2025-12-15", "sev": "high" } ], "first_seen": "2025-12-15" }, { "value": "3d7570d14d34b0ba137d502f042b27b0f37a59fa", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "StepSecurity", "Snyk" ], "articles": [ { "id": "art-652", "title": "How Harden Runner Detected the Sha1-Hulud Supply Chain Attack in CNCF's Backstage Repository", "link": "https://www.stepsecurity.io/blog/how-harden-runner-detected-the-sha1-hulud-supply-chain-attack-in-cncfs-backstage-repository", "published": "2025-12-15", "sev": "high" }, { "id": "art-686", "title": "SHA1-Hulud, npm supply chain incident", "link": "https://snyk.io/blog/sha1-hulud-npm-supply-chain-incident/", "published": "2025-11-24", "sev": "high" } ], "first_seen": "2025-12-15" }, { "value": "d1829b4708126dcc7bea7437c04d1f10eacd4a16", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "StepSecurity", "Snyk" ], "articles": [ { "id": "art-652", "title": "How Harden Runner Detected the Sha1-Hulud Supply Chain Attack in CNCF's Backstage Repository", "link": "https://www.stepsecurity.io/blog/how-harden-runner-detected-the-sha1-hulud-supply-chain-attack-in-cncfs-backstage-repository", "published": "2025-12-15", "sev": "high" }, { "id": "art-686", "title": "SHA1-Hulud, npm supply chain incident", "link": "https://snyk.io/blog/sha1-hulud-npm-supply-chain-incident/", "published": "2025-11-24", "sev": "high" } ], "first_seen": "2025-12-15" }, { "value": "d60ec97eea19fffb4809bc35b91033b52490ca11", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "StepSecurity", "Snyk" ], "articles": [ { "id": "art-652", "title": "How Harden Runner Detected the Sha1-Hulud Supply Chain Attack in CNCF's Backstage Repository", "link": "https://www.stepsecurity.io/blog/how-harden-runner-detected-the-sha1-hulud-supply-chain-attack-in-cncfs-backstage-repository", "published": "2025-12-15", "sev": "high" }, { "id": "art-686", "title": "SHA1-Hulud, npm supply chain incident", "link": "https://snyk.io/blog/sha1-hulud-npm-supply-chain-incident/", "published": "2025-11-24", "sev": "high" } ], "first_seen": "2025-12-15" }, { "value": "CVE-2018-4063", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-658", "title": "CISA KEV: CVE-2018-4063 \u2014 Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-12", "sev": "crit" } ], "first_seen": "2025-12-12" }, { "value": "CVE-2025-14174", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-659", "title": "CISA KEV: CVE-2025-14174 \u2014 Google Chromium Out of Bounds Memory Access Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-12", "sev": "crit" } ], "first_seen": "2025-12-12" }, { "value": "CVE-2025-58360", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-662", "title": "CISA KEV: CVE-2025-58360 \u2014 OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-11", "sev": "crit" } ], "first_seen": "2025-12-11" }, { "value": "CVE-2025-6218", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-666", "title": "CISA KEV: CVE-2025-6218 \u2014 RARLAB WinRAR Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-09", "sev": "crit" }, { "id": "art-820", "title": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-12-09" }, { "value": "CVE-2025-62221", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-667", "title": "CISA KEV: CVE-2025-62221 \u2014 Microsoft Windows Use After Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-09", "sev": "crit" } ], "first_seen": "2025-12-09" }, { "value": "CVE-2022-37055", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-668", "title": "CISA KEV: CVE-2022-37055 \u2014 D-Link Routers Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-08", "sev": "crit" } ], "first_seen": "2025-12-08" }, { "value": "CVE-2025-66644", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-669", "title": "CISA KEV: CVE-2025-66644 \u2014 Array Networks ArrayOS AG OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-08", "sev": "crit" } ], "first_seen": "2025-12-08" }, { "value": "CVE-2021-26828", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-675", "title": "CISA KEV: CVE-2021-26828 \u2014 OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-03", "sev": "crit" } ], "first_seen": "2025-12-03" }, { "value": "anywherehost.site", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "donaldjtrmp.anondns.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "ghostbin.axel.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "help.093214.xyz", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "keep.camdvr.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "krebsec.anondns.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "labubu.anondns.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "overcome-pmc-conferencing-books.trycloudflare.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "reactcdn.windowserrorapis.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "res.qiqigece.top", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "superminecraft.net.br", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "vip.kof97.lol", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "vps-zap812595-1.zap-srv.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "xpertclient.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "115.42.60.223", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "140.99.223.178", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "146.88.129.138", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "156.234.209.103", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "162.215.170.26", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "192.238.202.17", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "193.24.123.68", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "193.34.213.150", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "194.69.203.32", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "196.251.100.191", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "216.158.232.43", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "31.56.27.76", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "31.57.46.28", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "38.162.112.141", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "45.32.158.54", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "46.36.37.85", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "47.84.57.207", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "47.84.79.46", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "72.62.67.33", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "92.246.87.48", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "95.169.180.135", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "1663d98c259001f1b03f82d0c5bee7cfd3c7623ccb83759c994f9ab845939665", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "18c68a982f91f665effe769f663c51cb0567ea2bfc7fab6a1a40d4fe50fc382b", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "1a3e7b4ee2b2858dbac2d73dd1c52b1ea1d69c6ebb24cc434d1e15e43325b74e", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "1cdd9b0434eb5b06173c7516f99a832dc4614ac10dda171c8eed3272a5e63d20", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "1e31dc074a4ea7f400cb969ea80e8855b5e7486660aab415da17591bc284ac5b", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "1f3f0695c7ec63723b2b8e9d50b1838df304821fcb22c7902db1f8248a812035", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "2b0dc27f035ba1417990a21dafb361e083e4ed94a75a1c49dc45690ecf463de4", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "2ca913556efd6c45109fd8358edb18d22a10fb6a36c1ab7b2df7594cd5b0adbc", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "33641bfbbdd5a9cd2320c61f65fe446a2226d8a48e3bd3c29e8f916f0592575f", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "4745703f395282a0687def2c7dcf82ed1683f3128bef1686bd74c966273ce1c5", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "4a759cbc219bcb3a1f8380a959307b39873fb36a9afd0d57ba0736ad7a02763b", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "4ff096fbea443778fec6f960bf2b9c84da121e6d63e189aebaaa6397d9aac948", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "55ae00bc8482afd085fd128965b108cca4adb5a3a8a0ee2957d76f33edd5a864", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "62e9a01307bcf85cdaeecafd6efb5be72a622c43a10f06d6d6d3b566b072228d", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "7d25a97be42b357adcc6d7f56ab01111378a3190134aa788b1f04336eb924b53", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "7f05bad031d22c2bb4352bf0b6b9ee2ca064a4c0e11a317e6fedc694de37737a", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "9c931f7f7d511108263b0a75f7b9fcbbf9fd67ebcc7cd2e5dcd1266b75053624", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "a455731133c00fdd2a141bdfba4def34ae58195126f762cdf951056b0ef161d4", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "ac2182dfbf56d58b4d63cde3ad6e7a52fed54e52959e4c82d6fc999f20f8d693", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "ac7027f30514d0c00d9e8b379b5ad8150c9827c827dc7ee54d906fc2585b6bf6", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "b38ec4c803a2d84277d9c598bfa5434fb8561ddad0ec38da6f9b8ece8104d787", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "bc31561c44a36e1305692d0af673bc5406f4a5bb2c3f2ffdb613c09b4e80fa9f", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "bf602b11d99e815e26c88a3a47eb63997d43db8b8c60db06d6fbddf386fd8c4a", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "c2867570f3bbb71102373a94c7153239599478af84b9c81f2a0368de36f14a7c", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "d704541cde64a3eef5c4f80d0d7f96dc96bae8083804c930111024b274557b16", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "d9313f949af339ed9fafb12374600e66b870961eeb9b2b0d4a3172fd1aa34ed0", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "e2d7c8491436411474cef5d3b51116ddecfee68bab1e15081752a54772559879", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "ebdb85704b2e7ced3673b12c6f3687bc0177a7b1b3caef110213cc93a75da837", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "f88ce150345787dd1bcfbc301350033404e32273c9a140f22da80810e3a3f6ea", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "fc9e53675e315edeea2292069c3fbc91337c972c936ca0f535da01760814b125", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-673", "title": "Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)", "link": "https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "CVE-2025-48572", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-678", "title": "CISA KEV: CVE-2025-48572 \u2014 Android Framework Privilege Escalation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-02", "sev": "crit" } ], "first_seen": "2025-12-02" }, { "value": "CVE-2025-48633", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-677", "title": "CISA KEV: CVE-2025-48633 \u2014 Android Framework Information Disclosure Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-02", "sev": "crit" } ], "first_seen": "2025-12-02" }, { "value": "CVE-2021-26829", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-682", "title": "CISA KEV: CVE-2021-26829 \u2014 OpenPLC ScadaBR Cross-site Scripting Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-28", "sev": "crit" } ], "first_seen": "2025-11-28" }, { "value": "CVE-2025-61757", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-692", "title": "CISA KEV: CVE-2025-61757 \u2014 Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-21", "sev": "crit" } ], "first_seen": "2025-11-21" }, { "value": "CVE-2025-13223", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-698", "title": "CISA KEV: CVE-2025-13223 \u2014 Google Chromium V8 Type Confusion Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-19", "sev": "crit" } ], "first_seen": "2025-11-19" }, { "value": "ds20221202.dsc.wcsset.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-695", "title": "PlushDaemon compromises network devices for adversary-in-the-middle attacks", "link": "https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-network-devices-for-adversary-in-the-middle-attacks/", "published": "2025-11-19", "sev": "crit" } ], "first_seen": "2025-11-19" }, { "value": "test.dsc.wcsset.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-695", "title": "PlushDaemon compromises network devices for adversary-in-the-middle attacks", "link": "https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-network-devices-for-adversary-in-the-middle-attacks/", "published": "2025-11-19", "sev": "crit" } ], "first_seen": "2025-11-19" }, { "value": "119.136.153.0", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-695", "title": "PlushDaemon compromises network devices for adversary-in-the-middle attacks", "link": "https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-network-devices-for-adversary-in-the-middle-attacks/", "published": "2025-11-19", "sev": "crit" } ], "first_seen": "2025-11-19" }, { "value": "47.242.198.250", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-695", "title": "PlushDaemon compromises network devices for adversary-in-the-middle attacks", "link": "https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-network-devices-for-adversary-in-the-middle-attacks/", "published": "2025-11-19", "sev": "crit" } ], "first_seen": "2025-11-19" }, { "value": "CVE-2025-58034", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-700", "title": "CISA KEV: CVE-2025-58034 \u2014 Fortinet FortiWeb OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-18", "sev": "crit" } ], "first_seen": "2025-11-18" }, { "value": "CVE-2025-64446", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-702", "title": "CISA KEV: CVE-2025-64446 \u2014 Fortinet FortiWeb Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-14", "sev": "crit" } ], "first_seen": "2025-11-14" }, { "value": "CVE-2025-12480", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-706", "title": "CISA KEV: CVE-2025-12480 \u2014 Gladinet Triofox Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-12", "sev": "crit" } ], "first_seen": "2025-11-12" }, { "value": "CVE-2025-62215", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-707", "title": "CISA KEV: CVE-2025-62215 \u2014 Microsoft Windows Race Condition Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-12", "sev": "crit" } ], "first_seen": "2025-11-12" }, { "value": "CVE-2025-9242", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-708", "title": "CISA KEV: CVE-2025-9242 \u2014 WatchGuard Firebox Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-12", "sev": "crit" } ], "first_seen": "2025-11-12" }, { "value": "CVE-2025-21042", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-712", "title": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-10", "sev": "crit" }, { "id": "art-768", "title": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-02", "sev": "crit" } ], "first_seen": "2025-11-10" }, { "value": "CVE-2025-21043", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-712", "title": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-10", "sev": "crit" }, { "id": "art-768", "title": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-02", "sev": "crit" } ], "first_seen": "2025-11-10" }, { "value": "CVE-2025-43300", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-712", "title": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-10", "sev": "crit" }, { "id": "art-803", "title": "CISA KEV: CVE-2025-55177 \u2014 Meta Platforms WhatsApp Incorrect Authorization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-02", "sev": "crit" }, { "id": "art-811", "title": "CISA KEV: CVE-2025-43300 \u2014 Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-21", "sev": "crit" } ], "first_seen": "2025-11-10" }, { "value": "CVE-2025-55177", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-712", "title": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-10", "sev": "crit" }, { "id": "art-803", "title": "CISA KEV: CVE-2025-55177 \u2014 Meta Platforms WhatsApp Incorrect Authorization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-02", "sev": "crit" } ], "first_seen": "2025-11-10" }, { "value": "brightvideodesigns.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-712", "title": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-10", "sev": "crit" }, { "id": "art-768", "title": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-02", "sev": "crit" } ], "first_seen": "2025-11-10" }, { "value": "healthyeatingontherun.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-712", "title": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-10", "sev": "crit" }, { "id": "art-768", "title": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-02", "sev": "crit" } ], "first_seen": "2025-11-10" }, { "value": "hotelsitereview.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-712", "title": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-10", "sev": "crit" }, { "id": "art-768", "title": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-02", "sev": "crit" } ], "first_seen": "2025-11-10" }, { "value": "projectmanagerskills.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-712", "title": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-10", "sev": "crit" }, { "id": "art-768", "title": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-02", "sev": "crit" } ], "first_seen": "2025-11-10" }, { "value": "192.36.57.56", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-712", "title": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-10", "sev": "crit" }, { "id": "art-768", "title": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-02", "sev": "crit" } ], "first_seen": "2025-11-10" }, { "value": "194.76.224.127", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-712", "title": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-10", "sev": "crit" }, { "id": "art-768", "title": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-02", "sev": "crit" } ], "first_seen": "2025-11-10" }, { "value": "45.155.250.158", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-712", "title": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-10", "sev": "crit" }, { "id": "art-768", "title": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-02", "sev": "crit" } ], "first_seen": "2025-11-10" }, { "value": "46.246.28.75", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-712", "title": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-10", "sev": "crit" }, { "id": "art-768", "title": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-02", "sev": "crit" } ], "first_seen": "2025-11-10" }, { "value": "91.132.92.35", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-712", "title": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-10", "sev": "crit" }, { "id": "art-768", "title": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-02", "sev": "crit" } ], "first_seen": "2025-11-10" }, { "value": "92.243.65.240", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-712", "title": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-10", "sev": "crit" }, { "id": "art-768", "title": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-02", "sev": "crit" } ], "first_seen": "2025-11-10" }, { "value": "211311468f3673f005031d5f77d4d716e80cbf3c1f0bb1f148f2200920513261", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-712", "title": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-10", "sev": "crit" }, { "id": "art-768", "title": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-02", "sev": "crit" } ], "first_seen": "2025-11-10" }, { "value": "2425f15eb542fca82892fd107ac19d63d4d112ddbfe698650f0c25acf6f8d78a", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-712", "title": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-10", "sev": "crit" }, { "id": "art-768", "title": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-02", "sev": "crit" } ], "first_seen": "2025-11-10" }, { "value": "29882a3c426273a7302e852aa77662e168b6d44dcebfca53757e29a9cdf02483", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-712", "title": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-10", "sev": "crit" }, { "id": "art-768", "title": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-02", "sev": "crit" } ], "first_seen": "2025-11-10" }, { "value": "384f073d3d51e0f2e1586b6050af62de886ff448735d963dfc026580096d81bd", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-712", "title": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-10", "sev": "crit" }, { "id": "art-768", "title": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-02", "sev": "crit" } ], "first_seen": "2025-11-10" }, { "value": "69cf56ac6f3888efa7a1306977f431fd1edb369a5fd4591ce37b72b7e01955ee", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-712", "title": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-10", "sev": "crit" }, { "id": "art-768", "title": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-02", "sev": "crit" } ], "first_seen": "2025-11-10" }, { "value": "9297888746158e38d320b05b27b0032b2cc29231be8990d87bc46f1e06456f93", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-712", "title": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-10", "sev": "crit" }, { "id": "art-768", "title": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-02", "sev": "crit" } ], "first_seen": "2025-11-10" }, { "value": "a62a2400bf93ed84ebadf22b441924f904d3fcda7d1507ba309a4b1801d44495", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-712", "title": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-10", "sev": "crit" }, { "id": "art-768", "title": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-02", "sev": "crit" } ], "first_seen": "2025-11-10" }, { "value": "b06dec10e8ad0005ebb9da24204c96cb2e297bd8d418bc1c8983d066c0997756", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-712", "title": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-10", "sev": "crit" }, { "id": "art-768", "title": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-02", "sev": "crit" } ], "first_seen": "2025-11-10" }, { "value": "b45817ffb0355badcc89f2d7d48eecf00ebdf2b966ac986514f9d971f6c57d18", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-712", "title": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-10", "sev": "crit" }, { "id": "art-768", "title": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-02", "sev": "crit" } ], "first_seen": "2025-11-10" }, { "value": "b975b499baa3119ac5c2b3379306d4e50b9610e9bba3e56de7dfd3927a96032d", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-712", "title": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-10", "sev": "crit" }, { "id": "art-768", "title": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-02", "sev": "crit" } ], "first_seen": "2025-11-10" }, { "value": "c0f30c2a2d6f95b57128e78dc0b7180e69315057e62809de1926b75f86516b2e", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-712", "title": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-10", "sev": "crit" }, { "id": "art-768", "title": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-02", "sev": "crit" } ], "first_seen": "2025-11-10" }, { "value": "d2fafc7100f33a11089e98b660a85bd479eab761b137cca83b1f6d19629dd3b0", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-712", "title": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-10", "sev": "crit" }, { "id": "art-768", "title": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-02", "sev": "crit" } ], "first_seen": "2025-11-10" }, { "value": "ffeeb0356abb56c5084756a5ab0a39002832403bca5290bb6d794d14b642ffe2", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-712", "title": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-10", "sev": "crit" }, { "id": "art-768", "title": "CISA KEV: CVE-2025-21043 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-02", "sev": "crit" } ], "first_seen": "2025-11-10" }, { "value": "esetremover.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-714", "title": "The who, where, and how of APT attacks in Q2 2025\u2013Q3 2025", "link": "https://www.welivesecurity.com/en/videos/who-where-how-apt-attacks-q2-2025-q3-2025/", "published": "2025-11-07", "sev": "crit" } ], "first_seen": "2025-11-07" }, { "value": "esetscanner.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-714", "title": "The who, where, and how of APT attacks in Q2 2025\u2013Q3 2025", "link": "https://www.welivesecurity.com/en/videos/who-where-how-apt-attacks-q2-2025-q3-2025/", "published": "2025-11-07", "sev": "crit" } ], "first_seen": "2025-11-07" }, { "value": "esetsmart.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-714", "title": "The who, where, and how of APT attacks in Q2 2025\u2013Q3 2025", "link": "https://www.welivesecurity.com/en/videos/who-where-how-apt-attacks-q2-2025-q3-2025/", "published": "2025-11-07", "sev": "crit" } ], "first_seen": "2025-11-07" }, { "value": "bf50442dedeb6a715de82177eb7e24daed3f3e45d6dcd186bb360675d07ac047", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-714", "title": "The who, where, and how of APT attacks in Q2 2025\u2013Q3 2025", "link": "https://www.welivesecurity.com/en/videos/who-where-how-apt-attacks-q2-2025-q3-2025/", "published": "2025-11-07", "sev": "crit" } ], "first_seen": "2025-11-07" }, { "value": "e77afc29d52cbf4bedb8bc92017fb3ddd051d8acc9b106b627e10b8285ab7389", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-714", "title": "The who, where, and how of APT attacks in Q2 2025\u2013Q3 2025", "link": "https://www.welivesecurity.com/en/videos/who-where-how-apt-attacks-q2-2025-q3-2025/", "published": "2025-11-07", "sev": "crit" } ], "first_seen": "2025-11-07" }, { "value": "CVE-2025-11371", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-721", "title": "CISA KEV: CVE-2025-11371 \u2014 Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-04", "sev": "crit" } ], "first_seen": "2025-11-04" }, { "value": "CVE-2025-30406", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-721", "title": "CISA KEV: CVE-2025-11371 \u2014 Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-04", "sev": "crit" }, { "id": "art-937", "title": "CISA KEV: CVE-2025-30406 \u2014 Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-08", "sev": "crit" } ], "first_seen": "2025-11-04" }, { "value": "146.70.134.50", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-721", "title": "CISA KEV: CVE-2025-11371 \u2014 Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-04", "sev": "crit" }, { "id": "art-937", "title": "CISA KEV: CVE-2025-30406 \u2014 Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-08", "sev": "crit" } ], "first_seen": "2025-11-04" }, { "value": "147.124.216.205", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-721", "title": "CISA KEV: CVE-2025-11371 \u2014 Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-04", "sev": "crit" }, { "id": "art-937", "title": "CISA KEV: CVE-2025-30406 \u2014 Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-08", "sev": "crit" } ], "first_seen": "2025-11-04" }, { "value": "CVE-2025-24893", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-726", "title": "CISA KEV: CVE-2025-24893 \u2014 XWiki Platform Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-30", "sev": "crit" } ], "first_seen": "2025-10-30" }, { "value": "CVE-2025-41244", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-725", "title": "CISA KEV: CVE-2025-41244 \u2014 Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-30", "sev": "crit" } ], "first_seen": "2025-10-30" }, { "value": "c3pool.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-726", "title": "CISA KEV: CVE-2025-24893 \u2014 XWiki Platform Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-30", "sev": "crit" } ], "first_seen": "2025-10-30" }, { "value": "123.25.249.88", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-726", "title": "CISA KEV: CVE-2025-24893 \u2014 XWiki Platform Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-30", "sev": "crit" } ], "first_seen": "2025-10-30" }, { "value": "193.32.208.24", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-726", "title": "CISA KEV: CVE-2025-24893 \u2014 XWiki Platform Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-30", "sev": "crit" } ], "first_seen": "2025-10-30" }, { "value": "0b907eee9a85d39f8f0d7c503cc1f84a71c4de10", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-726", "title": "CISA KEV: CVE-2025-24893 \u2014 XWiki Platform Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-30", "sev": "crit" } ], "first_seen": "2025-10-30" }, { "value": "2abd6f68a24b0a5df5809276016e6b85c77e5f7f", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-726", "title": "CISA KEV: CVE-2025-24893 \u2014 XWiki Platform Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-30", "sev": "crit" } ], "first_seen": "2025-10-30" }, { "value": "5abc337dbc04fee7206956dad1e0b6d43921a868", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-726", "title": "CISA KEV: CVE-2025-24893 \u2014 XWiki Platform Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-30", "sev": "crit" } ], "first_seen": "2025-10-30" }, { "value": "90d274c7600fbdca5fe035250d0baff20889ec2b", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-726", "title": "CISA KEV: CVE-2025-24893 \u2014 XWiki Platform Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-30", "sev": "crit" } ], "first_seen": "2025-10-30" }, { "value": "de082aeb01d41dd81cfb79bc5bfa33453b0022ed", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-726", "title": "CISA KEV: CVE-2025-24893 \u2014 XWiki Platform Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-30", "sev": "crit" } ], "first_seen": "2025-10-30" }, { "value": "CVE-2025-6204", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-729", "title": "CISA KEV: CVE-2025-6204 \u2014 Dassault Syst\u00e8mes DELMIA Apriso Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-28", "sev": "crit" } ], "first_seen": "2025-10-28" }, { "value": "CVE-2025-6205", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-729", "title": "CISA KEV: CVE-2025-6204 \u2014 Dassault Syst\u00e8mes DELMIA Apriso Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-28", "sev": "crit" } ], "first_seen": "2025-10-28" }, { "value": "CVE-2025-54236", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-732", "title": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improper Input Validation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-24", "sev": "crit" } ], "first_seen": "2025-10-24" }, { "value": "CVE-2025-59287", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-733", "title": "CISA KEV: CVE-2025-59287 \u2014 Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-24", "sev": "crit" } ], "first_seen": "2025-10-24" }, { "value": "sagecrafft.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-732", "title": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improper Input Validation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-24", "sev": "crit" } ], "first_seen": "2025-10-24" }, { "value": "tecnokauf.ru", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-732", "title": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improper Input Validation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-24", "sev": "crit" } ], "first_seen": "2025-10-24" }, { "value": "webhook.site/22b6b8c8-2e07-4878-a681-b772e569aa6a", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-733", "title": "CISA KEV: CVE-2025-59287 \u2014 Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-24", "sev": "crit" } ], "first_seen": "2025-10-24" }, { "value": "worcksbot.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-732", "title": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improper Input Validation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-24", "sev": "crit" } ], "first_seen": "2025-10-24" }, { "value": "103.215.237.26", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-732", "title": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improper Input Validation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-24", "sev": "crit" } ], "first_seen": "2025-10-24" }, { "value": "141.11.62.221", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-732", "title": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improper Input Validation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-24", "sev": "crit" } ], "first_seen": "2025-10-24" }, { "value": "143.244.44.172", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-732", "title": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improper Input Validation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-24", "sev": "crit" } ], "first_seen": "2025-10-24" }, { "value": "149.28.33.250", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-732", "title": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improper Input Validation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-24", "sev": "crit" } ], "first_seen": "2025-10-24" }, { "value": "155.117.84.134", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-732", "title": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improper Input Validation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-24", "sev": "crit" } ], "first_seen": "2025-10-24" }, { "value": "155.138.226.245", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-732", "title": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improper Input Validation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-24", "sev": "crit" } ], "first_seen": "2025-10-24" }, { "value": "156.244.16.170", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-732", "title": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improper Input Validation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-24", "sev": "crit" } ], "first_seen": "2025-10-24" }, { "value": "157.245.52.111", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-732", "title": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improper Input Validation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-24", "sev": "crit" } ], "first_seen": "2025-10-24" }, { "value": "159.89.12.166", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-732", "title": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improper Input Validation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-24", "sev": "crit" } ], "first_seen": "2025-10-24" }, { "value": "198.144.182.13", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-732", "title": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improper Input Validation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-24", "sev": "crit" } ], "first_seen": "2025-10-24" }, { "value": "212.8.248.191", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-732", "title": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improper Input Validation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-24", "sev": "crit" } ], "first_seen": "2025-10-24" }, { "value": "23.146.184.93", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-732", "title": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improper Input Validation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-24", "sev": "crit" } ], "first_seen": "2025-10-24" }, { "value": "23.249.27.221", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-732", "title": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improper Input Validation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-24", "sev": "crit" } ], "first_seen": "2025-10-24" }, { "value": "34.227.25.4", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-732", "title": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improper Input Validation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-24", "sev": "crit" } ], "first_seen": "2025-10-24" }, { "value": "44.212.43.34", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-732", "title": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improper Input Validation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-24", "sev": "crit" } ], "first_seen": "2025-10-24" }, { "value": "45.143.20.147", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-732", "title": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improper Input Validation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-24", "sev": "crit" } ], "first_seen": "2025-10-24" }, { "value": "45.32.66.51", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-732", "title": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improper Input Validation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-24", "sev": "crit" } ], "first_seen": "2025-10-24" }, { "value": "46.39.230.243", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-732", "title": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improper Input Validation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-24", "sev": "crit" } ], "first_seen": "2025-10-24" }, { "value": "54.205.171.35", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-732", "title": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improper Input Validation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-24", "sev": "crit" } ], "first_seen": "2025-10-24" }, { "value": "54.226.181.219", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-732", "title": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improper Input Validation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-24", "sev": "crit" } ], "first_seen": "2025-10-24" }, { "value": "80.78.25.213", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-732", "title": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improper Input Validation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-24", "sev": "crit" } ], "first_seen": "2025-10-24" }, { "value": "86.203.185.51", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-732", "title": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improper Input Validation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-24", "sev": "crit" } ], "first_seen": "2025-10-24" }, { "value": "99.246.176.115", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-732", "title": "CISA KEV: CVE-2025-54236 \u2014 Adobe Commerce and\u202fMagento Improper Input Validation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-24", "sev": "crit" } ], "first_seen": "2025-10-24" }, { "value": "anvil.org.ph", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "bandarpowder.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "coralsunmarine.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "ecudecode.mx", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "galaterrace.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "kazitradebd.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "mediostresbarbas.com.ar", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "mnmathleague.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "oldlinewoodwork.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "partnerls.pl", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "pierregems.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "scgestor.com.br", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "spaincaramoon.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "trainingpharmacist.co.uk", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "104.21.80.1", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "104.247.162.67", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "108.181.92.71", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "152.42.239.211", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "172.67.193.139", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "185.148.129.24", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "193.39.187.165", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "23.111.133.162", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "45.148.29.122", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "66.29.144.75", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "70.32.24.131", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "75.102.23.3", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "77.55.252.111", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "95.217.119.214", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "03D9B8F0FCF9173D2964CE7173D21E681DFA8DA4", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "086816466D9D9C12FCADA1C872B8C0FF0A5FC611", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "0CB73D70FD4132A4FF5493DAA84AAE839F6329D5", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "262B4ED6AC6A977135DECA5B0872B7D6D676083A", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "26AA2643B07C48CB6943150ADE541580279E8E0E", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "28978E987BC59E75CA22562924EAB93355CF679E", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "2A2B20FDDD65BA28E7C57AC97A158C15B61A7B05", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "2AA341B03FAC3054C57640122EA849BC0C2B6AF6", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "5B85DD485FD516AA1F4412801897A40A9BE31837", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "5E5BBA521F0034D342CC26DB8BCFECE57DBD4616", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "71D0DDB7C6CAC4BA2BDE679941FA92A31FBEC1FF", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "87B2DF764455164C6982BA9700F27EA34D3565DF", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "AC16B1BAEDE349E4824335E0993533BF4FC116B3", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "B12EEB595FEEC2CFBF9A60E1CC21A14CE8873539", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "B68C49841DC48E3672031795D85ED24F9F619782", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "CB7834BE7DE07F89352080654F7FEB574B42A2B8", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "E670C4275EC24D403E0D4DE7135CBCF1D54FF09C", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "083d4a4ef6267c9a0ab57f1e5a2ed45ff67a0b4db83bbd43563458a223781120", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "503b3ece42f540409bcb2f0abc7584e557a0d120b7ba9854b4548496b2546d34", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "98d1a10521a4dd968d75e2860e523311b5851737795c84943c380870794c851a", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "c39ecc7d9f1e225a37304345731fffe72cdb95b21aeb06aa6022f6d338777012", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "f9a9c1a13ed74aebca0652b102755833fc084e221d731b5e7ae76ff136f85864", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-734", "title": "Gotta fly: Lazarus targets the UAV sector", "link": "https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/", "published": "2025-10-23", "sev": "crit" } ], "first_seen": "2025-10-23" }, { "value": "CVE-2025-61932", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-738", "title": "CISA KEV: CVE-2025-61932 \u2014 Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-22", "sev": "crit" } ], "first_seen": "2025-10-22" }, { "value": "108.61.161.118", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-738", "title": "CISA KEV: CVE-2025-61932 \u2014 Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-22", "sev": "crit" } ], "first_seen": "2025-10-22" }, { "value": "38.54.56.10", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-738", "title": "CISA KEV: CVE-2025-61932 \u2014 Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-22", "sev": "crit" } ], "first_seen": "2025-10-22" }, { "value": "38.54.56.57", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-738", "title": "CISA KEV: CVE-2025-61932 \u2014 Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-22", "sev": "crit" } ], "first_seen": "2025-10-22" }, { "value": "38.54.88.172", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-738", "title": "CISA KEV: CVE-2025-61932 \u2014 Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-22", "sev": "crit" } ], "first_seen": "2025-10-22" }, { "value": "4946b0de3b705878c514e2eead096e1e", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-738", "title": "CISA KEV: CVE-2025-61932 \u2014 Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-22", "sev": "crit" } ], "first_seen": "2025-10-22" }, { "value": "932c91020b74aaa7ffc687e21da0119c", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-738", "title": "CISA KEV: CVE-2025-61932 \u2014 Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-22", "sev": "crit" } ], "first_seen": "2025-10-22" }, { "value": "1406b4e905c65ba1599eb9c619c196fa5e1c3bf7", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-738", "title": "CISA KEV: CVE-2025-61932 \u2014 Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-22", "sev": "crit" } ], "first_seen": "2025-10-22" }, { "value": "8124940a41d4b7608eada0d2b546b73c010e30b1", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-738", "title": "CISA KEV: CVE-2025-61932 \u2014 Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-22", "sev": "crit" } ], "first_seen": "2025-10-22" }, { "value": "be75458b489468e0acdea6ebbb424bc898b3db29", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-738", "title": "CISA KEV: CVE-2025-61932 \u2014 Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-22", "sev": "crit" } ], "first_seen": "2025-10-22" }, { "value": "3c96c1a9b3751339390be9d7a5c3694df46212fb97ebddc074547c2338a4c7ba", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-738", "title": "CISA KEV: CVE-2025-61932 \u2014 Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-22", "sev": "crit" } ], "first_seen": "2025-10-22" }, { "value": "704e697441c0af67423458a99f30318c57f1a81c4146beb4dd1a88a88a8c97c3", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-738", "title": "CISA KEV: CVE-2025-61932 \u2014 Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-22", "sev": "crit" } ], "first_seen": "2025-10-22" }, { "value": "9e581d0506d2f6ec39226f052a58bc5a020ebc81ae539fa3a6b7fc0db1b94946", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-738", "title": "CISA KEV: CVE-2025-61932 \u2014 Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-22", "sev": "crit" } ], "first_seen": "2025-10-22" }, { "value": "CVE-2022-48503", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-740", "title": "CISA KEV: CVE-2022-48503 \u2014 Apple Multiple Products Unspecified Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-20", "sev": "crit" } ], "first_seen": "2025-10-20" }, { "value": "CVE-2025-2746", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-741", "title": "CISA KEV: CVE-2025-2746 \u2014 Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-20", "sev": "crit" } ], "first_seen": "2025-10-20" }, { "value": "CVE-2025-2747", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-741", "title": "CISA KEV: CVE-2025-2746 \u2014 Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-20", "sev": "crit" } ], "first_seen": "2025-10-20" }, { "value": "CVE-2025-61884", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-743", "title": "CISA KEV: CVE-2025-61884 \u2014 Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-20", "sev": "crit" }, { "id": "art-764", "title": "CISA KEV: CVE-2025-61882 \u2014 Oracle E-Business Suite Unspecified Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-06", "sev": "crit" } ], "first_seen": "2025-10-20" }, { "value": "pubstorm.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-743", "title": "CISA KEV: CVE-2025-61884 \u2014 Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-20", "sev": "crit" }, { "id": "art-764", "title": "CISA KEV: CVE-2025-61882 \u2014 Oracle E-Business Suite Unspecified Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-06", "sev": "crit" } ], "first_seen": "2025-10-20" }, { "value": "pubstorm.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-743", "title": "CISA KEV: CVE-2025-61884 \u2014 Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-20", "sev": "crit" }, { "id": "art-764", "title": "CISA KEV: CVE-2025-61882 \u2014 Oracle E-Business Suite Unspecified Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-06", "sev": "crit" } ], "first_seen": "2025-10-20" }, { "value": "104.194.11.200", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-743", "title": "CISA KEV: CVE-2025-61884 \u2014 Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-20", "sev": "crit" }, { "id": "art-764", "title": "CISA KEV: CVE-2025-61882 \u2014 Oracle E-Business Suite Unspecified Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-06", "sev": "crit" } ], "first_seen": "2025-10-20" }, { "value": "161.97.99.49", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-743", "title": "CISA KEV: CVE-2025-61884 \u2014 Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-20", "sev": "crit" }, { "id": "art-764", "title": "CISA KEV: CVE-2025-61882 \u2014 Oracle E-Business Suite Unspecified Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-06", "sev": "crit" } ], "first_seen": "2025-10-20" }, { "value": "162.55.17.215", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-743", "title": "CISA KEV: CVE-2025-61884 \u2014 Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-20", "sev": "crit" }, { "id": "art-764", "title": "CISA KEV: CVE-2025-61882 \u2014 Oracle E-Business Suite Unspecified Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-06", "sev": "crit" } ], "first_seen": "2025-10-20" }, { "value": "200.107.207.26", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-743", "title": "CISA KEV: CVE-2025-61884 \u2014 Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-20", "sev": "crit" }, { "id": "art-764", "title": "CISA KEV: CVE-2025-61882 \u2014 Oracle E-Business Suite Unspecified Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-06", "sev": "crit" } ], "first_seen": "2025-10-20" }, { "value": "CVE-2025-54253", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-747", "title": "CISA KEV: CVE-2025-54253 \u2014 Adobe Experience Manager Forms Code Execution Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-15", "sev": "crit" } ], "first_seen": "2025-10-15" }, { "value": "CVE-2025-54254", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-747", "title": "CISA KEV: CVE-2025-54253 \u2014 Adobe Experience Manager Forms Code Execution Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-15", "sev": "crit" } ], "first_seen": "2025-10-15" }, { "value": "CVE-2016-7836", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-753", "title": "CISA KEV: CVE-2016-7836 \u2014 SKYSEA Client View Improper Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-14", "sev": "crit" } ], "first_seen": "2025-10-14" }, { "value": "CVE-2025-24990", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-751", "title": "CISA KEV: CVE-2025-24990 \u2014 Microsoft Windows Untrusted Pointer Dereference Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-14", "sev": "crit" } ], "first_seen": "2025-10-14" }, { "value": "CVE-2025-47827", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-750", "title": "CISA KEV: CVE-2025-47827 \u2014 IGEL OS Use of a Key Past its Expiration Date Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-14", "sev": "crit" } ], "first_seen": "2025-10-14" }, { "value": "CVE-2025-59230", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-752", "title": "CISA KEV: CVE-2025-59230 \u2014 Microsoft Windows Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-14", "sev": "crit" } ], "first_seen": "2025-10-14" }, { "value": "CVE-2021-43798", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-755", "title": "CISA KEV: CVE-2021-43798 \u2014 Grafana Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-09", "sev": "crit" } ], "first_seen": "2025-10-09" }, { "value": "cfn.fejyhy.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-754", "title": "Phishing Campaign Leveraging the NPM Ecosystem", "link": "https://snyk.io/blog/phishing-campaign-leveraging-the-npm-ecosystem/", "published": "2025-10-09", "sev": "crit" } ], "first_seen": "2025-10-09" }, { "value": "cfn.fenamu.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-754", "title": "Phishing Campaign Leveraging the NPM Ecosystem", "link": "https://snyk.io/blog/phishing-campaign-leveraging-the-npm-ecosystem/", "published": "2025-10-09", "sev": "crit" } ], "first_seen": "2025-10-09" }, { "value": "cfn.jackpotmastersdanske.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-754", "title": "Phishing Campaign Leveraging the NPM Ecosystem", "link": "https://snyk.io/blog/phishing-campaign-leveraging-the-npm-ecosystem/", "published": "2025-10-09", "sev": "crit" } ], "first_seen": "2025-10-09" }, { "value": "cfn.notwinningbutpartici.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-754", "title": "Phishing Campaign Leveraging the NPM Ecosystem", "link": "https://snyk.io/blog/phishing-campaign-leveraging-the-npm-ecosystem/", "published": "2025-10-09", "sev": "crit" } ], "first_seen": "2025-10-09" }, { "value": "elkendinsc.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-754", "title": "Phishing Campaign Leveraging the NPM Ecosystem", "link": "https://snyk.io/blog/phishing-campaign-leveraging-the-npm-ecosystem/", "published": "2025-10-09", "sev": "crit" } ], "first_seen": "2025-10-09" }, { "value": "musicboxcr.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-754", "title": "Phishing Campaign Leveraging the NPM Ecosystem", "link": "https://snyk.io/blog/phishing-campaign-leveraging-the-npm-ecosystem/", "published": "2025-10-09", "sev": "crit" } ], "first_seen": "2025-10-09" }, { "value": "villasmbuva.co.mz", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-754", "title": "Phishing Campaign Leveraging the NPM Ecosystem", "link": "https://snyk.io/blog/phishing-campaign-leveraging-the-npm-ecosystem/", "published": "2025-10-09", "sev": "crit" } ], "first_seen": "2025-10-09" }, { "value": "CVE-2025-27915", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-757", "title": "CISA KEV: CVE-2025-27915 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-07", "sev": "crit" } ], "first_seen": "2025-10-07" }, { "value": "ffrk.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-757", "title": "CISA KEV: CVE-2025-27915 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-07", "sev": "crit" } ], "first_seen": "2025-10-07" }, { "value": "193.29.58.37", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-757", "title": "CISA KEV: CVE-2025-27915 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-07", "sev": "crit" } ], "first_seen": "2025-10-07" }, { "value": "CVE-2010-3765", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-763", "title": "CISA KEV: CVE-2010-3765 \u2014 Mozilla Multiple Products Remote Code Execution Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-06", "sev": "crit" } ], "first_seen": "2025-10-06" }, { "value": "CVE-2010-3962", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-759", "title": "CISA KEV: CVE-2010-3962 \u2014 Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-06", "sev": "crit" } ], "first_seen": "2025-10-06" }, { "value": "CVE-2011-3402", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-762", "title": "CISA KEV: CVE-2011-3402 \u2014 Microsoft Windows Remote Code Execution Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-06", "sev": "crit" } ], "first_seen": "2025-10-06" }, { "value": "CVE-2013-3918", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-761", "title": "CISA KEV: CVE-2013-3918 \u2014 Microsoft Windows Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-06", "sev": "crit" } ], "first_seen": "2025-10-06" }, { "value": "CVE-2021-22555", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-758", "title": "CISA KEV: CVE-2021-22555 \u2014 Linux Kernel Heap Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-06", "sev": "crit" } ], "first_seen": "2025-10-06" }, { "value": "CVE-2021-43226", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-760", "title": "CISA KEV: CVE-2021-43226 \u2014 Microsoft Windows Privilege Escalation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-06", "sev": "crit" } ], "first_seen": "2025-10-06" }, { "value": "dxcdfghg.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-759", "title": "CISA KEV: CVE-2010-3962 \u2014 Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-06", "sev": "crit" } ], "first_seen": "2025-10-06" }, { "value": "l-3com.dyndns-work.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-763", "title": "CISA KEV: CVE-2010-3765 \u2014 Mozilla Multiple Products Remote Code Execution Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-06", "sev": "crit" } ], "first_seen": "2025-10-06" }, { "value": "l-3com.dyndns.tv", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-763", "title": "CISA KEV: CVE-2010-3765 \u2014 Mozilla Multiple Products Remote Code Execution Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-06", "sev": "crit" } ], "first_seen": "2025-10-06" }, { "value": "185.181.60.11", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-764", "title": "CISA KEV: CVE-2025-61882 \u2014 Oracle E-Business Suite Unspecified Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-06", "sev": "crit" } ], "first_seen": "2025-10-06" }, { "value": "76b6d36e04e367a2334c445b51e1ecce97e4c614e88dfb4f72b104ca0f31235d", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-764", "title": "CISA KEV: CVE-2025-61882 \u2014 Oracle E-Business Suite Unspecified Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-06", "sev": "crit" } ], "first_seen": "2025-10-06" }, { "value": "CVE-2014-6271", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-765", "title": "CISA KEV: CVE-2014-6278 \u2014 GNU Bash OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-02", "sev": "crit" } ], "first_seen": "2025-10-02" }, { "value": "CVE-2014-6277", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-765", "title": "CISA KEV: CVE-2014-6278 \u2014 GNU Bash OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-02", "sev": "crit" } ], "first_seen": "2025-10-02" }, { "value": "CVE-2014-6278", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-765", "title": "CISA KEV: CVE-2014-6278 \u2014 GNU Bash OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-02", "sev": "crit" } ], "first_seen": "2025-10-02" }, { "value": "CVE-2014-7169", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-765", "title": "CISA KEV: CVE-2014-6278 \u2014 GNU Bash OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-02", "sev": "crit" } ], "first_seen": "2025-10-02" }, { "value": "CVE-2014-7186", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-765", "title": "CISA KEV: CVE-2014-6278 \u2014 GNU Bash OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-02", "sev": "crit" } ], "first_seen": "2025-10-02" }, { "value": "CVE-2014-7187", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-765", "title": "CISA KEV: CVE-2014-6278 \u2014 GNU Bash OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-02", "sev": "crit" } ], "first_seen": "2025-10-02" }, { "value": "CVE-2015-7755", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-767", "title": "CISA KEV: CVE-2015-7755 \u2014 Juniper ScreenOS Improper Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-02", "sev": "crit" } ], "first_seen": "2025-10-02" }, { "value": "CVE-2015-7756", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-767", "title": "CISA KEV: CVE-2015-7755 \u2014 Juniper ScreenOS Improper Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-02", "sev": "crit" } ], "first_seen": "2025-10-02" }, { "value": "CVE-2017-1000353", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-766", "title": "CISA KEV: CVE-2017-1000353 \u2014 Jenkins Remote Code Execution Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-02", "sev": "crit" } ], "first_seen": "2025-10-02" }, { "value": "CVE-2025-4008", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-769", "title": "CISA KEV: CVE-2025-4008 \u2014 Smartbedded Meteobridge Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-10-02", "sev": "crit" } ], "first_seen": "2025-10-02" }, { "value": "CVE-2017-3881", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-774", "title": "CISA KEV: CVE-2025-20352 \u2014 Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-29", "sev": "crit" } ], "first_seen": "2025-09-29" }, { "value": "CVE-2021-21311", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-775", "title": "CISA KEV: CVE-2021-21311 \u2014 Adminer Server-Side Request Forgery Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-29", "sev": "crit" } ], "first_seen": "2025-09-29" }, { "value": "CVE-2025-10035", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-773", "title": "CISA KEV: CVE-2025-10035 \u2014 Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-29", "sev": "crit" } ], "first_seen": "2025-09-29" }, { "value": "CVE-2025-20352", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-774", "title": "CISA KEV: CVE-2025-20352 \u2014 Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-29", "sev": "crit" } ], "first_seen": "2025-09-29" }, { "value": "CVE-2025-59689", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-772", "title": "CISA KEV: CVE-2025-59689 \u2014 Libraesva Email Security Gateway Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-29", "sev": "crit" } ], "first_seen": "2025-09-29" }, { "value": "213.183.63.41", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-773", "title": "CISA KEV: CVE-2025-10035 \u2014 Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-29", "sev": "crit" } ], "first_seen": "2025-09-29" }, { "value": "31.220.45.120", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-773", "title": "CISA KEV: CVE-2025-10035 \u2014 Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-29", "sev": "crit" } ], "first_seen": "2025-09-29" }, { "value": "45.11.183.123", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-773", "title": "CISA KEV: CVE-2025-10035 \u2014 Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-29", "sev": "crit" } ], "first_seen": "2025-09-29" }, { "value": "235dc2d8c92661e5e2797a03bccd2653272ca1ac93401d194d7784930ca17a5a", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-774", "title": "CISA KEV: CVE-2025-20352 \u2014 Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-29", "sev": "crit" } ], "first_seen": "2025-09-29" }, { "value": "2abc874435c16aa5cfd431b0d9c26095ef4b9429bd82306f054c367e96df49b2", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-774", "title": "CISA KEV: CVE-2025-20352 \u2014 Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-29", "sev": "crit" } ], "first_seen": "2025-09-29" }, { "value": "3a524bc40ca7c11b68283504f0119caeefd7589edea621d43d5d0cd973354675", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-774", "title": "CISA KEV: CVE-2025-20352 \u2014 Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-29", "sev": "crit" } ], "first_seen": "2025-09-29" }, { "value": "4106c35ff46bb6f2f4a42d63a2b8a619f1e1df72414122ddf6fd1b1a644b3220", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-773", "title": "CISA KEV: CVE-2025-10035 \u2014 Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-29", "sev": "crit" } ], "first_seen": "2025-09-29" }, { "value": "5ba7de7d5115789b952d9b1c6cff440c9128f438de933ff9044a68fff8496d19", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-773", "title": "CISA KEV: CVE-2025-10035 \u2014 Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-29", "sev": "crit" } ], "first_seen": "2025-09-29" }, { "value": "69d761bdde73ea8e33384cf986d7e9c2d9011f7aad8933e8af64e60a77091e11", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-774", "title": "CISA KEV: CVE-2025-20352 \u2014 Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-29", "sev": "crit" } ], "first_seen": "2025-09-29" }, { "value": "7cc7aed51adb426e55d82fd74c55b78f6ecbb895a315be721ef149a17f4b3a9b", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-774", "title": "CISA KEV: CVE-2025-20352 \u2014 Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-29", "sev": "crit" } ], "first_seen": "2025-09-29" }, { "value": "81b35152768f28a479ba9f7e27d66042b0d7edcd79355481aa401f3f47a7733b", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-774", "title": "CISA KEV: CVE-2025-20352 \u2014 Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-29", "sev": "crit" } ], "first_seen": "2025-09-29" }, { "value": "9b8a896aa2057f46e17b18bbe091d85fb816b1d3232a3178d6aba94df3a92f6a", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-774", "title": "CISA KEV: CVE-2025-20352 \u2014 Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-29", "sev": "crit" } ], "first_seen": "2025-09-29" }, { "value": "b08877f6f1c6c097240a6a8aa4a23243e3b14a1432170bc3fa5fa9886a2b19b4", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-774", "title": "CISA KEV: CVE-2025-20352 \u2014 Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-29", "sev": "crit" } ], "first_seen": "2025-09-29" }, { "value": "c7e2632702d0e22598b90ea226d3cde4830455d9232bd8b33ebcb13827e99bc3", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-773", "title": "CISA KEV: CVE-2025-10035 \u2014 Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-29", "sev": "crit" } ], "first_seen": "2025-09-29" }, { "value": "cd5aa589873d777c6e919c4438afe8bceccad6bbe57739e2ccb70b39aee1e8b3", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-773", "title": "CISA KEV: CVE-2025-10035 \u2014 Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-29", "sev": "crit" } ], "first_seen": "2025-09-29" }, { "value": "e303d0c6c59b4dc55edc0212a9319702e9db7fa03185ae9177777b874c02d4c1", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-774", "title": "CISA KEV: CVE-2025-20352 \u2014 Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-29", "sev": "crit" } ], "first_seen": "2025-09-29" }, { "value": "CVE-2025-20333", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-777", "title": "CISA KEV: CVE-2025-20362 \u2014 Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Missing Authorization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-25", "sev": "crit" } ], "first_seen": "2025-09-25" }, { "value": "CVE-2025-20362", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-777", "title": "CISA KEV: CVE-2025-20362 \u2014 Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Missing Authorization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-25", "sev": "crit" } ], "first_seen": "2025-09-25" }, { "value": "CVE-2025-20363", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-777", "title": "CISA KEV: CVE-2025-20362 \u2014 Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Missing Authorization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-25", "sev": "crit" } ], "first_seen": "2025-09-25" }, { "value": "CVE-2025-10585", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-780", "title": "CISA KEV: CVE-2025-10585 \u2014 Google Chromium V8 Type Confusion Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-23", "sev": "crit" } ], "first_seen": "2025-09-23" }, { "value": "CVE-2025-10894", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-778", "title": "s1ngularity: Popular Nx Build System Package Compromised with Data-Stealing Malware", "link": "https://www.stepsecurity.io/blog/supply-chain-security-alert-popular-nx-build-system-package-compromised-with-data-stealing-malware", "published": "2025-09-23", "sev": "crit" } ], "first_seen": "2025-09-23" }, { "value": "3905475cfd0e0ea670e20c6a9eaeb768169dc33d", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-778", "title": "s1ngularity: Popular Nx Build System Package Compromised with Data-Stealing Malware", "link": "https://www.stepsecurity.io/blog/supply-chain-security-alert-popular-nx-build-system-package-compromised-with-data-stealing-malware", "published": "2025-09-23", "sev": "crit" } ], "first_seen": "2025-09-23" }, { "value": "493networking.cc", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-785", "title": "GhostAction Campaign: Over 3,000 Secrets Stolen Through Malicious GitHub Workflows", "link": "https://www.stepsecurity.io/blog/ghostaction-campaign-over-3-000-secrets-stolen-through-malicious-github-workflows", "published": "2025-09-19", "sev": "high" } ], "first_seen": "2025-09-19" }, { "value": "bold-dhawan.45-139-104-115.plesk.page", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-785", "title": "GhostAction Campaign: Over 3,000 Secrets Stolen Through Malicious GitHub Workflows", "link": "https://www.stepsecurity.io/blog/ghostaction-campaign-over-3-000-secrets-stolen-through-malicious-github-workflows", "published": "2025-09-19", "sev": "high" } ], "first_seen": "2025-09-19" }, { "value": "carte-avantage.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-785", "title": "GhostAction Campaign: Over 3,000 Secrets Stolen Through Malicious GitHub Workflows", "link": "https://www.stepsecurity.io/blog/ghostaction-campaign-over-3-000-secrets-stolen-through-malicious-github-workflows", "published": "2025-09-19", "sev": "high" } ], "first_seen": "2025-09-19" }, { "value": "objective-hopper.45-139-104-115.plesk.page", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-785", "title": "GhostAction Campaign: Over 3,000 Secrets Stolen Through Malicious GitHub Workflows", "link": "https://www.stepsecurity.io/blog/ghostaction-campaign-over-3-000-secrets-stolen-through-malicious-github-workflows", "published": "2025-09-19", "sev": "high" } ], "first_seen": "2025-09-19" }, { "value": "45.139.104.115", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-785", "title": "GhostAction Campaign: Over 3,000 Secrets Stolen Through Malicious GitHub Workflows", "link": "https://www.stepsecurity.io/blog/ghostaction-campaign-over-3-000-secrets-stolen-through-malicious-github-workflows", "published": "2025-09-19", "sev": "high" } ], "first_seen": "2025-09-19" }, { "value": "CVE-2025-5086", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-790", "title": "CISA KEV: CVE-2025-5086 \u2014 Dassault Syst\u00e8mes DELMIA Apriso Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-11", "sev": "crit" } ], "first_seen": "2025-09-11" }, { "value": "156.244.33.162", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-790", "title": "CISA KEV: CVE-2025-5086 \u2014 Dassault Syst\u00e8mes DELMIA Apriso Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-11", "sev": "crit" } ], "first_seen": "2025-09-11" }, { "value": "292ea9dbc5a1d15b769edb5df1602418931122455223081064ad7ea4e8ab6821", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-790", "title": "CISA KEV: CVE-2025-5086 \u2014 Dassault Syst\u00e8mes DELMIA Apriso Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-11", "sev": "crit" } ], "first_seen": "2025-09-11" }, { "value": "npmjs.help", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-794", "title": "npm Supply Chain Attack via Open Source maintainer compromise", "link": "https://snyk.io/blog/npm-supply-chain-attack-via-open-source-maintainer-compromise/", "published": "2025-09-08", "sev": "high" } ], "first_seen": "2025-09-08" }, { "value": "websocket-api2.publicvm.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-794", "title": "npm Supply Chain Attack via Open Source maintainer compromise", "link": "https://snyk.io/blog/npm-supply-chain-attack-via-open-source-maintainer-compromise/", "published": "2025-09-08", "sev": "high" } ], "first_seen": "2025-09-08" }, { "value": "CVE-2025-38352", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-797", "title": "CISA KEV: CVE-2025-38352 \u2014 Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-04", "sev": "crit" } ], "first_seen": "2025-09-04" }, { "value": "CVE-2025-48543", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-798", "title": "CISA KEV: CVE-2025-48543 \u2014 Android Runtime Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-04", "sev": "crit" } ], "first_seen": "2025-09-04" }, { "value": "CVE-2025-53690", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-799", "title": "CISA KEV: CVE-2025-53690 \u2014 Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-04", "sev": "crit" } ], "first_seen": "2025-09-04" }, { "value": "103.235.46.102", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-799", "title": "CISA KEV: CVE-2025-53690 \u2014 Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-04", "sev": "crit" } ], "first_seen": "2025-09-04" }, { "value": "130.33.156.194", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-799", "title": "CISA KEV: CVE-2025-53690 \u2014 Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-04", "sev": "crit" } ], "first_seen": "2025-09-04" }, { "value": "117305c6c8222162d7246f842c4bb014", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-799", "title": "CISA KEV: CVE-2025-53690 \u2014 Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-04", "sev": "crit" } ], "first_seen": "2025-09-04" }, { "value": "62483e732553c8ba051b792949f3c6d0", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-799", "title": "CISA KEV: CVE-2025-53690 \u2014 Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-04", "sev": "crit" } ], "first_seen": "2025-09-04" }, { "value": "63d22ae0568b760b5e3aabb915313e44", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-799", "title": "CISA KEV: CVE-2025-53690 \u2014 Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-04", "sev": "crit" } ], "first_seen": "2025-09-04" }, { "value": "a39696e95a34a017be1435db7ff139d5", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-799", "title": "CISA KEV: CVE-2025-53690 \u2014 Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-04", "sev": "crit" } ], "first_seen": "2025-09-04" }, { "value": "be7e2c6a9a4654b51a16f8b10a2be175", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-799", "title": "CISA KEV: CVE-2025-53690 \u2014 Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-04", "sev": "crit" } ], "first_seen": "2025-09-04" }, { "value": "f410d88429b93786b224e489c960bf5c", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-799", "title": "CISA KEV: CVE-2025-53690 \u2014 Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-04", "sev": "crit" } ], "first_seen": "2025-09-04" }, { "value": "223b873c50380fe9a39f1a22b6abf8d46db506e1c08d08312902f6f3cd1f7ac3", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-799", "title": "CISA KEV: CVE-2025-53690 \u2014 Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-04", "sev": "crit" } ], "first_seen": "2025-09-04" }, { "value": "61f897ed69646e0509f6802fb2d7c5e88c3e3b93c4ca86942e24d203aa878863", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-799", "title": "CISA KEV: CVE-2025-53690 \u2014 Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-04", "sev": "crit" } ], "first_seen": "2025-09-04" }, { "value": "a566cceaf9a66332470a978a234a8a8e2bbdd4d6aa43c2c75c25a80b3b744307", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-799", "title": "CISA KEV: CVE-2025-53690 \u2014 Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-04", "sev": "crit" } ], "first_seen": "2025-09-04" }, { "value": "b3f83721f24f7ee5eb19f24747b7668ff96da7dfd9be947e6e24a688ecc0a52b", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-799", "title": "CISA KEV: CVE-2025-53690 \u2014 Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-04", "sev": "crit" } ], "first_seen": "2025-09-04" }, { "value": "CVE-2025-9377", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-800", "title": "CISA KEV: CVE-2023-50224 \u2014 TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-03", "sev": "crit" }, { "id": "art-801", "title": "CISA KEV: CVE-2025-9377 \u2014 TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-03", "sev": "crit" } ], "first_seen": "2025-09-03" }, { "value": "CVE-2020-24363", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-802", "title": "CISA KEV: CVE-2020-24363 \u2014 TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-09-02", "sev": "crit" } ], "first_seen": "2025-09-02" }, { "value": "CVE-2025-57819", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-804", "title": "CISA KEV: CVE-2025-57819 \u2014 Sangoma FreePBX Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-29", "sev": "crit" } ], "first_seen": "2025-08-29" }, { "value": "CVE-2025-7775", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-807", "title": "CISA KEV: CVE-2025-7775 \u2014 Citrix NetScaler Memory Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-26", "sev": "crit" } ], "first_seen": "2025-08-26" }, { "value": "CVE-2025-7776", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-807", "title": "CISA KEV: CVE-2025-7775 \u2014 Citrix NetScaler Memory Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-26", "sev": "crit" } ], "first_seen": "2025-08-26" }, { "value": "CVE-2025-8424", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-807", "title": "CISA KEV: CVE-2025-7775 \u2014 Citrix NetScaler Memory Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-26", "sev": "crit" } ], "first_seen": "2025-08-26" }, { "value": "CVE-2024-8068", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-809", "title": "CISA KEV: CVE-2024-8068 \u2014 Citrix Session Recording Improper Privilege Management Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-25", "sev": "crit" } ], "first_seen": "2025-08-25" }, { "value": "CVE-2024-8069", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-809", "title": "CISA KEV: CVE-2024-8068 \u2014 Citrix Session Recording Improper Privilege Management Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-25", "sev": "crit" }, { "id": "art-810", "title": "CISA KEV: CVE-2024-8069 \u2014 Citrix Session Recording Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-25", "sev": "crit" } ], "first_seen": "2025-08-25" }, { "value": "CVE-2025-48384", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-808", "title": "CISA KEV: CVE-2025-48384 \u2014 Git Link Following Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-25", "sev": "crit" } ], "first_seen": "2025-08-25" }, { "value": "CVE-2025-54948", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-813", "title": "CISA KEV: CVE-2025-54948 \u2014 Trend Micro Apex One OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-18", "sev": "crit" } ], "first_seen": "2025-08-18" }, { "value": "CVE-2025-54987", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-813", "title": "CISA KEV: CVE-2025-54948 \u2014 Trend Micro Apex One OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-18", "sev": "crit" } ], "first_seen": "2025-08-18" }, { "value": "CVE-2025-30154", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity", "CISA KEV" ], "articles": [ { "id": "art-814", "title": "Suspicious Tag Movement in AWS\u2019s GitHub Action: What Happened and Why It Matters", "link": "https://www.stepsecurity.io/blog/suspicious-tag-movement-in-aws-github-action", "published": "2025-08-15", "sev": "high" }, { "id": "art-815", "title": "When 'Changed Files' Changed Everything: Our Black Hat 2025 Presentation on the tj-actions Supply Chain Breach", "link": "https://www.stepsecurity.io/blog/when-changed-files-changed-everything-our-black-hat-2025-presentation-on-the-tj-actions-supply-chain-breach", "published": "2025-08-15", "sev": "crit" }, { "id": "art-823", "title": "Lessons from AWS CodeBuild\u2019s Memory-Dump Incident (CVE-2025-8217)", "link": "https://www.stepsecurity.io/blog/lessons-from-aws-codebuilds-memory-dump-incident-cve-2025-8217", "published": "2025-08-09", "sev": "crit" }, { "id": "art-947", "title": "CISA KEV: CVE-2025-30154 \u2014 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-24", "sev": "crit" }, { "id": "art-955", "title": "CISA KEV: CVE-2025-30066 \u2014 tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" } ], "first_seen": "2025-08-15" }, { "value": "3f401fe1d58fe77e10d665ab713057375e39b887", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-815", "title": "When 'Changed Files' Changed Everything: Our Black Hat 2025 Presentation on the tj-actions Supply Chain Breach", "link": "https://www.stepsecurity.io/blog/when-changed-files-changed-everything-our-black-hat-2025-presentation-on-the-tj-actions-supply-chain-breach", "published": "2025-08-15", "sev": "crit" } ], "first_seen": "2025-08-15" }, { "value": "6e6023c01918b353229af0881232f601a4cc8365", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity", "CISA KEV" ], "articles": [ { "id": "art-815", "title": "When 'Changed Files' Changed Everything: Our Black Hat 2025 Presentation on the tj-actions Supply Chain Breach", "link": "https://www.stepsecurity.io/blog/when-changed-files-changed-everything-our-black-hat-2025-presentation-on-the-tj-actions-supply-chain-breach", "published": "2025-08-15", "sev": "crit" }, { "id": "art-947", "title": "CISA KEV: CVE-2025-30154 \u2014 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-24", "sev": "crit" }, { "id": "art-955", "title": "CISA KEV: CVE-2025-30066 \u2014 tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" } ], "first_seen": "2025-08-15" }, { "value": "c17ac4b5c1cb901a7ccddf00ac9722b8e2725345", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-815", "title": "When 'Changed Files' Changed Everything: Our Black Hat 2025 Presentation on the tj-actions Supply Chain Breach", "link": "https://www.stepsecurity.io/blog/when-changed-files-changed-everything-our-black-hat-2025-presentation-on-the-tj-actions-supply-chain-breach", "published": "2025-08-15", "sev": "crit" } ], "first_seen": "2025-08-15" }, { "value": "ce4a123414f9fffa959d1f329c4749da83c4bf10", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-815", "title": "When 'Changed Files' Changed Everything: Our Black Hat 2025 Presentation on the tj-actions Supply Chain Breach", "link": "https://www.stepsecurity.io/blog/when-changed-files-changed-everything-our-black-hat-2025-presentation-on-the-tj-actions-supply-chain-breach", "published": "2025-08-15", "sev": "crit" } ], "first_seen": "2025-08-15" }, { "value": "e1e36574b3af1ddaab74f5e69505d8836bf12f52", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-815", "title": "When 'Changed Files' Changed Everything: Our Black Hat 2025 Presentation on the tj-actions Supply Chain Breach", "link": "https://www.stepsecurity.io/blog/when-changed-files-changed-everything-our-black-hat-2025-presentation-on-the-tj-actions-supply-chain-breach", "published": "2025-08-15", "sev": "crit" } ], "first_seen": "2025-08-15" }, { "value": "f5434e31b6259b4e08684618a305bae127b6d784", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity", "CISA KEV" ], "articles": [ { "id": "art-815", "title": "When 'Changed Files' Changed Everything: Our Black Hat 2025 Presentation on the tj-actions Supply Chain Breach", "link": "https://www.stepsecurity.io/blog/when-changed-files-changed-everything-our-black-hat-2025-presentation-on-the-tj-actions-supply-chain-breach", "published": "2025-08-15", "sev": "crit" }, { "id": "art-947", "title": "CISA KEV: CVE-2025-30154 \u2014 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-24", "sev": "crit" }, { "id": "art-955", "title": "CISA KEV: CVE-2025-30066 \u2014 tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" } ], "first_seen": "2025-08-15" }, { "value": "fbc2c5ebe64389f297a7808025379f77133f1292", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-815", "title": "When 'Changed Files' Changed Everything: Our Black Hat 2025 Presentation on the tj-actions Supply Chain Breach", "link": "https://www.stepsecurity.io/blog/when-changed-files-changed-everything-our-black-hat-2025-presentation-on-the-tj-actions-supply-chain-breach", "published": "2025-08-15", "sev": "crit" } ], "first_seen": "2025-08-15" }, { "value": "f0d342d24037bb11d26b9bd8496e0808ba32e9ec", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-814", "title": "Suspicious Tag Movement in AWS\u2019s GitHub Action: What Happened and Why It Matters", "link": "https://www.stepsecurity.io/blog/suspicious-tag-movement-in-aws-github-action", "published": "2025-08-15", "sev": "high" } ], "first_seen": "2025-08-15" }, { "value": "CVE-2025-8875", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-819", "title": "CISA KEV: CVE-2025-8875 \u2014 N-able N-Central Insecure Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-13", "sev": "crit" } ], "first_seen": "2025-08-13" }, { "value": "CVE-2025-8876", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-818", "title": "CISA KEV: CVE-2025-8876 \u2014 N-able N-Central Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-13", "sev": "crit" } ], "first_seen": "2025-08-13" }, { "value": "CVE-2007-0671", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-821", "title": "CISA KEV: CVE-2007-0671 \u2014 Microsoft Office Excel Remote Code Execution Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "CVE-2013-3893", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-822", "title": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resource Management Errors Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "ali.blankchair.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-822", "title": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resource Management Errors Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "blankchair.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-822", "title": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resource Management Errors Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "dll.freshdns.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-822", "title": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resource Management Errors Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "downloadmp3server.servemp3.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-822", "title": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resource Management Errors Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "ea.blankchair.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-822", "title": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resource Management Errors Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "rt.blankchair.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-822", "title": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resource Management Errors Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "yahooeast.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-822", "title": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resource Management Errors Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "103.17.117.90", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-822", "title": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resource Management Errors Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "110.45.158.5", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-822", "title": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resource Management Errors Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "180.150.228.102", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-822", "title": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resource Management Errors Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "192.192.91.6", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-822", "title": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resource Management Errors Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "210.176.3.130", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-822", "title": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resource Management Errors Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "210.177.74.45", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-822", "title": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resource Management Errors Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "211.23.103.221", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-822", "title": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resource Management Errors Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "61.63.47.27", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-822", "title": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resource Management Errors Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "66.153.86.14", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-822", "title": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resource Management Errors Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "1b03e3de1ef3e7135fbf9d5ce7e7ccf6", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-822", "title": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resource Management Errors Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "4d257e569539973ab0bbafee8fb87582", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-822", "title": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resource Management Errors Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "58dc05118ef8b11dcb5f5c596ab772fd", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-822", "title": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resource Management Errors Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "645e29b7c6319295ae8b13ce8575dc1d", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-822", "title": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resource Management Errors Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "bf891c72e4c29cfbe533756ea5685314", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-822", "title": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resource Management Errors Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "dbdb1032d7bb4757d6011fb1d077856c", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-822", "title": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resource Management Errors Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "e9c73997694a897d3c6aadb26ed34797", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-822", "title": "CISA KEV: CVE-2013-3893 \u2014 Microsoft Internet Explorer Resource Management Errors Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "371a5b8ba86fbcab80d4e0087d2aa0d8ffddc70b", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-820", "title": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "29f89486bb820d40c9bee8bf70ee8664ea270b16e486af4a53ab703996943256", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-820", "title": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "2c40e7cf613bf2806ff6e9bc396058fe4f85926493979189dbdbc7d615b7cb14", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-820", "title": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "3b85d0261ab2531aba9e2992eb85273be0e26fe61e4592862d8f45d6807ceee4", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-820", "title": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "55b3dc57929d8eacfdadc71d92483eabe4874bf3d0189f861b145705a0f0a8fe", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-820", "title": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "5b64786ed92545eeac013be9456e1ff03d95073910742e45ff6b88a86e91901b", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-820", "title": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "68d9020aa9b509a6d018d6d9f4c77e7604a588b2848e05da6a4d9f82d725f91b", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-820", "title": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "6d3586aa6603f1c1c79d7bd7e0b5c5f0cc8e8a84577c35d21b0f462656c2e1f9", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-820", "title": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "867a05d67dd184d544d5513f4f07959a7c2b558197c99cb8139ea797ad9fbece", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-820", "title": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "958921ea0995482fb04ea4a50bbdb654f272ab991046a43c1fdbd22da302d544", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-820", "title": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "a54bcafd9d4ece87fa314d508a68f47b0ec3351c0a270aa2ed3a0e275b9db03c", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-820", "title": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "a97f460bfa612f1d406823620d0d25e381f9b980a0497e2775269917a7150f04", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-820", "title": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "ae93d9327a91e90bf7744c6ce0eb4affb3acb62a5d1b2dafd645cba9af28d795", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-820", "title": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "b90ef1d21523eeffbca17181ccccf269bca3840786fcbf5c73218c6e1d6a51a9", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-820", "title": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "bb4856a66bf7e0de18522e35798c0a8734179c1aab21ed2ad6821aaa99e1cb4c", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-820", "title": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "c7726c166e1947fdbf808a50b75ca7400d56fa6fef2a76cefe314848db22c76c", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-820", "title": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "cf8ebfd98da3025dc09d0b3bbeef874d8f9c4d4ba4937719f0a9a3aa04c81beb", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-820", "title": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "d418f878fa02729b38b5384bcb3216872a968f5d0c9c77609d8c5aacedb07546", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-820", "title": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "e836873479ff558cfb885097e8783356aad1f2d30b69d825b3a71cb7a57cf930", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-820", "title": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "ed5b920dad5dcd3f9e55828f82a27211a212839c8942531c288535b92df7f453", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-820", "title": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "ffc6c3805bbaef2c4003763fd5fac0ebcccf99a1656f10cf7677f6c2a5d16dbd", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-820", "title": "CISA KEV: CVE-2025-8088 \u2014 RARLAB WinRAR Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-12", "sev": "crit" } ], "first_seen": "2025-08-12" }, { "value": "CVE-2025-8217", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-823", "title": "Lessons from AWS CodeBuild\u2019s Memory-Dump Incident (CVE-2025-8217)", "link": "https://www.stepsecurity.io/blog/lessons-from-aws-codebuilds-memory-dump-incident-cve-2025-8217", "published": "2025-08-09", "sev": "crit" } ], "first_seen": "2025-08-09" }, { "value": "ifyouseethisyouareultragay.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-824", "title": "Supply Chain Security Alert: num2words PyPI Package Shows Signs of Compromise", "link": "https://www.stepsecurity.io/blog/supply-chain-security-alert-num2words-pypi-package-shows-signs-of-compromise", "published": "2025-08-09", "sev": "high" } ], "first_seen": "2025-08-09" }, { "value": "pokerainteasy.su", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-824", "title": "Supply Chain Security Alert: num2words PyPI Package Shows Signs of Compromise", "link": "https://www.stepsecurity.io/blog/supply-chain-security-alert-num2words-pypi-package-shows-signs-of-compromise", "published": "2025-08-09", "sev": "high" } ], "first_seen": "2025-08-09" }, { "value": "439da8bb9c541d26b0f534b17d75790e252e4d9058561e8907f8690e21cd0616", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-824", "title": "Supply Chain Security Alert: num2words PyPI Package Shows Signs of Compromise", "link": "https://www.stepsecurity.io/blog/supply-chain-security-alert-num2words-pypi-package-shows-signs-of-compromise", "published": "2025-08-09", "sev": "high" } ], "first_seen": "2025-08-09" }, { "value": "be917cb379b9622f56a4d5ec93bf00c20cb76c6646e5919690d0f7c09c956de2", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-824", "title": "Supply Chain Security Alert: num2words PyPI Package Shows Signs of Compromise", "link": "https://www.stepsecurity.io/blog/supply-chain-security-alert-num2words-pypi-package-shows-signs-of-compromise", "published": "2025-08-09", "sev": "high" } ], "first_seen": "2025-08-09" }, { "value": "c2a7ee6ab9344e1bb13c61dc689d4a946678e0505367cd55c9b43ddee3d461e2", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-824", "title": "Supply Chain Security Alert: num2words PyPI Package Shows Signs of Compromise", "link": "https://www.stepsecurity.io/blog/supply-chain-security-alert-num2words-pypi-package-shows-signs-of-compromise", "published": "2025-08-09", "sev": "high" } ], "first_seen": "2025-08-09" }, { "value": "c36ebf96573afcb36bb31590d56e8af49502fb159e00fd4a59336f8a450bec8b", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "StepSecurity" ], "articles": [ { "id": "art-824", "title": "Supply Chain Security Alert: num2words PyPI Package Shows Signs of Compromise", "link": "https://www.stepsecurity.io/blog/supply-chain-security-alert-num2words-pypi-package-shows-signs-of-compromise", "published": "2025-08-09", "sev": "high" } ], "first_seen": "2025-08-09" }, { "value": "CVE-2018-9995", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-830", "title": "CISA KEV: CVE-2020-25078 \u2014 D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-05", "sev": "crit" } ], "first_seen": "2025-08-05" }, { "value": "CVE-2020-25078", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-830", "title": "CISA KEV: CVE-2020-25078 \u2014 D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-05", "sev": "crit" } ], "first_seen": "2025-08-05" }, { "value": "CVE-2021-33044", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-830", "title": "CISA KEV: CVE-2020-25078 \u2014 D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-05", "sev": "crit" }, { "id": "art-1176", "title": "CISA KEV: CVE-2021-33045 \u2014 Dahua IP Camera Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-21", "sev": "crit" } ], "first_seen": "2025-08-05" }, { "value": "CVE-2021-36260", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-830", "title": "CISA KEV: CVE-2020-25078 \u2014 D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-05", "sev": "crit" } ], "first_seen": "2025-08-05" }, { "value": "CVE-2022-40799", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-831", "title": "CISA KEV: CVE-2022-40799 \u2014 D-Link DNR-322L Download of Code Without Integrity Check Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-08-05", "sev": "crit" } ], "first_seen": "2025-08-05" }, { "value": "CVE-2023-2533", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-835", "title": "CISA KEV: CVE-2023-2533 \u2014 PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-28", "sev": "crit" } ], "first_seen": "2025-07-28" }, { "value": "CVE-2025-20281", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-836", "title": "CISA KEV: CVE-2025-20337 \u2014 Cisco Identity Services Engine Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-28", "sev": "crit" } ], "first_seen": "2025-07-28" }, { "value": "CVE-2025-20282", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-836", "title": "CISA KEV: CVE-2025-20337 \u2014 Cisco Identity Services Engine Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-28", "sev": "crit" } ], "first_seen": "2025-07-28" }, { "value": "CVE-2025-20337", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-836", "title": "CISA KEV: CVE-2025-20337 \u2014 Cisco Identity Services Engine Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-28", "sev": "crit" } ], "first_seen": "2025-07-28" }, { "value": "CVE-2025-5777", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-836", "title": "CISA KEV: CVE-2025-20337 \u2014 Cisco Identity Services Engine Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-28", "sev": "crit" }, { "id": "art-848", "title": "CISA KEV: CVE-2025-5777 \u2014 Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-10", "sev": "crit" } ], "first_seen": "2025-07-28" }, { "value": "CVE-2024-36394", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-838", "title": "CISA KEV: CVE-2025-2775 \u2014 SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "CVE-2025-2775", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-838", "title": "CISA KEV: CVE-2025-2775 \u2014 SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "CVE-2025-2776", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-838", "title": "CISA KEV: CVE-2025-2775 \u2014 SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "CVE-2025-2777", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-838", "title": "CISA KEV: CVE-2025-2775 \u2014 SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "CVE-2025-49704", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "CVE-2025-49706", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "CVE-2025-53770", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "CVE-2025-53771", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "CVE-2025-54309", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-840", "title": "CISA KEV: CVE-2025-54309 \u2014 CrushFTP Unprotected Alternate Channel Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "CVE-2025-6558", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-839", "title": "CISA KEV: CVE-2025-6558 \u2014 Google Chromium ANGLE and GPU Improper Input Validation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "bpp.theinnovationfactory.it", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "c34718cbb4c6.ngrok-free.app", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "ice.theinnovationfactory.it", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "msupdate.updatemicfosoft.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "update.updatemicfosoft.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "104.238.159.149", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "107.191.58.76", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "128.199.240.182", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "131.226.2.6", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "134.199.202.205", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "139.144.199.41", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "145.239.97.206", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "149.28.124.70", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "149.40.50.15", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "154.223.19.106", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "185.197.248.131", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "188.130.206.168", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "206.166.251.228", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "212.125.27.102", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "45.77.155.170", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "45.86.231.241", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "51.161.152.26", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "64.176.50.109", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "65.38.121.198", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "86.48.9.38", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "89.46.223.88", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "91.132.95.60", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "91.236.230.76", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "92.222.167.88", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "95.179.158.42", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "96.9.125.147", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "1eb914c09c873f0a7bcf81475ab0f6bdfaccc6b63bf7e5f2dbf19295106af192", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "24480dbe306597da1ba393b6e30d542673066f98826cc07ac4b9033137f37dbf", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "33067028e35982c7b9fdcfe25eb4029463542451fdff454007832cf953feaf1e", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "390665bdd93a656f48c463bb6c11a4d45b7d5444bdd1d1f7a5879b0f6f9aac7e", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "445a37279d3a229ed18513e85f0c8d861c6f560e0f914a5869df14a74b679b86", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "4a02a72aedc3356d8cb38f01f0e0b9f26ddc5ccb7c0f04a561337cf24aa84030", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "4c1750a14915bf2c0b093c2cb59063912dfa039a2adfe6d26d6914804e2ae928", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "567cb8e8c8bd0d909870c656b292b57bcb24eb55a8582b884e0a228e298e7443", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "62881359e75c9e8899c4bc9f452ef9743e68ce467f8b3e4398bebacde9550dea", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "66af332ce5f93ce21d2fe408dffd49d4ae31e364d6802fff97d95ed593ff3082", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "6753b840cec65dfba0d7d326ec768bff2495784c60db6a139f51c5e83349ac4d", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "6b273c2179518dacb1218201fd37ee2492a5e1713be907e69bf7ea56ceca53a5", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "6f6db63ece791c6dc1054f1e1231b5bbcf6c051a49bad0784569271753e24619", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "7ae971e40528d364fa52f3bb5e0660ac25ef63e082e3bbd54f153e27b31eae68", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "7baf220eb89f2a216fcb2d0e9aa021b2a10324f0641caf8b7a9088e4e45bec95", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "83705c75731e1d590b08f9357bc3b0f04741e92a033618736387512b40dab060", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "92bb4ddb98eeaf11fc15bb32e71d0a63256a0ed826a03ba293ce3a8bf057a514", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "b180ab0a5845ed619939154f67526d2b04d28713fcc1904fbd666275538f431d", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "b39c14becb62aeb55df7fd55c814afbb0d659687d947d917512fe67973100b70", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "b5a78616f709859a0d9f830d28ff2f9dbbb2387df1753739407917e96dadf6b0", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "c27b725ff66fdfb11dd6487a3815d1d1eba89d61b0e919e4d06ed3ac6a74fe94", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "c2c1fec7856e8d49f5d49267e69993837575dbbec99cd702c5be134a85b2c139", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "c68e42f416f482d43653f36cd14384270b54b68d6496a8e34ce887687de5b441", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-837", "title": "Maintainers of ESLint Prettier Plugin Attacked via npm Supply Chain Malware", "link": "https://snyk.io/blog/maintainers-of-eslint-prettier-plugin-attacked-via-npm-supply-chain-malware/", "published": "2025-07-22", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "d6da885c90a5d1fb88d0a3f0b5d9817a82d5772d5510a0773c80ca581ce2486d", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "f54ae00a9bae73da001c4d3d690d26ddf5e8e006b5562f936df472ec5e299441", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "fa3a74a6c015c801f5341c02be2cbdfb301c6ed60633d49fc0bc723617741af7", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "ffbc9dfc284b147e07a430fe9471e66c716a84a1f18976474a54bee82605fa9a", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-841", "title": "CISA KEV: CVE-2025-49704 \u2014 Microsoft SharePoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-22", "sev": "crit" }, { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-22" }, { "value": "angelic.su", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-842", "title": "Cursor IDE Malware Extension Compromise in $500k Crypto Heist", "link": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/", "published": "2025-07-21", "sev": "high" } ], "first_seen": "2025-07-21" }, { "value": "begalinokotobananinotrippitroppacrocofanclub.su", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-842", "title": "Cursor IDE Malware Extension Compromise in $500k Crypto Heist", "link": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/", "published": "2025-07-21", "sev": "high" } ], "first_seen": "2025-07-21" }, { "value": "lmfao.su", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-842", "title": "Cursor IDE Malware Extension Compromise in $500k Crypto Heist", "link": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/", "published": "2025-07-21", "sev": "high" } ], "first_seen": "2025-07-21" }, { "value": "m-vn.ws", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-842", "title": "Cursor IDE Malware Extension Compromise in $500k Crypto Heist", "link": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/", "published": "2025-07-21", "sev": "high" } ], "first_seen": "2025-07-21" }, { "value": "myaunet.su", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-842", "title": "Cursor IDE Malware Extension Compromise in $500k Crypto Heist", "link": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/", "published": "2025-07-21", "sev": "high" } ], "first_seen": "2025-07-21" }, { "value": "relay.lmfao.su", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-842", "title": "Cursor IDE Malware Extension Compromise in $500k Crypto Heist", "link": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/", "published": "2025-07-21", "sev": "high" } ], "first_seen": "2025-07-21" }, { "value": "solidity.bot", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-842", "title": "Cursor IDE Malware Extension Compromise in $500k Crypto Heist", "link": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/", "published": "2025-07-21", "sev": "high" } ], "first_seen": "2025-07-21" }, { "value": "staketree.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-842", "title": "Cursor IDE Malware Extension Compromise in $500k Crypto Heist", "link": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/", "published": "2025-07-21", "sev": "high" } ], "first_seen": "2025-07-21" }, { "value": "144.172.112.84", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-842", "title": "Cursor IDE Malware Extension Compromise in $500k Crypto Heist", "link": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/", "published": "2025-07-21", "sev": "high" } ], "first_seen": "2025-07-21" }, { "value": "209fb5bb2440ffe1a631dfe3b574229105a33c5153eded023cc77d8e8f81d1de", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-842", "title": "Cursor IDE Malware Extension Compromise in $500k Crypto Heist", "link": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/", "published": "2025-07-21", "sev": "high" } ], "first_seen": "2025-07-21" }, { "value": "2c471e265409763024cdc33579c84d88d5aaf9aea1911266b875d3b7604a0eeb", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-842", "title": "Cursor IDE Malware Extension Compromise in $500k Crypto Heist", "link": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/", "published": "2025-07-21", "sev": "high" } ], "first_seen": "2025-07-21" }, { "value": "404dd413f10ccfeea23bfb00b0e403532fa8651bfb456d84b6a16953355a800a", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-842", "title": "Cursor IDE Malware Extension Compromise in $500k Crypto Heist", "link": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/", "published": "2025-07-21", "sev": "high" } ], "first_seen": "2025-07-21" }, { "value": "70309bf3d2aed946bba51fc3eedb2daa3e8044b60151f0b5c1550831fbc6df17", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-842", "title": "Cursor IDE Malware Extension Compromise in $500k Crypto Heist", "link": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/", "published": "2025-07-21", "sev": "high" } ], "first_seen": "2025-07-21" }, { "value": "84d4a4c6d7e55e201b20327ca2068992180d9ec08a6827faa4ff3534b96c3d6f", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-842", "title": "Cursor IDE Malware Extension Compromise in $500k Crypto Heist", "link": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/", "published": "2025-07-21", "sev": "high" } ], "first_seen": "2025-07-21" }, { "value": "a1eadd41327bd8736e275627d3953944fe7089c032d72a3e429ff18ad0958ada", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-842", "title": "Cursor IDE Malware Extension Compromise in $500k Crypto Heist", "link": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/", "published": "2025-07-21", "sev": "high" } ], "first_seen": "2025-07-21" }, { "value": "c3684164933c3f54d5b0b242a8a906a85d633de479079a820bb804c0f73c0f58", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-842", "title": "Cursor IDE Malware Extension Compromise in $500k Crypto Heist", "link": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/", "published": "2025-07-21", "sev": "high" } ], "first_seen": "2025-07-21" }, { "value": "c5c0228a1e0ba2bb748219325f66acf17078a26165b45728d8e98150377aa068", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-842", "title": "Cursor IDE Malware Extension Compromise in $500k Crypto Heist", "link": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/", "published": "2025-07-21", "sev": "high" } ], "first_seen": "2025-07-21" }, { "value": "ce72b79e324371134db762fe70b8b1789af899d7217461bc3658a6bd84743eb6", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-842", "title": "Cursor IDE Malware Extension Compromise in $500k Crypto Heist", "link": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/", "published": "2025-07-21", "sev": "high" } ], "first_seen": "2025-07-21" }, { "value": "e0ca66c1a9a68b319b24a7c6b8fdca219dffd802dd4de2d59f602c4d90f40d6c", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-842", "title": "Cursor IDE Malware Extension Compromise in $500k Crypto Heist", "link": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/", "published": "2025-07-21", "sev": "high" } ], "first_seen": "2025-07-21" }, { "value": "e19d5d8f941b9a98fbb3b65e1e6077fa00d97529e351e455297b0204ec07e9ed", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-842", "title": "Cursor IDE Malware Extension Compromise in $500k Crypto Heist", "link": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/", "published": "2025-07-21", "sev": "high" } ], "first_seen": "2025-07-21" }, { "value": "eb5b35057dedb235940b2c41da9e3ae0553969f1c89a16e3f66ba6f6005c6fa8", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-842", "title": "Cursor IDE Malware Extension Compromise in $500k Crypto Heist", "link": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/", "published": "2025-07-21", "sev": "high" } ], "first_seen": "2025-07-21" }, { "value": "f4721f32b8d6eb856364327c21ea3c703f1787cfb4c043f87435a8876d903b2c", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-842", "title": "Cursor IDE Malware Extension Compromise in $500k Crypto Heist", "link": "https://snyk.io/blog/cursor-ide-malware-extension-compromise-in-usd500k-crypto-heist/", "published": "2025-07-21", "sev": "high" } ], "first_seen": "2025-07-21" }, { "value": "141.164.60.10", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-844", "title": "CISA KEV: CVE-2025-53770 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-20", "sev": "crit" } ], "first_seen": "2025-07-20" }, { "value": "CVE-2025-25257", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-845", "title": "CISA KEV: CVE-2025-25257 \u2014 Fortinet FortiWeb SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-18", "sev": "crit" } ], "first_seen": "2025-07-18" }, { "value": "CVE-2025-47812", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-847", "title": "CISA KEV: CVE-2025-47812 \u2014 Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-14", "sev": "crit" } ], "first_seen": "2025-07-14" }, { "value": "instance-y9tbyl-relay.screenconnect.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-847", "title": "CISA KEV: CVE-2025-47812 \u2014 Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-14", "sev": "crit" } ], "first_seen": "2025-07-14" }, { "value": "oooooooo11.screenconnect.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-847", "title": "CISA KEV: CVE-2025-47812 \u2014 Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-14", "sev": "crit" } ], "first_seen": "2025-07-14" }, { "value": "103.88.141.42", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-847", "title": "CISA KEV: CVE-2025-47812 \u2014 Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-14", "sev": "crit" } ], "first_seen": "2025-07-14" }, { "value": "146.70.11.39", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-847", "title": "CISA KEV: CVE-2025-47812 \u2014 Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-14", "sev": "crit" } ], "first_seen": "2025-07-14" }, { "value": "149.248.44.88", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-847", "title": "CISA KEV: CVE-2025-47812 \u2014 Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-14", "sev": "crit" } ], "first_seen": "2025-07-14" }, { "value": "185.196.9.225", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-847", "title": "CISA KEV: CVE-2025-47812 \u2014 Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-14", "sev": "crit" } ], "first_seen": "2025-07-14" }, { "value": "223.160.131.104", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-847", "title": "CISA KEV: CVE-2025-47812 \u2014 Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-14", "sev": "crit" } ], "first_seen": "2025-07-14" }, { "value": "c637ec00bd22da4539ec6def89cd9f7196a303d17632b1131a89d65e4f5698f4", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-847", "title": "CISA KEV: CVE-2025-47812 \u2014 Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-14", "sev": "crit" } ], "first_seen": "2025-07-14" }, { "value": "f0fcc638cd93bdd6fb4745d75b491395a7a1b2cb08e0153a2eb417cb2f58d8ac", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-847", "title": "CISA KEV: CVE-2025-47812 \u2014 Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-14", "sev": "crit" } ], "first_seen": "2025-07-14" }, { "value": "CVE-2014-3931", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-852", "title": "CISA KEV: CVE-2014-3931 \u2014 Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-07", "sev": "crit" } ], "first_seen": "2025-07-07" }, { "value": "CVE-2016-10033", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-851", "title": "CISA KEV: CVE-2016-10033 \u2014 PHPMailer Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-07", "sev": "crit" } ], "first_seen": "2025-07-07" }, { "value": "CVE-2016-10045", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-851", "title": "CISA KEV: CVE-2016-10033 \u2014 PHPMailer Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-07", "sev": "crit" } ], "first_seen": "2025-07-07" }, { "value": "CVE-2019-5418", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-850", "title": "CISA KEV: CVE-2019-5418 \u2014 Rails Ruby on Rails Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-07", "sev": "crit" } ], "first_seen": "2025-07-07" }, { "value": "CVE-2019-9621", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-849", "title": "CISA KEV: CVE-2019-9621 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-07", "sev": "crit" } ], "first_seen": "2025-07-07" }, { "value": "CVE-2019-9670", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-849", "title": "CISA KEV: CVE-2019-9621 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-07", "sev": "crit" } ], "first_seen": "2025-07-07" }, { "value": "CVE-2025-6554", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-853", "title": "CISA KEV: CVE-2025-6554 \u2014 Google Chromium V8 Type Confusion Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-02", "sev": "crit" } ], "first_seen": "2025-07-02" }, { "value": "CVE-2025-48927", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-855", "title": "CISA KEV: CVE-2025-48928 \u2014 TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-01", "sev": "crit" }, { "id": "art-856", "title": "CISA KEV: CVE-2025-48927 \u2014 TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-01", "sev": "crit" } ], "first_seen": "2025-07-01" }, { "value": "CVE-2025-48928", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-855", "title": "CISA KEV: CVE-2025-48928 \u2014 TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-07-01", "sev": "crit" } ], "first_seen": "2025-07-01" }, { "value": "CVE-2025-6543", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-858", "title": "CISA KEV: CVE-2025-6543 \u2014 Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-30", "sev": "crit" } ], "first_seen": "2025-06-30" }, { "value": "CVE-2019-6693", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-860", "title": "CISA KEV: CVE-2019-6693 \u2014 Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-25", "sev": "crit" } ], "first_seen": "2025-06-25" }, { "value": "CVE-2022-26872", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-862", "title": "CISA KEV: CVE-2024-54085 \u2014 AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-25", "sev": "crit" } ], "first_seen": "2025-06-25" }, { "value": "CVE-2022-2827", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-862", "title": "CISA KEV: CVE-2024-54085 \u2014 AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-25", "sev": "crit" } ], "first_seen": "2025-06-25" }, { "value": "CVE-2022-40242", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-862", "title": "CISA KEV: CVE-2024-54085 \u2014 AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-25", "sev": "crit" } ], "first_seen": "2025-06-25" }, { "value": "CVE-2022-40258", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-862", "title": "CISA KEV: CVE-2024-54085 \u2014 AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-25", "sev": "crit" } ], "first_seen": "2025-06-25" }, { "value": "CVE-2022-40259", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-862", "title": "CISA KEV: CVE-2024-54085 \u2014 AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-25", "sev": "crit" } ], "first_seen": "2025-06-25" }, { "value": "CVE-2023-34329", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-862", "title": "CISA KEV: CVE-2024-54085 \u2014 AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-25", "sev": "crit" } ], "first_seen": "2025-06-25" }, { "value": "CVE-2023-34330", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-862", "title": "CISA KEV: CVE-2024-54085 \u2014 AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-25", "sev": "crit" } ], "first_seen": "2025-06-25" }, { "value": "CVE-2024-0769", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-861", "title": "CISA KEV: CVE-2024-0769 \u2014 D-Link DIR-859 Router Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-25", "sev": "crit" } ], "first_seen": "2025-06-25" }, { "value": "CVE-2024-54085", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-862", "title": "CISA KEV: CVE-2024-54085 \u2014 AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-25", "sev": "crit" } ], "first_seen": "2025-06-25" }, { "value": "CVE-2023-0386", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-867", "title": "CISA KEV: CVE-2023-0386 \u2014 Linux Kernel Improper Ownership Management Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-17", "sev": "crit" } ], "first_seen": "2025-06-17" }, { "value": "CVE-2023-33538", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-868", "title": "CISA KEV: CVE-2023-33538 \u2014 TP-Link Multiple Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-16", "sev": "crit" } ], "first_seen": "2025-06-16" }, { "value": "CVE-2025-43200", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-869", "title": "CISA KEV: CVE-2025-43200 \u2014 Apple Multiple Products Unspecified Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-16", "sev": "crit" } ], "first_seen": "2025-06-16" }, { "value": "bot.ddosvps.cc", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-868", "title": "CISA KEV: CVE-2023-33538 \u2014 TP-Link Multiple Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-16", "sev": "crit" } ], "first_seen": "2025-06-16" }, { "value": "cnc.vietdediserver.shop", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-868", "title": "CISA KEV: CVE-2023-33538 \u2014 TP-Link Multiple Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-16", "sev": "crit" } ], "first_seen": "2025-06-16" }, { "value": "51.38.137.113", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-868", "title": "CISA KEV: CVE-2023-33538 \u2014 TP-Link Multiple Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-16", "sev": "crit" } ], "first_seen": "2025-06-16" }, { "value": "00078aeeaca54b5d3c1237e964e9f956690b782e4ea160d81edc3c6b44e7f620", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-868", "title": "CISA KEV: CVE-2023-33538 \u2014 TP-Link Multiple Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-16", "sev": "crit" } ], "first_seen": "2025-06-16" }, { "value": "3fbd2a2e82ceb5e91eadbad02cb45ac618324da9b1895d81ebe7de765dca30e7", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-868", "title": "CISA KEV: CVE-2023-33538 \u2014 TP-Link Multiple Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-16", "sev": "crit" } ], "first_seen": "2025-06-16" }, { "value": "4caaa18982cd4056fead54b98d57f9a2a1ddd654cf19a7ba2366dfadbd6033da", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-868", "title": "CISA KEV: CVE-2023-33538 \u2014 TP-Link Multiple Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-16", "sev": "crit" } ], "first_seen": "2025-06-16" }, { "value": "534b654531a6a540a144da9545ee343e1046f843d7de4c1091b46c3ee66a508b", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-868", "title": "CISA KEV: CVE-2023-33538 \u2014 TP-Link Multiple Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-16", "sev": "crit" } ], "first_seen": "2025-06-16" }, { "value": "56f21f412e898ad9e3ee05d5f44c44d9d7bcb9ecbfbdb9de11b8fa5a637aeef6", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-868", "title": "CISA KEV: CVE-2023-33538 \u2014 TP-Link Multiple Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-16", "sev": "crit" } ], "first_seen": "2025-06-16" }, { "value": "7bbb21fec19512d932b7a92652ed0c8f0fedea89f34b9d6f267cf39de0eb9b20", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-868", "title": "CISA KEV: CVE-2023-33538 \u2014 TP-Link Multiple Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-16", "sev": "crit" } ], "first_seen": "2025-06-16" }, { "value": "919f292a07a37f163f88527e725406187c8ecc637387ad24853fe49ce4e6ddf4", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-868", "title": "CISA KEV: CVE-2023-33538 \u2014 TP-Link Multiple Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-16", "sev": "crit" } ], "first_seen": "2025-06-16" }, { "value": "9df711c3aef2bba17b622ddfd955452f8d8eb55899528fbc13d9540c52f13402", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-868", "title": "CISA KEV: CVE-2023-33538 \u2014 TP-Link Multiple Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-16", "sev": "crit" } ], "first_seen": "2025-06-16" }, { "value": "c321933e4e5970ba7299fe21778dab9398994c22ca0ba0422c6cbc3fbb95ea26", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-868", "title": "CISA KEV: CVE-2023-33538 \u2014 TP-Link Multiple Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-16", "sev": "crit" } ], "first_seen": "2025-06-16" }, { "value": "CVE-2014-8361", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-875", "title": "CISA KEV: CVE-2025-24016 \u2014 Wazuh Server Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-10", "sev": "crit" } ], "first_seen": "2025-06-10" }, { "value": "CVE-2017-17215", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-875", "title": "CISA KEV: CVE-2025-24016 \u2014 Wazuh Server Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-10", "sev": "crit" } ], "first_seen": "2025-06-10" }, { "value": "CVE-2017-18368", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-875", "title": "CISA KEV: CVE-2025-24016 \u2014 Wazuh Server Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-10", "sev": "crit" } ], "first_seen": "2025-06-10" }, { "value": "CVE-2023-1389", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-875", "title": "CISA KEV: CVE-2025-24016 \u2014 Wazuh Server Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-10", "sev": "crit" } ], "first_seen": "2025-06-10" }, { "value": "CVE-2024-3721", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-875", "title": "CISA KEV: CVE-2025-24016 \u2014 Wazuh Server Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-10", "sev": "crit" } ], "first_seen": "2025-06-10" }, { "value": "CVE-2025-24016", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-875", "title": "CISA KEV: CVE-2025-24016 \u2014 Wazuh Server Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-10", "sev": "crit" } ], "first_seen": "2025-06-10" }, { "value": "CVE-2025-33053", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-874", "title": "CISA KEV: CVE-2025-33053 \u2014 Microsoft Windows External Control of File Name or Path Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-10", "sev": "crit" } ], "first_seen": "2025-06-10" }, { "value": "cbot.galaxias.cc", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-875", "title": "CISA KEV: CVE-2025-24016 \u2014 Wazuh Server Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-10", "sev": "crit" } ], "first_seen": "2025-06-10" }, { "value": "cyclingonlineshop.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-874", "title": "CISA KEV: CVE-2025-33053 \u2014 Microsoft Windows External Control of File Name or Path Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-10", "sev": "crit" } ], "first_seen": "2025-06-10" }, { "value": "downloadessays.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-874", "title": "CISA KEV: CVE-2025-33053 \u2014 Microsoft Windows External Control of File Name or Path Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-10", "sev": "crit" } ], "first_seen": "2025-06-10" }, { "value": "fastfilebackup.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-874", "title": "CISA KEV: CVE-2025-33053 \u2014 Microsoft Windows External Control of File Name or Path Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-10", "sev": "crit" } ], "first_seen": "2025-06-10" }, { "value": "galaxias.cc", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-875", "title": "CISA KEV: CVE-2025-24016 \u2014 Wazuh Server Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-10", "sev": "crit" } ], "first_seen": "2025-06-10" }, { "value": "gestisciweb.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-875", "title": "CISA KEV: CVE-2025-24016 \u2014 Wazuh Server Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-10", "sev": "crit" } ], "first_seen": "2025-06-10" }, { "value": "healthherofit.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-874", "title": "CISA KEV: CVE-2025-33053 \u2014 Microsoft Windows External Control of File Name or Path Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-10", "sev": "crit" } ], "first_seen": "2025-06-10" }, { "value": "joinushealth.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-874", "title": "CISA KEV: CVE-2025-33053 \u2014 Microsoft Windows External Control of File Name or Path Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-10", "sev": "crit" } ], "first_seen": "2025-06-10" }, { "value": "luxuryfitnesslabs.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-874", "title": "CISA KEV: CVE-2025-33053 \u2014 Microsoft Windows External Control of File Name or Path Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-10", "sev": "crit" } ], "first_seen": "2025-06-10" }, { "value": "mystartupblog.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-874", "title": "CISA KEV: CVE-2025-33053 \u2014 Microsoft Windows External Control of File Name or Path Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-10", "sev": "crit" } ], "first_seen": "2025-06-10" }, { "value": "nuklearcnc.duckdns.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-875", "title": "CISA KEV: CVE-2025-24016 \u2014 Wazuh Server Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-10", "sev": "crit" } ], "first_seen": "2025-06-10" }, { "value": "purvoyage.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-874", "title": "CISA KEV: CVE-2025-33053 \u2014 Microsoft Windows External Control of File Name or Path Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-10", "sev": "crit" } ], "first_seen": "2025-06-10" }, { "value": "radiotimesignal.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-874", "title": "CISA KEV: CVE-2025-33053 \u2014 Microsoft Windows External Control of File Name or Path Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-10", "sev": "crit" } ], "first_seen": "2025-06-10" }, { "value": "roundedbullets.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-874", "title": "CISA KEV: CVE-2025-33053 \u2014 Microsoft Windows External Control of File Name or Path Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-10", "sev": "crit" } ], "first_seen": "2025-06-10" }, { "value": "summerartcamp.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-874", "title": "CISA KEV: CVE-2025-33053 \u2014 Microsoft Windows External Control of File Name or Path Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-10", "sev": "crit" } ], "first_seen": "2025-06-10" }, { "value": "worryfreetransport.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-874", "title": "CISA KEV: CVE-2025-33053 \u2014 Microsoft Windows External Control of File Name or Path Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-10", "sev": "crit" } ], "first_seen": "2025-06-10" }, { "value": "104.168.101.27", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-875", "title": "CISA KEV: CVE-2025-24016 \u2014 Wazuh Server Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-10", "sev": "crit" } ], "first_seen": "2025-06-10" }, { "value": "176.65.134.62", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-875", "title": "CISA KEV: CVE-2025-24016 \u2014 Wazuh Server Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-10", "sev": "crit" } ], "first_seen": "2025-06-10" }, { "value": "176.65.142.137", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-875", "title": "CISA KEV: CVE-2025-24016 \u2014 Wazuh Server Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-10", "sev": "crit" } ], "first_seen": "2025-06-10" }, { "value": "196.251.86.49", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-875", "title": "CISA KEV: CVE-2025-24016 \u2014 Wazuh Server Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-10", "sev": "crit" } ], "first_seen": "2025-06-10" }, { "value": "209.141.34.106", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-875", "title": "CISA KEV: CVE-2025-24016 \u2014 Wazuh Server Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-10", "sev": "crit" } ], "first_seen": "2025-06-10" }, { "value": "42.112.26.36", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-875", "title": "CISA KEV: CVE-2025-24016 \u2014 Wazuh Server Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-10", "sev": "crit" } ], "first_seen": "2025-06-10" }, { "value": "65.222.202.53", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-875", "title": "CISA KEV: CVE-2025-24016 \u2014 Wazuh Server Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-10", "sev": "crit" } ], "first_seen": "2025-06-10" }, { "value": "1d95a44f341435da50878eea1ec0a1aab6ae0ee91644c497378266290a6ef1d8", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-874", "title": "CISA KEV: CVE-2025-33053 \u2014 Microsoft Windows External Control of File Name or Path Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-10", "sev": "crit" } ], "first_seen": "2025-06-10" }, { "value": "257c63a9e21b829bb4b9f8b0e352379444b0e573176530107a3e6c279d1919da", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-874", "title": "CISA KEV: CVE-2025-33053 \u2014 Microsoft Windows External Control of File Name or Path Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-10", "sev": "crit" } ], "first_seen": "2025-06-10" }, { "value": "66a893728a0ac1a7fae39ee134ad4182d674e719219fbf5d9b7cd4fd4f07f535", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-874", "title": "CISA KEV: CVE-2025-33053 \u2014 Microsoft Windows External Control of File Name or Path Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-10", "sev": "crit" } ], "first_seen": "2025-06-10" }, { "value": "700b422556f070325b327325e31ddf597f98cc319f29ef8638c7b0508c632cee", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-874", "title": "CISA KEV: CVE-2025-33053 \u2014 Microsoft Windows External Control of File Name or Path Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-10", "sev": "crit" } ], "first_seen": "2025-06-10" }, { "value": "da3bb6e38b3f4d83e69d31783f00c10ce062abd008e81e983a9bd4317a9482aa", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-874", "title": "CISA KEV: CVE-2025-33053 \u2014 Microsoft Windows External Control of File Name or Path Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-10", "sev": "crit" } ], "first_seen": "2025-06-10" }, { "value": "ddce79afe9f67b78e83f6e530c3e03265533eb3f4530e7c89fdc357f7093a80b", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-874", "title": "CISA KEV: CVE-2025-33053 \u2014 Microsoft Windows External Control of File Name or Path Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-10", "sev": "crit" } ], "first_seen": "2025-06-10" }, { "value": "a.mpk-krakow.pl", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-876", "title": "CISA KEV: CVE-2024-42009 \u2014 RoundCube Webmail Cross-Site Scripting Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-09", "sev": "crit" } ], "first_seen": "2025-06-09" }, { "value": "dns.outbound.watchtowr.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-877", "title": "CISA KEV: CVE-2025-32433 \u2014 Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-09", "sev": "crit" } ], "first_seen": "2025-06-09" }, { "value": "146.103.40.203", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-877", "title": "CISA KEV: CVE-2025-32433 \u2014 Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-09", "sev": "crit" } ], "first_seen": "2025-06-09" }, { "value": "194.165.16.71", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-877", "title": "CISA KEV: CVE-2025-32433 \u2014 Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-09", "sev": "crit" } ], "first_seen": "2025-06-09" }, { "value": "70cea07c972a30597cda7a1d3cd4cd8f75acad75940ca311a5a2033e6a1dd149", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-876", "title": "CISA KEV: CVE-2024-42009 \u2014 RoundCube Webmail Cross-Site Scripting Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-09", "sev": "crit" } ], "first_seen": "2025-06-09" }, { "value": "CVE-2025-5419", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-880", "title": "CISA KEV: CVE-2025-5419 \u2014 Google Chromium V8 Out-of-Bounds Read and Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-05", "sev": "crit" } ], "first_seen": "2025-06-05" }, { "value": "CVE-2025-21479", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-883", "title": "CISA KEV: CVE-2025-21479 \u2014 Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-03", "sev": "crit" }, { "id": "art-884", "title": "CISA KEV: CVE-2025-27038 \u2014 Qualcomm Multiple Chipsets Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-03", "sev": "crit" } ], "first_seen": "2025-06-03" }, { "value": "CVE-2025-21480", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-883", "title": "CISA KEV: CVE-2025-21479 \u2014 Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-03", "sev": "crit" }, { "id": "art-884", "title": "CISA KEV: CVE-2025-27038 \u2014 Qualcomm Multiple Chipsets Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-03", "sev": "crit" } ], "first_seen": "2025-06-03" }, { "value": "CVE-2025-27038", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-883", "title": "CISA KEV: CVE-2025-21479 \u2014 Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-03", "sev": "crit" }, { "id": "art-884", "title": "CISA KEV: CVE-2025-27038 \u2014 Qualcomm Multiple Chipsets Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-03", "sev": "crit" } ], "first_seen": "2025-06-03" }, { "value": "CVE-2021-32030", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-886", "title": "CISA KEV: CVE-2021-32030 \u2014 ASUS Routers Improper Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-02", "sev": "crit" } ], "first_seen": "2025-06-02" }, { "value": "CVE-2023-39780", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-886", "title": "CISA KEV: CVE-2021-32030 \u2014 ASUS Routers Improper Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-02", "sev": "crit" }, { "id": "art-890", "title": "CISA KEV: CVE-2023-39780 \u2014 ASUS RT-AX55 Routers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-02", "sev": "crit" }, { "id": "art-984", "title": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-03", "sev": "crit" } ], "first_seen": "2025-06-02" }, { "value": "CVE-2024-56145", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-889", "title": "CISA KEV: CVE-2024-56145 \u2014 Craft CMS Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-02", "sev": "crit" } ], "first_seen": "2025-06-02" }, { "value": "CVE-2024-58136", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-888", "title": "CISA KEV: CVE-2025-35939 \u2014 Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-02", "sev": "crit" }, { "id": "art-919", "title": "CISA KEV: CVE-2024-58136 \u2014 Yiiframework Yii Improper Protection of Alternate Path Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-02", "sev": "crit" } ], "first_seen": "2025-06-02" }, { "value": "CVE-2025-35939", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-888", "title": "CISA KEV: CVE-2025-35939 \u2014 Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-02", "sev": "crit" } ], "first_seen": "2025-06-02" }, { "value": "CVE-2025-3935", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-887", "title": "CISA KEV: CVE-2025-3935 \u2014 ConnectWise ScreenConnect Improper Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-02", "sev": "crit" } ], "first_seen": "2025-06-02" }, { "value": "101.99.91.151", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-886", "title": "CISA KEV: CVE-2021-32030 \u2014 ASUS Routers Improper Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-02", "sev": "crit" }, { "id": "art-890", "title": "CISA KEV: CVE-2023-39780 \u2014 ASUS RT-AX55 Routers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-02", "sev": "crit" }, { "id": "art-984", "title": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-03", "sev": "crit" } ], "first_seen": "2025-06-02" }, { "value": "101.99.94.173", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-886", "title": "CISA KEV: CVE-2021-32030 \u2014 ASUS Routers Improper Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-02", "sev": "crit" }, { "id": "art-890", "title": "CISA KEV: CVE-2023-39780 \u2014 ASUS RT-AX55 Routers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-02", "sev": "crit" }, { "id": "art-984", "title": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-03", "sev": "crit" } ], "first_seen": "2025-06-02" }, { "value": "103.106.66.123", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-888", "title": "CISA KEV: CVE-2025-35939 \u2014 Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-02", "sev": "crit" } ], "first_seen": "2025-06-02" }, { "value": "104.161.32.11", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-888", "title": "CISA KEV: CVE-2025-35939 \u2014 Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-02", "sev": "crit" } ], "first_seen": "2025-06-02" }, { "value": "111.90.146.237", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-886", "title": "CISA KEV: CVE-2021-32030 \u2014 ASUS Routers Improper Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-02", "sev": "crit" }, { "id": "art-890", "title": "CISA KEV: CVE-2023-39780 \u2014 ASUS RT-AX55 Routers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-02", "sev": "crit" }, { "id": "art-984", "title": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-03", "sev": "crit" } ], "first_seen": "2025-06-02" }, { "value": "154.211.22.213", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-888", "title": "CISA KEV: CVE-2025-35939 \u2014 Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-02", "sev": "crit" } ], "first_seen": "2025-06-02" }, { "value": "172.86.113.137", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-888", "title": "CISA KEV: CVE-2025-35939 \u2014 Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-02", "sev": "crit" } ], "first_seen": "2025-06-02" }, { "value": "38.145.208.231", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-888", "title": "CISA KEV: CVE-2025-35939 \u2014 Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-02", "sev": "crit" } ], "first_seen": "2025-06-02" }, { "value": "79.141.163.179", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-886", "title": "CISA KEV: CVE-2021-32030 \u2014 ASUS Routers Improper Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-02", "sev": "crit" }, { "id": "art-890", "title": "CISA KEV: CVE-2023-39780 \u2014 ASUS RT-AX55 Routers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-02", "sev": "crit" }, { "id": "art-984", "title": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-03", "sev": "crit" } ], "first_seen": "2025-06-02" }, { "value": "d8fddbd85e6af76c91bfa17118dbecc6", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-888", "title": "CISA KEV: CVE-2025-35939 \u2014 Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-02", "sev": "crit" } ], "first_seen": "2025-06-02" }, { "value": "e6c3e12f6712719f69f40fb6f06e2b60facd8e61", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-888", "title": "CISA KEV: CVE-2025-35939 \u2014 Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-02", "sev": "crit" } ], "first_seen": "2025-06-02" }, { "value": "dce988346f98d55b97f7ca7a4c49cef2883b80855a0ecb6371df4063e7ecc40d", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-888", "title": "CISA KEV: CVE-2025-35939 \u2014 Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-06-02", "sev": "crit" } ], "first_seen": "2025-06-02" }, { "value": "CVE-2025-4632", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-897", "title": "CISA KEV: CVE-2025-4632 \u2014 Samsung MagicINFO 9 Server Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-22", "sev": "crit" } ], "first_seen": "2025-05-22" }, { "value": "CVE-2020-12641", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-902", "title": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "CVE-2020-35730", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-900", "title": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" }, { "id": "art-902", "title": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "CVE-2021-44026", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-902", "title": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "CVE-2023-38950", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-899", "title": "CISA KEV: CVE-2023-38950 \u2014 ZKTeco BioTime Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "CVE-2023-43770", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-900", "title": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" }, { "id": "art-902", "title": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "CVE-2024-11182", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-900", "title": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" }, { "id": "art-902", "title": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "CVE-2024-27443", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-900", "title": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" }, { "id": "art-902", "title": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "CVE-2025-27920", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-901", "title": "CISA KEV: CVE-2025-27920 \u2014 Srimax Output Messenger Directory Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "CVE-2025-35036", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "CVE-2025-4427", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "CVE-2025-4428", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "api.wordinfos.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-901", "title": "CISA KEV: CVE-2025-27920 \u2014 Srimax Output Messenger Directory Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "censysinspect.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "craft-dev.greenenaftaligallery.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "e-wago.pl", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "elektrobohater.pl", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "hfuu.de", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-900", "title": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" }, { "id": "art-902", "title": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "hijx.xyz", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-900", "title": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" }, { "id": "art-902", "title": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "ikses.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-900", "title": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" }, { "id": "art-902", "title": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "jiaw.shop", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-900", "title": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" }, { "id": "art-902", "title": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "lsjb.digital", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-900", "title": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" }, { "id": "art-902", "title": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "ns1.cybertunnel.run", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "raxia.top", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-900", "title": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" }, { "id": "art-902", "title": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "rnl.world", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-900", "title": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" }, { "id": "art-902", "title": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "sqj.fr", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-900", "title": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" }, { "id": "art-902", "title": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "tgh24.xyz", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-900", "title": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" }, { "id": "art-902", "title": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "tuo.world", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-900", "title": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" }, { "id": "art-902", "title": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "wagodirect.pl", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "100.26.51.59", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "103.244.88.125", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "111.90.151.167", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-900", "title": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" }, { "id": "art-902", "title": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "124.223.202.90", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "146.70.125.79", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-900", "title": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" }, { "id": "art-902", "title": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "146.70.87.67", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "150.241.71.231", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "150.241.97.83", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "185.193.125.65", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "185.195.237.106", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-900", "title": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" }, { "id": "art-902", "title": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "185.225.69.223", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-900", "title": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" }, { "id": "art-902", "title": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "193.29.104.152", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-900", "title": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" }, { "id": "art-902", "title": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "27.25.148.183", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" }, { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "37.219.84.22", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "45.137.222.24", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-900", "title": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" }, { "id": "art-902", "title": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "45.38.17.43", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "47.120.74.19", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "5.181.159.149", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "75.170.92.132", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "77.221.158.154", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "82.132.235.212", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "83.229.126.234", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "88.194.29.21", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "89.44.9.74", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-900", "title": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" }, { "id": "art-902", "title": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "91.193.19.109", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" }, { "id": "art-1027", "title": "CISA KEV: CVE-2024-50603 \u2014 Aviatrix Controllers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-16", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "91.237.124.153", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-900", "title": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" }, { "id": "art-902", "title": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "91.237.124.164", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-900", "title": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" }, { "id": "art-902", "title": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "1078C587FE2B246D618AF74D157F941078477579", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-900", "title": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" }, { "id": "art-902", "title": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "19b4df629f5b15e5ff742c70d2c7dc4dac29a7ce", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "1b1dda5e8e26da568559e0577769697c624df30e", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "2664593E2F5DCFDA9AAA1A2DF7C4CE7EEB1EDBB6", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-900", "title": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" }, { "id": "art-902", "title": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "2bd61ce5bdd258c7dcbef53aedb1b018b8e0ae26", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "41FE2EFB38E0C7DD10E6009A68BD26687D6DBF4C", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-900", "title": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" }, { "id": "art-902", "title": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "60D592765B0F4E08078D42B2F3DE4F5767F88773", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-900", "title": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" }, { "id": "art-902", "title": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "65A8D221B9ECED76B9C17A3E1992DF9B085CECD7", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-900", "title": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" }, { "id": "art-902", "title": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "6EF845938F064DE39F4BF6450119A0CDBB61378C", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-900", "title": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" }, { "id": "art-902", "title": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "8E6C07F38EF920B5154FD081BA252B9295E8184D", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-900", "title": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "8EBBBC9EB54E216EFFB437A28B9F2C7C9DA3A0FA", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-900", "title": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" }, { "id": "art-902", "title": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "A5948E1E45D50A8DB063D7DFA5B6F6E249F61652", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-900", "title": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" }, { "id": "art-902", "title": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "aa2cfeeca6c8e7743ad1a5996fe5ccc3d52e901d", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "ac389c8b7f3d2fcf4fd73891f881b12b8343665b", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "AD3C590D1C0963D62702445E8108DB025EEBEC70", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-900", "title": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" }, { "id": "art-902", "title": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "B6C340549700470C651031865C2772D3A4C81310", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-900", "title": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" }, { "id": "art-902", "title": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "dce8faf5fcf5998b6802995914caa988ee1ebd92", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "EBF794E421BE60C9532091EB432C1977517D1BE5", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-902", "title": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "EBF794E421BE60C9532091EB432D1977517D1BE5", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-900", "title": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "f780151c151b6cec853a278b4e847ef2af3dbc5d", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "F81DE9584F0BF3E55C6CF1B465F00B2671DAA230", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-900", "title": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "F95F26F1C097D4CA38304ECC692DBAC7424A5E8D", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-900", "title": "CISA KEV: CVE-2024-27443 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" }, { "id": "art-902", "title": "CISA KEV: CVE-2024-11182 \u2014 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "150ccd3b24a1b40630e46300100a3f810aa7a6badeb6806b59ed6ba7bafb7b21", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "1df959e4d2f48c4066fddcb5b3fd00b0b25ae44f350f5f35a86571abb2852e39", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-901", "title": "CISA KEV: CVE-2025-27920 \u2014 Srimax Output Messenger Directory Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "29ae4fa86329bf6d0955020319b618d4c183d433830187b80979d392bf159768", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "2b7b65d6f8815dbe18cabaa20c01be655d8475fc429388a4541eff193596ae63", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-901", "title": "CISA KEV: CVE-2025-27920 \u2014 Srimax Output Messenger Directory Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "44c4a0d1826369993d1a2c4fcc00a86bf45723342cfd9f3a8b44b673eee6733a", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "64764ffe4b1e4fc5b9fe27b513e02f0392f659c4e033d23a4ba7a3b7f20c6d30", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "7a4e0eb5fbab9709c8f42beb322a5dfefbc4ec5f914938a8862f8e26a31d30a5", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "b422645db18e95aa0b4daaf5277417b73322bed306f42385ecfd6d49be26bfab", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "f34db4ea8ec3c2cbe53fde3d73229ccaa2a9e7168cd96d9a49bf89adef5ab47c", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-903", "title": "CISA KEV: CVE-2025-4428 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-19", "sev": "crit" } ], "first_seen": "2025-05-19" }, { "value": "CVE-2024-12987", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-905", "title": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "CVE-2025-31324", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-904", "title": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" }, { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "CVE-2025-42999", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-904", "title": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" }, { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "dvrhelper.anondns.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-905", "title": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "miraisucks.anondns.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-905", "title": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "rustbot.anondns.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-905", "title": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "techsupport.anondns.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-905", "title": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "103.207.14.236", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-904", "title": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "134.122.26.60", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-904", "title": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "137.184.197.225", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-904", "title": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "142.111.152.19", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-904", "title": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "142.111.152.20", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-904", "title": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "143.198.173.194", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-904", "title": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "15.204.56.106", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-904", "title": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" }, { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "159.89.93.5", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-904", "title": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "167.99.11.36", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-904", "title": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "192.42.116.200", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-904", "title": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "199.101.196.85", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-904", "title": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "212.30.36.171", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-904", "title": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "212.30.36.173", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-904", "title": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "212.30.36.175", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-904", "title": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "216.73.161.15", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-904", "title": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "216.73.161.8", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-904", "title": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "23.95.123.5", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-904", "title": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" }, { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "43.247.135.53", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-904", "title": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" }, { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "5.255.125.150", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-905", "title": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "50.114.94.55", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-904", "title": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "50.114.94.56", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-904", "title": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "50.114.94.57", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-904", "title": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "50.114.94.68", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-904", "title": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "50.114.94.72", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-904", "title": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "63.135.161.220", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-904", "title": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "63.135.161.223", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-904", "title": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "63.135.161.224", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-904", "title": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "66.63.187.69", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-905", "title": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "85.239.54.153", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-904", "title": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "89.187.164.96", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-904", "title": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "91.193.19.36", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-904", "title": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "91.218.50.174", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-904", "title": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "272b2fc48f6cbbf105cbe961b163de99e761b31d", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-904", "title": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "925f6bc2a3fb5bb15a434f5f42196d49f36459e3", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-904", "title": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "114b460012412411363c9a3ab0246e48a584ce86fc6c0b7855495ec531dd05a1", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-905", "title": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "15c9d7a63fa419305d7f2710b63f71cc38178973c0ccf6d437ce8b6feeca4ee1", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-905", "title": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "1697fd5230f7f09a7b43fee1a1693013ed98beeb7a182cd3f0393d93dd1b7576", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-905", "title": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "427399864232c6c099f183704b23bff241c7e0de642e9eec66cc56890e8a6304", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-905", "title": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "44a526f20c592fd95b4f7d61974c6f87701e33776b68a5d0b44ccd2fa3f48c5d", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-905", "title": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "4c9e60cc73e87da4cadc51523690d67549de4902e880974bfacf7f1a8dc40d7d", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-904", "title": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" }, { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "4f0ba25183ecb79a0721037a0ff9452fa8c19448f82943deca01b36555f2cc99", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-905", "title": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "5dc90cbb0f69f283ccf52a2a79b3dfe94ee8b3474cf6474cfcbe9f66f245a55d", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-905", "title": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "9a9b5bdeb1f23736ceffba623c8950d627a791a0b40c4d44ae2f80e02a43955d", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-905", "title": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "9e660ce74e1bdb0a75293758200b03efd5f807e7896665addb684e0ffb53afd2", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-905", "title": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "9f098920613bd0390d6485936256a67ae310b633124cfbf503936904e69a81bf", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-905", "title": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "b3e4c4018f2d18ec93a62f59b5f7341321aff70d08812a4839b762ad3ade74ee", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-904", "title": "CISA KEV: CVE-2025-42999 \u2014 SAP NetWeaver Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "b68e2d852ad157fc01da34e11aa24a5ab30845b706d7827b8119a3e648ce2cf1", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-905", "title": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "b910e77ee686d7d6769fab8cb8f9b17a4609c4e164bb4ed80d9717d9ddad364f", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-905", "title": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "c0abb19b3a72bd2785e8b567e82300423da672a463eefdeda6dd60872ff0e072", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-905", "title": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "dae8dae748be54ba0d5785ab27b1fdf42b7e66c48ab19177d4981bcc032cfb1c", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-905", "title": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "e547306d6dee4b5b2b6ce3e989b9713a5c21ebe3fefa0f5c1a1ea37cec37e20f", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-905", "title": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "ec9e77f1185f644462305184cf8afcf5d12c7eb524a2d3f4090a658a198c20ce", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-905", "title": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "efb0153047b08aa1876e1e4e97a082f6cb05af75479e1e9069b77d98473a11f4", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-905", "title": "CISA KEV: CVE-2024-12987 \u2014 DrayTek Vigor Routers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-15", "sev": "crit" } ], "first_seen": "2025-05-15" }, { "value": "CVE-2025-32756", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-906", "title": "CISA KEV: CVE-2025-32756 \u2014 Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-14", "sev": "crit" } ], "first_seen": "2025-05-14" }, { "value": "156.236.76.90", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-906", "title": "CISA KEV: CVE-2025-32756 \u2014 Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-14", "sev": "crit" } ], "first_seen": "2025-05-14" }, { "value": "198.105.127.124", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-906", "title": "CISA KEV: CVE-2025-32756 \u2014 Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-14", "sev": "crit" } ], "first_seen": "2025-05-14" }, { "value": "218.187.69.244", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-906", "title": "CISA KEV: CVE-2025-32756 \u2014 Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-14", "sev": "crit" } ], "first_seen": "2025-05-14" }, { "value": "218.187.69.59", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-906", "title": "CISA KEV: CVE-2025-32756 \u2014 Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-14", "sev": "crit" } ], "first_seen": "2025-05-14" }, { "value": "43.228.217.173", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-906", "title": "CISA KEV: CVE-2025-32756 \u2014 Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-14", "sev": "crit" } ], "first_seen": "2025-05-14" }, { "value": "43.228.217.82", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-906", "title": "CISA KEV: CVE-2025-32756 \u2014 Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-14", "sev": "crit" } ], "first_seen": "2025-05-14" }, { "value": "2c8834a52faee8d87cff7cd09c4fb946", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-906", "title": "CISA KEV: CVE-2025-32756 \u2014 Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-14", "sev": "crit" } ], "first_seen": "2025-05-14" }, { "value": "364929c45703a84347064e2d5de45bcd", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-906", "title": "CISA KEV: CVE-2025-32756 \u2014 Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-14", "sev": "crit" } ], "first_seen": "2025-05-14" }, { "value": "4410352e110f82eabc0bf160bec41d21", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-906", "title": "CISA KEV: CVE-2025-32756 \u2014 Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-14", "sev": "crit" } ], "first_seen": "2025-05-14" }, { "value": "489821c38f429a21e1ea821f8460e590", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-906", "title": "CISA KEV: CVE-2025-32756 \u2014 Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-14", "sev": "crit" } ], "first_seen": "2025-05-14" }, { "value": "ebce43017d2cb316ea45e08374de7315", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-906", "title": "CISA KEV: CVE-2025-32756 \u2014 Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-14", "sev": "crit" } ], "first_seen": "2025-05-14" }, { "value": "CVE-2025-30397", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-908", "title": "CISA KEV: CVE-2025-30397 \u2014 Microsoft Windows Scripting Engine Type Confusion Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-13", "sev": "crit" } ], "first_seen": "2025-05-13" }, { "value": "CVE-2025-30400", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-910", "title": "CISA KEV: CVE-2025-30400 \u2014 Microsoft Windows DWM Core Library Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-13", "sev": "crit" } ], "first_seen": "2025-05-13" }, { "value": "CVE-2025-32706", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-909", "title": "CISA KEV: CVE-2025-32706 \u2014 Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-13", "sev": "crit" } ], "first_seen": "2025-05-13" }, { "value": "CVE-2025-32709", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-907", "title": "CISA KEV: CVE-2025-32709 \u2014 Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-13", "sev": "crit" } ], "first_seen": "2025-05-13" }, { "value": "CVE-2025-47729", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-912", "title": "CISA KEV: CVE-2025-47729 \u2014 TeleMessage TM SGNL Hidden Functionality Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-12", "sev": "crit" } ], "first_seen": "2025-05-12" }, { "value": "CVE-2024-11120", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-914", "title": "CISA KEV: CVE-2024-11120 \u2014 GeoVision Devices OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-07", "sev": "crit" } ], "first_seen": "2025-05-07" }, { "value": "CVE-2024-6047", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-914", "title": "CISA KEV: CVE-2024-11120 \u2014 GeoVision Devices OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-07", "sev": "crit" } ], "first_seen": "2025-05-07" }, { "value": "connect.antiwifi.dev", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-914", "title": "CISA KEV: CVE-2024-11120 \u2014 GeoVision Devices OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-07", "sev": "crit" } ], "first_seen": "2025-05-07" }, { "value": "176.65.144.232", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-914", "title": "CISA KEV: CVE-2024-11120 \u2014 GeoVision Devices OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-07", "sev": "crit" } ], "first_seen": "2025-05-07" }, { "value": "176.65.144.253", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-914", "title": "CISA KEV: CVE-2024-11120 \u2014 GeoVision Devices OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-07", "sev": "crit" } ], "first_seen": "2025-05-07" }, { "value": "198.23.212.246", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-914", "title": "CISA KEV: CVE-2024-11120 \u2014 GeoVision Devices OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-07", "sev": "crit" } ], "first_seen": "2025-05-07" }, { "value": "209.141.44.28", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-914", "title": "CISA KEV: CVE-2024-11120 \u2014 GeoVision Devices OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-07", "sev": "crit" } ], "first_seen": "2025-05-07" }, { "value": "51.38.137.114", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-914", "title": "CISA KEV: CVE-2024-11120 \u2014 GeoVision Devices OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-07", "sev": "crit" } ], "first_seen": "2025-05-07" }, { "value": "11c0447f524d0fcb3be2cd0fbd23eb2cc2045f374b70c9c029708a9f2f4a4114", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-914", "title": "CISA KEV: CVE-2024-11120 \u2014 GeoVision Devices OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-07", "sev": "crit" } ], "first_seen": "2025-05-07" }, { "value": "f05247a2322e212513ee08b2e8513f4c764bde7b30831736dfc927097baf6714", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-914", "title": "CISA KEV: CVE-2024-11120 \u2014 GeoVision Devices OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-07", "sev": "crit" } ], "first_seen": "2025-05-07" }, { "value": "CVE-2025-27363", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-915", "title": "CISA KEV: CVE-2025-27363 \u2014 FreeType Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-06", "sev": "crit" } ], "first_seen": "2025-05-06" }, { "value": "CVE-2025-3248", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-917", "title": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-05", "sev": "crit" } ], "first_seen": "2025-05-05" }, { "value": "80.66.75.121", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-917", "title": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-05", "sev": "crit" } ], "first_seen": "2025-05-05" }, { "value": "002f3b2c632e0be6cbc3fdf8afcd0432ffe36604ba1ba84923cadaa147418187", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-917", "title": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-05", "sev": "crit" } ], "first_seen": "2025-05-05" }, { "value": "03d2c37f4dfc6410c7c669f44750120b456e18c939b6110c15e08c7223167afd", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-917", "title": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-05", "sev": "crit" } ], "first_seen": "2025-05-05" }, { "value": "08cf20e54c634f21d8708573eef7fde4dbd5d3cd270d2cb8790e3fe1f42eccec", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-917", "title": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-05", "sev": "crit" } ], "first_seen": "2025-05-05" }, { "value": "31d0aa4214717ae4f52621af6d693c4f0e733cc65e971d207203a8c4bef7bf17", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-917", "title": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-05", "sev": "crit" } ], "first_seen": "2025-05-05" }, { "value": "6dd0464dd0ecde4bb5a769c802d11ab4b36bbe0dd4f0f44144121762737a6be0", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-917", "title": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-05", "sev": "crit" } ], "first_seen": "2025-05-05" }, { "value": "9850eb26d8cbef3358da4df154e054759a062116c2aa82de9a69a8589f0dce49", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-917", "title": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-05", "sev": "crit" } ], "first_seen": "2025-05-05" }, { "value": "99b59e53010d58f47d332b683eb8a40df0e0eacef86390bca249a708e47d9bad", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-917", "title": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-05", "sev": "crit" } ], "first_seen": "2025-05-05" }, { "value": "9f48ec760c350ee44ec7f08cc20f23f2166647052ee20b1192f94c31c3e9a392", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-917", "title": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-05", "sev": "crit" } ], "first_seen": "2025-05-05" }, { "value": "a42f8428aa75c180c2f89fbb8b1e44307c2390ed0ebf5af10015131b5494f9e1", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-917", "title": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-05", "sev": "crit" } ], "first_seen": "2025-05-05" }, { "value": "a6cf8124e9b4558aacc7ddfa24b440454b904b937929be203ed088b1040d1b36", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-917", "title": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-05", "sev": "crit" } ], "first_seen": "2025-05-05" }, { "value": "ab0f9774ca88994091db0ae328d98f45034f653bd34e4f5e85679a972d3a039c", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-917", "title": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-05", "sev": "crit" } ], "first_seen": "2025-05-05" }, { "value": "abb0c4ad31f013df5037593574be3207a4c1e066a96e58ce243aaf2ef0fc0e4d", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-917", "title": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-05", "sev": "crit" } ], "first_seen": "2025-05-05" }, { "value": "c2bcdd6e3cc82c4c4db6aaf8018b8484407a3e3fce8f60828d2087b2568ecca4", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-917", "title": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-05", "sev": "crit" } ], "first_seen": "2025-05-05" }, { "value": "c462a09db1a74dc3d8ed199edca97de87b6ed25c2273c4a3afe811ed0c1c8b1d", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-917", "title": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-05", "sev": "crit" } ], "first_seen": "2025-05-05" }, { "value": "ccb02dce1bca9c3869e1e1d1774764e82206026378d1250aed324f1b7f9b1f11", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-917", "title": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-05", "sev": "crit" } ], "first_seen": "2025-05-05" }, { "value": "df9e9006a566a4fe30eaa48459ec236d90fd628f7587da9e4a6a76d14f0e9c98", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-917", "title": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-05", "sev": "crit" } ], "first_seen": "2025-05-05" }, { "value": "ec52f75268b2f04b84a85e08d56581316bd5ccfeb977e002eb43270fe713f307", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-917", "title": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-05", "sev": "crit" } ], "first_seen": "2025-05-05" }, { "value": "ee84591092a971c965b4e88cc5d6e8c2f07773b3bee1486f3a52483ee72a2b3b", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-917", "title": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-05", "sev": "crit" } ], "first_seen": "2025-05-05" }, { "value": "f73b554e6aa7095cfc79cdb687204d99533aeda73309106ba6cc9428ff57bd1e", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-917", "title": "CISA KEV: CVE-2025-3248 \u2014 Langflow Missing Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-05", "sev": "crit" } ], "first_seen": "2025-05-05" }, { "value": "CVE-2024-4990", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-919", "title": "CISA KEV: CVE-2024-58136 \u2014 Yiiframework Yii Improper Protection of Alternate Path Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-02", "sev": "crit" } ], "first_seen": "2025-05-02" }, { "value": "CVE-2025-34028", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-918", "title": "CISA KEV: CVE-2025-34028 \u2014 Commvault Command Center Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-02", "sev": "crit" } ], "first_seen": "2025-05-02" }, { "value": "CVE-2023-44221", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-921", "title": "CISA KEV: CVE-2024-38475 \u2014 Apache HTTP Server Improper Escaping of Output Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-01", "sev": "crit" }, { "id": "art-922", "title": "CISA KEV: CVE-2023-44221 \u2014 SonicWall SMA100 Appliances OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-01", "sev": "crit" }, { "id": "art-933", "title": "CISA KEV: CVE-2021-20035 \u2014 SonicWall SMA100 Appliances OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-16", "sev": "crit" } ], "first_seen": "2025-05-01" }, { "value": "CVE-2024-38475", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-921", "title": "CISA KEV: CVE-2024-38475 \u2014 Apache HTTP Server Improper Escaping of Output Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-01", "sev": "crit" }, { "id": "art-922", "title": "CISA KEV: CVE-2023-44221 \u2014 SonicWall SMA100 Appliances OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-01", "sev": "crit" }, { "id": "art-933", "title": "CISA KEV: CVE-2021-20035 \u2014 SonicWall SMA100 Appliances OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-16", "sev": "crit" } ], "first_seen": "2025-05-01" }, { "value": "CVE-2024-40766", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-922", "title": "CISA KEV: CVE-2023-44221 \u2014 SonicWall SMA100 Appliances OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-05-01", "sev": "crit" }, { "id": "art-1157", "title": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-09", "sev": "crit" } ], "first_seen": "2025-05-01" }, { "value": "aaa.ki6zmfw3ps8q14rfbfczfq5qkhq8e12q.oastify.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "d-69b.pages.dev", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "data.hs285.top", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "ocr-freespace.oss-cn-beijing.aliyuncs.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "overseas-recognized-athens-oakland.trycloudflare.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "sentinelones.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "101.99.91.107", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "103.207.14.195", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "103.30.76.206", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "107.173.135.116", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "107.175.77.118", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "108.171.195.163", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "13.232.191.219", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "138.197.40.133", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "138.68.61.82", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "15.188.246.198", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "158.247.224.100", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "159.65.34.242", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "188.166.87.88", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "192.243.115.175", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "192.3.153.18", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "205.169.39.55", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "206.188.197.52", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "223.184.254.150", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "3.125.102.39", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "31.192.107.157", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "45.155.222.14", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "45.76.93.60", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "47.97.42.177", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "51.79.66.183", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "65.49.235.210", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "85.106.113.168", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "00920e109f16fe61092e70fca68a5219ade6d42b427e895202f628b467a3d22e", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "0c2c8280701706e0772cb9be83502096e94ad4d9c21d576db0bc627e1e84b579", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "1abf922a8228fd439a72cfddf1ed08ea09b59eaa4ae5eeba1d322d5f3e3c97e8", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "2dcbb4138f836bb5d7bc7d8101d3004848c541df6af997246d4b2a252f29d51a", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "2e6f348f8296f4e062c397d2f3708ca6fdeab2c71edfd130b2ca4c935e53c0d3", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "3f14dc65cc9e35989857dc1ec4bb1179ab05457f2238e917b698edb4c57ae7ce", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "3f5fd4b23126cb21d1007b479954af619a16b0963a51f45cc32a8611e8e845b5", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "427877aadd89f427e1815007998d9bb88309c548951a92a6e4064df001e327c2", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "47ff0ae9220a09bfad2a2fb1e2fa2c8ffe5e9cb0466646e2a940ac2e0cf55d04", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "4b17beee8c2d94cf8e40efc100651d70d046f5c14a027cf97d845dc839e423f9", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "5919f2eab8a826d7ba84e6c413626f5d11ed412d7df0d3ab864f31d3a8db3763", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "598b38f44564565e0e76aa604f915ad88a20a8d5b5827151e681c8866b7ea8b0", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "5a8ddc779dcf124fe5692d15be44346fb6d742322acb0eb3c6b4e90f581c5f9e", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "5e24b41a0bd076ec2b4e49e66daac94396c6180d00a45bcd7f4342a385fa1eed", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "5f3d1f17033d85b85f3bd5ae55cb720e53b31f1679d52986c8d635fd1ce0c08a", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "63aa0c6890ec5c16b872fb6d070556447cd707dfba185d32a2c10c008dbdbcdd", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "69bb809b3fee09ed3ec9138f7566cc867bd6f1e8949b5e3daff21d451c533d75", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "6c6c984727dc53af110ed08ec8b15092facb924c8ad62e86ec76b52a00a41a40", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "888e953538ff668104f838120bc4d801c41adb07027db16281402a62f6ec29ef", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "91f66ba1ad49d3062afdcc80e54da0807207d80a1b539edcdbd6e1bf99e7a2ca", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "9fb57a4c6576a98003de6bf441e4306f72c83f783630286758f5b468abaa105d", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "a114b52c146bd11558cc7c48c3ee679ca5ca55cf2c9cc33616956a6e6229f110", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "b8e56de3792dbd0f4239b54cfaad7ece3bd42affa4fbbdd7668492de548b5df8", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "b9533ce8e428f16f3d0e1946f19a6f756ff11a532d0b7e61ae402837f46c678e", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "b9ef95ca541d3e05a6285411005f5fee15495251041f78e715234b09d019b92c", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "c71da1dfea145798f881afd73b597336d87f18f8fd8f9a7f524c6749a5c664e4", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "c7b9ae61046eed01651a72afe7a31de088056f1c1430b368b1acda0b58299e28", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "df492597eb412c94155a7f437f593aed89cfec2f1f149eb65174c6201be69049", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "f92d0cf4d577c68aa615797d1704f40b14810d98b48834b241dd5c9963e113ec", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-923", "title": "CISA KEV: CVE-2025-31324 \u2014 SAP NetWeaver Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-29", "sev": "crit" } ], "first_seen": "2025-04-29" }, { "value": "CVE-2025-1976", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-925", "title": "CISA KEV: CVE-2025-1976 \u2014 Broadcom Brocade Fabric OS Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-28", "sev": "crit" } ], "first_seen": "2025-04-28" }, { "value": "CVE-2025-3928", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-927", "title": "CISA KEV: CVE-2025-3928 \u2014 Commvault Web Server Unspecified Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-28", "sev": "crit" } ], "first_seen": "2025-04-28" }, { "value": "CVE-2025-42599", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-926", "title": "CISA KEV: CVE-2025-42599 \u2014 Qualitia Active! Mail Stack-Based Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-28", "sev": "crit" } ], "first_seen": "2025-04-28" }, { "value": "108.6.189.53", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-927", "title": "CISA KEV: CVE-2025-3928 \u2014 Commvault Web Server Unspecified Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-28", "sev": "crit" } ], "first_seen": "2025-04-28" }, { "value": "108.69.148.100", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-927", "title": "CISA KEV: CVE-2025-3928 \u2014 Commvault Web Server Unspecified Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-28", "sev": "crit" } ], "first_seen": "2025-04-28" }, { "value": "128.92.80.210", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-927", "title": "CISA KEV: CVE-2025-3928 \u2014 Commvault Web Server Unspecified Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-28", "sev": "crit" } ], "first_seen": "2025-04-28" }, { "value": "159.242.42.20", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-927", "title": "CISA KEV: CVE-2025-3928 \u2014 Commvault Web Server Unspecified Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-28", "sev": "crit" } ], "first_seen": "2025-04-28" }, { "value": "184.153.42.129", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-927", "title": "CISA KEV: CVE-2025-3928 \u2014 Commvault Web Server Unspecified Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-28", "sev": "crit" } ], "first_seen": "2025-04-28" }, { "value": "CVE-2024-43451", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-929", "title": "CISA KEV: CVE-2025-24054 \u2014 Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-17", "sev": "crit" }, { "id": "art-1088", "title": "CISA KEV: CVE-2024-43451 \u2014 Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-12", "sev": "crit" } ], "first_seen": "2025-04-17" }, { "value": "CVE-2025-24054", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-929", "title": "CISA KEV: CVE-2025-24054 \u2014 Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-17", "sev": "crit" } ], "first_seen": "2025-04-17" }, { "value": "CVE-2025-31200", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-930", "title": "CISA KEV: CVE-2025-31201 \u2014 Apple Multiple Products Arbitrary Read and Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-17", "sev": "crit" }, { "id": "art-931", "title": "CISA KEV: CVE-2025-31200 \u2014 Apple Multiple Products Memory Corruption Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-17", "sev": "crit" } ], "first_seen": "2025-04-17" }, { "value": "CVE-2025-31201", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-930", "title": "CISA KEV: CVE-2025-31201 \u2014 Apple Multiple Products Arbitrary Read and Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-17", "sev": "crit" }, { "id": "art-931", "title": "CISA KEV: CVE-2025-31200 \u2014 Apple Multiple Products Memory Corruption Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-17", "sev": "crit" } ], "first_seen": "2025-04-17" }, { "value": "159.196.128.120", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-929", "title": "CISA KEV: CVE-2025-24054 \u2014 Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-17", "sev": "crit" } ], "first_seen": "2025-04-17" }, { "value": "194.127.179.157", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-929", "title": "CISA KEV: CVE-2025-24054 \u2014 Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-17", "sev": "crit" } ], "first_seen": "2025-04-17" }, { "value": "054784f1a398a35e0c5242cbfa164df0c277da73", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-929", "title": "CISA KEV: CVE-2025-24054 \u2014 Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-17", "sev": "crit" } ], "first_seen": "2025-04-17" }, { "value": "5e42c6d12f6b51364b6bfb170f4306c5ce608b4f", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-929", "title": "CISA KEV: CVE-2025-24054 \u2014 Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-17", "sev": "crit" } ], "first_seen": "2025-04-17" }, { "value": "76e93c97ffdb5adb509c966bca22e12c4508dcaa", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-929", "title": "CISA KEV: CVE-2025-24054 \u2014 Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-17", "sev": "crit" } ], "first_seen": "2025-04-17" }, { "value": "7a43c177a582c777e258246f0ba818f9e73a69ab", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-929", "title": "CISA KEV: CVE-2025-24054 \u2014 Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-17", "sev": "crit" } ], "first_seen": "2025-04-17" }, { "value": "7dd0131dd4660be562bc869675772e58a1e3ac8e", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-929", "title": "CISA KEV: CVE-2025-24054 \u2014 Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-17", "sev": "crit" } ], "first_seen": "2025-04-17" }, { "value": "84132ae00239e15b50c1a20126000eed29388100", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-929", "title": "CISA KEV: CVE-2025-24054 \u2014 Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-17", "sev": "crit" } ], "first_seen": "2025-04-17" }, { "value": "9ca72d969d7c5494a30e996324c6c0fcb72ae1ae", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-929", "title": "CISA KEV: CVE-2025-24054 \u2014 Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-17", "sev": "crit" } ], "first_seen": "2025-04-17" }, { "value": "CVE-2021-20035", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-933", "title": "CISA KEV: CVE-2021-20035 \u2014 SonicWall SMA100 Appliances OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-16", "sev": "crit" } ], "first_seen": "2025-04-16" }, { "value": "CVE-2021-20038", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-933", "title": "CISA KEV: CVE-2021-20035 \u2014 SonicWall SMA100 Appliances OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-16", "sev": "crit" } ], "first_seen": "2025-04-16" }, { "value": "CVE-2021-20039", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-933", "title": "CISA KEV: CVE-2021-20035 \u2014 SonicWall SMA100 Appliances OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-16", "sev": "crit" } ], "first_seen": "2025-04-16" }, { "value": "CVE-2025-32819", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-933", "title": "CISA KEV: CVE-2021-20035 \u2014 SonicWall SMA100 Appliances OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-16", "sev": "crit" } ], "first_seen": "2025-04-16" }, { "value": "193.149.176.230", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-933", "title": "CISA KEV: CVE-2021-20035 \u2014 SonicWall SMA100 Appliances OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-16", "sev": "crit" } ], "first_seen": "2025-04-16" }, { "value": "193.149.180.50", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-933", "title": "CISA KEV: CVE-2021-20035 \u2014 SonicWall SMA100 Appliances OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-16", "sev": "crit" } ], "first_seen": "2025-04-16" }, { "value": "64.52.80.80", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-933", "title": "CISA KEV: CVE-2021-20035 \u2014 SonicWall SMA100 Appliances OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-16", "sev": "crit" } ], "first_seen": "2025-04-16" }, { "value": "6de26d211966262e59359d0e2a67d473", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-933", "title": "CISA KEV: CVE-2021-20035 \u2014 SonicWall SMA100 Appliances OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-16", "sev": "crit" } ], "first_seen": "2025-04-16" }, { "value": "b28d57269fe4cd90d1650bde5e905611", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-933", "title": "CISA KEV: CVE-2021-20035 \u2014 SonicWall SMA100 Appliances OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-16", "sev": "crit" } ], "first_seen": "2025-04-16" }, { "value": "d5a070acac1debaf0889d0d48c10e149", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-933", "title": "CISA KEV: CVE-2021-20035 \u2014 SonicWall SMA100 Appliances OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-16", "sev": "crit" } ], "first_seen": "2025-04-16" }, { "value": "f0e0db06ca665907770e2202957d3ecc", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-933", "title": "CISA KEV: CVE-2021-20035 \u2014 SonicWall SMA100 Appliances OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-16", "sev": "crit" } ], "first_seen": "2025-04-16" }, { "value": "CVE-2024-50302", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-935", "title": "CISA KEV: CVE-2024-53150 \u2014 Linux Kernel Out-of-Bounds Read Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-09", "sev": "crit" }, { "id": "art-980", "title": "CISA KEV: CVE-2024-50302 \u2014 Linux Kernel Use of Uninitialized Resource Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-04", "sev": "crit" }, { "id": "art-1014", "title": "CISA KEV: CVE-2024-53104 \u2014 Linux Kernel Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-05", "sev": "crit" } ], "first_seen": "2025-04-09" }, { "value": "CVE-2024-53104", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-935", "title": "CISA KEV: CVE-2024-53150 \u2014 Linux Kernel Out-of-Bounds Read Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-09", "sev": "crit" }, { "id": "art-1014", "title": "CISA KEV: CVE-2024-53104 \u2014 Linux Kernel Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-05", "sev": "crit" } ], "first_seen": "2025-04-09" }, { "value": "CVE-2024-53150", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-935", "title": "CISA KEV: CVE-2024-53150 \u2014 Linux Kernel Out-of-Bounds Read Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-09", "sev": "crit" } ], "first_seen": "2025-04-09" }, { "value": "CVE-2024-53197", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-935", "title": "CISA KEV: CVE-2024-53150 \u2014 Linux Kernel Out-of-Bounds Read Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-09", "sev": "crit" }, { "id": "art-1014", "title": "CISA KEV: CVE-2024-53104 \u2014 Linux Kernel Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-05", "sev": "crit" } ], "first_seen": "2025-04-09" }, { "value": "CVE-2025-29824", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-936", "title": "CISA KEV: CVE-2025-29824 \u2014 Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-08", "sev": "crit" } ], "first_seen": "2025-04-08" }, { "value": "jbdg4buq6jd7ed3rd6cynqtq5abttuekjnxqrqyvk4xam5i7ld33jvqd.onion", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-936", "title": "CISA KEV: CVE-2025-29824 \u2014 Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-08", "sev": "crit" } ], "first_seen": "2025-04-08" }, { "value": "rtb.mftadsrvr.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-937", "title": "CISA KEV: CVE-2025-30406 \u2014 Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-08", "sev": "crit" } ], "first_seen": "2025-04-08" }, { "value": "uyhi3ypdkfeymyf5v35pbk3pz7st3zamsbjzf47jiqbcm3zmikpwf3qd.onion", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-936", "title": "CISA KEV: CVE-2025-29824 \u2014 Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-08", "sev": "crit" } ], "first_seen": "2025-04-08" }, { "value": "104.21.16.1", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-937", "title": "CISA KEV: CVE-2025-30406 \u2014 Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-08", "sev": "crit" } ], "first_seen": "2025-04-08" }, { "value": "104.21.48.1", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-937", "title": "CISA KEV: CVE-2025-30406 \u2014 Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-08", "sev": "crit" } ], "first_seen": "2025-04-08" }, { "value": "165.227.7.206", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-937", "title": "CISA KEV: CVE-2025-30406 \u2014 Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-08", "sev": "crit" } ], "first_seen": "2025-04-08" }, { "value": "2.58.56.16", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-937", "title": "CISA KEV: CVE-2025-30406 \u2014 Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-08", "sev": "crit" }, { "id": "art-938", "title": "CISA KEV: CVE-2025-31161 \u2014 CrushFTP Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-07", "sev": "crit" } ], "first_seen": "2025-04-08" }, { "value": "45.84.107.76", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-937", "title": "CISA KEV: CVE-2025-30406 \u2014 Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-08", "sev": "crit" } ], "first_seen": "2025-04-08" }, { "value": "293b455b5b7e1c2063a8781f3c169cf8ef2b1d06e6b7a086b7b44f37f55729bd", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-936", "title": "CISA KEV: CVE-2025-29824 \u2014 Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-08", "sev": "crit" } ], "first_seen": "2025-04-08" }, { "value": "30981d4082b58704d12a376c3cbb12fecb8a36c2bce64666315e26aef21e75c2", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-937", "title": "CISA KEV: CVE-2025-30406 \u2014 Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-08", "sev": "crit" } ], "first_seen": "2025-04-08" }, { "value": "430d1364d0d0a60facd9b73e674faddf63a8f77649cd10ba855df7e49189980b", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-936", "title": "CISA KEV: CVE-2025-29824 \u2014 Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-08", "sev": "crit" } ], "first_seen": "2025-04-08" }, { "value": "48b006cb17e75ecdb707dc40dd654f449b94abe49f97a808b35cabca1c5fabbf", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-937", "title": "CISA KEV: CVE-2025-30406 \u2014 Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-08", "sev": "crit" } ], "first_seen": "2025-04-08" }, { "value": "6030c4381b8b5d5c5734341292316723a89f1bdbd2d10bb67c4d06b1242afd05", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-936", "title": "CISA KEV: CVE-2025-29824 \u2014 Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-08", "sev": "crit" } ], "first_seen": "2025-04-08" }, { "value": "6d7374b4f977f689389c7155192b5db70ee44a7645625ecf8163c00da8828388", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-936", "title": "CISA KEV: CVE-2025-29824 \u2014 Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-08", "sev": "crit" } ], "first_seen": "2025-04-08" }, { "value": "858efe4f9037e5efebadaaa70aa8ad096f7244c4c4aeade72c51ddad23d05bfe", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-936", "title": "CISA KEV: CVE-2025-29824 \u2014 Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-08", "sev": "crit" } ], "first_seen": "2025-04-08" }, { "value": "9c21adbcb2888daf14ef55c4fa1f41eaa6cbfbe20d85c3e1da61a96a53ba18f9", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-936", "title": "CISA KEV: CVE-2025-29824 \u2014 Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-08", "sev": "crit" } ], "first_seen": "2025-04-08" }, { "value": "af260c172baffd0e8b2671fd0c84e607ac9b2c8beb57df43cf5df6e103cbb7ad", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-936", "title": "CISA KEV: CVE-2025-29824 \u2014 Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-08", "sev": "crit" } ], "first_seen": "2025-04-08" }, { "value": "b2cba01ae6707ce694073018d948f82340b9c41fb2b2bc49769f9a0be37071e1", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-936", "title": "CISA KEV: CVE-2025-29824 \u2014 Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-08", "sev": "crit" } ], "first_seen": "2025-04-08" }, { "value": "b3ee068bf282575ac7eb715dd779254889e0b8a55aba2b7a1700fc8aa4dcb1da", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-936", "title": "CISA KEV: CVE-2025-29824 \u2014 Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-08", "sev": "crit" } ], "first_seen": "2025-04-08" }, { "value": "CVE-2024-4040", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-938", "title": "CISA KEV: CVE-2025-31161 \u2014 CrushFTP Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-07", "sev": "crit" } ], "first_seen": "2025-04-07" }, { "value": "CVE-2025-2825", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-938", "title": "CISA KEV: CVE-2025-31161 \u2014 CrushFTP Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-07", "sev": "crit" } ], "first_seen": "2025-04-07" }, { "value": "CVE-2025-31161", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-938", "title": "CISA KEV: CVE-2025-31161 \u2014 CrushFTP Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-07", "sev": "crit" } ], "first_seen": "2025-04-07" }, { "value": "143.244.47.67", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-938", "title": "CISA KEV: CVE-2025-31161 \u2014 CrushFTP Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-07", "sev": "crit" } ], "first_seen": "2025-04-07" }, { "value": "146.70.166.201", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-938", "title": "CISA KEV: CVE-2025-31161 \u2014 CrushFTP Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-07", "sev": "crit" } ], "first_seen": "2025-04-07" }, { "value": "172.235.144.67", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-938", "title": "CISA KEV: CVE-2025-31161 \u2014 CrushFTP Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-07", "sev": "crit" } ], "first_seen": "2025-04-07" }, { "value": "0b8e76eb315bc522af3cec74749a85e8f55cfed720976892d6610cfc89d84f69", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-938", "title": "CISA KEV: CVE-2025-31161 \u2014 CrushFTP Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-07", "sev": "crit" } ], "first_seen": "2025-04-07" }, { "value": "85a1bfebf2a5973ebecd6e5a58c8fab18edfead2c1680ec1e9cce902924c347e", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-938", "title": "CISA KEV: CVE-2025-31161 \u2014 CrushFTP Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-07", "sev": "crit" } ], "first_seen": "2025-04-07" }, { "value": "9036c92c3ca73cb6ec2da25035322554319288fd2f6db906413011873ad7e281", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-938", "title": "CISA KEV: CVE-2025-31161 \u2014 CrushFTP Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-07", "sev": "crit" } ], "first_seen": "2025-04-07" }, { "value": "be6cb5f80b33b9e97622d278a86a99e67b78ccab0b3e554b8430ae5969bcfc0e", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-938", "title": "CISA KEV: CVE-2025-31161 \u2014 CrushFTP Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-07", "sev": "crit" } ], "first_seen": "2025-04-07" }, { "value": "ee6d24410a8cf31d672d2a47466b76ad287c7ba016d3711490f0f607b1dc0be3", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-938", "title": "CISA KEV: CVE-2025-31161 \u2014 CrushFTP Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-07", "sev": "crit" } ], "first_seen": "2025-04-07" }, { "value": "f7c8be827f3bd98b30c5a8d23c1af77f3d0324a9ebcd90104134fc1971751ff7", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-938", "title": "CISA KEV: CVE-2025-31161 \u2014 CrushFTP Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-07", "sev": "crit" } ], "first_seen": "2025-04-07" }, { "value": "CVE-2025-22457", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-939", "title": "CISA KEV: CVE-2025-22457 \u2014 Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-04", "sev": "crit" } ], "first_seen": "2025-04-04" }, { "value": "10659b392e7f5b30b375b94cae4fdca0", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-939", "title": "CISA KEV: CVE-2025-22457 \u2014 Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-04", "sev": "crit" } ], "first_seen": "2025-04-04" }, { "value": "4628a501088c31f53b5c9ddf6788e835", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-939", "title": "CISA KEV: CVE-2025-22457 \u2014 Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-04", "sev": "crit" } ], "first_seen": "2025-04-04" }, { "value": "6e01ef1367ea81994578526b3bd331d6", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-939", "title": "CISA KEV: CVE-2025-22457 \u2014 Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-04", "sev": "crit" } ], "first_seen": "2025-04-04" }, { "value": "ce2b6a554ae46b5eb7d79ca5e7f440da", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-939", "title": "CISA KEV: CVE-2025-22457 \u2014 Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-04", "sev": "crit" } ], "first_seen": "2025-04-04" }, { "value": "e5192258c27e712c7acf80303e68980b", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-939", "title": "CISA KEV: CVE-2025-22457 \u2014 Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-04", "sev": "crit" } ], "first_seen": "2025-04-04" }, { "value": "CVE-2025-24813", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-942", "title": "CISA KEV: CVE-2025-24813 \u2014 Apache Tomcat Path Equivalence Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-01", "sev": "crit" } ], "first_seen": "2025-04-01" }, { "value": "140.143.182.115", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-942", "title": "CISA KEV: CVE-2025-24813 \u2014 Apache Tomcat Path Equivalence Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-01", "sev": "crit" } ], "first_seen": "2025-04-01" }, { "value": "176.65.138.172", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-942", "title": "CISA KEV: CVE-2025-24813 \u2014 Apache Tomcat Path Equivalence Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-01", "sev": "crit" } ], "first_seen": "2025-04-01" }, { "value": "188.213.161.98", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-942", "title": "CISA KEV: CVE-2025-24813 \u2014 Apache Tomcat Path Equivalence Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-01", "sev": "crit" } ], "first_seen": "2025-04-01" }, { "value": "196.240.54.120", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-942", "title": "CISA KEV: CVE-2025-24813 \u2014 Apache Tomcat Path Equivalence Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-01", "sev": "crit" } ], "first_seen": "2025-04-01" }, { "value": "203.160.68.24", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-942", "title": "CISA KEV: CVE-2025-24813 \u2014 Apache Tomcat Path Equivalence Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-01", "sev": "crit" } ], "first_seen": "2025-04-01" }, { "value": "38.126.114.186", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-942", "title": "CISA KEV: CVE-2025-24813 \u2014 Apache Tomcat Path Equivalence Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-04-01", "sev": "crit" } ], "first_seen": "2025-04-01" }, { "value": "CVE-2024-0305", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-943", "title": "CISA KEV: CVE-2024-20439 \u2014 Cisco Smart Licensing Utility Static Credential Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-31", "sev": "crit" } ], "first_seen": "2025-03-31" }, { "value": "CVE-2024-20439", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-943", "title": "CISA KEV: CVE-2024-20439 \u2014 Cisco Smart Licensing Utility Static Credential Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-31", "sev": "crit" } ], "first_seen": "2025-03-31" }, { "value": "CVE-2024-20440", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-943", "title": "CISA KEV: CVE-2024-20439 \u2014 Cisco Smart Licensing Utility Static Credential Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-31", "sev": "crit" } ], "first_seen": "2025-03-31" }, { "value": "CVE-2024-6473", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-945", "title": "CISA KEV: CVE-2025-2783 \u2014 Google Chromium Mojo Sandbox Escape Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-27", "sev": "crit" } ], "first_seen": "2025-03-27" }, { "value": "CVE-2025-2783", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-945", "title": "CISA KEV: CVE-2025-2783 \u2014 Google Chromium Mojo Sandbox Escape Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-27", "sev": "crit" } ], "first_seen": "2025-03-27" }, { "value": "CVE-2025-2857", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-945", "title": "CISA KEV: CVE-2025-2783 \u2014 Google Chromium Mojo Sandbox Escape Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-27", "sev": "crit" } ], "first_seen": "2025-03-27" }, { "value": "bus-pod-tenant.global.ssl.fastly.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-945", "title": "CISA KEV: CVE-2025-2783 \u2014 Google Chromium Mojo Sandbox Escape Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-27", "sev": "crit" } ], "first_seen": "2025-03-27" }, { "value": "e-library.wiki", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-945", "title": "CISA KEV: CVE-2025-2783 \u2014 Google Chromium Mojo Sandbox Escape Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-27", "sev": "crit" } ], "first_seen": "2025-03-27" }, { "value": "perf-service-clients2.global.ssl.fastly.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-945", "title": "CISA KEV: CVE-2025-2783 \u2014 Google Chromium Mojo Sandbox Escape Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-27", "sev": "crit" } ], "first_seen": "2025-03-27" }, { "value": "status-portal-api.global.ssl.fastly.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-945", "title": "CISA KEV: CVE-2025-2783 \u2014 Google Chromium Mojo Sandbox Escape Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-27", "sev": "crit" } ], "first_seen": "2025-03-27" }, { "value": "33bb0678af6011481845d7ce9643cedc", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-945", "title": "CISA KEV: CVE-2025-2783 \u2014 Google Chromium Mojo Sandbox Escape Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-27", "sev": "crit" } ], "first_seen": "2025-03-27" }, { "value": "35869e8760928407d2789c7f115b7f83", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-945", "title": "CISA KEV: CVE-2025-2783 \u2014 Google Chromium Mojo Sandbox Escape Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-27", "sev": "crit" } ], "first_seen": "2025-03-27" }, { "value": "7d3a30dbf4fd3edaf4dde35ccb5cf926", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-945", "title": "CISA KEV: CVE-2025-2783 \u2014 Google Chromium Mojo Sandbox Escape Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-27", "sev": "crit" } ], "first_seen": "2025-03-27" }, { "value": "3650c1ac97bd5674e1e3bfa9b26008644edacfed", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-945", "title": "CISA KEV: CVE-2025-2783 \u2014 Google Chromium Mojo Sandbox Escape Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-27", "sev": "crit" } ], "first_seen": "2025-03-27" }, { "value": "8390e2ebdd0db5d1a950b2c9984a5f429805d48c", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-945", "title": "CISA KEV: CVE-2025-2783 \u2014 Google Chromium Mojo Sandbox Escape Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-27", "sev": "crit" } ], "first_seen": "2025-03-27" }, { "value": "c25275228c6da54cf578fa72c9f49697e5309694", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-945", "title": "CISA KEV: CVE-2025-2783 \u2014 Google Chromium Mojo Sandbox Escape Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-27", "sev": "crit" } ], "first_seen": "2025-03-27" }, { "value": "07d272b607f082305ce7b1987bfa17dc967ab45c8cd89699bcdced34ea94e126", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-945", "title": "CISA KEV: CVE-2025-2783 \u2014 Google Chromium Mojo Sandbox Escape Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-27", "sev": "crit" } ], "first_seen": "2025-03-27" }, { "value": "2e39800df1cafbebfa22b437744d80f1b38111b471fa3eb42f2214a5ac7e1f13", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-945", "title": "CISA KEV: CVE-2025-2783 \u2014 Google Chromium Mojo Sandbox Escape Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-27", "sev": "crit" } ], "first_seen": "2025-03-27" }, { "value": "388a8af43039f5f16a0673a6e342fa6ae2402e63ba7569d20d9ba4894dc0ba59", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-945", "title": "CISA KEV: CVE-2025-2783 \u2014 Google Chromium Mojo Sandbox Escape Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-27", "sev": "crit" } ], "first_seen": "2025-03-27" }, { "value": "CVE-2019-9874", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-946", "title": "CISA KEV: CVE-2019-9875 \u2014 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-26", "sev": "crit" } ], "first_seen": "2025-03-26" }, { "value": "CVE-2019-9875", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-946", "title": "CISA KEV: CVE-2019-9875 \u2014 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-26", "sev": "crit" } ], "first_seen": "2025-03-26" }, { "value": "3c6d5c14e71ff37a0a341c6fdc3e71cefbc85ba0", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-947", "title": "CISA KEV: CVE-2025-30154 \u2014 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-24", "sev": "crit" } ], "first_seen": "2025-03-24" }, { "value": "CVE-2017-12637", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-950", "title": "CISA KEV: CVE-2017-12637 \u2014 SAP NetWeaver Directory Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-19", "sev": "crit" } ], "first_seen": "2025-03-19" }, { "value": "CVE-2024-48248", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-951", "title": "CISA KEV: CVE-2024-48248 \u2014 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-19", "sev": "crit" } ], "first_seen": "2025-03-19" }, { "value": "CVE-2025-1316", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-952", "title": "CISA KEV: CVE-2025-1316 \u2014 Edimax IC-7100 IP Camera OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-19", "sev": "crit" } ], "first_seen": "2025-03-19" }, { "value": "CVE-2025-24472", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-956", "title": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" } ], "first_seen": "2025-03-18" }, { "value": "109.248.160.118", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-956", "title": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" } ], "first_seen": "2025-03-18" }, { "value": "149.22.94.37", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-956", "title": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" } ], "first_seen": "2025-03-18" }, { "value": "155.133.4.175", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-956", "title": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" }, { "id": "art-1032", "title": "CISA KEV: CVE-2024-55591 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-14", "sev": "crit" } ], "first_seen": "2025-03-18" }, { "value": "158.255.215.126", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-956", "title": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" } ], "first_seen": "2025-03-18" }, { "value": "170.130.55.164", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-956", "title": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" } ], "first_seen": "2025-03-18" }, { "value": "176.53.147.5", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-956", "title": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" } ], "first_seen": "2025-03-18" }, { "value": "185.147.124.10", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-956", "title": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" } ], "first_seen": "2025-03-18" }, { "value": "185.147.124.31", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-956", "title": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" } ], "first_seen": "2025-03-18" }, { "value": "185.147.124.34", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-956", "title": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" } ], "first_seen": "2025-03-18" }, { "value": "185.147.124.55", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-956", "title": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" } ], "first_seen": "2025-03-18" }, { "value": "185.224.0.201", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-956", "title": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" } ], "first_seen": "2025-03-18" }, { "value": "185.95.159.43", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-956", "title": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" } ], "first_seen": "2025-03-18" }, { "value": "192.248.155.218", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-956", "title": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" } ], "first_seen": "2025-03-18" }, { "value": "193.143.1.65", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-956", "title": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" } ], "first_seen": "2025-03-18" }, { "value": "213.176.64.114", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-956", "title": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" } ], "first_seen": "2025-03-18" }, { "value": "217.144.189.35", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-956", "title": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" } ], "first_seen": "2025-03-18" }, { "value": "45.15.17.67", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-956", "title": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" } ], "first_seen": "2025-03-18" }, { "value": "45.55.158.47", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-956", "title": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" }, { "id": "art-1032", "title": "CISA KEV: CVE-2024-55591 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-14", "sev": "crit" } ], "first_seen": "2025-03-18" }, { "value": "5.181.171.133", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-956", "title": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" } ], "first_seen": "2025-03-18" }, { "value": "57.69.19.70", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-956", "title": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" } ], "first_seen": "2025-03-18" }, { "value": "80.64.30.237", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-956", "title": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" } ], "first_seen": "2025-03-18" }, { "value": "80.66.88.90", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-956", "title": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" } ], "first_seen": "2025-03-18" }, { "value": "87.249.138.47", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-956", "title": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" } ], "first_seen": "2025-03-18" }, { "value": "89.248.192.55", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-956", "title": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" } ], "first_seen": "2025-03-18" }, { "value": "94.154.35.208", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-956", "title": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" } ], "first_seen": "2025-03-18" }, { "value": "94.156.177.187", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-956", "title": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" } ], "first_seen": "2025-03-18" }, { "value": "94.156.227.208", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-956", "title": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" } ], "first_seen": "2025-03-18" }, { "value": "95.179.234.4", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-956", "title": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" } ], "first_seen": "2025-03-18" }, { "value": "95.217.78.122", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-956", "title": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" } ], "first_seen": "2025-03-18" }, { "value": "96.31.67.39", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-956", "title": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" } ], "first_seen": "2025-03-18" }, { "value": "782c3c463809cd818dadad736f076c36cdea01d8c4efed094d78661ba0a57045", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-956", "title": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" } ], "first_seen": "2025-03-18" }, { "value": "813ad8caa4dcbd814c1ee9ea28040d74338e79e76beae92bedc8a47b402dedc2", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-956", "title": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" } ], "first_seen": "2025-03-18" }, { "value": "917e115cc403e29b4388e0d175cbfac3e7e40ca1742299fbdb353847db2de7c2", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-956", "title": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" } ], "first_seen": "2025-03-18" }, { "value": "c994b132b2a264b8cf1d47b2f432fe6bda631b994ec7dcddf5650113f4a5a404", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-956", "title": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" } ], "first_seen": "2025-03-18" }, { "value": "d9938ac4346d03a07f8ce8b57436e75ba5e936372b9bfd0386f18f6d56902c88", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-956", "title": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" } ], "first_seen": "2025-03-18" }, { "value": "f383bca7e763b9a76e64489f1e2e54c44e1fd24094e9f3a28d4b45b5ec88b513", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-956", "title": "CISA KEV: CVE-2025-24472 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-18", "sev": "crit" } ], "first_seen": "2025-03-18" }, { "value": "CVE-2025-21590", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-960", "title": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-13", "sev": "crit" } ], "first_seen": "2025-03-13" }, { "value": "CVE-2025-24201", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-961", "title": "CISA KEV: CVE-2025-24201 \u2014 Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-13", "sev": "crit" } ], "first_seen": "2025-03-13" }, { "value": "101.100.182.122", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-960", "title": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-13", "sev": "crit" } ], "first_seen": "2025-03-13" }, { "value": "116.88.34.184", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-960", "title": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-13", "sev": "crit" } ], "first_seen": "2025-03-13" }, { "value": "118.189.188.122", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-960", "title": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-13", "sev": "crit" } ], "first_seen": "2025-03-13" }, { "value": "129.126.109.50", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-960", "title": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-13", "sev": "crit" } ], "first_seen": "2025-03-13" }, { "value": "158.140.135.244", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-960", "title": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-13", "sev": "crit" } ], "first_seen": "2025-03-13" }, { "value": "223.25.78.136", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-960", "title": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-13", "sev": "crit" } ], "first_seen": "2025-03-13" }, { "value": "45.77.39.28", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-960", "title": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-13", "sev": "crit" } ], "first_seen": "2025-03-13" }, { "value": "8.222.225.8", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-960", "title": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-13", "sev": "crit" } ], "first_seen": "2025-03-13" }, { "value": "2c89a18944d3a895bd6432415546635e", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-960", "title": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-13", "sev": "crit" } ], "first_seen": "2025-03-13" }, { "value": "3243e04afe18cc5e1230d49011e19899", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-960", "title": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-13", "sev": "crit" } ], "first_seen": "2025-03-13" }, { "value": "5724d76f832ce8061f74b0e9f1dcad90", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-960", "title": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-13", "sev": "crit" } ], "first_seen": "2025-03-13" }, { "value": "8023d01ffb7a38b582f0d598afb974ee", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-960", "title": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-13", "sev": "crit" } ], "first_seen": "2025-03-13" }, { "value": "aac5d83d296df81c9259c9a533a8423a", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-960", "title": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-13", "sev": "crit" } ], "first_seen": "2025-03-13" }, { "value": "b9e4784fa0e6283ce6e2094426a02fce", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-960", "title": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-13", "sev": "crit" } ], "first_seen": "2025-03-13" }, { "value": "bf80c96089d37b8571b5de7cab14dd9f", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-960", "title": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-13", "sev": "crit" } ], "first_seen": "2025-03-13" }, { "value": "e7622d983d22e749b3658600df00296d", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-960", "title": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-13", "sev": "crit" } ], "first_seen": "2025-03-13" }, { "value": "01735bb47a933ae9ec470e6be737d8f646a8ec66", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-960", "title": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-13", "sev": "crit" } ], "first_seen": "2025-03-13" }, { "value": "06a1f879da398c00522649171526dc968f769093", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-960", "title": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-13", "sev": "crit" } ], "first_seen": "2025-03-13" }, { "value": "1a6d07da7e77a5706dd8af899ebe4daa74bbbe91", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-960", "title": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-13", "sev": "crit" } ], "first_seen": "2025-03-13" }, { "value": "2e9215a203e908483d04dfc0328651d79d35b54f", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-960", "title": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-13", "sev": "crit" } ], "first_seen": "2025-03-13" }, { "value": "50520639cf77df0c15cc95076fac901e3d04b708", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-960", "title": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-13", "sev": "crit" } ], "first_seen": "2025-03-13" }, { "value": "cec327e51b79cf11b3eeffebf1be8ac0d66e9529", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-960", "title": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-13", "sev": "crit" } ], "first_seen": "2025-03-13" }, { "value": "cf7af504ef0796d91207e41815187a793d430d85", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-960", "title": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-13", "sev": "crit" } ], "first_seen": "2025-03-13" }, { "value": "f8697b400059d4d5082eee2d269735aa8ea2df9a", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-960", "title": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-13", "sev": "crit" } ], "first_seen": "2025-03-13" }, { "value": "3751997cfcb038e6b658e9180bc7cce28a3c25dbb892b661bcd1065723f11f7e", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-960", "title": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-13", "sev": "crit" } ], "first_seen": "2025-03-13" }, { "value": "5995aaff5a047565c0d7fe3c80fa354c40e7e8c3e7d4df292316c8472d4ac67a", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-960", "title": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-13", "sev": "crit" } ], "first_seen": "2025-03-13" }, { "value": "5bef7608d66112315eefff354dae42f49178b7498f994a728ae6203a8a59f5a2", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-960", "title": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-13", "sev": "crit" } ], "first_seen": "2025-03-13" }, { "value": "905b18d5df58bd6c16930e318d9574a2ad793ec993ad2f68bca813574e3d854b", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-960", "title": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-13", "sev": "crit" } ], "first_seen": "2025-03-13" }, { "value": "98380ec6bf4e03d3ff490cdc6c48c37714450930e4adf82e6e14d244d8373888", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-960", "title": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-13", "sev": "crit" } ], "first_seen": "2025-03-13" }, { "value": "c0ec15e08b4fb3730c5695fb7b4a6b85f7fe341282ad469e4e141c40ead310c3", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-960", "title": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-13", "sev": "crit" } ], "first_seen": "2025-03-13" }, { "value": "e1de05a2832437ab70d36c4c05b43c4a57f856289224bbd41182deea978400ed", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-960", "title": "CISA KEV: CVE-2025-21590 \u2014 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-13", "sev": "crit" } ], "first_seen": "2025-03-13" }, { "value": "CVE-2025-22869", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-963", "title": "Snyk Helps Secure the Golang Bento Project", "link": "https://snyk.io/blog/snyk-helps-secure-the-golang-bento-project/", "published": "2025-03-12", "sev": "high" } ], "first_seen": "2025-03-12" }, { "value": "CVE-2025-24983", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-969", "title": "CISA KEV: CVE-2025-24983 \u2014 Microsoft Windows Win32k Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-11", "sev": "crit" } ], "first_seen": "2025-03-11" }, { "value": "CVE-2025-24984", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-967", "title": "CISA KEV: CVE-2025-24991 \u2014 Microsoft Windows NTFS Out-Of-Bounds Read Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-11", "sev": "crit" } ], "first_seen": "2025-03-11" }, { "value": "CVE-2025-24985", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-968", "title": "CISA KEV: CVE-2025-24985 \u2014 Microsoft Windows Fast FAT File System Driver Integer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-11", "sev": "crit" } ], "first_seen": "2025-03-11" }, { "value": "CVE-2025-24993", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-966", "title": "CISA KEV: CVE-2025-24993 \u2014 Microsoft Windows NTFS Heap-Based Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-11", "sev": "crit" } ], "first_seen": "2025-03-11" }, { "value": "CVE-2025-26633", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-970", "title": "CISA KEV: CVE-2025-26633 \u2014 Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-11", "sev": "crit" } ], "first_seen": "2025-03-11" }, { "value": "belaysolutions.link", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-970", "title": "CISA KEV: CVE-2025-26633 \u2014 Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-11", "sev": "crit" } ], "first_seen": "2025-03-11" }, { "value": "103.246.147.17", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-970", "title": "CISA KEV: CVE-2025-26633 \u2014 Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-11", "sev": "crit" } ], "first_seen": "2025-03-11" }, { "value": "82.115.223.182", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-970", "title": "CISA KEV: CVE-2025-26633 \u2014 Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-11", "sev": "crit" } ], "first_seen": "2025-03-11" }, { "value": "bad43a1c8ba1dacf3daf82bc30a0673f9bc2675ea6cdedd34624ffc933b959f4", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-970", "title": "CISA KEV: CVE-2025-26633 \u2014 Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-11", "sev": "crit" } ], "first_seen": "2025-03-11" }, { "value": "CVE-2017-9248", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-973", "title": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" } ], "first_seen": "2025-03-10" }, { "value": "CVE-2019-18935", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-973", "title": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" } ], "first_seen": "2025-03-10" }, { "value": "CVE-2024-13161", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-971", "title": "CISA KEV: CVE-2024-13161 \u2014 Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" } ], "first_seen": "2025-03-10" }, { "value": "CVE-2024-57968", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-972", "title": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" }, { "id": "art-973", "title": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" } ], "first_seen": "2025-03-10" }, { "value": "CVE-2025-25181", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-972", "title": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" }, { "id": "art-973", "title": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" } ], "first_seen": "2025-03-10" }, { "value": "hivnd.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-972", "title": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" }, { "id": "art-973", "title": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" } ], "first_seen": "2025-03-10" }, { "value": "object.fm", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-972", "title": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" }, { "id": "art-973", "title": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" } ], "first_seen": "2025-03-10" }, { "value": "paycashs.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-972", "title": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" }, { "id": "art-973", "title": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" } ], "first_seen": "2025-03-10" }, { "value": "sexadult.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-972", "title": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" }, { "id": "art-973", "title": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" } ], "first_seen": "2025-03-10" }, { "value": "xegroups.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-972", "title": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" }, { "id": "art-973", "title": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" } ], "first_seen": "2025-03-10" }, { "value": "xework.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-972", "title": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" }, { "id": "art-973", "title": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" } ], "first_seen": "2025-03-10" }, { "value": "123.20.29.193", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-972", "title": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" }, { "id": "art-973", "title": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" } ], "first_seen": "2025-03-10" }, { "value": "171.227.250.249", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-972", "title": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" }, { "id": "art-973", "title": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" } ], "first_seen": "2025-03-10" }, { "value": "222.253.102.94", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-972", "title": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" }, { "id": "art-973", "title": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" } ], "first_seen": "2025-03-10" }, { "value": "339a79457a8cf3504312d394be3ece98", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-972", "title": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" }, { "id": "art-973", "title": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" } ], "first_seen": "2025-03-10" }, { "value": "457d7e3a708d1b5c6a8d449e52064985", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-972", "title": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" }, { "id": "art-973", "title": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" } ], "first_seen": "2025-03-10" }, { "value": "7a9b5c3bb7dab0857ee2c2d71758eca3", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-972", "title": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" }, { "id": "art-973", "title": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" } ], "first_seen": "2025-03-10" }, { "value": "7abb73b7844f2308d9c62954e6e8b7fc", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-972", "title": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" }, { "id": "art-973", "title": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" } ], "first_seen": "2025-03-10" }, { "value": "7b5b7d96006fec70c2091e90fbf02b99", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-973", "title": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" } ], "first_seen": "2025-03-10" }, { "value": "032dd95a1299f37aaa76318945e030eb7da94da9", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-972", "title": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" }, { "id": "art-973", "title": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" } ], "first_seen": "2025-03-10" }, { "value": "16db01fe25b0c09e18d13f38c88a4ead5d10e323", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-972", "title": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" }, { "id": "art-973", "title": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" } ], "first_seen": "2025-03-10" }, { "value": "84e7f4ff1f93a4297c2e2c4e54f14edb18396b60", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-972", "title": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" }, { "id": "art-973", "title": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" } ], "first_seen": "2025-03-10" }, { "value": "9e928a26aa3c0e6eb8e709fc55ea12dcf7e02ff9", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-973", "title": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" } ], "first_seen": "2025-03-10" }, { "value": "ede5ddb97b98d80440553b23dfc19fdb4adc7499", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-972", "title": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" }, { "id": "art-973", "title": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" } ], "first_seen": "2025-03-10" }, { "value": "013ccea1d7fc2aa2d660e900f87a3192f5cb73768710ef2eb9016f81df8e5c70", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-973", "title": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" } ], "first_seen": "2025-03-10" }, { "value": "322f8cd560d5e10e93af3ea6d3505c8de213f549e6627c3ef4664ed92ba55f56", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-972", "title": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" }, { "id": "art-973", "title": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" } ], "first_seen": "2025-03-10" }, { "value": "38b2d52dc471587fb65ef99c64cb3f69470ddfdaa184a256aecb26edeff3553a", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-972", "title": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" }, { "id": "art-973", "title": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" } ], "first_seen": "2025-03-10" }, { "value": "680b7e8ec8204975c5026bcbaf70f7e9620eacdd7bf72e5476d17266b4a7d316", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-972", "title": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" }, { "id": "art-973", "title": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" } ], "first_seen": "2025-03-10" }, { "value": "884c394c7b3eb757ae57050ac2e6a75385a361555e8e4272de1a3cf24746eec7", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-973", "title": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" } ], "first_seen": "2025-03-10" }, { "value": "c564acd69efa62a5037931090bf70a6506419fdf59ec52f8d1ab0b15d861cc67", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-972", "title": "CISA KEV: CVE-2024-57968 \u2014 Advantive VeraCore Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" }, { "id": "art-973", "title": "CISA KEV: CVE-2025-25181 \u2014 Advantive VeraCore SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-10", "sev": "crit" } ], "first_seen": "2025-03-10" }, { "value": "CVE-2025-22224", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-978", "title": "CISA KEV: CVE-2025-22225 \u2014 VMware ESXi Arbitrary Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-04", "sev": "crit" }, { "id": "art-979", "title": "CISA KEV: CVE-2025-22224 \u2014 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-04", "sev": "crit" } ], "first_seen": "2025-03-04" }, { "value": "CVE-2025-22225", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-978", "title": "CISA KEV: CVE-2025-22225 \u2014 VMware ESXi Arbitrary Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-04", "sev": "crit" } ], "first_seen": "2025-03-04" }, { "value": "CVE-2025-22226", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-977", "title": "CISA KEV: CVE-2025-22226 \u2014 VMware ESXi, Workstation, and Fusion Information Disclosure Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-04", "sev": "crit" }, { "id": "art-978", "title": "CISA KEV: CVE-2025-22225 \u2014 VMware ESXi Arbitrary Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-04", "sev": "crit" } ], "first_seen": "2025-03-04" }, { "value": "2bc5d02774ac1778be22cace51f9e35fe7b53378f8d70143bf646b68d2c0f94c", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-979", "title": "CISA KEV: CVE-2025-22224 \u2014 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-04", "sev": "crit" } ], "first_seen": "2025-03-04" }, { "value": "37972a232ac6d8c402ac4531430967c1fd458b74a52d6d1990688d88956791a7", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-979", "title": "CISA KEV: CVE-2025-22224 \u2014 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-04", "sev": "crit" } ], "first_seen": "2025-03-04" }, { "value": "4614346fc1ff74f057d189db45aa7dc25d6e7f3d9b68c287a409a53c86dca25e", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-979", "title": "CISA KEV: CVE-2025-22224 \u2014 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-04", "sev": "crit" } ], "first_seen": "2025-03-04" }, { "value": "c3f8da7599468c11782c2332497b9e5013d98a1030034243dfed0cf072469c89", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-979", "title": "CISA KEV: CVE-2025-22224 \u2014 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-04", "sev": "crit" } ], "first_seen": "2025-03-04" }, { "value": "dc5b8f7c6a8a6764de3309279e3b6412c23e6af1d7a8631c65b80027444d62bb", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-979", "title": "CISA KEV: CVE-2025-22224 \u2014 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-04", "sev": "crit" } ], "first_seen": "2025-03-04" }, { "value": "CVE-2018-8639", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-982", "title": "CISA KEV: CVE-2018-8639 \u2014 Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-03", "sev": "crit" } ], "first_seen": "2025-03-03" }, { "value": "CVE-2022-43769", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-983", "title": "CISA KEV: CVE-2022-43769 \u2014 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-03", "sev": "crit" } ], "first_seen": "2025-03-03" }, { "value": "CVE-2023-20118", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-984", "title": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-03", "sev": "crit" } ], "first_seen": "2025-03-03" }, { "value": "CVE-2024-4885", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-981", "title": "CISA KEV: CVE-2024-4885 \u2014 Progress WhatsUp Gold Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-03", "sev": "crit" } ], "first_seen": "2025-03-03" }, { "value": "aipricadd.top", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-984", "title": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-03", "sev": "crit" } ], "first_seen": "2025-03-03" }, { "value": "asustordownload.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-984", "title": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-03", "sev": "crit" } ], "first_seen": "2025-03-03" }, { "value": "centrequ.cc", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-984", "title": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-03", "sev": "crit" } ], "first_seen": "2025-03-03" }, { "value": "durianlink.cc", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-984", "title": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-03", "sev": "crit" } ], "first_seen": "2025-03-03" }, { "value": "firebasesafer.top", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-984", "title": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-03", "sev": "crit" } ], "first_seen": "2025-03-03" }, { "value": "gardensc.cc", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-984", "title": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-03", "sev": "crit" } ], "first_seen": "2025-03-03" }, { "value": "headached.cc", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-984", "title": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-03", "sev": "crit" } ], "first_seen": "2025-03-03" }, { "value": "hitchil.cc", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-984", "title": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-03", "sev": "crit" } ], "first_seen": "2025-03-03" }, { "value": "icecreand.cc", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-984", "title": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-03", "sev": "crit" } ], "first_seen": "2025-03-03" }, { "value": "landim.cc", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-984", "title": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-03", "sev": "crit" } ], "first_seen": "2025-03-03" }, { "value": "largeroofs.top", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-984", "title": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-03", "sev": "crit" } ], "first_seen": "2025-03-03" }, { "value": "logchim.cc", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-984", "title": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-03", "sev": "crit" } ], "first_seen": "2025-03-03" }, { "value": "longlog.cc", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-984", "title": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-03", "sev": "crit" } ], "first_seen": "2025-03-03" }, { "value": "nternetd.cc", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-984", "title": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-03", "sev": "crit" } ], "first_seen": "2025-03-03" }, { "value": "siotherlentsearsitech.shop", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-984", "title": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-03", "sev": "crit" } ], "first_seen": "2025-03-03" }, { "value": "ssofhoseuegsgrfnu.ru", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-984", "title": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-03", "sev": "crit" } ], "first_seen": "2025-03-03" }, { "value": "suiteiol.cc", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-984", "title": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-03", "sev": "crit" } ], "first_seen": "2025-03-03" }, { "value": "101.99.91.239", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-984", "title": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-03", "sev": "crit" } ], "first_seen": "2025-03-03" }, { "value": "119.8.186.227", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-984", "title": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-03", "sev": "crit" } ], "first_seen": "2025-03-03" }, { "value": "122.8.183.181", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-984", "title": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-03", "sev": "crit" } ], "first_seen": "2025-03-03" }, { "value": "159.138.119.99", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-984", "title": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-03", "sev": "crit" } ], "first_seen": "2025-03-03" }, { "value": "195.123.212.54", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-984", "title": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-03", "sev": "crit" } ], "first_seen": "2025-03-03" }, { "value": "43.129.205.244", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-984", "title": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-03", "sev": "crit" } ], "first_seen": "2025-03-03" }, { "value": "121969d72f8e6f09ad93cf17500c479c452e230e27e7b157d5c9336dff15b6ef", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-984", "title": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-03", "sev": "crit" } ], "first_seen": "2025-03-03" }, { "value": "13cd040a7f488e937b1b234d71a0126b7bc74367bf6538b6961c476f5d620d13", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-984", "title": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-03", "sev": "crit" } ], "first_seen": "2025-03-03" }, { "value": "1ca7262f91d517853a0551b14abb0306c4e3567e41b1e82a018f0aac718e499e", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-984", "title": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-03", "sev": "crit" } ], "first_seen": "2025-03-03" }, { "value": "464f29d5f496b4acffc455330f00adb34ab920c66ca1908eee262339d6946bcd", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-984", "title": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-03", "sev": "crit" } ], "first_seen": "2025-03-03" }, { "value": "932b2545bd6e3ad74b82ca2199944edecf9c92ad3f75fce0d07e04ab084824d5", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-984", "title": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-03", "sev": "crit" } ], "first_seen": "2025-03-03" }, { "value": "eda7cc5e1781c681afe99bf513fcaf5ae86afbf1d84dfd23aa563b1a043cbba8", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-984", "title": "CISA KEV: CVE-2023-20118 \u2014 Cisco Small Business RV Series Routers Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-03-03", "sev": "crit" } ], "first_seen": "2025-03-03" }, { "value": "CVE-2023-34192", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-989", "title": "CISA KEV: CVE-2023-34192 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-25", "sev": "crit" } ], "first_seen": "2025-02-25" }, { "value": "CVE-2024-49035", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-990", "title": "CISA KEV: CVE-2024-49035 \u2014 Microsoft Partner Center Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-25", "sev": "crit" } ], "first_seen": "2025-02-25" }, { "value": "CVE-2017-3066", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-992", "title": "CISA KEV: CVE-2017-3066 \u2014 Adobe ColdFusion Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-24", "sev": "crit" } ], "first_seen": "2025-02-24" }, { "value": "CVE-2024-20953", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-991", "title": "CISA KEV: CVE-2024-20953 \u2014 Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-24", "sev": "crit" } ], "first_seen": "2025-02-24" }, { "value": "CVE-2025-24989", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-993", "title": "CISA KEV: CVE-2025-24989 \u2014 Microsoft Power Pages Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-21", "sev": "crit" } ], "first_seen": "2025-02-21" }, { "value": "CVE-2022-24439", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-994", "title": "Snyk\u2019s Fetch the Flag CTF is More Than Just a CTF", "link": "https://snyk.io/blog/snyks-fetch-the-flag-ctf/", "published": "2025-02-20", "sev": "crit" } ], "first_seen": "2025-02-20" }, { "value": "CVE-2022-33891", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-994", "title": "Snyk\u2019s Fetch the Flag CTF is More Than Just a CTF", "link": "https://snyk.io/blog/snyks-fetch-the-flag-ctf/", "published": "2025-02-20", "sev": "crit" } ], "first_seen": "2025-02-20" }, { "value": "CVE-2023-40267", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-994", "title": "Snyk\u2019s Fetch the Flag CTF is More Than Just a CTF", "link": "https://snyk.io/blog/snyks-fetch-the-flag-ctf/", "published": "2025-02-20", "sev": "crit" } ], "first_seen": "2025-02-20" }, { "value": "CVE-2024-9474", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-995", "title": "CISA KEV: CVE-2025-0111 \u2014 Palo Alto Networks PAN-OS File Read Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-20", "sev": "crit" }, { "id": "art-997", "title": "CISA KEV: CVE-2025-0108 \u2014 Palo Alto Networks PAN-OS Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-18", "sev": "crit" }, { "id": "art-1078", "title": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-18", "sev": "crit" } ], "first_seen": "2025-02-20" }, { "value": "CVE-2025-0108", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-995", "title": "CISA KEV: CVE-2025-0111 \u2014 Palo Alto Networks PAN-OS File Read Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-20", "sev": "crit" }, { "id": "art-997", "title": "CISA KEV: CVE-2025-0108 \u2014 Palo Alto Networks PAN-OS Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-18", "sev": "crit" } ], "first_seen": "2025-02-20" }, { "value": "CVE-2025-0111", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-995", "title": "CISA KEV: CVE-2025-0111 \u2014 Palo Alto Networks PAN-OS File Read Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-20", "sev": "crit" }, { "id": "art-997", "title": "CISA KEV: CVE-2025-0108 \u2014 Palo Alto Networks PAN-OS Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-18", "sev": "crit" } ], "first_seen": "2025-02-20" }, { "value": "CVE-2025-23209", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-996", "title": "CISA KEV: CVE-2025-23209 \u2014 Craft CMS Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-20", "sev": "crit" } ], "first_seen": "2025-02-20" }, { "value": "CVE-2024-53704", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-998", "title": "CISA KEV: CVE-2024-53704 \u2014 SonicWall SonicOS SSLVPN Improper Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-18", "sev": "crit" } ], "first_seen": "2025-02-18" }, { "value": "CVE-2024-57727", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-999", "title": "CISA KEV: CVE-2024-57727 \u2014 SimpleHelp Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-13", "sev": "crit" } ], "first_seen": "2025-02-13" }, { "value": "CVE-2018-10561", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1002", "title": "CISA KEV: CVE-2024-41710 \u2014 Mitel SIP Phones Argument Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-12", "sev": "crit" } ], "first_seen": "2025-02-12" }, { "value": "CVE-2018-10562", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1002", "title": "CISA KEV: CVE-2024-41710 \u2014 Mitel SIP Phones Argument Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-12", "sev": "crit" } ], "first_seen": "2025-02-12" }, { "value": "CVE-2018-17532", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1002", "title": "CISA KEV: CVE-2024-41710 \u2014 Mitel SIP Phones Argument Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-12", "sev": "crit" } ], "first_seen": "2025-02-12" }, { "value": "CVE-2022-31137", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1002", "title": "CISA KEV: CVE-2024-41710 \u2014 Mitel SIP Phones Argument Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-12", "sev": "crit" } ], "first_seen": "2025-02-12" }, { "value": "CVE-2023-26801", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1002", "title": "CISA KEV: CVE-2024-41710 \u2014 Mitel SIP Phones Argument Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-12", "sev": "crit" } ], "first_seen": "2025-02-12" }, { "value": "CVE-2024-41710", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1002", "title": "CISA KEV: CVE-2024-41710 \u2014 Mitel SIP Phones Argument Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-12", "sev": "crit" } ], "first_seen": "2025-02-12" }, { "value": "CVE-2025-24200", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1001", "title": "CISA KEV: CVE-2025-24200 \u2014 Apple iOS and iPadOS Incorrect Authorization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-12", "sev": "crit" } ], "first_seen": "2025-02-12" }, { "value": "GO-2025-3451", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-1000", "title": "Do not pass GO - Malicious Package Alert", "link": "https://snyk.io/blog/go-malicious-package-alert/", "published": "2025-02-12", "sev": "crit" } ], "first_seen": "2025-02-12" }, { "value": "cardiacpure.ru", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1002", "title": "CISA KEV: CVE-2024-41710 \u2014 Mitel SIP Phones Argument Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-12", "sev": "crit" } ], "first_seen": "2025-02-12" }, { "value": "eye-network.ru", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1002", "title": "CISA KEV: CVE-2024-41710 \u2014 Mitel SIP Phones Argument Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-12", "sev": "crit" } ], "first_seen": "2025-02-12" }, { "value": "fuerer-net.ru", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1002", "title": "CISA KEV: CVE-2024-41710 \u2014 Mitel SIP Phones Argument Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-12", "sev": "crit" } ], "first_seen": "2025-02-12" }, { "value": "github.com/boltdb-go/bolt", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-1000", "title": "Do not pass GO - Malicious Package Alert", "link": "https://snyk.io/blog/go-malicious-package-alert/", "published": "2025-02-12", "sev": "crit" } ], "first_seen": "2025-02-12" }, { "value": "intenseapi.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1002", "title": "CISA KEV: CVE-2024-41710 \u2014 Mitel SIP Phones Argument Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-12", "sev": "crit" } ], "first_seen": "2025-02-12" }, { "value": "49.12.198.231", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-1000", "title": "Do not pass GO - Malicious Package Alert", "link": "https://snyk.io/blog/go-malicious-package-alert/", "published": "2025-02-12", "sev": "crit" } ], "first_seen": "2025-02-12" }, { "value": "91.92.243.233", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1002", "title": "CISA KEV: CVE-2024-41710 \u2014 Mitel SIP Phones Argument Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-12", "sev": "crit" } ], "first_seen": "2025-02-12" }, { "value": "e06c3f5c32aaa422e66056290eb566065afe2ce611fe019f3ba804af939ac1a3", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1002", "title": "CISA KEV: CVE-2024-41710 \u2014 Mitel SIP Phones Argument Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-12", "sev": "crit" } ], "first_seen": "2025-02-12" }, { "value": "CVE-2024-40890", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1003", "title": "CISA KEV: CVE-2024-40891 \u2014 Zyxel DSL CPE OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-11", "sev": "crit" } ], "first_seen": "2025-02-11" }, { "value": "CVE-2024-40891", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1003", "title": "CISA KEV: CVE-2024-40891 \u2014 Zyxel DSL CPE OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-11", "sev": "crit" } ], "first_seen": "2025-02-11" }, { "value": "CVE-2025-0890", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1003", "title": "CISA KEV: CVE-2024-40891 \u2014 Zyxel DSL CPE OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-11", "sev": "crit" } ], "first_seen": "2025-02-11" }, { "value": "CVE-2025-21391", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1005", "title": "CISA KEV: CVE-2025-21391 \u2014 Microsoft Windows Storage Link Following Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-11", "sev": "crit" } ], "first_seen": "2025-02-11" }, { "value": "CVE-2025-21418", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1004", "title": "CISA KEV: CVE-2025-21418 \u2014 Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-11", "sev": "crit" } ], "first_seen": "2025-02-11" }, { "value": "CVE-2025-0994", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1006", "title": "CISA KEV: CVE-2025-0994 \u2014 Trimble Cityworks Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-07", "sev": "crit" } ], "first_seen": "2025-02-07" }, { "value": "cdn.lgaircon.xyz", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1006", "title": "CISA KEV: CVE-2025-0994 \u2014 Trimble Cityworks Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-07", "sev": "crit" } ], "first_seen": "2025-02-07" }, { "value": "cdn.phototagx.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1006", "title": "CISA KEV: CVE-2025-0994 \u2014 Trimble Cityworks Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-07", "sev": "crit" } ], "first_seen": "2025-02-07" }, { "value": "lgaircon.xyz", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1006", "title": "CISA KEV: CVE-2025-0994 \u2014 Trimble Cityworks Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-07", "sev": "crit" } ], "first_seen": "2025-02-07" }, { "value": "www.roomako.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1006", "title": "CISA KEV: CVE-2025-0994 \u2014 Trimble Cityworks Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-07", "sev": "crit" } ], "first_seen": "2025-02-07" }, { "value": "192.210.239.172", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1006", "title": "CISA KEV: CVE-2025-0994 \u2014 Trimble Cityworks Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-07", "sev": "crit" } ], "first_seen": "2025-02-07" }, { "value": "14ed3878b6623c287283a8a80020f68e1cb6bfc37b236f33a95f3a64c4f4611f", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1006", "title": "CISA KEV: CVE-2025-0994 \u2014 Trimble Cityworks Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-07", "sev": "crit" } ], "first_seen": "2025-02-07" }, { "value": "1c38e3cda8ac6d79d9da40834367697a209c6b07e6b3ab93b3a4f375b161a901", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1006", "title": "CISA KEV: CVE-2025-0994 \u2014 Trimble Cityworks Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-07", "sev": "crit" } ], "first_seen": "2025-02-07" }, { "value": "1de72c03927bcd2810ce98205ff871ef1ebf4344fba187e126e50caa1e43250b", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1006", "title": "CISA KEV: CVE-2025-0994 \u2014 Trimble Cityworks Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-07", "sev": "crit" } ], "first_seen": "2025-02-07" }, { "value": "4ffc33bdc8527a2e8cb87e49cdc16c3b1480dfc135e507d552f581a67d1850a9", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1006", "title": "CISA KEV: CVE-2025-0994 \u2014 Trimble Cityworks Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-07", "sev": "crit" } ], "first_seen": "2025-02-07" }, { "value": "c02d50d0eb3974818091b8dd91a8bbb8cdefd94d4568a4aea8e1dcdd8869f738", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1006", "title": "CISA KEV: CVE-2025-0994 \u2014 Trimble Cityworks Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-07", "sev": "crit" } ], "first_seen": "2025-02-07" }, { "value": "CVE-2020-15069", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1008", "title": "CISA KEV: CVE-2020-15069 \u2014 Sophos XG Firewall Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-06", "sev": "crit" } ], "first_seen": "2025-02-06" }, { "value": "CVE-2020-29574", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1009", "title": "CISA KEV: CVE-2020-29574 \u2014 CyberoamOS (CROS) SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-06", "sev": "crit" } ], "first_seen": "2025-02-06" }, { "value": "CVE-2022-23748", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1011", "title": "CISA KEV: CVE-2022-23748 \u2014 Dante Discovery Process Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-06", "sev": "crit" } ], "first_seen": "2025-02-06" }, { "value": "CVE-2024-21413", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1010", "title": "CISA KEV: CVE-2024-21413 \u2014 Microsoft Outlook Improper Input Validation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-06", "sev": "crit" } ], "first_seen": "2025-02-06" }, { "value": "CVE-2025-0411", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1012", "title": "CISA KEV: CVE-2025-0411 \u2014 7-Zip Mark of the Web Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-06", "sev": "crit" } ], "first_seen": "2025-02-06" }, { "value": "7786501e3666c1a5071c9c5e5a019e2bc86a1f169d469cc4bfef2fe339aaf384", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1012", "title": "CISA KEV: CVE-2025-0411 \u2014 7-Zip Mark of the Web Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-06", "sev": "crit" } ], "first_seen": "2025-02-06" }, { "value": "84ab6c3e1f2dc98cf4d5b8b739237570416bb82e2edaf078e9868663553c5412", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1012", "title": "CISA KEV: CVE-2025-0411 \u2014 7-Zip Mark of the Web Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-06", "sev": "crit" } ], "first_seen": "2025-02-06" }, { "value": "CVE-2018-19410", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1016", "title": "CISA KEV: CVE-2018-19410 \u2014 Paessler PRTG Network Monitor Local File Inclusion Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-04", "sev": "crit" } ], "first_seen": "2025-02-04" }, { "value": "CVE-2018-9276", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1017", "title": "CISA KEV: CVE-2018-9276 \u2014 Paessler PRTG Network Monitor OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-04", "sev": "crit" } ], "first_seen": "2025-02-04" }, { "value": "CVE-2024-29059", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1018", "title": "CISA KEV: CVE-2024-29059 \u2014 Microsoft .NET Framework Information Disclosure Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-04", "sev": "crit" } ], "first_seen": "2025-02-04" }, { "value": "CVE-2024-45195", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1019", "title": "CISA KEV: CVE-2024-45195 \u2014 Apache OFBiz Forced Browsing Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-02-04", "sev": "crit" } ], "first_seen": "2025-02-04" }, { "value": "CVE-2025-24085", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1020", "title": "CISA KEV: CVE-2025-24085 \u2014 Apple Multiple Products Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-29", "sev": "crit" } ], "first_seen": "2025-01-29" }, { "value": "CVE-2025-23006", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1021", "title": "CISA KEV: CVE-2025-23006 \u2014 SonicWall SMA1000 Appliances Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-24", "sev": "crit" } ], "first_seen": "2025-01-24" }, { "value": "CVE-2020-11023", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1024", "title": "CISA KEV: CVE-2020-11023 \u2014 JQuery Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-23", "sev": "crit" } ], "first_seen": "2025-01-23" }, { "value": "CVE-2024-50603", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1027", "title": "CISA KEV: CVE-2024-50603 \u2014 Aviatrix Controllers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-16", "sev": "crit" } ], "first_seen": "2025-01-16" }, { "value": "107.172.43.186", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1027", "title": "CISA KEV: CVE-2024-50603 \u2014 Aviatrix Controllers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-16", "sev": "crit" } ], "first_seen": "2025-01-16" }, { "value": "172.104.60.176", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1027", "title": "CISA KEV: CVE-2024-50603 \u2014 Aviatrix Controllers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-16", "sev": "crit" } ], "first_seen": "2025-01-16" }, { "value": "83.222.191.91", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1027", "title": "CISA KEV: CVE-2024-50603 \u2014 Aviatrix Controllers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-16", "sev": "crit" } ], "first_seen": "2025-01-16" }, { "value": "91.188.254.21", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1027", "title": "CISA KEV: CVE-2024-50603 \u2014 Aviatrix Controllers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-16", "sev": "crit" } ], "first_seen": "2025-01-16" }, { "value": "1ce0c293f2042b677cd55a393913ec052eded4b9", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1027", "title": "CISA KEV: CVE-2024-50603 \u2014 Aviatrix Controllers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-16", "sev": "crit" } ], "first_seen": "2025-01-16" }, { "value": "41d589a077038048c4b120494719c905e71485ba", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1027", "title": "CISA KEV: CVE-2024-50603 \u2014 Aviatrix Controllers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-16", "sev": "crit" } ], "first_seen": "2025-01-16" }, { "value": "68d88d1918676c87dcd39c7581c3910a9eb94882", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1027", "title": "CISA KEV: CVE-2024-50603 \u2014 Aviatrix Controllers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-16", "sev": "crit" } ], "first_seen": "2025-01-16" }, { "value": "c4f63a3a6cb6b8aae133bd4c5ac6f2fc9020c349", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1027", "title": "CISA KEV: CVE-2024-50603 \u2014 Aviatrix Controllers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-16", "sev": "crit" } ], "first_seen": "2025-01-16" }, { "value": "c63f646edfddb4232afa5618e3fac4eee1b4b115", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1027", "title": "CISA KEV: CVE-2024-50603 \u2014 Aviatrix Controllers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-16", "sev": "crit" } ], "first_seen": "2025-01-16" }, { "value": "e10e750115bf2ae29a8ce8f9fa14e09e66534a15", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1027", "title": "CISA KEV: CVE-2024-50603 \u2014 Aviatrix Controllers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-16", "sev": "crit" } ], "first_seen": "2025-01-16" }, { "value": "CVE-2025-21333", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1031", "title": "CISA KEV: CVE-2025-21335 \u2014 Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-14", "sev": "crit" } ], "first_seen": "2025-01-14" }, { "value": "137.184.65.71", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1032", "title": "CISA KEV: CVE-2024-55591 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-14", "sev": "crit" } ], "first_seen": "2025-01-14" }, { "value": "157.245.3.251", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1032", "title": "CISA KEV: CVE-2024-55591 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-14", "sev": "crit" } ], "first_seen": "2025-01-14" }, { "value": "167.71.245.10", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1032", "title": "CISA KEV: CVE-2024-55591 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-14", "sev": "crit" } ], "first_seen": "2025-01-14" }, { "value": "23.27.140.65", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1032", "title": "CISA KEV: CVE-2024-55591 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-14", "sev": "crit" } ], "first_seen": "2025-01-14" }, { "value": "31.192.107.165", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1032", "title": "CISA KEV: CVE-2024-55591 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-14", "sev": "crit" } ], "first_seen": "2025-01-14" }, { "value": "37.19.196.65", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1032", "title": "CISA KEV: CVE-2024-55591 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-14", "sev": "crit" } ], "first_seen": "2025-01-14" }, { "value": "64.190.113.25", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1032", "title": "CISA KEV: CVE-2024-55591 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-14", "sev": "crit" } ], "first_seen": "2025-01-14" }, { "value": "66.135.27.178", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1032", "title": "CISA KEV: CVE-2024-55591 \u2014 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-14", "sev": "crit" } ], "first_seen": "2025-01-14" }, { "value": "CVE-2023-41265", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1033", "title": "CISA KEV: CVE-2023-48365 \u2014 Qlik Sense HTTP Tunneling Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-13", "sev": "crit" } ], "first_seen": "2025-01-13" }, { "value": "CVE-2023-41266", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1033", "title": "CISA KEV: CVE-2023-48365 \u2014 Qlik Sense HTTP Tunneling Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-13", "sev": "crit" } ], "first_seen": "2025-01-13" }, { "value": "CVE-2023-48365", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1033", "title": "CISA KEV: CVE-2023-48365 \u2014 Qlik Sense HTTP Tunneling Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-13", "sev": "crit" } ], "first_seen": "2025-01-13" }, { "value": "CVE-2024-12356", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1034", "title": "CISA KEV: CVE-2024-12686 \u2014 BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-13", "sev": "crit" }, { "id": "art-1045", "title": "CISA KEV: CVE-2024-12356 \u2014 BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-19", "sev": "crit" } ], "first_seen": "2025-01-13" }, { "value": "CVE-2024-12686", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1034", "title": "CISA KEV: CVE-2024-12686 \u2014 BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-13", "sev": "crit" }, { "id": "art-1045", "title": "CISA KEV: CVE-2024-12356 \u2014 BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-19", "sev": "crit" } ], "first_seen": "2025-01-13" }, { "value": "q983.requestcatcher.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1033", "title": "CISA KEV: CVE-2023-48365 \u2014 Qlik Sense HTTP Tunneling Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-13", "sev": "crit" } ], "first_seen": "2025-01-13" }, { "value": "zohoservice.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1033", "title": "CISA KEV: CVE-2023-48365 \u2014 Qlik Sense HTTP Tunneling Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-13", "sev": "crit" } ], "first_seen": "2025-01-13" }, { "value": "144.172.122.30", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1033", "title": "CISA KEV: CVE-2023-48365 \u2014 Qlik Sense HTTP Tunneling Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-13", "sev": "crit" } ], "first_seen": "2025-01-13" }, { "value": "216.107.136.46", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1033", "title": "CISA KEV: CVE-2023-48365 \u2014 Qlik Sense HTTP Tunneling Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-13", "sev": "crit" } ], "first_seen": "2025-01-13" }, { "value": "45.61.147.176", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1033", "title": "CISA KEV: CVE-2023-48365 \u2014 Qlik Sense HTTP Tunneling Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-13", "sev": "crit" } ], "first_seen": "2025-01-13" }, { "value": "94.156.71.115", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1033", "title": "CISA KEV: CVE-2023-48365 \u2014 Qlik Sense HTTP Tunneling Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-13", "sev": "crit" } ], "first_seen": "2025-01-13" }, { "value": "CVE-2025-0282", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1037", "title": "CISA KEV: CVE-2025-0282 \u2014 Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-08", "sev": "crit" } ], "first_seen": "2025-01-08" }, { "value": "CVE-2025-0283", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1037", "title": "CISA KEV: CVE-2025-0282 \u2014 Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-08", "sev": "crit" } ], "first_seen": "2025-01-08" }, { "value": "61bb586dc4e047ab081ef6ca65684e48", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1037", "title": "CISA KEV: CVE-2025-0282 \u2014 Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-08", "sev": "crit" } ], "first_seen": "2025-01-08" }, { "value": "a638fd203ddb540d0484d8e00490df06", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1037", "title": "CISA KEV: CVE-2025-0282 \u2014 Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-08", "sev": "crit" } ], "first_seen": "2025-01-08" }, { "value": "d18e5425ecd9608ecb992606b974e15d", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1037", "title": "CISA KEV: CVE-2025-0282 \u2014 Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-08", "sev": "crit" } ], "first_seen": "2025-01-08" }, { "value": "e7d24813535f74187db31d4114f607a1", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1037", "title": "CISA KEV: CVE-2025-0282 \u2014 Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-08", "sev": "crit" } ], "first_seen": "2025-01-08" }, { "value": "CVE-2020-2555", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1038", "title": "CISA KEV: CVE-2020-2883 \u2014 Oracle WebLogic Server Unspecified Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-07", "sev": "crit" } ], "first_seen": "2025-01-07" }, { "value": "CVE-2020-2883", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1038", "title": "CISA KEV: CVE-2020-2883 \u2014 Oracle WebLogic Server Unspecified Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-07", "sev": "crit" } ], "first_seen": "2025-01-07" }, { "value": "CVE-2024-41713", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1039", "title": "CISA KEV: CVE-2024-55550 \u2014 Mitel MiCollab Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-07", "sev": "crit" } ], "first_seen": "2025-01-07" }, { "value": "CVE-2024-55550", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1039", "title": "CISA KEV: CVE-2024-55550 \u2014 Mitel MiCollab Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-01-07", "sev": "crit" } ], "first_seen": "2025-01-07" }, { "value": "CVE-2024-3393", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1042", "title": "CISA KEV: CVE-2024-3393 \u2014 Palo Alto Networks PAN-OS Malicious DNS Packet Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-30", "sev": "crit" } ], "first_seen": "2024-12-30" }, { "value": "CVE-2020-0688", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1044", "title": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-23", "sev": "crit" } ], "first_seen": "2024-12-23" }, { "value": "CVE-2021-44207", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1044", "title": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-23", "sev": "crit" } ], "first_seen": "2024-12-23" }, { "value": "CVE-2021-44228", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV", "Snyk" ], "articles": [ { "id": "art-1044", "title": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-23", "sev": "crit" }, { "id": "art-1165", "title": "The persistent threat: Why major vulnerabilities like Log4Shell and Spring4Shell remain significant", "link": "https://snyk.io/blog/log4shell-spring4shell-threat/", "published": "2024-08-29", "sev": "high" } ], "first_seen": "2024-12-23" }, { "value": "afdentry.workstation.eu.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1044", "title": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-23", "sev": "crit" } ], "first_seen": "2024-12-23" }, { "value": "cdn.ns.time12.cf", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1044", "title": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-23", "sev": "crit" } ], "first_seen": "2024-12-23" }, { "value": "east.winsproxy.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1044", "title": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-23", "sev": "crit" } ], "first_seen": "2024-12-23" }, { "value": "ns1.entrydns.eu.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1044", "title": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-23", "sev": "crit" } ], "first_seen": "2024-12-23" }, { "value": "subnet.milli-seconds.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1044", "title": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-23", "sev": "crit" } ], "first_seen": "2024-12-23" }, { "value": "work.queryip.cf", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1044", "title": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-23", "sev": "crit" } ], "first_seen": "2024-12-23" }, { "value": "work.viewdns.ml", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1044", "title": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-23", "sev": "crit" } ], "first_seen": "2024-12-23" }, { "value": "107.172.210.69", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1044", "title": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-23", "sev": "crit" } ], "first_seen": "2024-12-23" }, { "value": "149.28.15.152", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1044", "title": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-23", "sev": "crit" } ], "first_seen": "2024-12-23" }, { "value": "172.104.206.48", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1044", "title": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-23", "sev": "crit" } ], "first_seen": "2024-12-23" }, { "value": "18.118.56.237", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1044", "title": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-23", "sev": "crit" } ], "first_seen": "2024-12-23" }, { "value": "185.118.167.40", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1044", "title": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-23", "sev": "crit" } ], "first_seen": "2024-12-23" }, { "value": "194.156.98.12", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1044", "title": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-23", "sev": "crit" } ], "first_seen": "2024-12-23" }, { "value": "194.195.125.121", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1044", "title": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-23", "sev": "crit" } ], "first_seen": "2024-12-23" }, { "value": "20.121.42.11", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1044", "title": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-23", "sev": "crit" } ], "first_seen": "2024-12-23" }, { "value": "34.139.13.46", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1044", "title": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-23", "sev": "crit" } ], "first_seen": "2024-12-23" }, { "value": "45.153.231.31", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1044", "title": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-23", "sev": "crit" } ], "first_seen": "2024-12-23" }, { "value": "45.84.1.181", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1044", "title": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-23", "sev": "crit" } ], "first_seen": "2024-12-23" }, { "value": "54.248.110.45", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1044", "title": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-23", "sev": "crit" } ], "first_seen": "2024-12-23" }, { "value": "54.80.67.241", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1044", "title": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-23", "sev": "crit" } ], "first_seen": "2024-12-23" }, { "value": "67.205.132.162", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1044", "title": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-23", "sev": "crit" } ], "first_seen": "2024-12-23" }, { "value": "143278845a3f5276a1dd5860e7488313", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1044", "title": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-23", "sev": "crit" } ], "first_seen": "2024-12-23" }, { "value": "49f1daea8a115dd6fce51a1328d863cf", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1044", "title": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-23", "sev": "crit" } ], "first_seen": "2024-12-23" }, { "value": "900ca3ee85dfc109baeed4888ccb5d39", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1044", "title": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-23", "sev": "crit" } ], "first_seen": "2024-12-23" }, { "value": "b108b28138b93ec4822e165b82e41c7a", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1044", "title": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-23", "sev": "crit" } ], "first_seen": "2024-12-23" }, { "value": "b82456963d04f44e83442b6393face47", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1044", "title": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-23", "sev": "crit" } ], "first_seen": "2024-12-23" }, { "value": "355b3ff61db44d18003537be8496eb03536e300f", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1044", "title": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-23", "sev": "crit" } ], "first_seen": "2024-12-23" }, { "value": "6f6b51e6c88e5252a2a117ca1cfb57934930166b", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1044", "title": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-23", "sev": "crit" } ], "first_seen": "2024-12-23" }, { "value": "7056b044f97e3e349e3e0183311bb44b0bc3464f", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1044", "title": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-23", "sev": "crit" } ], "first_seen": "2024-12-23" }, { "value": "996aa691bbc1250b571a2f5423a5d5e2da8317e6", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1044", "title": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-23", "sev": "crit" } ], "first_seen": "2024-12-23" }, { "value": "e85427af661fe5e853c8c9398dc46ddde50e2241", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1044", "title": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-23", "sev": "crit" } ], "first_seen": "2024-12-23" }, { "value": "062a7399100454c7a523a938293bef7ddb0bc10636fd402be5f9797d8cc3c57e", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1044", "title": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-23", "sev": "crit" } ], "first_seen": "2024-12-23" }, { "value": "a4647fcb35c79f26354c34452e4a03a1e4e338a80b2c29db97bba4088a208ad0", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1044", "title": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-23", "sev": "crit" } ], "first_seen": "2024-12-23" }, { "value": "d7e8cc6c19ceebf0e125c9f18b50167c0ee65294b3fce179fdab560e3e8e0192", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1044", "title": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-23", "sev": "crit" } ], "first_seen": "2024-12-23" }, { "value": "e024ccc4c72eb5813cc2b6db7975e4750337a1cc619d7339b21fdbb32d93fd85", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1044", "title": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-23", "sev": "crit" } ], "first_seen": "2024-12-23" }, { "value": "ebf28e56ae5873102b51da2cc49cbbe43192ca2f318c4dfc874448d9b85ebd00", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1044", "title": "CISA KEV: CVE-2021-44207 \u2014 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-23", "sev": "crit" } ], "first_seen": "2024-12-23" }, { "value": "CVE-2011-5325", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1049", "title": "CISA KEV: CVE-2022-23227 \u2014 NUUO NVRmini2 Devices Missing Authentication Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-18", "sev": "crit" } ], "first_seen": "2024-12-18" }, { "value": "CVE-2018-14933", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1050", "title": "CISA KEV: CVE-2018-14933 \u2014 NUUO NVRmini Devices OS Command Injection Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-18", "sev": "crit" } ], "first_seen": "2024-12-18" }, { "value": "CVE-2019-11001", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1048", "title": "CISA KEV: CVE-2019-11001 \u2014 Reolink Multiple IP Cameras OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-18", "sev": "crit" } ], "first_seen": "2024-12-18" }, { "value": "CVE-2021-40407", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1047", "title": "CISA KEV: CVE-2021-40407 \u2014 Reolink RLC-410W IP Camera OS Command Injection Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-18", "sev": "crit" } ], "first_seen": "2024-12-18" }, { "value": "CVE-2022-23227", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1049", "title": "CISA KEV: CVE-2022-23227 \u2014 NUUO NVRmini2 Devices Missing Authentication Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-18", "sev": "crit" } ], "first_seen": "2024-12-18" }, { "value": "CVE-2024-50623", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1051", "title": "CISA KEV: CVE-2024-55956 \u2014 Cleo Multiple Products Unauthenticated File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-17", "sev": "crit" }, { "id": "art-1054", "title": "CISA KEV: CVE-2024-50623 \u2014 Cleo Multiple Products Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-13", "sev": "crit" } ], "first_seen": "2024-12-17" }, { "value": "CVE-2024-55956", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1051", "title": "CISA KEV: CVE-2024-55956 \u2014 Cleo Multiple Products Unauthenticated File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-17", "sev": "crit" }, { "id": "art-1054", "title": "CISA KEV: CVE-2024-50623 \u2014 Cleo Multiple Products Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-13", "sev": "crit" } ], "first_seen": "2024-12-17" }, { "value": "176.123.10.115", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1051", "title": "CISA KEV: CVE-2024-55956 \u2014 Cleo Multiple Products Unauthenticated File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-17", "sev": "crit" }, { "id": "art-1054", "title": "CISA KEV: CVE-2024-50623 \u2014 Cleo Multiple Products Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-13", "sev": "crit" } ], "first_seen": "2024-12-17" }, { "value": "176.123.5.126", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1051", "title": "CISA KEV: CVE-2024-55956 \u2014 Cleo Multiple Products Unauthenticated File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-17", "sev": "crit" }, { "id": "art-1054", "title": "CISA KEV: CVE-2024-50623 \u2014 Cleo Multiple Products Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-13", "sev": "crit" } ], "first_seen": "2024-12-17" }, { "value": "181.214.147.164", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1051", "title": "CISA KEV: CVE-2024-55956 \u2014 Cleo Multiple Products Unauthenticated File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-17", "sev": "crit" }, { "id": "art-1054", "title": "CISA KEV: CVE-2024-50623 \u2014 Cleo Multiple Products Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-13", "sev": "crit" } ], "first_seen": "2024-12-17" }, { "value": "185.162.128.133", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1051", "title": "CISA KEV: CVE-2024-55956 \u2014 Cleo Multiple Products Unauthenticated File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-17", "sev": "crit" }, { "id": "art-1054", "title": "CISA KEV: CVE-2024-50623 \u2014 Cleo Multiple Products Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-13", "sev": "crit" } ], "first_seen": "2024-12-17" }, { "value": "185.163.204.137", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1051", "title": "CISA KEV: CVE-2024-55956 \u2014 Cleo Multiple Products Unauthenticated File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-17", "sev": "crit" }, { "id": "art-1054", "title": "CISA KEV: CVE-2024-50623 \u2014 Cleo Multiple Products Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-13", "sev": "crit" } ], "first_seen": "2024-12-17" }, { "value": "185.181.230.103", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1051", "title": "CISA KEV: CVE-2024-55956 \u2014 Cleo Multiple Products Unauthenticated File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-17", "sev": "crit" }, { "id": "art-1054", "title": "CISA KEV: CVE-2024-50623 \u2014 Cleo Multiple Products Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-13", "sev": "crit" } ], "first_seen": "2024-12-17" }, { "value": "192.119.99.42", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1051", "title": "CISA KEV: CVE-2024-55956 \u2014 Cleo Multiple Products Unauthenticated File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-17", "sev": "crit" }, { "id": "art-1054", "title": "CISA KEV: CVE-2024-50623 \u2014 Cleo Multiple Products Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-13", "sev": "crit" } ], "first_seen": "2024-12-17" }, { "value": "209.127.12.38", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1051", "title": "CISA KEV: CVE-2024-55956 \u2014 Cleo Multiple Products Unauthenticated File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-17", "sev": "crit" }, { "id": "art-1054", "title": "CISA KEV: CVE-2024-50623 \u2014 Cleo Multiple Products Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-13", "sev": "crit" } ], "first_seen": "2024-12-17" }, { "value": "45.182.189.102", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1051", "title": "CISA KEV: CVE-2024-55956 \u2014 Cleo Multiple Products Unauthenticated File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-17", "sev": "crit" }, { "id": "art-1054", "title": "CISA KEV: CVE-2024-50623 \u2014 Cleo Multiple Products Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-13", "sev": "crit" } ], "first_seen": "2024-12-17" }, { "value": "5.149.249.226", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1051", "title": "CISA KEV: CVE-2024-55956 \u2014 Cleo Multiple Products Unauthenticated File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-17", "sev": "crit" }, { "id": "art-1054", "title": "CISA KEV: CVE-2024-50623 \u2014 Cleo Multiple Products Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-13", "sev": "crit" } ], "first_seen": "2024-12-17" }, { "value": "89.248.172.139", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1051", "title": "CISA KEV: CVE-2024-55956 \u2014 Cleo Multiple Products Unauthenticated File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-17", "sev": "crit" }, { "id": "art-1054", "title": "CISA KEV: CVE-2024-50623 \u2014 Cleo Multiple Products Unrestricted File Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-13", "sev": "crit" } ], "first_seen": "2024-12-17" }, { "value": "CVE-2023-26347", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1053", "title": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-16", "sev": "crit" } ], "first_seen": "2024-12-16" }, { "value": "CVE-2023-26359", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1053", "title": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-16", "sev": "crit" } ], "first_seen": "2024-12-16" }, { "value": "CVE-2023-29298", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1053", "title": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-16", "sev": "crit" } ], "first_seen": "2024-12-16" }, { "value": "CVE-2023-29300", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1053", "title": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-16", "sev": "crit" } ], "first_seen": "2024-12-16" }, { "value": "CVE-2023-38203", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1053", "title": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-16", "sev": "crit" } ], "first_seen": "2024-12-16" }, { "value": "CVE-2023-38204", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1053", "title": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-16", "sev": "crit" } ], "first_seen": "2024-12-16" }, { "value": "CVE-2023-38205", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1053", "title": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-16", "sev": "crit" } ], "first_seen": "2024-12-16" }, { "value": "CVE-2023-44352", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1053", "title": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-16", "sev": "crit" } ], "first_seen": "2024-12-16" }, { "value": "CVE-2023-44353", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1053", "title": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-16", "sev": "crit" } ], "first_seen": "2024-12-16" }, { "value": "CVE-2024-20767", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1053", "title": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-16", "sev": "crit" } ], "first_seen": "2024-12-16" }, { "value": "CVE-2024-35250", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1052", "title": "CISA KEV: CVE-2024-35250 \u2014 Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-16", "sev": "crit" } ], "first_seen": "2024-12-16" }, { "value": "oast.fun", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1053", "title": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-16", "sev": "crit" }, { "id": "art-1153", "title": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-13", "sev": "crit" } ], "first_seen": "2024-12-16" }, { "value": "oast.live", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1053", "title": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-16", "sev": "crit" } ], "first_seen": "2024-12-16" }, { "value": "oast.me", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1053", "title": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-16", "sev": "crit" } ], "first_seen": "2024-12-16" }, { "value": "oast.online", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1053", "title": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-16", "sev": "crit" } ], "first_seen": "2024-12-16" }, { "value": "oast.pro", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1053", "title": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-16", "sev": "crit" } ], "first_seen": "2024-12-16" }, { "value": "oast.site", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1053", "title": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-16", "sev": "crit" } ], "first_seen": "2024-12-16" }, { "value": "134.122.136.119", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1053", "title": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-16", "sev": "crit" } ], "first_seen": "2024-12-16" }, { "value": "134.122.136.96", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1053", "title": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-16", "sev": "crit" } ], "first_seen": "2024-12-16" }, { "value": "172.81.132.99", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1053", "title": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-16", "sev": "crit" } ], "first_seen": "2024-12-16" }, { "value": "23.234.85.20", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1053", "title": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-16", "sev": "crit" } ], "first_seen": "2024-12-16" }, { "value": "38.225.206.87", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1053", "title": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-16", "sev": "crit" } ], "first_seen": "2024-12-16" }, { "value": "38.225.206.88", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1053", "title": "CISA KEV: CVE-2024-20767 \u2014 Adobe ColdFusion Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-16", "sev": "crit" } ], "first_seen": "2024-12-16" }, { "value": "connect.consrensys.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1055", "title": "Ultralytics AI Pwn Request Supply Chain Attack", "link": "https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/", "published": "2024-12-11", "sev": "high" } ], "first_seen": "2024-12-11" }, { "value": "webhook.site/1e6c12e8-aaeb-4349-98ad-a7196e632c5a", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1055", "title": "Ultralytics AI Pwn Request Supply Chain Attack", "link": "https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/", "published": "2024-12-11", "sev": "high" } ], "first_seen": "2024-12-11" }, { "value": "webhook.site/ecd706a0-f207-4df2-b639-d326ef3c2fe1", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1055", "title": "Ultralytics AI Pwn Request Supply Chain Attack", "link": "https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/", "published": "2024-12-11", "sev": "high" } ], "first_seen": "2024-12-11" }, { "value": "059beed5bcdfea16c05b4d45560c97abfd4af3de", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1055", "title": "Ultralytics AI Pwn Request Supply Chain Attack", "link": "https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/", "published": "2024-12-11", "sev": "high" } ], "first_seen": "2024-12-11" }, { "value": "62b6532384bdd9b96af5ac684d87f52efb48f7de", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1055", "title": "Ultralytics AI Pwn Request Supply Chain Attack", "link": "https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/", "published": "2024-12-11", "sev": "high" } ], "first_seen": "2024-12-11" }, { "value": "7c6136cf4e857582c2f086673359be94e7e4b702", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1055", "title": "Ultralytics AI Pwn Request Supply Chain Attack", "link": "https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/", "published": "2024-12-11", "sev": "high" } ], "first_seen": "2024-12-11" }, { "value": "96f496ac5c64f3c884676dd99d6edbe7fa596255", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1055", "title": "Ultralytics AI Pwn Request Supply Chain Attack", "link": "https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/", "published": "2024-12-11", "sev": "high" } ], "first_seen": "2024-12-11" }, { "value": "a1f1e3ede7c7e6ae650a294630214ce7fa596255", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1055", "title": "Ultralytics AI Pwn Request Supply Chain Attack", "link": "https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/", "published": "2024-12-11", "sev": "high" } ], "first_seen": "2024-12-11" }, { "value": "bea3060707e6f3fec47aa2af64ea2e774b56e9f5", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1055", "title": "Ultralytics AI Pwn Request Supply Chain Attack", "link": "https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/", "published": "2024-12-11", "sev": "high" } ], "first_seen": "2024-12-11" }, { "value": "dd0577b10e73792f2b2315af63b872fe4123ec9c", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1055", "title": "Ultralytics AI Pwn Request Supply Chain Attack", "link": "https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/", "published": "2024-12-11", "sev": "high" } ], "first_seen": "2024-12-11" }, { "value": "ee304a92a9e68e7923d7a37a370c7556ac596250", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1055", "title": "Ultralytics AI Pwn Request Supply Chain Attack", "link": "https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/", "published": "2024-12-11", "sev": "high" } ], "first_seen": "2024-12-11" }, { "value": "15bcffd83cda47082acb081eaf7270a38c497b3a2bc6e917582bda8a5b0f7bab", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1055", "title": "Ultralytics AI Pwn Request Supply Chain Attack", "link": "https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/", "published": "2024-12-11", "sev": "high" } ], "first_seen": "2024-12-11" }, { "value": "4347625838a5cb0e9d29f3ec76ed8365b31b281103b716952bf64d37cf309785", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1055", "title": "Ultralytics AI Pwn Request Supply Chain Attack", "link": "https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/", "published": "2024-12-11", "sev": "high" } ], "first_seen": "2024-12-11" }, { "value": "6a9d121f538cad60cabd9369a951ec4405a081c664311a90537f0a7a61b0f3e5", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1055", "title": "Ultralytics AI Pwn Request Supply Chain Attack", "link": "https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/", "published": "2024-12-11", "sev": "high" } ], "first_seen": "2024-12-11" }, { "value": "b0e1ae6d73d656b203514f498b59cbcf29f067edf6fbd3803a3de7d21960848d", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1055", "title": "Ultralytics AI Pwn Request Supply Chain Attack", "link": "https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/", "published": "2024-12-11", "sev": "high" } ], "first_seen": "2024-12-11" }, { "value": "b6ea1681855ec2f73c643ea2acfcf7ae084a9648f888d4bd1e3e119ec15c3495", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1055", "title": "Ultralytics AI Pwn Request Supply Chain Attack", "link": "https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/", "published": "2024-12-11", "sev": "high" } ], "first_seen": "2024-12-11" }, { "value": "c9c3401536fd9a0b6012aec9169d2c1fc1368b7073503384cfc0b38c47b1d7e1", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1055", "title": "Ultralytics AI Pwn Request Supply Chain Attack", "link": "https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/", "published": "2024-12-11", "sev": "high" } ], "first_seen": "2024-12-11" }, { "value": "e9d538203ac43e9df11b68803470c116b7bb02881cd06175b0edfc4438d4d1a2", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1055", "title": "Ultralytics AI Pwn Request Supply Chain Attack", "link": "https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/", "published": "2024-12-11", "sev": "high" } ], "first_seen": "2024-12-11" }, { "value": "ec12cd32729e8abea5258478731e70ccc5a7c6c4847dde78488b8dd0b91b8555", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1055", "title": "Ultralytics AI Pwn Request Supply Chain Attack", "link": "https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/", "published": "2024-12-11", "sev": "high" } ], "first_seen": "2024-12-11" }, { "value": "f08d47cb3e1e848b5607ac44baedf1754b201b6b90dfc527d6cefab1dd2d2c23", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1055", "title": "Ultralytics AI Pwn Request Supply Chain Attack", "link": "https://snyk.io/blog/ultralytics-ai-pwn-request-supply-chain-attack/", "published": "2024-12-11", "sev": "high" } ], "first_seen": "2024-12-11" }, { "value": "CVE-2024-49138", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1058", "title": "CISA KEV: CVE-2024-49138 \u2014 Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-10", "sev": "crit" } ], "first_seen": "2024-12-10" }, { "value": "CVE-2024-51378", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1060", "title": "CISA KEV: CVE-2024-51378 \u2014 CyberPanel Incorrect Default Permissions Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-04", "sev": "crit" }, { "id": "art-1091", "title": "CISA KEV: CVE-2024-51567 \u2014 CyberPanel Incorrect Default Permissions Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-07", "sev": "crit" } ], "first_seen": "2024-12-04" }, { "value": "CVE-2023-27997", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1065", "title": "CISA KEV: CVE-2023-45727 \u2014 North Grid Proself Improper Restriction of XML External Entity (XXE) Reference Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-03", "sev": "crit" } ], "first_seen": "2024-12-03" }, { "value": "CVE-2023-28461", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1065", "title": "CISA KEV: CVE-2023-45727 \u2014 North Grid Proself Improper Restriction of XML External Entity (XXE) Reference Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-03", "sev": "crit" }, { "id": "art-1069", "title": "CISA KEV: CVE-2023-28461 \u2014 Array Networks AG and vxAG ArrayOS Missing Authentication for Critical Function Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-25", "sev": "crit" } ], "first_seen": "2024-12-03" }, { "value": "CVE-2023-45727", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1065", "title": "CISA KEV: CVE-2023-45727 \u2014 North Grid Proself Improper Restriction of XML External Entity (XXE) Reference Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-03", "sev": "crit" } ], "first_seen": "2024-12-03" }, { "value": "CVE-2024-11667", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1063", "title": "CISA KEV: CVE-2024-11667 \u2014 Zyxel Multiple Firewalls Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-03", "sev": "crit" } ], "first_seen": "2024-12-03" }, { "value": "CVE-2024-11680", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1064", "title": "CISA KEV: CVE-2024-11680 \u2014 ProjectSend Improper Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-03", "sev": "crit" } ], "first_seen": "2024-12-03" }, { "value": "CVE-2024-42057", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1063", "title": "CISA KEV: CVE-2024-11667 \u2014 Zyxel Multiple Firewalls Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-03", "sev": "crit" } ], "first_seen": "2024-12-03" }, { "value": "0bfe25de8c46834e9a7c216f99057d855e272eafafdfef98a6012cecbbdcfabf", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1063", "title": "CISA KEV: CVE-2024-11667 \u2014 Zyxel Multiple Firewalls Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-03", "sev": "crit" } ], "first_seen": "2024-12-03" }, { "value": "2621c5c7e1c12560c6062fdf2eeeb815de4ce3856376022a1a9f8421b4bae8e1", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1063", "title": "CISA KEV: CVE-2024-11667 \u2014 Zyxel Multiple Firewalls Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-03", "sev": "crit" } ], "first_seen": "2024-12-03" }, { "value": "2b15e09b98bc2835a4430c4560d3f5b25011141c9efa4331f66e9a707e2a23c0", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1063", "title": "CISA KEV: CVE-2024-11667 \u2014 Zyxel Multiple Firewalls Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-03", "sev": "crit" } ], "first_seen": "2024-12-03" }, { "value": "3e3fad9888856ce195c9c239ad014074f687ba288c78ef26660be93ddd97289e", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1063", "title": "CISA KEV: CVE-2024-11667 \u2014 Zyxel Multiple Firewalls Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-03", "sev": "crit" } ], "first_seen": "2024-12-03" }, { "value": "47635e2cf9d41cab4b73f2a37e6a59a7de29428b75a7b4481205aee4330d4d19", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1063", "title": "CISA KEV: CVE-2024-11667 \u2014 Zyxel Multiple Firewalls Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-03", "sev": "crit" } ], "first_seen": "2024-12-03" }, { "value": "67aea3de7ab23b72e02347cbf6514f28fb726d313e62934b5de6d154215ee733", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1063", "title": "CISA KEV: CVE-2024-11667 \u2014 Zyxel Multiple Firewalls Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-03", "sev": "crit" } ], "first_seen": "2024-12-03" }, { "value": "6ef9a0b6301d737763f6c59ae6d5b3be4cf38941a69517be0f069d0a35f394dd", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1063", "title": "CISA KEV: CVE-2024-11667 \u2014 Zyxel Multiple Firewalls Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-03", "sev": "crit" } ], "first_seen": "2024-12-03" }, { "value": "7731d73e048a351205615821b90ed4f2507abc65acf4d6fe30ecdb211f0b0872", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1063", "title": "CISA KEV: CVE-2024-11667 \u2014 Zyxel Multiple Firewalls Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-03", "sev": "crit" } ], "first_seen": "2024-12-03" }, { "value": "7cd7c04c62d2a8b4697ceebbe7dd95c910d687e4a6989c1d839117e55c1cafd7", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1063", "title": "CISA KEV: CVE-2024-11667 \u2014 Zyxel Multiple Firewalls Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-03", "sev": "crit" } ], "first_seen": "2024-12-03" }, { "value": "9ab19741ac36e198fb2fd912620bf320aa7fdeeeb8d4a9e956f3eb3d2092c92c", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1063", "title": "CISA KEV: CVE-2024-11667 \u2014 Zyxel Multiple Firewalls Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-03", "sev": "crit" } ], "first_seen": "2024-12-03" }, { "value": "cb48e4298b216ae532cfd3c89c8f2cbd1e32bb402866d2c81682c6671aa4f8ea", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1063", "title": "CISA KEV: CVE-2024-11667 \u2014 Zyxel Multiple Firewalls Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-03", "sev": "crit" } ], "first_seen": "2024-12-03" }, { "value": "ccd78d3eba6c53959835c6407d81262d3094e8d06bf2712fefa4b04baadd4bfe", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1063", "title": "CISA KEV: CVE-2024-11667 \u2014 Zyxel Multiple Firewalls Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-12-03", "sev": "crit" } ], "first_seen": "2024-12-03" }, { "value": "CVE-2024-21287", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1071", "title": "CISA KEV: CVE-2024-21287 \u2014 Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-21", "sev": "crit" } ], "first_seen": "2024-11-21" }, { "value": "CVE-2024-44308", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1072", "title": "CISA KEV: CVE-2024-44309 \u2014 Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-21", "sev": "crit" }, { "id": "art-1073", "title": "CISA KEV: CVE-2024-44308 \u2014 Apple Multiple Products Code Execution Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-21", "sev": "crit" } ], "first_seen": "2024-11-21" }, { "value": "CVE-2024-44309", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1072", "title": "CISA KEV: CVE-2024-44309 \u2014 Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-21", "sev": "crit" }, { "id": "art-1073", "title": "CISA KEV: CVE-2024-44308 \u2014 Apple Multiple Products Code Execution Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-21", "sev": "crit" } ], "first_seen": "2024-11-21" }, { "value": "CVE-2024-38812", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1074", "title": "CISA KEV: CVE-2024-38813 \u2014 VMware vCenter Server Privilege Escalation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-20", "sev": "crit" }, { "id": "art-1075", "title": "CISA KEV: CVE-2024-38812 \u2014 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-20", "sev": "crit" } ], "first_seen": "2024-11-20" }, { "value": "CVE-2024-38813", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1074", "title": "CISA KEV: CVE-2024-38813 \u2014 VMware vCenter Server Privilege Escalation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-20", "sev": "crit" } ], "first_seen": "2024-11-20" }, { "value": "CVE-2024-0012", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1078", "title": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-18", "sev": "crit" } ], "first_seen": "2024-11-18" }, { "value": "CVE-2024-1212", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1079", "title": "CISA KEV: CVE-2024-1212 \u2014 Progress Kemp LoadMaster OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-18", "sev": "crit" } ], "first_seen": "2024-11-18" }, { "value": "103.112.106.17", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1078", "title": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-18", "sev": "crit" } ], "first_seen": "2024-11-18" }, { "value": "104.28.208.123", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1078", "title": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-18", "sev": "crit" } ], "first_seen": "2024-11-18" }, { "value": "104.28.240.123", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1078", "title": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-18", "sev": "crit" } ], "first_seen": "2024-11-18" }, { "value": "136.144.17.146", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1078", "title": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-18", "sev": "crit" } ], "first_seen": "2024-11-18" }, { "value": "136.144.17.149", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1078", "title": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-18", "sev": "crit" } ], "first_seen": "2024-11-18" }, { "value": "136.144.17.154", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1078", "title": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-18", "sev": "crit" } ], "first_seen": "2024-11-18" }, { "value": "136.144.17.158", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1078", "title": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-18", "sev": "crit" } ], "first_seen": "2024-11-18" }, { "value": "136.144.17.161", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1078", "title": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-18", "sev": "crit" } ], "first_seen": "2024-11-18" }, { "value": "136.144.17.164", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1078", "title": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-18", "sev": "crit" } ], "first_seen": "2024-11-18" }, { "value": "136.144.17.166", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1078", "title": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-18", "sev": "crit" } ], "first_seen": "2024-11-18" }, { "value": "136.144.17.167", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1078", "title": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-18", "sev": "crit" } ], "first_seen": "2024-11-18" }, { "value": "136.144.17.170", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1078", "title": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-18", "sev": "crit" } ], "first_seen": "2024-11-18" }, { "value": "136.144.17.176", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1078", "title": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-18", "sev": "crit" } ], "first_seen": "2024-11-18" }, { "value": "136.144.17.177", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1078", "title": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-18", "sev": "crit" } ], "first_seen": "2024-11-18" }, { "value": "136.144.17.178", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1078", "title": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-18", "sev": "crit" } ], "first_seen": "2024-11-18" }, { "value": "136.144.17.180", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1078", "title": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-18", "sev": "crit" } ], "first_seen": "2024-11-18" }, { "value": "173.239.218.248", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1078", "title": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-18", "sev": "crit" } ], "first_seen": "2024-11-18" }, { "value": "173.239.218.251", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1078", "title": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-18", "sev": "crit" } ], "first_seen": "2024-11-18" }, { "value": "182.78.17.137", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1078", "title": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-18", "sev": "crit" } ], "first_seen": "2024-11-18" }, { "value": "209.200.246.173", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1078", "title": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-18", "sev": "crit" } ], "first_seen": "2024-11-18" }, { "value": "209.200.246.184", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1078", "title": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-18", "sev": "crit" } ], "first_seen": "2024-11-18" }, { "value": "216.73.160.186", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1078", "title": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-18", "sev": "crit" } ], "first_seen": "2024-11-18" }, { "value": "216.73.162.69", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1078", "title": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-18", "sev": "crit" } ], "first_seen": "2024-11-18" }, { "value": "216.73.162.71", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1078", "title": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-18", "sev": "crit" } ], "first_seen": "2024-11-18" }, { "value": "216.73.162.73", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1078", "title": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-18", "sev": "crit" } ], "first_seen": "2024-11-18" }, { "value": "216.73.162.74", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1078", "title": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-18", "sev": "crit" } ], "first_seen": "2024-11-18" }, { "value": "45.32.110.123", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1078", "title": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-18", "sev": "crit" } ], "first_seen": "2024-11-18" }, { "value": "91.208.197.167", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1078", "title": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-18", "sev": "crit" } ], "first_seen": "2024-11-18" }, { "value": "3c5f9034c86cb1952aa5bb07b4f77ce7d8bb5cc9fe5c029a32c72adc7e814668", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1078", "title": "CISA KEV: CVE-2024-9474 \u2014 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-18", "sev": "crit" } ], "first_seen": "2024-11-18" }, { "value": "CVE-2024-5910", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1081", "title": "CISA KEV: CVE-2024-9465 \u2014 Palo Alto Networks Expedition SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-14", "sev": "crit" }, { "id": "art-1093", "title": "CISA KEV: CVE-2024-5910 \u2014 Palo Alto Networks Expedition Missing Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-07", "sev": "crit" } ], "first_seen": "2024-11-14" }, { "value": "CVE-2024-9463", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1081", "title": "CISA KEV: CVE-2024-9465 \u2014 Palo Alto Networks Expedition SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-14", "sev": "crit" } ], "first_seen": "2024-11-14" }, { "value": "CVE-2024-9464", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1081", "title": "CISA KEV: CVE-2024-9465 \u2014 Palo Alto Networks Expedition SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-14", "sev": "crit" }, { "id": "art-1093", "title": "CISA KEV: CVE-2024-5910 \u2014 Palo Alto Networks Expedition Missing Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-07", "sev": "crit" } ], "first_seen": "2024-11-14" }, { "value": "CVE-2024-9465", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1081", "title": "CISA KEV: CVE-2024-9465 \u2014 Palo Alto Networks Expedition SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-14", "sev": "crit" }, { "id": "art-1093", "title": "CISA KEV: CVE-2024-5910 \u2014 Palo Alto Networks Expedition Missing Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-07", "sev": "crit" } ], "first_seen": "2024-11-14" }, { "value": "CVE-2024-9466", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1081", "title": "CISA KEV: CVE-2024-9465 \u2014 Palo Alto Networks Expedition SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-14", "sev": "crit" }, { "id": "art-1093", "title": "CISA KEV: CVE-2024-5910 \u2014 Palo Alto Networks Expedition Missing Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-07", "sev": "crit" } ], "first_seen": "2024-11-14" }, { "value": "CVE-2024-9467", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1081", "title": "CISA KEV: CVE-2024-9465 \u2014 Palo Alto Networks Expedition SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-14", "sev": "crit" } ], "first_seen": "2024-11-14" }, { "value": "CVE-2014-2120", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1086", "title": "CISA KEV: CVE-2014-2120 \u2014 Cisco Adaptive Security Appliance (ASA) Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-12", "sev": "crit" } ], "first_seen": "2024-11-12" }, { "value": "CVE-2021-26086", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1085", "title": "CISA KEV: CVE-2021-26086 \u2014 Atlassian Jira Server and Data Center Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-12", "sev": "crit" } ], "first_seen": "2024-11-12" }, { "value": "CVE-2021-41277", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1087", "title": "CISA KEV: CVE-2021-41277 \u2014 Metabase GeoJSON API Local File Inclusion Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-12", "sev": "crit" } ], "first_seen": "2024-11-12" }, { "value": "CVE-2024-49039", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1089", "title": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-12", "sev": "crit" }, { "id": "art-1114", "title": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-15", "sev": "crit" } ], "first_seen": "2024-11-12" }, { "value": "CVE-2024-9680", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1089", "title": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-12", "sev": "crit" }, { "id": "art-1114", "title": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-15", "sev": "crit" } ], "first_seen": "2024-11-12" }, { "value": "1drv.us.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1089", "title": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-12", "sev": "crit" }, { "id": "art-1114", "title": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-15", "sev": "crit" } ], "first_seen": "2024-11-12" }, { "value": "correctiv.sbs", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1089", "title": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-12", "sev": "crit" }, { "id": "art-1114", "title": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-15", "sev": "crit" } ], "first_seen": "2024-11-12" }, { "value": "cwise.store", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1089", "title": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-12", "sev": "crit" }, { "id": "art-1114", "title": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-15", "sev": "crit" } ], "first_seen": "2024-11-12" }, { "value": "devolredir.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1089", "title": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-12", "sev": "crit" }, { "id": "art-1114", "title": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-15", "sev": "crit" } ], "first_seen": "2024-11-12" }, { "value": "doc.osvita-kp.gov.ua", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1088", "title": "CISA KEV: CVE-2024-43451 \u2014 Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-12", "sev": "crit" } ], "first_seen": "2024-11-12" }, { "value": "economistjournal.cloud", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1089", "title": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-12", "sev": "crit" }, { "id": "art-1114", "title": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-15", "sev": "crit" } ], "first_seen": "2024-11-12" }, { "value": "journalctd.live", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1089", "title": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-12", "sev": "crit" }, { "id": "art-1114", "title": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-15", "sev": "crit" } ], "first_seen": "2024-11-12" }, { "value": "osvita-kp.gov.ua", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1088", "title": "CISA KEV: CVE-2024-43451 \u2014 Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-12", "sev": "crit" } ], "first_seen": "2024-11-12" }, { "value": "redirconnectwise.cloud", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1089", "title": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-12", "sev": "crit" }, { "id": "art-1114", "title": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-15", "sev": "crit" } ], "first_seen": "2024-11-12" }, { "value": "redircorrectiv.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1089", "title": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-12", "sev": "crit" }, { "id": "art-1114", "title": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-15", "sev": "crit" } ], "first_seen": "2024-11-12" }, { "value": "redjournal.cloud", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1089", "title": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-12", "sev": "crit" }, { "id": "art-1114", "title": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-15", "sev": "crit" } ], "first_seen": "2024-11-12" }, { "value": "147.45.78.102", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1089", "title": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-12", "sev": "crit" }, { "id": "art-1114", "title": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-15", "sev": "crit" } ], "first_seen": "2024-11-12" }, { "value": "176.124.206.88", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1089", "title": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-12", "sev": "crit" }, { "id": "art-1114", "title": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-15", "sev": "crit" } ], "first_seen": "2024-11-12" }, { "value": "178.236.246.241", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1089", "title": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-12", "sev": "crit" }, { "id": "art-1114", "title": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-15", "sev": "crit" } ], "first_seen": "2024-11-12" }, { "value": "194.87.189.171", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1089", "title": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-12", "sev": "crit" }, { "id": "art-1114", "title": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-15", "sev": "crit" } ], "first_seen": "2024-11-12" }, { "value": "194.87.189.19", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1089", "title": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-12", "sev": "crit" }, { "id": "art-1114", "title": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-15", "sev": "crit" } ], "first_seen": "2024-11-12" }, { "value": "45.138.74.238", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1089", "title": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-12", "sev": "crit" }, { "id": "art-1114", "title": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-15", "sev": "crit" } ], "first_seen": "2024-11-12" }, { "value": "46.226.163.67", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1089", "title": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-12", "sev": "crit" }, { "id": "art-1114", "title": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-15", "sev": "crit" } ], "first_seen": "2024-11-12" }, { "value": "62.60.237.116", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1089", "title": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-12", "sev": "crit" }, { "id": "art-1114", "title": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-15", "sev": "crit" } ], "first_seen": "2024-11-12" }, { "value": "62.60.237.38", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1089", "title": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-12", "sev": "crit" }, { "id": "art-1114", "title": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-15", "sev": "crit" } ], "first_seen": "2024-11-12" }, { "value": "62.60.238.81", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1089", "title": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-12", "sev": "crit" }, { "id": "art-1114", "title": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-15", "sev": "crit" } ], "first_seen": "2024-11-12" }, { "value": "92.42.96.30", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1088", "title": "CISA KEV: CVE-2024-43451 \u2014 Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-12", "sev": "crit" } ], "first_seen": "2024-11-12" }, { "value": "21918cfd17b378eb4152910f1246d2446f9b5b11", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1089", "title": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-12", "sev": "crit" }, { "id": "art-1114", "title": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-15", "sev": "crit" } ], "first_seen": "2024-11-12" }, { "value": "703a25f053e356eb6ece4d16a048344c55dc89fd", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1089", "title": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-12", "sev": "crit" }, { "id": "art-1114", "title": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-15", "sev": "crit" } ], "first_seen": "2024-11-12" }, { "value": "a4aad0e2ac1ee0c8dd25968fa4631805689757b6", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1089", "title": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-12", "sev": "crit" }, { "id": "art-1114", "title": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-15", "sev": "crit" } ], "first_seen": "2024-11-12" }, { "value": "a9d445b77f6f4e90c29e385264d4b1b95947add5", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1089", "title": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-12", "sev": "crit" }, { "id": "art-1114", "title": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-15", "sev": "crit" } ], "first_seen": "2024-11-12" }, { "value": "abb54c4751f97a9fc1c9598fed1ec9fb9e6b1db6", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1089", "title": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-12", "sev": "crit" }, { "id": "art-1114", "title": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-15", "sev": "crit" } ], "first_seen": "2024-11-12" }, { "value": "ca6f8966a3b2640f49b19434ba8c21832e77a031", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1089", "title": "CISA KEV: CVE-2024-49039 \u2014 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-12", "sev": "crit" }, { "id": "art-1114", "title": "CISA KEV: CVE-2024-9680 \u2014 Mozilla Firefox Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-15", "sev": "crit" } ], "first_seen": "2024-11-12" }, { "value": "CVE-2019-16278", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1090", "title": "CISA KEV: CVE-2019-16278 \u2014 Nostromo nhttpd Directory Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-07", "sev": "crit" } ], "first_seen": "2024-11-07" }, { "value": "CVE-2024-43093", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1092", "title": "CISA KEV: CVE-2024-43093 \u2014 Android Framework Privilege Escalation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-07", "sev": "crit" } ], "first_seen": "2024-11-07" }, { "value": "CVE-2024-51567", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1091", "title": "CISA KEV: CVE-2024-51567 \u2014 CyberPanel Incorrect Default Permissions Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-07", "sev": "crit" } ], "first_seen": "2024-11-07" }, { "value": "CVE-2024-51568", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1091", "title": "CISA KEV: CVE-2024-51567 \u2014 CyberPanel Incorrect Default Permissions Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-07", "sev": "crit" } ], "first_seen": "2024-11-07" }, { "value": "CVE-2024-8956", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1094", "title": "CISA KEV: CVE-2024-8956 \u2014 PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-04", "sev": "crit" } ], "first_seen": "2024-11-04" }, { "value": "CVE-2024-8957", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1094", "title": "CISA KEV: CVE-2024-8956 \u2014 PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-04", "sev": "crit" } ], "first_seen": "2024-11-04" }, { "value": "209.141.35.56", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1094", "title": "CISA KEV: CVE-2024-8956 \u2014 PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-04", "sev": "crit" } ], "first_seen": "2024-11-04" }, { "value": "45.128.232.229", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1094", "title": "CISA KEV: CVE-2024-8956 \u2014 PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-11-04", "sev": "crit" } ], "first_seen": "2024-11-04" }, { "value": "CVE-2024-20481", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1101", "title": "CISA KEV: CVE-2024-20481 \u2014 Cisco ASA and FTD Denial-of-Service Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-24", "sev": "crit" } ], "first_seen": "2024-10-24" }, { "value": "CVE-2024-37383", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1100", "title": "CISA KEV: CVE-2024-37383 \u2014 RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-24", "sev": "crit" } ], "first_seen": "2024-10-24" }, { "value": "libcdn.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1100", "title": "CISA KEV: CVE-2024-37383 \u2014 RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-24", "sev": "crit" } ], "first_seen": "2024-10-24" }, { "value": "rcm.codes", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1100", "title": "CISA KEV: CVE-2024-37383 \u2014 RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-24", "sev": "crit" } ], "first_seen": "2024-10-24" }, { "value": "CVE-2024-47575", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1103", "title": "CISA KEV: CVE-2024-47575 \u2014 Fortinet FortiManager Missing Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-23", "sev": "crit" }, { "id": "art-1120", "title": "CISA KEV: CVE-2024-23113 \u2014 Fortinet Multiple Products Format String Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-09", "sev": "crit" } ], "first_seen": "2024-10-23" }, { "value": "104.238.141.143", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1103", "title": "CISA KEV: CVE-2024-47575 \u2014 Fortinet FortiManager Missing Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-23", "sev": "crit" }, { "id": "art-1120", "title": "CISA KEV: CVE-2024-23113 \u2014 Fortinet Multiple Products Format String Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-09", "sev": "crit" } ], "first_seen": "2024-10-23" }, { "value": "142.93.177.233", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1103", "title": "CISA KEV: CVE-2024-47575 \u2014 Fortinet FortiManager Missing Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-23", "sev": "crit" } ], "first_seen": "2024-10-23" }, { "value": "158.247.199.37", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1103", "title": "CISA KEV: CVE-2024-47575 \u2014 Fortinet FortiManager Missing Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-23", "sev": "crit" }, { "id": "art-1120", "title": "CISA KEV: CVE-2024-23113 \u2014 Fortinet Multiple Products Format String Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-09", "sev": "crit" } ], "first_seen": "2024-10-23" }, { "value": "172.232.167.68", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1103", "title": "CISA KEV: CVE-2024-47575 \u2014 Fortinet FortiManager Missing Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-23", "sev": "crit" } ], "first_seen": "2024-10-23" }, { "value": "195.85.114.78", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1103", "title": "CISA KEV: CVE-2024-47575 \u2014 Fortinet FortiManager Missing Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-23", "sev": "crit" }, { "id": "art-1120", "title": "CISA KEV: CVE-2024-23113 \u2014 Fortinet Multiple Products Format String Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-09", "sev": "crit" } ], "first_seen": "2024-10-23" }, { "value": "198.199.122.22", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1103", "title": "CISA KEV: CVE-2024-47575 \u2014 Fortinet FortiManager Missing Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-23", "sev": "crit" } ], "first_seen": "2024-10-23" }, { "value": "45.32.41.202", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1103", "title": "CISA KEV: CVE-2024-47575 \u2014 Fortinet FortiManager Missing Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-23", "sev": "crit" }, { "id": "art-1120", "title": "CISA KEV: CVE-2024-23113 \u2014 Fortinet Multiple Products Format String Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-09", "sev": "crit" } ], "first_seen": "2024-10-23" }, { "value": "45.32.63.2", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1103", "title": "CISA KEV: CVE-2024-47575 \u2014 Fortinet FortiManager Missing Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-23", "sev": "crit" } ], "first_seen": "2024-10-23" }, { "value": "80.66.196.199", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1103", "title": "CISA KEV: CVE-2024-47575 \u2014 Fortinet FortiManager Missing Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-23", "sev": "crit" } ], "first_seen": "2024-10-23" }, { "value": "9dcfab171580b52deae8703157012674", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1103", "title": "CISA KEV: CVE-2024-47575 \u2014 Fortinet FortiManager Missing Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-23", "sev": "crit" } ], "first_seen": "2024-10-23" }, { "value": "CVE-2024-38094", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1106", "title": "CISA KEV: CVE-2024-38094 \u2014 Microsoft SharePoint Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-22", "sev": "crit" } ], "first_seen": "2024-10-22" }, { "value": "18.195.61.200", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1106", "title": "CISA KEV: CVE-2024-38094 \u2014 Microsoft SharePoint Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-22", "sev": "crit" } ], "first_seen": "2024-10-22" }, { "value": "54.255.89.118", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1106", "title": "CISA KEV: CVE-2024-38094 \u2014 Microsoft SharePoint Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-22", "sev": "crit" } ], "first_seen": "2024-10-22" }, { "value": "1beec8cecd28fdf9f7e0fc5fb9226b360934086ded84f69e3d542d1362e3fdf3", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1106", "title": "CISA KEV: CVE-2024-38094 \u2014 Microsoft SharePoint Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-22", "sev": "crit" } ], "first_seen": "2024-10-22" }, { "value": "61c0810a23580cf492a6ba4f7654566108331e7a4134c968c2d6a05261b2d8a1", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1106", "title": "CISA KEV: CVE-2024-38094 \u2014 Microsoft SharePoint Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-22", "sev": "crit" } ], "first_seen": "2024-10-22" }, { "value": "6ce228240458563d73c1c3cbbd04ef15cb7c5badacc78ce331848f5431b406cc", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1106", "title": "CISA KEV: CVE-2024-38094 \u2014 Microsoft SharePoint Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-22", "sev": "crit" } ], "first_seen": "2024-10-22" }, { "value": "95cc0b082fcfc366a7de8030a6325c099d8012533a3234edbdf555df082413c7", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1106", "title": "CISA KEV: CVE-2024-38094 \u2014 Microsoft SharePoint Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-22", "sev": "crit" } ], "first_seen": "2024-10-22" }, { "value": "acb5de5a69c06b7501f86c0522d10fefa9c34776c7535e937e946c6abfc9bbc6", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1106", "title": "CISA KEV: CVE-2024-38094 \u2014 Microsoft SharePoint Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-22", "sev": "crit" } ], "first_seen": "2024-10-22" }, { "value": "d18aa84b7bf0efde9c6b5db2a38ab1ec9484c59c5284c0bd080f5197bf9388b0", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1106", "title": "CISA KEV: CVE-2024-38094 \u2014 Microsoft SharePoint Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-22", "sev": "crit" } ], "first_seen": "2024-10-22" }, { "value": "d3a6ed07bd3b52c62411132d060560f9c0c88ce183851f16b632a99b4d4e7581", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1106", "title": "CISA KEV: CVE-2024-38094 \u2014 Microsoft SharePoint Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-22", "sev": "crit" } ], "first_seen": "2024-10-22" }, { "value": "e451287843b3927c6046eaabd3e22b929bc1f445eec23a73b1398b115d02e4fb", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1106", "title": "CISA KEV: CVE-2024-38094 \u2014 Microsoft SharePoint Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-22", "sev": "crit" } ], "first_seen": "2024-10-22" }, { "value": "f618b09c0908119399d14f80fc868b002b987006f7c76adbcec1ac11b9208940", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1106", "title": "CISA KEV: CVE-2024-38094 \u2014 Microsoft SharePoint Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-22", "sev": "crit" } ], "first_seen": "2024-10-22" }, { "value": "CVE-2024-9537", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1107", "title": "CISA KEV: CVE-2024-9537 \u2014 ScienceLogic SL1 Unspecified Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-21", "sev": "crit" } ], "first_seen": "2024-10-21" }, { "value": "CVE-2024-40711", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1111", "title": "CISA KEV: CVE-2024-40711 \u2014 Veeam Backup and Replication Deserialization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-17", "sev": "crit" } ], "first_seen": "2024-10-17" }, { "value": "CVE-2021-35232", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1113", "title": "CISA KEV: CVE-2024-28987 \u2014 SolarWinds Web Help Desk Hardcoded Credential Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-15", "sev": "crit" } ], "first_seen": "2024-10-15" }, { "value": "CVE-2024-28987", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1113", "title": "CISA KEV: CVE-2024-28987 \u2014 SolarWinds Web Help Desk Hardcoded Credential Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-15", "sev": "crit" } ], "first_seen": "2024-10-15" }, { "value": "CVE-2024-30088", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1115", "title": "CISA KEV: CVE-2024-30088 \u2014 Microsoft Windows Kernel TOCTOU Race Condition Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-15", "sev": "crit" } ], "first_seen": "2024-10-15" }, { "value": "CVE-2024-23113", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1120", "title": "CISA KEV: CVE-2024-23113 \u2014 Fortinet Multiple Products Format String Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-09", "sev": "crit" } ], "first_seen": "2024-10-09" }, { "value": "CVE-2024-29824", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1119", "title": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-09", "sev": "crit" }, { "id": "art-1129", "title": "CISA KEV: CVE-2024-29824 \u2014 Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-02", "sev": "crit" } ], "first_seen": "2024-10-09" }, { "value": "CVE-2024-8190", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1119", "title": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-09", "sev": "crit" }, { "id": "art-1140", "title": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-19", "sev": "crit" }, { "id": "art-1153", "title": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-13", "sev": "crit" } ], "first_seen": "2024-10-09" }, { "value": "CVE-2024-8963", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1119", "title": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-09", "sev": "crit" }, { "id": "art-1140", "title": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-19", "sev": "crit" }, { "id": "art-1153", "title": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-13", "sev": "crit" } ], "first_seen": "2024-10-09" }, { "value": "CVE-2024-9379", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1119", "title": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-09", "sev": "crit" }, { "id": "art-1140", "title": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-19", "sev": "crit" }, { "id": "art-1153", "title": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-13", "sev": "crit" } ], "first_seen": "2024-10-09" }, { "value": "CVE-2024-9380", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1119", "title": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-09", "sev": "crit" }, { "id": "art-1140", "title": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-19", "sev": "crit" }, { "id": "art-1153", "title": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-13", "sev": "crit" } ], "first_seen": "2024-10-09" }, { "value": "189f31ed7d.ipv6.bypass.eu.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1119", "title": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-09", "sev": "crit" }, { "id": "art-1153", "title": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-13", "sev": "crit" } ], "first_seen": "2024-10-09" }, { "value": "apiv5.serverbks.xyz", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1119", "title": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-09", "sev": "crit" }, { "id": "art-1140", "title": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-19", "sev": "crit" }, { "id": "art-1153", "title": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-13", "sev": "crit" } ], "first_seen": "2024-10-09" }, { "value": "c67f045c2f.ipv6.1433.eu.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1119", "title": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-09", "sev": "crit" }, { "id": "art-1153", "title": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-13", "sev": "crit" } ], "first_seen": "2024-10-09" }, { "value": "iowxuintgredogzgblrsmr2cx2e471bor.oast.fun", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1119", "title": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-09", "sev": "crit" } ], "first_seen": "2024-10-09" }, { "value": "156.234.193.18", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1119", "title": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-09", "sev": "crit" }, { "id": "art-1153", "title": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-13", "sev": "crit" } ], "first_seen": "2024-10-09" }, { "value": "193.189.100.197", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1119", "title": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-09", "sev": "crit" }, { "id": "art-1140", "title": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-19", "sev": "crit" }, { "id": "art-1153", "title": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-13", "sev": "crit" } ], "first_seen": "2024-10-09" }, { "value": "206.189.156.69", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1119", "title": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-09", "sev": "crit" }, { "id": "art-1140", "title": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-19", "sev": "crit" }, { "id": "art-1153", "title": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-13", "sev": "crit" } ], "first_seen": "2024-10-09" }, { "value": "208.105.190.170", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1119", "title": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-09", "sev": "crit" }, { "id": "art-1140", "title": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-19", "sev": "crit" }, { "id": "art-1153", "title": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-13", "sev": "crit" } ], "first_seen": "2024-10-09" }, { "value": "216.131.75.52", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1119", "title": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-09", "sev": "crit" }, { "id": "art-1140", "title": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-19", "sev": "crit" }, { "id": "art-1153", "title": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-13", "sev": "crit" } ], "first_seen": "2024-10-09" }, { "value": "23.236.66.97", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1119", "title": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-09", "sev": "crit" }, { "id": "art-1140", "title": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-19", "sev": "crit" }, { "id": "art-1153", "title": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-13", "sev": "crit" } ], "first_seen": "2024-10-09" }, { "value": "24.166.100.255", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1119", "title": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-09", "sev": "crit" }, { "id": "art-1140", "title": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-19", "sev": "crit" }, { "id": "art-1153", "title": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-13", "sev": "crit" } ], "first_seen": "2024-10-09" }, { "value": "3.248.33.252", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1119", "title": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-09", "sev": "crit" }, { "id": "art-1140", "title": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-19", "sev": "crit" }, { "id": "art-1153", "title": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-13", "sev": "crit" } ], "first_seen": "2024-10-09" }, { "value": "38.207.159.76", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1119", "title": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-09", "sev": "crit" }, { "id": "art-1140", "title": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-19", "sev": "crit" }, { "id": "art-1153", "title": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-13", "sev": "crit" } ], "first_seen": "2024-10-09" }, { "value": "45.61.136.189", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1119", "title": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-09", "sev": "crit" }, { "id": "art-1140", "title": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-19", "sev": "crit" }, { "id": "art-1153", "title": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-13", "sev": "crit" } ], "first_seen": "2024-10-09" }, { "value": "51.91.79.17", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1119", "title": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-09", "sev": "crit" }, { "id": "art-1153", "title": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-13", "sev": "crit" } ], "first_seen": "2024-10-09" }, { "value": "67.217.228.92", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1119", "title": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-09", "sev": "crit" }, { "id": "art-1140", "title": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-19", "sev": "crit" }, { "id": "art-1153", "title": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-13", "sev": "crit" } ], "first_seen": "2024-10-09" }, { "value": "69.49.88.235", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1119", "title": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-09", "sev": "crit" }, { "id": "art-1140", "title": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-19", "sev": "crit" }, { "id": "art-1153", "title": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-13", "sev": "crit" } ], "first_seen": "2024-10-09" }, { "value": "74.62.81.162", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1119", "title": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-09", "sev": "crit" }, { "id": "art-1153", "title": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-13", "sev": "crit" } ], "first_seen": "2024-10-09" }, { "value": "64efc1aad330ea9d98c0c705e16cd4b3af7e74f8", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1119", "title": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-09", "sev": "crit" }, { "id": "art-1140", "title": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-19", "sev": "crit" } ], "first_seen": "2024-10-09" }, { "value": "beb723a5f20a1a2c4375f9aa250d968d55155689", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1119", "title": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-09", "sev": "crit" }, { "id": "art-1140", "title": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-19", "sev": "crit" }, { "id": "art-1153", "title": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-13", "sev": "crit" } ], "first_seen": "2024-10-09" }, { "value": "6edd7b3123de985846a805931ca8ee5f6f7ed7b160144aa0e066967bc7c0423a", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1119", "title": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-09", "sev": "crit" }, { "id": "art-1140", "title": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-19", "sev": "crit" } ], "first_seen": "2024-10-09" }, { "value": "8d016d02f8fbe25dce76481a90dd0b48630ce9e74e8c31ba007cf133e48b8526", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1119", "title": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-09", "sev": "crit" }, { "id": "art-1140", "title": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-19", "sev": "crit" }, { "id": "art-1153", "title": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-13", "sev": "crit" } ], "first_seen": "2024-10-09" }, { "value": "d57a2cac394a778e19ce9b926f2e0a71936510798f30d20f207f2a49b49ce7b1", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1119", "title": "CISA KEV: CVE-2024-9380 \u2014 Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-09", "sev": "crit" }, { "id": "art-1140", "title": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-19", "sev": "crit" } ], "first_seen": "2024-10-09" }, { "value": "CVE-2024-38112", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1122", "title": "CISA KEV: CVE-2024-43573 \u2014 Microsoft Windows MSHTML Platform Spoofing Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-08", "sev": "crit" }, { "id": "art-1152", "title": "CISA KEV: CVE-2024-43461 \u2014 Microsoft Windows MSHTML Platform Spoofing Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-16", "sev": "crit" }, { "id": "art-1215", "title": "CISA KEV: CVE-2024-38112 \u2014 Microsoft Windows MSHTML Platform Spoofing Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-09", "sev": "crit" } ], "first_seen": "2024-10-08" }, { "value": "CVE-2024-43047", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1124", "title": "CISA KEV: CVE-2024-43047 \u2014 Qualcomm Multiple Chipsets Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-08", "sev": "crit" } ], "first_seen": "2024-10-08" }, { "value": "CVE-2024-43461", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1122", "title": "CISA KEV: CVE-2024-43573 \u2014 Microsoft Windows MSHTML Platform Spoofing Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-08", "sev": "crit" }, { "id": "art-1152", "title": "CISA KEV: CVE-2024-43461 \u2014 Microsoft Windows MSHTML Platform Spoofing Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-16", "sev": "crit" } ], "first_seen": "2024-10-08" }, { "value": "CVE-2024-43572", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1123", "title": "CISA KEV: CVE-2024-43572 \u2014 Microsoft Windows Management Console Remote Code Execution Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-08", "sev": "crit" } ], "first_seen": "2024-10-08" }, { "value": "CVE-2024-43573", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1122", "title": "CISA KEV: CVE-2024-43573 \u2014 Microsoft Windows MSHTML Platform Spoofing Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-08", "sev": "crit" } ], "first_seen": "2024-10-08" }, { "value": "CVE-2024-45519", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1126", "title": "CISA KEV: CVE-2024-45519 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Command Execution Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-03", "sev": "crit" } ], "first_seen": "2024-10-03" }, { "value": "79.124.49.86", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1126", "title": "CISA KEV: CVE-2024-45519 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Command Execution Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-10-03", "sev": "crit" } ], "first_seen": "2024-10-03" }, { "value": "CVE-2019-0344", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1131", "title": "CISA KEV: CVE-2019-0344 \u2014 SAP Commerce Cloud Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-30", "sev": "crit" } ], "first_seen": "2024-09-30" }, { "value": "CVE-2020-14472", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1132", "title": "CISA KEV: CVE-2020-15415 \u2014 DrayTek Multiple Vigor Routers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-30", "sev": "crit" } ], "first_seen": "2024-09-30" }, { "value": "CVE-2020-14993", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1132", "title": "CISA KEV: CVE-2020-15415 \u2014 DrayTek Multiple Vigor Routers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-30", "sev": "crit" } ], "first_seen": "2024-09-30" }, { "value": "CVE-2020-15415", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1132", "title": "CISA KEV: CVE-2020-15415 \u2014 DrayTek Multiple Vigor Routers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-30", "sev": "crit" } ], "first_seen": "2024-09-30" }, { "value": "CVE-2020-19664", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1132", "title": "CISA KEV: CVE-2020-15415 \u2014 DrayTek Multiple Vigor Routers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-30", "sev": "crit" } ], "first_seen": "2024-09-30" }, { "value": "CVE-2020-8515", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1132", "title": "CISA KEV: CVE-2020-15415 \u2014 DrayTek Multiple Vigor Routers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-30", "sev": "crit" } ], "first_seen": "2024-09-30" }, { "value": "CVE-2021-42911", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1132", "title": "CISA KEV: CVE-2020-15415 \u2014 DrayTek Multiple Vigor Routers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-30", "sev": "crit" } ], "first_seen": "2024-09-30" }, { "value": "CVE-2021-43118", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1132", "title": "CISA KEV: CVE-2020-15415 \u2014 DrayTek Multiple Vigor Routers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-30", "sev": "crit" } ], "first_seen": "2024-09-30" }, { "value": "CVE-2023-1162", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1132", "title": "CISA KEV: CVE-2020-15415 \u2014 DrayTek Multiple Vigor Routers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-30", "sev": "crit" } ], "first_seen": "2024-09-30" }, { "value": "CVE-2023-24229", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1132", "title": "CISA KEV: CVE-2020-15415 \u2014 DrayTek Multiple Vigor Routers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-30", "sev": "crit" } ], "first_seen": "2024-09-30" }, { "value": "CVE-2023-25280", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1133", "title": "CISA KEV: CVE-2023-25280 \u2014 D-Link DIR-820 Router OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-30", "sev": "crit" } ], "first_seen": "2024-09-30" }, { "value": "CVE-2024-41592", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1132", "title": "CISA KEV: CVE-2020-15415 \u2014 DrayTek Multiple Vigor Routers OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-30", "sev": "crit" } ], "first_seen": "2024-09-30" }, { "value": "zvub.us", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1133", "title": "CISA KEV: CVE-2023-25280 \u2014 D-Link DIR-820 Router OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-30", "sev": "crit" } ], "first_seen": "2024-09-30" }, { "value": "185.225.74.251", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1133", "title": "CISA KEV: CVE-2023-25280 \u2014 D-Link DIR-820 Router OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-30", "sev": "crit" } ], "first_seen": "2024-09-30" }, { "value": "185.44.81.114", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1133", "title": "CISA KEV: CVE-2023-25280 \u2014 D-Link DIR-820 Router OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-30", "sev": "crit" } ], "first_seen": "2024-09-30" }, { "value": "193.32.162.189", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1133", "title": "CISA KEV: CVE-2023-25280 \u2014 D-Link DIR-820 Router OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-30", "sev": "crit" } ], "first_seen": "2024-09-30" }, { "value": "0d404a27c2f511ea7f4adb8aa150f787b2b1ff36c1b67923d6d1c90179033915", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1133", "title": "CISA KEV: CVE-2023-25280 \u2014 D-Link DIR-820 Router OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-30", "sev": "crit" } ], "first_seen": "2024-09-30" }, { "value": "2d0c8ab6c71743af8667c7318a6d8e16c144ace8df59a681a0a7d48affc05599", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1133", "title": "CISA KEV: CVE-2023-25280 \u2014 D-Link DIR-820 Router OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-30", "sev": "crit" } ], "first_seen": "2024-09-30" }, { "value": "366ddbaa36791cdb99cf7104b0914a258f0c373a94f6cf869f946c7799d5e2c6", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1133", "title": "CISA KEV: CVE-2023-25280 \u2014 D-Link DIR-820 Router OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-30", "sev": "crit" } ], "first_seen": "2024-09-30" }, { "value": "3f427eda4d4e18fb192d585fca1490389a1b5f796f88e7ebf3eceec51018ef4d", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1133", "title": "CISA KEV: CVE-2023-25280 \u2014 D-Link DIR-820 Router OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-30", "sev": "crit" } ], "first_seen": "2024-09-30" }, { "value": "413e977ae7d359e2ea7fe32db73fa007ee97ee1e9e3c3f0b4163b100b3ec87c2", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1133", "title": "CISA KEV: CVE-2023-25280 \u2014 D-Link DIR-820 Router OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-30", "sev": "crit" } ], "first_seen": "2024-09-30" }, { "value": "461f59a84ccb4805c4bbd37093df6e8791cdf1151b2746c46678dfe9f89ac79d", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1133", "title": "CISA KEV: CVE-2023-25280 \u2014 D-Link DIR-820 Router OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-30", "sev": "crit" } ], "first_seen": "2024-09-30" }, { "value": "4cb8c90d1e1b2d725c2c1366700f11584f5697c9ef50d79e00f7dd2008e989a0", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1133", "title": "CISA KEV: CVE-2023-25280 \u2014 D-Link DIR-820 Router OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-30", "sev": "crit" } ], "first_seen": "2024-09-30" }, { "value": "4f53eb7fbfa5b68cad3a0850b570cbbcb2d4864e62b5bf0492b54bde2bdbe44b", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1133", "title": "CISA KEV: CVE-2023-25280 \u2014 D-Link DIR-820 Router OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-30", "sev": "crit" } ], "first_seen": "2024-09-30" }, { "value": "888f4a852642ce70197f77e213456ea2b3cfca4a592b94647827ca45adf2a5b8", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1133", "title": "CISA KEV: CVE-2023-25280 \u2014 D-Link DIR-820 Router OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-30", "sev": "crit" } ], "first_seen": "2024-09-30" }, { "value": "aaf446e4e7bfc05a33c8d9e5acf56b1c7e95f2d919b98151ff2db327c333f089", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1133", "title": "CISA KEV: CVE-2023-25280 \u2014 D-Link DIR-820 Router OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-30", "sev": "crit" } ], "first_seen": "2024-09-30" }, { "value": "aed078d3e65b5ff4dd4067ae30da5f3a96c87ec23ec5be44fc85b543c179b777", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1133", "title": "CISA KEV: CVE-2023-25280 \u2014 D-Link DIR-820 Router OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-30", "sev": "crit" } ], "first_seen": "2024-09-30" }, { "value": "b43a8a56c10ba17ddd6fa9a8ce10ab264c6495b82a38620e9d54d66ec8677b0c", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1133", "title": "CISA KEV: CVE-2023-25280 \u2014 D-Link DIR-820 Router OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-30", "sev": "crit" } ], "first_seen": "2024-09-30" }, { "value": "b45142a2d59d16991a38ea0a112078a6ce42c9e2ee28a74fb2ce7e1edf15dce3", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1133", "title": "CISA KEV: CVE-2023-25280 \u2014 D-Link DIR-820 Router OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-30", "sev": "crit" } ], "first_seen": "2024-09-30" }, { "value": "eca42235a41dbd60615d91d564c91933b9903af2ef3f8356ec4cfff2880a2f19", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1133", "title": "CISA KEV: CVE-2023-25280 \u2014 D-Link DIR-820 Router OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-30", "sev": "crit" } ], "first_seen": "2024-09-30" }, { "value": "CVE-2024-47076", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1134", "title": "Zero-day RCE vulnerability found in CUPS - Common UNIX Printing System", "link": "https://snyk.io/blog/zero-day-rce-in-cups-vulnerability-sept-2024/", "published": "2024-09-27", "sev": "high" } ], "first_seen": "2024-09-27" }, { "value": "CVE-2024-47175", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1134", "title": "Zero-day RCE vulnerability found in CUPS - Common UNIX Printing System", "link": "https://snyk.io/blog/zero-day-rce-in-cups-vulnerability-sept-2024/", "published": "2024-09-27", "sev": "high" } ], "first_seen": "2024-09-27" }, { "value": "CVE-2024-47176", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1134", "title": "Zero-day RCE vulnerability found in CUPS - Common UNIX Printing System", "link": "https://snyk.io/blog/zero-day-rce-in-cups-vulnerability-sept-2024/", "published": "2024-09-27", "sev": "high" } ], "first_seen": "2024-09-27" }, { "value": "CVE-2024-47177", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1134", "title": "Zero-day RCE vulnerability found in CUPS - Common UNIX Printing System", "link": "https://snyk.io/blog/zero-day-rce-in-cups-vulnerability-sept-2024/", "published": "2024-09-27", "sev": "high" } ], "first_seen": "2024-09-27" }, { "value": "CVE-2024-7593", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1138", "title": "CISA KEV: CVE-2024-7593 \u2014 Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-24", "sev": "crit" } ], "first_seen": "2024-09-24" }, { "value": "test.vip8025.mom", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1140", "title": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-19", "sev": "crit" } ], "first_seen": "2024-09-19" }, { "value": "vip8806.mom", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1140", "title": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-19", "sev": "crit" } ], "first_seen": "2024-09-19" }, { "value": "www.vip8025.mom", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1140", "title": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-19", "sev": "crit" } ], "first_seen": "2024-09-19" }, { "value": "156.251.172.80", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1140", "title": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-19", "sev": "crit" } ], "first_seen": "2024-09-19" }, { "value": "195.133.52.87", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1140", "title": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-19", "sev": "crit" } ], "first_seen": "2024-09-19" }, { "value": "8.218.239.22", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1140", "title": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-19", "sev": "crit" } ], "first_seen": "2024-09-19" }, { "value": "074739c7ccdee5baef649b7f7cb53668109be8f7e016294b66a5d1469803e42b", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1140", "title": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-19", "sev": "crit" } ], "first_seen": "2024-09-19" }, { "value": "4c86e8c21451074a52cc8d60a262c683aaf4cb6b2634fea8efdd866ea2dbd3aa", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1140", "title": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-19", "sev": "crit" } ], "first_seen": "2024-09-19" }, { "value": "61928ff36c5d8983853ec2f411860b97231729f047527434d3b2db8bf0b42d25", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1140", "title": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-19", "sev": "crit" } ], "first_seen": "2024-09-19" }, { "value": "7798b45ffc488356f7253805dc9c8d2210552bee39db9082f772185430360574", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1140", "title": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-19", "sev": "crit" } ], "first_seen": "2024-09-19" }, { "value": "9f97997581f513166aae47b3664ca23c4f4ea90c24916874ff82891e2cd6e01e", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1140", "title": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-19", "sev": "crit" } ], "first_seen": "2024-09-19" }, { "value": "af3f4ece0d98999077cef265c1af9610b96cb7cf3264c115cc6c210cdd9636fe", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1140", "title": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-19", "sev": "crit" } ], "first_seen": "2024-09-19" }, { "value": "c64bd109100aac96eba627ca94c1161c8329378e3e8c75a1763c26b70c921891", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1140", "title": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-19", "sev": "crit" } ], "first_seen": "2024-09-19" }, { "value": "cae96b72244855a3d98a42bb3f65daab1cd06e9be638553e2ebf1f8a66b5cc8a", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1140", "title": "CISA KEV: CVE-2024-8963 \u2014 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-19", "sev": "crit" } ], "first_seen": "2024-09-19" }, { "value": "CVE-2019-1068", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1144", "title": "CISA KEV: CVE-2020-0618 \u2014 Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-18", "sev": "crit" } ], "first_seen": "2024-09-18" }, { "value": "CVE-2020-0618", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1144", "title": "CISA KEV: CVE-2020-0618 \u2014 Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-18", "sev": "crit" } ], "first_seen": "2024-09-18" }, { "value": "CVE-2020-14644", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1142", "title": "CISA KEV: CVE-2020-14644 \u2014 Oracle WebLogic Server Remote Code Execution Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-18", "sev": "crit" }, { "id": "art-1143", "title": "CISA KEV: CVE-2022-21445 \u2014 Oracle ADF Faces Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-18", "sev": "crit" } ], "first_seen": "2024-09-18" }, { "value": "CVE-2022-21445", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1143", "title": "CISA KEV: CVE-2022-21445 \u2014 Oracle ADF Faces Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-18", "sev": "crit" } ], "first_seen": "2024-09-18" }, { "value": "CVE-2022-21497", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1143", "title": "CISA KEV: CVE-2022-21445 \u2014 Oracle ADF Faces Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-18", "sev": "crit" } ], "first_seen": "2024-09-18" }, { "value": "CVE-2024-27348", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1145", "title": "CISA KEV: CVE-2024-27348 \u2014 Apache HugeGraph-Server Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-18", "sev": "crit" } ], "first_seen": "2024-09-18" }, { "value": "CVE-2013-0643", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1149", "title": "CISA KEV: CVE-2013-0643 \u2014 Adobe Flash Player Incorrect Default Permissions Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-17", "sev": "crit" } ], "first_seen": "2024-09-17" }, { "value": "CVE-2013-0648", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1148", "title": "CISA KEV: CVE-2013-0648 \u2014 Adobe Flash Player Code Execution Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-17", "sev": "crit" }, { "id": "art-1149", "title": "CISA KEV: CVE-2013-0643 \u2014 Adobe Flash Player Incorrect Default Permissions Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-17", "sev": "crit" } ], "first_seen": "2024-09-17" }, { "value": "CVE-2014-0502", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1147", "title": "CISA KEV: CVE-2014-0502 \u2014 Adobe Flash Player Double Free Vulnerablity", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-17", "sev": "crit" } ], "first_seen": "2024-09-17" }, { "value": "adservice.no-ip.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1147", "title": "CISA KEV: CVE-2014-0502 \u2014 Adobe Flash Player Double Free Vulnerablity", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-17", "sev": "crit" } ], "first_seen": "2024-09-17" }, { "value": "giftserv.hopto.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1147", "title": "CISA KEV: CVE-2014-0502 \u2014 Adobe Flash Player Double Free Vulnerablity", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-17", "sev": "crit" } ], "first_seen": "2024-09-17" }, { "value": "ids.ns01.us", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1147", "title": "CISA KEV: CVE-2014-0502 \u2014 Adobe Flash Player Double Free Vulnerablity", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-17", "sev": "crit" } ], "first_seen": "2024-09-17" }, { "value": "java.ns1.name", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1147", "title": "CISA KEV: CVE-2014-0502 \u2014 Adobe Flash Player Double Free Vulnerablity", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-17", "sev": "crit" } ], "first_seen": "2024-09-17" }, { "value": "static.5ljob.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1147", "title": "CISA KEV: CVE-2014-0502 \u2014 Adobe Flash Player Double Free Vulnerablity", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-17", "sev": "crit" } ], "first_seen": "2024-09-17" }, { "value": "wmi.ns01.us", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1147", "title": "CISA KEV: CVE-2014-0502 \u2014 Adobe Flash Player Double Free Vulnerablity", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-17", "sev": "crit" } ], "first_seen": "2024-09-17" }, { "value": "103.246.246.103", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1147", "title": "CISA KEV: CVE-2014-0502 \u2014 Adobe Flash Player Double Free Vulnerablity", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-17", "sev": "crit" } ], "first_seen": "2024-09-17" }, { "value": "192.74.246.219", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1147", "title": "CISA KEV: CVE-2014-0502 \u2014 Adobe Flash Player Double Free Vulnerablity", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-17", "sev": "crit" } ], "first_seen": "2024-09-17" }, { "value": "194.183.224.75", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1147", "title": "CISA KEV: CVE-2014-0502 \u2014 Adobe Flash Player Double Free Vulnerablity", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-17", "sev": "crit" } ], "first_seen": "2024-09-17" }, { "value": "74.126.177.68", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1147", "title": "CISA KEV: CVE-2014-0502 \u2014 Adobe Flash Player Double Free Vulnerablity", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-17", "sev": "crit" } ], "first_seen": "2024-09-17" }, { "value": "9d4a89cdefc71e9bfadc7566d2d9d9d2bdf7dc2847df4fcbf01e0a342ab5eead", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1147", "title": "CISA KEV: CVE-2014-0502 \u2014 Adobe Flash Player Double Free Vulnerablity", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-17", "sev": "crit" } ], "first_seen": "2024-09-17" }, { "value": "CVE-2024-6670", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1151", "title": "CISA KEV: CVE-2024-6670 \u2014 Progress WhatsUp Gold SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-16", "sev": "crit" } ], "first_seen": "2024-09-16" }, { "value": "CVE-2024-6671", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1151", "title": "CISA KEV: CVE-2024-6670 \u2014 Progress WhatsUp Gold SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-16", "sev": "crit" } ], "first_seen": "2024-09-16" }, { "value": "8c69830a50fb85d8a794fa46643493b2", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1151", "title": "CISA KEV: CVE-2024-6670 \u2014 Progress WhatsUp Gold SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-16", "sev": "crit" } ], "first_seen": "2024-09-16" }, { "value": "bbcf7a68f4164a9f5f5cb2d9f30d9790", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1151", "title": "CISA KEV: CVE-2024-6670 \u2014 Progress WhatsUp Gold SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-16", "sev": "crit" } ], "first_seen": "2024-09-16" }, { "value": "c67b03c0a91eaefffd2f2c79b5c26a2648b8d3c19a22cadf35453455ff08ead0", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1151", "title": "CISA KEV: CVE-2024-6670 \u2014 Progress WhatsUp Gold SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-16", "sev": "crit" } ], "first_seen": "2024-09-16" }, { "value": "6edd7b3123de985846a805931ca8ee5f5f7ed7b160144aa0e066967bc7c0423a", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1153", "title": "CISA KEV: CVE-2024-8190 \u2014 Ivanti Cloud Services Appliance OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-13", "sev": "crit" } ], "first_seen": "2024-09-13" }, { "value": "CVE-2024-38014", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1155", "title": "CISA KEV: CVE-2024-38014 \u2014 Microsoft Windows Installer Improper Privilege Management Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-10", "sev": "crit" } ], "first_seen": "2024-09-10" }, { "value": "CVE-2024-38217", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1154", "title": "CISA KEV: CVE-2024-38217 \u2014 Microsoft Windows Mark of the Web (MOTW) Protection Mechanism Failure Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-10", "sev": "crit" } ], "first_seen": "2024-09-10" }, { "value": "11dadc71018027c7e005a70c306532e5ea7abdc389964cbc85cf3b79f97f6b44", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1154", "title": "CISA KEV: CVE-2024-38217 \u2014 Microsoft Windows Mark of the Web (MOTW) Protection Mechanism Failure Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-10", "sev": "crit" } ], "first_seen": "2024-09-10" }, { "value": "4e213bd0a127f1bb24c4c0d971c2727097b04eed9c6e62a57110d168ccc3ba10", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1154", "title": "CISA KEV: CVE-2024-38217 \u2014 Microsoft Windows Mark of the Web (MOTW) Protection Mechanism Failure Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-10", "sev": "crit" } ], "first_seen": "2024-09-10" }, { "value": "ba35b8b4346b79b8bb4f97360025cb6befaf501b03149a3b5fef8f07bdf265c7", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1154", "title": "CISA KEV: CVE-2024-38217 \u2014 Microsoft Windows Mark of the Web (MOTW) Protection Mechanism Failure Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-10", "sev": "crit" } ], "first_seen": "2024-09-10" }, { "value": "CVE-2016-3714", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1159", "title": "CISA KEV: CVE-2016-3714 \u2014 ImageMagick Improper Input Validation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-09", "sev": "crit" } ], "first_seen": "2024-09-09" }, { "value": "CVE-2017-1000253", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1158", "title": "CISA KEV: CVE-2017-1000253 \u2014 Linux Kernel PIE Stack Buffer Corruption Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-09", "sev": "crit" } ], "first_seen": "2024-09-09" }, { "value": "104.194.11.34", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1157", "title": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-09", "sev": "crit" } ], "first_seen": "2024-09-09" }, { "value": "107.155.93.154", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1157", "title": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-09", "sev": "crit" } ], "first_seen": "2024-09-09" }, { "value": "107.175.102.58", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1157", "title": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-09", "sev": "crit" } ], "first_seen": "2024-09-09" }, { "value": "144.168.41.74", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1157", "title": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-09", "sev": "crit" } ], "first_seen": "2024-09-09" }, { "value": "155.117.117.34", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1157", "title": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-09", "sev": "crit" } ], "first_seen": "2024-09-09" }, { "value": "162.210.196.101", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1157", "title": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-09", "sev": "crit" } ], "first_seen": "2024-09-09" }, { "value": "185.174.100.199", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1157", "title": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-09", "sev": "crit" } ], "first_seen": "2024-09-09" }, { "value": "185.181.230.108", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1157", "title": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-09", "sev": "crit" } ], "first_seen": "2024-09-09" }, { "value": "185.33.86.2", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1157", "title": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-09", "sev": "crit" } ], "first_seen": "2024-09-09" }, { "value": "193.163.194.7", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1157", "title": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-09", "sev": "crit" } ], "first_seen": "2024-09-09" }, { "value": "193.239.236.149", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1157", "title": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-09", "sev": "crit" } ], "first_seen": "2024-09-09" }, { "value": "193.29.63.226", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1157", "title": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-09", "sev": "crit" } ], "first_seen": "2024-09-09" }, { "value": "194.33.45.194", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1157", "title": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-09", "sev": "crit" } ], "first_seen": "2024-09-09" }, { "value": "206.168.190.143", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1157", "title": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-09", "sev": "crit" } ], "first_seen": "2024-09-09" }, { "value": "207.188.6.17", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1157", "title": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-09", "sev": "crit" } ], "first_seen": "2024-09-09" }, { "value": "23.94.54.125", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1157", "title": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-09", "sev": "crit" } ], "first_seen": "2024-09-09" }, { "value": "31.222.247.64", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1157", "title": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-09", "sev": "crit" } ], "first_seen": "2024-09-09" }, { "value": "38.114.123.167", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1157", "title": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-09", "sev": "crit" } ], "first_seen": "2024-09-09" }, { "value": "38.114.123.229", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1157", "title": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-09", "sev": "crit" } ], "first_seen": "2024-09-09" }, { "value": "45.55.76.210", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1157", "title": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-09", "sev": "crit" } ], "first_seen": "2024-09-09" }, { "value": "45.56.163.58", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1157", "title": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-09", "sev": "crit" } ], "first_seen": "2024-09-09" }, { "value": "45.66.249.93", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1157", "title": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-09", "sev": "crit" } ], "first_seen": "2024-09-09" }, { "value": "62.76.147.106", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1157", "title": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-09", "sev": "crit" } ], "first_seen": "2024-09-09" }, { "value": "77.247.126.239", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1157", "title": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-09", "sev": "crit" } ], "first_seen": "2024-09-09" }, { "value": "79.141.160.33", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1157", "title": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-09", "sev": "crit" } ], "first_seen": "2024-09-09" }, { "value": "79.141.173.235", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1157", "title": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-09", "sev": "crit" } ], "first_seen": "2024-09-09" }, { "value": "83.229.17.123", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1157", "title": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-09", "sev": "crit" } ], "first_seen": "2024-09-09" }, { "value": "83.229.17.135", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1157", "title": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-09", "sev": "crit" } ], "first_seen": "2024-09-09" }, { "value": "83.229.17.148", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1157", "title": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-09", "sev": "crit" } ], "first_seen": "2024-09-09" }, { "value": "91.191.214.170", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1157", "title": "CISA KEV: CVE-2024-40766 \u2014 SonicWall SonicOS Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-09", "sev": "crit" } ], "first_seen": "2024-09-09" }, { "value": "CVE-2023-0568", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1160", "title": "What you should know about PHP code security", "link": "https://snyk.io/blog/php-code-security/", "published": "2024-09-04", "sev": "high" } ], "first_seen": "2024-09-04" }, { "value": "CVE-2023-0662", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1160", "title": "What you should know about PHP code security", "link": "https://snyk.io/blog/php-code-security/", "published": "2024-09-04", "sev": "high" } ], "first_seen": "2024-09-04" }, { "value": "CVE-2023-3823", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1160", "title": "What you should know about PHP code security", "link": "https://snyk.io/blog/php-code-security/", "published": "2024-09-04", "sev": "high" } ], "first_seen": "2024-09-04" }, { "value": "CVE-2021-20124", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1164", "title": "CISA KEV: CVE-2021-20124 \u2014 Draytek VigorConnect Path Traversal Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-03", "sev": "crit" } ], "first_seen": "2024-09-03" }, { "value": "CVE-2024-7262", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1163", "title": "CISA KEV: CVE-2024-7262 \u2014 Kingsoft WPS Office Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-03", "sev": "crit" } ], "first_seen": "2024-09-03" }, { "value": "CVE-2024-7263", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1163", "title": "CISA KEV: CVE-2024-7262 \u2014 Kingsoft WPS Office Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-03", "sev": "crit" } ], "first_seen": "2024-09-03" }, { "value": "rammenale.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1163", "title": "CISA KEV: CVE-2024-7262 \u2014 Kingsoft WPS Office Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-03", "sev": "crit" } ], "first_seen": "2024-09-03" }, { "value": "131.153.206.231", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1163", "title": "CISA KEV: CVE-2024-7262 \u2014 Kingsoft WPS Office Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-03", "sev": "crit" } ], "first_seen": "2024-09-03" }, { "value": "162.222.214.48", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1163", "title": "CISA KEV: CVE-2024-7262 \u2014 Kingsoft WPS Office Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-03", "sev": "crit" } ], "first_seen": "2024-09-03" }, { "value": "9f88234068d7abad65979eb1df63efb5", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1163", "title": "CISA KEV: CVE-2024-7262 \u2014 Kingsoft WPS Office Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-03", "sev": "crit" } ], "first_seen": "2024-09-03" }, { "value": "b14ef85a60ac71c669cc960bdf580144", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1163", "title": "CISA KEV: CVE-2024-7262 \u2014 Kingsoft WPS Office Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-03", "sev": "crit" } ], "first_seen": "2024-09-03" }, { "value": "08906644b0ef1ee6478c45a6e0dd28533a9efc29", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1163", "title": "CISA KEV: CVE-2024-7262 \u2014 Kingsoft WPS Office Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-03", "sev": "crit" } ], "first_seen": "2024-09-03" }, { "value": "7509b4c506c01627c1a4c396161d07277f044ac6", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1163", "title": "CISA KEV: CVE-2024-7262 \u2014 Kingsoft WPS Office Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-03", "sev": "crit" } ], "first_seen": "2024-09-03" }, { "value": "6174276f94219bc386bdc628ca18eaec261998b7bd03077562fe93c268b42446", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1163", "title": "CISA KEV: CVE-2024-7262 \u2014 Kingsoft WPS Office Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-03", "sev": "crit" } ], "first_seen": "2024-09-03" }, { "value": "861911e953e6fd0a015b3a91a7528a388a535c83f4b9a5cf7366b8209d2f00c3", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1163", "title": "CISA KEV: CVE-2024-7262 \u2014 Kingsoft WPS Office Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-09-03", "sev": "crit" } ], "first_seen": "2024-09-03" }, { "value": "CVE-2022-22965", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1165", "title": "The persistent threat: Why major vulnerabilities like Log4Shell and Spring4Shell remain significant", "link": "https://snyk.io/blog/log4shell-spring4shell-threat/", "published": "2024-08-29", "sev": "high" } ], "first_seen": "2024-08-29" }, { "value": "CVE-2024-7965", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1166", "title": "CISA KEV: CVE-2024-7965 \u2014 Google Chromium V8 Inappropriate Implementation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-28", "sev": "crit" } ], "first_seen": "2024-08-28" }, { "value": "CVE-2024-32113", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1168", "title": "CISA KEV: CVE-2024-38856 \u2014 Apache OFBiz Incorrect Authorization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-27", "sev": "crit" }, { "id": "art-1189", "title": "CISA KEV: CVE-2024-32113 \u2014 Apache OFBiz Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-07", "sev": "crit" } ], "first_seen": "2024-08-27" }, { "value": "CVE-2024-36104", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1168", "title": "CISA KEV: CVE-2024-38856 \u2014 Apache OFBiz Incorrect Authorization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-27", "sev": "crit" } ], "first_seen": "2024-08-27" }, { "value": "CVE-2024-38856", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1168", "title": "CISA KEV: CVE-2024-38856 \u2014 Apache OFBiz Incorrect Authorization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-27", "sev": "crit" } ], "first_seen": "2024-08-27" }, { "value": "CVE-2024-21338", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1171", "title": "CISA KEV: CVE-2024-7971 \u2014 Google Chromium V8 Type Confusion Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-26", "sev": "crit" }, { "id": "art-1184", "title": "CISA KEV: CVE-2024-38193 \u2014 Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-13", "sev": "crit" } ], "first_seen": "2024-08-26" }, { "value": "CVE-2024-38106", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1171", "title": "CISA KEV: CVE-2024-7971 \u2014 Google Chromium V8 Type Confusion Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-26", "sev": "crit" } ], "first_seen": "2024-08-26" }, { "value": "CVE-2024-38193", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1171", "title": "CISA KEV: CVE-2024-7971 \u2014 Google Chromium V8 Type Confusion Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-26", "sev": "crit" }, { "id": "art-1184", "title": "CISA KEV: CVE-2024-38193 \u2014 Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-13", "sev": "crit" } ], "first_seen": "2024-08-26" }, { "value": "CVE-2024-7971", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1171", "title": "CISA KEV: CVE-2024-7971 \u2014 Google Chromium V8 Type Confusion Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-26", "sev": "crit" } ], "first_seen": "2024-08-26" }, { "value": "voyagorclub.space", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1171", "title": "CISA KEV: CVE-2024-7971 \u2014 Google Chromium V8 Type Confusion Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-26", "sev": "crit" } ], "first_seen": "2024-08-26" }, { "value": "weinsteinfrog.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1171", "title": "CISA KEV: CVE-2024-7971 \u2014 Google Chromium V8 Type Confusion Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-26", "sev": "crit" } ], "first_seen": "2024-08-26" }, { "value": "CVE-2024-39717", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1172", "title": "CISA KEV: CVE-2024-39717 \u2014 Versa Director Dangerous File Type Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-23", "sev": "crit" } ], "first_seen": "2024-08-23" }, { "value": "4bcedac20a75e8f8833f4725adfc87577c32990c3783bf6c743f14599a176c37", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1172", "title": "CISA KEV: CVE-2024-39717 \u2014 Versa Director Dangerous File Type Upload Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-23", "sev": "crit" } ], "first_seen": "2024-08-23" }, { "value": "CVE-2021-31196", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1174", "title": "CISA KEV: CVE-2021-31196 \u2014 Microsoft Exchange Server Information Disclosure Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-21", "sev": "crit" } ], "first_seen": "2024-08-21" }, { "value": "CVE-2021-33045", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1176", "title": "CISA KEV: CVE-2021-33045 \u2014 Dahua IP Camera Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-21", "sev": "crit" } ], "first_seen": "2024-08-21" }, { "value": "CVE-2022-0185", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1175", "title": "CISA KEV: CVE-2022-0185 \u2014 Linux Kernel Heap-Based Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-21", "sev": "crit" } ], "first_seen": "2024-08-21" }, { "value": "CVE-2024-23897", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1177", "title": "CISA KEV: CVE-2024-23897 \u2014 Jenkins Command Line Interface (CLI) Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-19", "sev": "crit" } ], "first_seen": "2024-08-19" }, { "value": "CVE-2024-28986", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1179", "title": "CISA KEV: CVE-2024-28986 \u2014 SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-15", "sev": "crit" } ], "first_seen": "2024-08-15" }, { "value": "CVE-2020-1380", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1186", "title": "CISA KEV: CVE-2024-38178 \u2014 Microsoft Windows Scripting Engine Memory Corruption Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-13", "sev": "crit" } ], "first_seen": "2024-08-13" }, { "value": "CVE-2022-41128", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1186", "title": "CISA KEV: CVE-2024-38178 \u2014 Microsoft Windows Scripting Engine Memory Corruption Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-13", "sev": "crit" } ], "first_seen": "2024-08-13" }, { "value": "CVE-2023-36025", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1185", "title": "CISA KEV: CVE-2024-38213 \u2014 Microsoft Windows SmartScreen Security Feature Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-13", "sev": "crit" } ], "first_seen": "2024-08-13" }, { "value": "CVE-2024-21412", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1185", "title": "CISA KEV: CVE-2024-38213 \u2014 Microsoft Windows SmartScreen Security Feature Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-13", "sev": "crit" } ], "first_seen": "2024-08-13" }, { "value": "CVE-2024-29988", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1185", "title": "CISA KEV: CVE-2024-38213 \u2014 Microsoft Windows SmartScreen Security Feature Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-13", "sev": "crit" } ], "first_seen": "2024-08-13" }, { "value": "CVE-2024-38107", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1183", "title": "CISA KEV: CVE-2024-38107 \u2014 Microsoft Windows Power Dependency Coordinator Privilege Escalation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-13", "sev": "crit" } ], "first_seen": "2024-08-13" }, { "value": "CVE-2024-38178", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1186", "title": "CISA KEV: CVE-2024-38178 \u2014 Microsoft Windows Scripting Engine Memory Corruption Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-13", "sev": "crit" } ], "first_seen": "2024-08-13" }, { "value": "CVE-2024-38189", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1187", "title": "CISA KEV: CVE-2024-38189 \u2014 Microsoft Project Remote Code Execution Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-13", "sev": "crit" } ], "first_seen": "2024-08-13" }, { "value": "CVE-2024-38213", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1185", "title": "CISA KEV: CVE-2024-38213 \u2014 Microsoft Windows SmartScreen Security Feature Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-13", "sev": "crit" } ], "first_seen": "2024-08-13" }, { "value": "e11bb2478930d0b5f6c473464f2a2b6e", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1186", "title": "CISA KEV: CVE-2024-38178 \u2014 Microsoft Windows Scripting Engine Memory Corruption Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-13", "sev": "crit" } ], "first_seen": "2024-08-13" }, { "value": "1277b7f12af65d3590f7e06672413698255214dfab3bdf7668d5846577c00368", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1185", "title": "CISA KEV: CVE-2024-38213 \u2014 Microsoft Windows SmartScreen Security Feature Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-13", "sev": "crit" } ], "first_seen": "2024-08-13" }, { "value": "49bef5b4b64221297f90380092f6eba6014d81f6f517e82e42f4906087b20d19", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1185", "title": "CISA KEV: CVE-2024-38213 \u2014 Microsoft Windows SmartScreen Security Feature Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-13", "sev": "crit" } ], "first_seen": "2024-08-13" }, { "value": "736092b71a9686fde43d3c4abd941a6774721b90b17d946c9d05af19c84df0a4", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1186", "title": "CISA KEV: CVE-2024-38178 \u2014 Microsoft Windows Scripting Engine Memory Corruption Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-13", "sev": "crit" } ], "first_seen": "2024-08-13" }, { "value": "bb2f8dff11bd99bcfbc0544d29a5e690701fc242c8188e68192371768bec6f7d", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1185", "title": "CISA KEV: CVE-2024-38213 \u2014 Microsoft Windows SmartScreen Security Feature Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-13", "sev": "crit" } ], "first_seen": "2024-08-13" }, { "value": "CVE-2024-36971", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1190", "title": "CISA KEV: CVE-2024-36971 \u2014 Android Kernel Remote Code Execution Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-07", "sev": "crit" } ], "first_seen": "2024-08-07" }, { "value": "CVE-2018-0824", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1193", "title": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-05", "sev": "crit" } ], "first_seen": "2024-08-05" }, { "value": "w2.chatgptsfit.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1193", "title": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-05", "sev": "crit" } ], "first_seen": "2024-08-05" }, { "value": "103.56.114.69", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1193", "title": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-05", "sev": "crit" } ], "first_seen": "2024-08-05" }, { "value": "103.96.131.84", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1193", "title": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-05", "sev": "crit" } ], "first_seen": "2024-08-05" }, { "value": "45.85.76.10", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1193", "title": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-05", "sev": "crit" } ], "first_seen": "2024-08-05" }, { "value": "45.85.76.18", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1193", "title": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-05", "sev": "crit" } ], "first_seen": "2024-08-05" }, { "value": "58.64.204.145", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1193", "title": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-05", "sev": "crit" } ], "first_seen": "2024-08-05" }, { "value": "027443e516eabfc15ebf76a954c2c61e", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1193", "title": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-05", "sev": "crit" } ], "first_seen": "2024-08-05" }, { "value": "1647a2c92fc799bd83b0ee33c98ad187", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1193", "title": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-05", "sev": "crit" } ], "first_seen": "2024-08-05" }, { "value": "2c66bf055c6349408bf00ec3925cb678", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1193", "title": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-05", "sev": "crit" } ], "first_seen": "2024-08-05" }, { "value": "549d5b936e77f1067feb4e395f6f7b61", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1193", "title": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-05", "sev": "crit" } ], "first_seen": "2024-08-05" }, { "value": "623ac8801fb147ddc30c563f743441e0", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1193", "title": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-05", "sev": "crit" } ], "first_seen": "2024-08-05" }, { "value": "9ccb2f877777f3db8b1cb58440168ebd", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1193", "title": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-05", "sev": "crit" } ], "first_seen": "2024-08-05" }, { "value": "b39d28b5dc1770ece081b96a561511a0", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1193", "title": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-05", "sev": "crit" } ], "first_seen": "2024-08-05" }, { "value": "ccdcad8c74aac5c706cbad7e7ce085d1", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1193", "title": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-05", "sev": "crit" } ], "first_seen": "2024-08-05" }, { "value": "03501f7b4f398c682d1de2dc0c503e17f0212afe", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1193", "title": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-05", "sev": "crit" } ], "first_seen": "2024-08-05" }, { "value": "2634e0eec33e7fbf734f1a13b023ab8952fe6f03", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1193", "title": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-05", "sev": "crit" } ], "first_seen": "2024-08-05" }, { "value": "2adc28beb14583064d63819b3619794d58734d69", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1193", "title": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-05", "sev": "crit" } ], "first_seen": "2024-08-05" }, { "value": "4826fe7edbbfe546253c168e0f652e1500bb70bc", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1193", "title": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-05", "sev": "crit" } ], "first_seen": "2024-08-05" }, { "value": "884c36c7f146a4ac8941b8227a150daaf9b95dc7", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1193", "title": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-05", "sev": "crit" } ], "first_seen": "2024-08-05" }, { "value": "d594fb3a164a8adc678086c52d2422e7c9272ebe", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1193", "title": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-05", "sev": "crit" } ], "first_seen": "2024-08-05" }, { "value": "d8d7922a550db6afd661b74eaa97c8f59c76cf21", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1193", "title": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-05", "sev": "crit" } ], "first_seen": "2024-08-05" }, { "value": "f6aae5d8deaa50cbec0503e8219ea5ba0f26db8b", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1193", "title": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-05", "sev": "crit" } ], "first_seen": "2024-08-05" }, { "value": "087c475a1b5b36b7939f5ff12dc711ba591dd2c4227ccaa28d322425ef4d0d4c", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1193", "title": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-05", "sev": "crit" } ], "first_seen": "2024-08-05" }, { "value": "0ff80e4db32d1d45a0c2afdfd7a1be961c0fbd9d43613a22a989f9024cc1b1e9", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1193", "title": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-05", "sev": "crit" } ], "first_seen": "2024-08-05" }, { "value": "2149d481b863bec2240ffb64c68f7fb437458885c903a7b0c21aa44f88a69d86", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1193", "title": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-05", "sev": "crit" } ], "first_seen": "2024-08-05" }, { "value": "2e46fcadacfe9e2a63cfc18d95d5870de8b3414462bf14ba9e7c517678f235c9", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1193", "title": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-05", "sev": "crit" } ], "first_seen": "2024-08-05" }, { "value": "386eb7aa33c76ce671d6685f79512597f1fab28ea46c8ec7d89e58340081e2bd", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1193", "title": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-05", "sev": "crit" } ], "first_seen": "2024-08-05" }, { "value": "756ceb563d9283df1fd03252aee9e9621cd2cc7ddb45f596e16660fed1dd6442", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1193", "title": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-05", "sev": "crit" } ], "first_seen": "2024-08-05" }, { "value": "9dc827fb1c2e3c12ee39aa5ccf3b31f64051e0cdda9d2ac54caee6b235f52640", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1193", "title": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-05", "sev": "crit" } ], "first_seen": "2024-08-05" }, { "value": "abb2fe1f67a48b931258e47531884ca5502cec73996e686ca82eeba536258f67", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1193", "title": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-05", "sev": "crit" } ], "first_seen": "2024-08-05" }, { "value": "eba3138d0f3d2385b55b08d8886b1018834d194440691d33d612402ba8a11d28", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1193", "title": "CISA KEV: CVE-2018-0824 \u2014 Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-08-05", "sev": "crit" } ], "first_seen": "2024-08-05" }, { "value": "CVE-2024-24762", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-1195", "title": "A denial of service Regex breaks FastAPI security", "link": "https://snyk.io/blog/dos-regex-breaks-fastapi-security/", "published": "2024-07-31", "sev": "crit" } ], "first_seen": "2024-07-31" }, { "value": "CVE-2023-28252", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1197", "title": "CISA KEV: CVE-2024-37085 \u2014 VMware ESXi Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-30", "sev": "crit" } ], "first_seen": "2024-07-30" }, { "value": "CVE-2024-37085", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1197", "title": "CISA KEV: CVE-2024-37085 \u2014 VMware ESXi Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-30", "sev": "crit" } ], "first_seen": "2024-07-30" }, { "value": "CVE-2023-45249", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1198", "title": "CISA KEV: CVE-2023-45249 \u2014 Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-29", "sev": "crit" } ], "first_seen": "2024-07-29" }, { "value": "CVE-2024-4879", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1199", "title": "CISA KEV: CVE-2024-5217 \u2014 ServiceNow Incomplete List of Disallowed Inputs Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-29", "sev": "crit" }, { "id": "art-1200", "title": "CISA KEV: CVE-2024-4879 \u2014 ServiceNow Improper Input Validation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-29", "sev": "crit" } ], "first_seen": "2024-07-29" }, { "value": "CVE-2024-5178", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1199", "title": "CISA KEV: CVE-2024-5217 \u2014 ServiceNow Incomplete List of Disallowed Inputs Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-29", "sev": "crit" }, { "id": "art-1200", "title": "CISA KEV: CVE-2024-4879 \u2014 ServiceNow Improper Input Validation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-29", "sev": "crit" } ], "first_seen": "2024-07-29" }, { "value": "CVE-2024-5217", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1199", "title": "CISA KEV: CVE-2024-5217 \u2014 ServiceNow Incomplete List of Disallowed Inputs Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-29", "sev": "crit" }, { "id": "art-1200", "title": "CISA KEV: CVE-2024-4879 \u2014 ServiceNow Improper Input Validation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-29", "sev": "crit" } ], "first_seen": "2024-07-29" }, { "value": "CVE-2012-4792", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1202", "title": "CISA KEV: CVE-2012-4792 \u2014 Microsoft Internet Explorer Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-23", "sev": "crit" } ], "first_seen": "2024-07-23" }, { "value": "CVE-2024-39891", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1201", "title": "CISA KEV: CVE-2024-39891 \u2014 Twilio Authy Information Disclosure Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-23", "sev": "crit" } ], "first_seen": "2024-07-23" }, { "value": "48d56ec320ecf6c54a87a7540cf21340", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1202", "title": "CISA KEV: CVE-2012-4792 \u2014 Microsoft Internet Explorer Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-23", "sev": "crit" } ], "first_seen": "2024-07-23" }, { "value": "2b9f1a858bb8cc18dc1e2184a872c183c327d3d4", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1202", "title": "CISA KEV: CVE-2012-4792 \u2014 Microsoft Internet Explorer Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-23", "sev": "crit" } ], "first_seen": "2024-07-23" }, { "value": "ac335a4894485859d2cfd24b816f6929831c1e844164ceb2f90cbab5fa671965", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1202", "title": "CISA KEV: CVE-2012-4792 \u2014 Microsoft Internet Explorer Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-23", "sev": "crit" } ], "first_seen": "2024-07-23" }, { "value": "CVE-2022-22948", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1206", "title": "CISA KEV: CVE-2022-22948 \u2014 VMware vCenter Server Incorrect Default File Permissions Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "CVE-2023-20867", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1206", "title": "CISA KEV: CVE-2022-22948 \u2014 VMware vCenter Server Incorrect Default File Permissions Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "CVE-2024-28995", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1207", "title": "CISA KEV: CVE-2024-28995 \u2014 SolarWinds Serv-U Path Traversal Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "CVE-2024-2961", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "CVE-2024-34102", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "analytisgroup.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "analytisweb.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "bingforce.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "bystats.io", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "cdnstatics.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "chartismart.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "codecarawan.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "creativeslim.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "creatls.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "desynlabtech.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "easttrack.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "foptimize.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "gearplace.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "getstylify.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "graphiqsw.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "happyllfe.online", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "horlzonhub.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "iconstaff.top", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "infiniboosts.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "jquerypackageus.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "jstatic201.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "marketiqhub.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "novastraem.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "quantunnquest.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "radlantroots.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "sellerstat.site", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "sellifypro.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "statspots.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "techtnee.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "trendgurupro.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "104.36.229.32", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "106.14.40.200", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "120.245.64.189", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1207", "title": "CISA KEV: CVE-2024-28995 \u2014 SolarWinds Serv-U Path Traversal Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "141.98.81.24", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "141.98.82.3", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "146.190.165.100", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "15.204.207.175", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "157.230.230.193", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "159.223.136.255", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "172.104.28.240", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "173.255.242.28", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "184.31.15.39", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "184.31.15.70", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "185.175.225.116", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "185.193.126.86", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "185.196.10.2", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1207", "title": "CISA KEV: CVE-2024-28995 \u2014 SolarWinds Serv-U Path Traversal Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "193.233.128.167", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "193.233.129.150", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "193.233.130.84", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "193.233.216.201", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "193.233.217.12", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "217.182.199.126", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "221.4.215.215", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1207", "title": "CISA KEV: CVE-2024-28995 \u2014 SolarWinds Serv-U Path Traversal Vulnerability ", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "31.134.11.12", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "31.134.11.69", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "31.134.13.106", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "37.9.41.91", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "37.9.42.158", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "85.239.43.38", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "89.110.84.168", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "91.92.243.104", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "91.92.247.205", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "92.112.184.102", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1208", "title": "CISA KEV: CVE-2024-34102 \u2014 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-17", "sev": "crit" } ], "first_seen": "2024-07-17" }, { "value": "CVE-2016-5195", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "CVE-2024-36401", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "1.download765.online", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "9527527.xyz", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "bots.gxz.me", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "gsdasdfadfs.9527527.xyz", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "oss.17ww.vip", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "repositorylinux.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "sdfasdfsf.9527527.xyz", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "secure.systemupdatecdn.de", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "trcpay.xyz", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "112.133.194.254", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "181.214.58.14", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "188.214.27.50", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "209.146.124.181", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "47.253.46.11", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "95.85.93.196", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "1588bee7db42495ba7e6e34d217e6b82c5ab93f27c1eea68435cbb9e7792f9be", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "1af8e068aa7377f0055640af581a412aa9d7288c912a93dd0d739657af0079fb", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "20d97f144bf7b1662a13ac537715126b9b2f68eff46a4a09234743ae236f0177", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "3c73ebc7a85accc65c9ee5bf151f70b990e5a12f27a843ca21c0f9d9a10fd17d", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "50b7e615b8cdc45486b6ed1c1c081c7a92c262edb84318fa864531dcab753f82", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "53994a35a57970dea48e97009f65ad045b69a83234b771b106446211376a6866", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "5cc7e35254347f705422800bfb7fe29c6002e2537f6bac0ff996a720dfb5f48e", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "7194ec436231c2a383ffc7c75eef4f5b5a952c18fa176ffd0830667835a80533", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "79c9532fb6ef2742e207498bfe2b2ee09aa9773376ac0e56085083aab17b98be", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "83fb74bb852bbd722e6ebc4e249e49cb4bb4194493a26d62d4bfcdfca2998412", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "8d3440301bc94ed83cdafb69e4b0166d3a0020eb4f38e9fa159c2f13f14b2d29", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "96cf27a66b629d2b19708c6887441a8422b40dc0e9e7c5c0f2212efe0b6b3323", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "994b924b00fb56e12a6a987c4cdf65dd05a221c47b5fc0a7a2babf1f05c2ed38", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "9bf642a7e14f0a0b0a784f00a0d1cf590ac60ae5ae378d29d435519f4d9dbf2b", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "a13a979f4ca57450528bb6cd7aa2bf47d2eea211053eb1a14b8c4a44fd661831", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "a9e7b5284182d3881c865895ee6e0fb03273eec3dcbf4bfc82dd2b069245beae", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "addccd0ecb643251af2e79e878b19a8e9c8f1c87302e732ef057cdba821f4b30", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "b3a015b6650ec9800fa878ff9a5f732013806c8dcb0e7069515dae0dd380fda4", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "b60d7fb66caf103a04e81fb89dbb05111b4b0ef513f3769c8e0a8106ab01a075", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "b67ab1b9b66fdc2c4ed1689698a54a347c2bdd6eaff87039ae337675243670d8", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "b80e9466b7bb42959c29546b8c052e67fcaa0f591857617457d5d28348bd8860", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "c226744b40e8f5d2cf95b4fb2537ff00e222ecc2d24c5096ecfadb14b4a47f97", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "c3101b0b74d76a95ba91b6cc4945657e928d2dac8fdf926ffbf09031d46e9186", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "d9dfe98b5fba09e17dbe29dfeb8deb7d777d4a3b0d670914691ed360b916116a", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "d9e8b390f8e2e8a6c2308c723a6a812f59c055ecad4e9098a120e5c4c65d3905", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "e8b0f5a952f07c83c4d67809ac0715c7164d518323d8038542e84aab8456db43", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "f3d3572ef96c9c59e137425ca6804e1b86b7f8b57210a3724d567017460774de", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "f7b97677b6387c1f02d429e98868bf6973a8dec14dfee2516a27e885d6b1c780", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "fabbb4611fb9df5d8f208d9353be0b73c3942fe78903da096cbfe2f47c9e3566", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1209", "title": "CISA KEV: CVE-2024-36401 \u2014 OSGeo GeoServer GeoTools Eval Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-15", "sev": "crit" } ], "first_seen": "2024-07-15" }, { "value": "CVE-2024-23692", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1213", "title": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-09", "sev": "crit" } ], "first_seen": "2024-07-09" }, { "value": "CVE-2024-38080", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1214", "title": "CISA KEV: CVE-2024-38080 \u2014 Microsoft Windows Hyper-V Privilege Escalation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-09", "sev": "crit" } ], "first_seen": "2024-07-09" }, { "value": "support.firewallsupportservers.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1213", "title": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-09", "sev": "crit" } ], "first_seen": "2024-07-09" }, { "value": "121.204.249.123", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1213", "title": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-09", "sev": "crit" } ], "first_seen": "2024-07-09" }, { "value": "154.201.87.185", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1213", "title": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-09", "sev": "crit" } ], "first_seen": "2024-07-09" }, { "value": "164.155.205.99", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1213", "title": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-09", "sev": "crit" } ], "first_seen": "2024-07-09" }, { "value": "185.173.93.167", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1213", "title": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-09", "sev": "crit" } ], "first_seen": "2024-07-09" }, { "value": "188.116.22.65", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1213", "title": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-09", "sev": "crit" } ], "first_seen": "2024-07-09" }, { "value": "4383b1ea54a59d27e5e6b3122b3dadb2", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1213", "title": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-09", "sev": "crit" } ], "first_seen": "2024-07-09" }, { "value": "6adaeb6543955559c05a9de8f92d1e1d", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1213", "title": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-09", "sev": "crit" } ], "first_seen": "2024-07-09" }, { "value": "77970a04551636cc409e90d39bbea931", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1213", "title": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-09", "sev": "crit" } ], "first_seen": "2024-07-09" }, { "value": "8f0071027d513867feb3eb8943ccaf05", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1213", "title": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-09", "sev": "crit" } ], "first_seen": "2024-07-09" }, { "value": "ce7dc5df5568a79affa540aa86b24773", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1213", "title": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-09", "sev": "crit" } ], "first_seen": "2024-07-09" }, { "value": "084b7e9e001bcfd1f2ad8adb6f39d08e5aadae4b", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1213", "title": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-09", "sev": "crit" } ], "first_seen": "2024-07-09" }, { "value": "0e267e5ef7b91bf1ef7c8af40bd6fd7f8330ea36", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1213", "title": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-09", "sev": "crit" } ], "first_seen": "2024-07-09" }, { "value": "0ed613fc7f6f592098ff679b321196274b814abd", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1213", "title": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-09", "sev": "crit" } ], "first_seen": "2024-07-09" }, { "value": "86f163a248e2a9eb2209881351029ce2bbcc5b58", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1213", "title": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-09", "sev": "crit" } ], "first_seen": "2024-07-09" }, { "value": "be42f6a567b193884333d0668b94f7635c08dc00", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1213", "title": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-09", "sev": "crit" } ], "first_seen": "2024-07-09" }, { "value": "0af21e5bdeaf84c33c172a1170987cca478c2b3e13a3de5653f724f36e278ee4", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1213", "title": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-09", "sev": "crit" } ], "first_seen": "2024-07-09" }, { "value": "29b27b5757f1503d348acef5201f65ce6726fdc5c3e84c8ee87c2c933cb41066", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1213", "title": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-09", "sev": "crit" } ], "first_seen": "2024-07-09" }, { "value": "5d37696feee100ac78d5221669f96b006c851f54c1f36f44fab2e6b71c6498b1", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1213", "title": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-09", "sev": "crit" } ], "first_seen": "2024-07-09" }, { "value": "69fe95d13e04c1e919980b8aa8e98e04e3c266d15589c074ae2bb8d9027d5a01", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1213", "title": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-09", "sev": "crit" } ], "first_seen": "2024-07-09" }, { "value": "cbb265cfae15aa0f39bc67447aa82fc3ac40be6f9239a111e21e1532295eb4ed", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1213", "title": "CISA KEV: CVE-2024-23692 \u2014 Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-07-09", "sev": "crit" } ], "first_seen": "2024-07-09" }, { "value": "CVE-2020-13965", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1219", "title": "CISA KEV: CVE-2020-13965 \u2014 Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-06-26", "sev": "crit" } ], "first_seen": "2024-06-26" }, { "value": "CVE-2022-24816", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1221", "title": "CISA KEV: CVE-2022-24816 \u2014 OSGeo GeoServer JAI-EXT Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-06-26", "sev": "crit" } ], "first_seen": "2024-06-26" }, { "value": "CVE-2022-2586", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1220", "title": "CISA KEV: CVE-2022-2586 \u2014 Linux Kernel Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-06-26", "sev": "crit" } ], "first_seen": "2024-06-26" }, { "value": "CVE-2024-38526", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-1218", "title": "Polyfill supply chain attack embeds malware in JavaScript CDN assets", "link": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/", "published": "2024-06-26", "sev": "crit" } ], "first_seen": "2024-06-26" }, { "value": "5f52353c.u.fn03.vip", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-1218", "title": "Polyfill supply chain attack embeds malware in JavaScript CDN assets", "link": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/", "published": "2024-06-26", "sev": "crit" } ], "first_seen": "2024-06-26" }, { "value": "bootcdn.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-1218", "title": "Polyfill supply chain attack embeds malware in JavaScript CDN assets", "link": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/", "published": "2024-06-26", "sev": "crit" } ], "first_seen": "2024-06-26" }, { "value": "bootcss.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-1218", "title": "Polyfill supply chain attack embeds malware in JavaScript CDN assets", "link": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/", "published": "2024-06-26", "sev": "crit" } ], "first_seen": "2024-06-26" }, { "value": "cdn.polyfill.io", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-1218", "title": "Polyfill supply chain attack embeds malware in JavaScript CDN assets", "link": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/", "published": "2024-06-26", "sev": "crit" } ], "first_seen": "2024-06-26" }, { "value": "cdn.polyfill.io.bsclink.cn", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-1218", "title": "Polyfill supply chain attack embeds malware in JavaScript CDN assets", "link": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/", "published": "2024-06-26", "sev": "crit" } ], "first_seen": "2024-06-26" }, { "value": "googie-anaiytics.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-1218", "title": "Polyfill supply chain attack embeds malware in JavaScript CDN assets", "link": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/", "published": "2024-06-26", "sev": "crit" } ], "first_seen": "2024-06-26" }, { "value": "kuurza.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-1218", "title": "Polyfill supply chain attack embeds malware in JavaScript CDN assets", "link": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/", "published": "2024-06-26", "sev": "crit" } ], "first_seen": "2024-06-26" }, { "value": "newcrbpc.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-1218", "title": "Polyfill supply chain attack embeds malware in JavaScript CDN assets", "link": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/", "published": "2024-06-26", "sev": "crit" } ], "first_seen": "2024-06-26" }, { "value": "polyfill.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-1218", "title": "Polyfill supply chain attack embeds malware in JavaScript CDN assets", "link": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/", "published": "2024-06-26", "sev": "crit" } ], "first_seen": "2024-06-26" }, { "value": "polyfill.io", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-1218", "title": "Polyfill supply chain attack embeds malware in JavaScript CDN assets", "link": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/", "published": "2024-06-26", "sev": "crit" } ], "first_seen": "2024-06-26" }, { "value": "polyfill.io.bsclink.cn", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-1218", "title": "Polyfill supply chain attack embeds malware in JavaScript CDN assets", "link": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/", "published": "2024-06-26", "sev": "crit" } ], "first_seen": "2024-06-26" }, { "value": "polyfill.site", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-1218", "title": "Polyfill supply chain attack embeds malware in JavaScript CDN assets", "link": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/", "published": "2024-06-26", "sev": "crit" } ], "first_seen": "2024-06-26" }, { "value": "polyfillcache.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-1218", "title": "Polyfill supply chain attack embeds malware in JavaScript CDN assets", "link": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/", "published": "2024-06-26", "sev": "crit" } ], "first_seen": "2024-06-26" }, { "value": "staticfile.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-1218", "title": "Polyfill supply chain attack embeds malware in JavaScript CDN assets", "link": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/", "published": "2024-06-26", "sev": "crit" } ], "first_seen": "2024-06-26" }, { "value": "staticfile.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-1218", "title": "Polyfill supply chain attack embeds malware in JavaScript CDN assets", "link": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/", "published": "2024-06-26", "sev": "crit" } ], "first_seen": "2024-06-26" }, { "value": "union.macoms.la", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-1218", "title": "Polyfill supply chain attack embeds malware in JavaScript CDN assets", "link": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/", "published": "2024-06-26", "sev": "crit" } ], "first_seen": "2024-06-26" }, { "value": "unionadjs.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-1218", "title": "Polyfill supply chain attack embeds malware in JavaScript CDN assets", "link": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/", "published": "2024-06-26", "sev": "crit" } ], "first_seen": "2024-06-26" }, { "value": "w9.vty70.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-1218", "title": "Polyfill supply chain attack embeds malware in JavaScript CDN assets", "link": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/", "published": "2024-06-26", "sev": "crit" } ], "first_seen": "2024-06-26" }, { "value": "wildcard.polyfill.io.bsclink.cn", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-1218", "title": "Polyfill supply chain attack embeds malware in JavaScript CDN assets", "link": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/", "published": "2024-06-26", "sev": "crit" } ], "first_seen": "2024-06-26" }, { "value": "xhsbpza.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-1218", "title": "Polyfill supply chain attack embeds malware in JavaScript CDN assets", "link": "https://snyk.io/blog/polyfill-supply-chain-attack-js-cdn-assets/", "published": "2024-06-26", "sev": "crit" } ], "first_seen": "2024-06-26" }, { "value": "CVE-2024-1800", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1229", "title": "CISA KEV: CVE-2024-4358 \u2014 Progress Telerik Report Server Authentication Bypass by Spoofing Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-06-13", "sev": "crit" } ], "first_seen": "2024-06-13" }, { "value": "CVE-2024-26169", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1230", "title": "CISA KEV: CVE-2024-26169 \u2014 Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-06-13", "sev": "crit" } ], "first_seen": "2024-06-13" }, { "value": "CVE-2024-32896", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1231", "title": "CISA KEV: CVE-2024-32896 \u2014 Android Pixel Privilege Escalation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-06-13", "sev": "crit" } ], "first_seen": "2024-06-13" }, { "value": "CVE-2024-4358", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1229", "title": "CISA KEV: CVE-2024-4358 \u2014 Progress Telerik Report Server Authentication Bypass by Spoofing Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-06-13", "sev": "crit" } ], "first_seen": "2024-06-13" }, { "value": "1984cd0bf7b20c5bef58338f80e4e65e", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1230", "title": "CISA KEV: CVE-2024-26169 \u2014 Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-06-13", "sev": "crit" } ], "first_seen": "2024-06-13" }, { "value": "acaf01f83da439915027c3e2e900c8dd", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1230", "title": "CISA KEV: CVE-2024-26169 \u2014 Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-06-13", "sev": "crit" } ], "first_seen": "2024-06-13" }, { "value": "f17918862a190afd4649b2a6b4a34b5c", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1230", "title": "CISA KEV: CVE-2024-26169 \u2014 Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-06-13", "sev": "crit" } ], "first_seen": "2024-06-13" }, { "value": "ff217dab57393592c6767de1c6a999eb", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1230", "title": "CISA KEV: CVE-2024-26169 \u2014 Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-06-13", "sev": "crit" } ], "first_seen": "2024-06-13" }, { "value": "2861b4e463fa89e05f2d7d629fae5140cef49843", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1230", "title": "CISA KEV: CVE-2024-26169 \u2014 Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-06-13", "sev": "crit" } ], "first_seen": "2024-06-13" }, { "value": "4ea121b4b45bab1e17fae11c8cce30241f5f8a75", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1230", "title": "CISA KEV: CVE-2024-26169 \u2014 Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-06-13", "sev": "crit" } ], "first_seen": "2024-06-13" }, { "value": "b4b5963c62c07c2adcee093571afd0e9e765de3b", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1230", "title": "CISA KEV: CVE-2024-26169 \u2014 Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-06-13", "sev": "crit" } ], "first_seen": "2024-06-13" }, { "value": "cc580c52f4263803255d65dfb6ab208be7f4a534", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1230", "title": "CISA KEV: CVE-2024-26169 \u2014 Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-06-13", "sev": "crit" } ], "first_seen": "2024-06-13" }, { "value": "2408be22f6184cdccec7a34e2e79711ff4957e42f1ed7b7ad63f914d37dba625", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1230", "title": "CISA KEV: CVE-2024-26169 \u2014 Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-06-13", "sev": "crit" } ], "first_seen": "2024-06-13" }, { "value": "3b3bd81232f517ba6d65c7838c205b301b0f27572fcfef9e5b86dd30a1d55a0d", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1230", "title": "CISA KEV: CVE-2024-26169 \u2014 Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-06-13", "sev": "crit" } ], "first_seen": "2024-06-13" }, { "value": "4aae231fb5357c0647483181aeae47956ac66e42b6b134f5b90da76d8ec0ac63", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1230", "title": "CISA KEV: CVE-2024-26169 \u2014 Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-06-13", "sev": "crit" } ], "first_seen": "2024-06-13" }, { "value": "a31e075bd5a2652917f91714fea4d272816c028d7734b36c84899cd583181b3d", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1230", "title": "CISA KEV: CVE-2024-26169 \u2014 Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-06-13", "sev": "crit" } ], "first_seen": "2024-06-13" }, { "value": "b0903921e666ca3ffd45100a38c11d7e5c53ab38646715eafc6d1851ad41b92e", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1230", "title": "CISA KEV: CVE-2024-26169 \u2014 Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-06-13", "sev": "crit" } ], "first_seen": "2024-06-13" }, { "value": "b73a7e25d224778172e394426c98b86215087d815296c71a3f76f738c720c1b0", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1230", "title": "CISA KEV: CVE-2024-26169 \u2014 Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-06-13", "sev": "crit" } ], "first_seen": "2024-06-13" }, { "value": "CVE-2012-1823", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1234", "title": "CISA KEV: CVE-2024-4577 \u2014 PHP-CGI OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-06-12", "sev": "crit" } ], "first_seen": "2024-06-12" }, { "value": "CVE-2024-4577", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1234", "title": "CISA KEV: CVE-2024-4577 \u2014 PHP-CGI OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-06-12", "sev": "crit" } ], "first_seen": "2024-06-12" }, { "value": "178.16.55.224", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1234", "title": "CISA KEV: CVE-2024-4577 \u2014 PHP-CGI OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-06-12", "sev": "crit" } ], "first_seen": "2024-06-12" }, { "value": "88.218.76.13", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1234", "title": "CISA KEV: CVE-2024-4577 \u2014 PHP-CGI OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-06-12", "sev": "crit" } ], "first_seen": "2024-06-12" }, { "value": "5a2b9ddddea96f21d905036761ab27627bd6db4f5973b006f1e39d4acb04a618", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1234", "title": "CISA KEV: CVE-2024-4577 \u2014 PHP-CGI OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-06-12", "sev": "crit" } ], "first_seen": "2024-06-12" }, { "value": "95279881525d4ed4ce25777bb967ab87659e7f72235b76f9530456b48a00bac3", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1234", "title": "CISA KEV: CVE-2024-4577 \u2014 PHP-CGI OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-06-12", "sev": "crit" } ], "first_seen": "2024-06-12" }, { "value": "9562ad2c173b107a2baa7a4986825b52e881a935deb4356bf8b80b1ec6d41c53", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-1234", "title": "CISA KEV: CVE-2024-4577 \u2014 PHP-CGI OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2024-06-12", "sev": "crit" } ], "first_seen": "2024-06-12" }, { "value": "CVE-2023-45288", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1265", "title": "Exploiting HTTP/2 CONTINUATION frames for DoS attacks", "link": "https://snyk.io/blog/exploiting-http-2-continuation-frames-dos-attacks/", "published": "2024-04-08", "sev": "high" } ], "first_seen": "2024-04-08" }, { "value": "CVE-2024-24549", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1265", "title": "Exploiting HTTP/2 CONTINUATION frames for DoS attacks", "link": "https://snyk.io/blog/exploiting-http-2-continuation-frames-dos-attacks/", "published": "2024-04-08", "sev": "high" } ], "first_seen": "2024-04-08" }, { "value": "CVE-2024-2653", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1265", "title": "Exploiting HTTP/2 CONTINUATION frames for DoS attacks", "link": "https://snyk.io/blog/exploiting-http-2-continuation-frames-dos-attacks/", "published": "2024-04-08", "sev": "high" } ], "first_seen": "2024-04-08" }, { "value": "CVE-2024-27316", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1265", "title": "Exploiting HTTP/2 CONTINUATION frames for DoS attacks", "link": "https://snyk.io/blog/exploiting-http-2-continuation-frames-dos-attacks/", "published": "2024-04-08", "sev": "high" } ], "first_seen": "2024-04-08" }, { "value": "CVE-2024-2758", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1265", "title": "Exploiting HTTP/2 CONTINUATION frames for DoS attacks", "link": "https://snyk.io/blog/exploiting-http-2-continuation-frames-dos-attacks/", "published": "2024-04-08", "sev": "high" } ], "first_seen": "2024-04-08" }, { "value": "CVE-2024-27919", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1265", "title": "Exploiting HTTP/2 CONTINUATION frames for DoS attacks", "link": "https://snyk.io/blog/exploiting-http-2-continuation-frames-dos-attacks/", "published": "2024-04-08", "sev": "high" } ], "first_seen": "2024-04-08" }, { "value": "CVE-2024-27983", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1265", "title": "Exploiting HTTP/2 CONTINUATION frames for DoS attacks", "link": "https://snyk.io/blog/exploiting-http-2-continuation-frames-dos-attacks/", "published": "2024-04-08", "sev": "high" } ], "first_seen": "2024-04-08" }, { "value": "CVE-2024-28182", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1265", "title": "Exploiting HTTP/2 CONTINUATION frames for DoS attacks", "link": "https://snyk.io/blog/exploiting-http-2-continuation-frames-dos-attacks/", "published": "2024-04-08", "sev": "high" } ], "first_seen": "2024-04-08" }, { "value": "CVE-2024-30255", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1265", "title": "Exploiting HTTP/2 CONTINUATION frames for DoS attacks", "link": "https://snyk.io/blog/exploiting-http-2-continuation-frames-dos-attacks/", "published": "2024-04-08", "sev": "high" } ], "first_seen": "2024-04-08" }, { "value": "CVE-2024-31309", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1265", "title": "Exploiting HTTP/2 CONTINUATION frames for DoS attacks", "link": "https://snyk.io/blog/exploiting-http-2-continuation-frames-dos-attacks/", "published": "2024-04-08", "sev": "high" } ], "first_seen": "2024-04-08" }, { "value": "CVE-2024-1597", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1271", "title": "Snyk users don't have to worry about NVD delays", "link": "https://snyk.io/blog/snyk-users-dont-have-to-worry-about-nvd-delays/", "published": "2024-03-13", "sev": "high" } ], "first_seen": "2024-03-13" }, { "value": "CVE-2024-22243", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1271", "title": "Snyk users don't have to worry about NVD delays", "link": "https://snyk.io/blog/snyk-users-dont-have-to-worry-about-nvd-delays/", "published": "2024-03-13", "sev": "high" } ], "first_seen": "2024-03-13" }, { "value": "CVE-2024-22195", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1295", "title": "Understanding and mitigating the Jinja2 XSS vulnerability (CVE-2024-22195)", "link": "https://snyk.io/blog/jinja2-xss-vulnerability/", "published": "2024-01-18", "sev": "high" } ], "first_seen": "2024-01-18" }, { "value": "CVE-2023-50164", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-1300", "title": "Krampus delivers an end-of-year Struts vulnerability", "link": "https://snyk.io/blog/struts-path-traversal-vulnerability/", "published": "2024-01-02", "sev": "crit" } ], "first_seen": "2024-01-02" }, { "value": "CVE-2021-21708", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-1306", "title": "Vulnerability disclosure: Which comes first, the security bug in PHP or the CVE?", "link": "https://snyk.io/blog/vulnerability-disclosure-php-use-after-free/", "published": "2023-12-19", "sev": "crit" } ], "first_seen": "2023-12-19" }, { "value": "CVE-2022-28368", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-1306", "title": "Vulnerability disclosure: Which comes first, the security bug in PHP or the CVE?", "link": "https://snyk.io/blog/vulnerability-disclosure-php-use-after-free/", "published": "2023-12-19", "sev": "crit" } ], "first_seen": "2023-12-19" }, { "value": "CVE-2023-5654", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-1328", "title": "Exploring WebExtension security vulnerabilities in React Developer Tools and Vue.js devtools", "link": "https://snyk.io/blog/webextension-security-vulnerabilities-react-developer-tools-vue-js/", "published": "2023-11-27", "sev": "crit" } ], "first_seen": "2023-11-27" }, { "value": "CVE-2023-5718", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-1328", "title": "Exploring WebExtension security vulnerabilities in React Developer Tools and Vue.js devtools", "link": "https://snyk.io/blog/webextension-security-vulnerabilities-react-developer-tools-vue-js/", "published": "2023-11-27", "sev": "crit" } ], "first_seen": "2023-11-27" }, { "value": "us-east-2.compute.internal", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "med", "sources": [ "Snyk" ], "articles": [ { "id": "art-1337", "title": "Real-time threat protection with Snyk and SentinelOne", "link": "https://snyk.io/blog/snyk-sentinelone-built-time-runtime-solution/", "published": "2023-11-09", "sev": "med" } ], "first_seen": "2023-11-09" }, { "value": "8656c04d40b0b3900721ddf26ea43c5f5f646b7b", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "med", "sources": [ "Snyk" ], "articles": [ { "id": "art-1337", "title": "Real-time threat protection with Snyk and SentinelOne", "link": "https://snyk.io/blog/snyk-sentinelone-built-time-runtime-solution/", "published": "2023-11-09", "sev": "med" } ], "first_seen": "2023-11-09" }, { "value": "CVE-2023-46133", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-1349", "title": "Weak Hash vulnerability discovered in crypto-js and crypto-es (CVE-2023-46233 & CVE-2023-46133)", "link": "https://snyk.io/blog/weak-hash-vulnerability-crypto-js-crypto-es/", "published": "2023-10-25", "sev": "crit" } ], "first_seen": "2023-10-25" }, { "value": "CVE-2023-46233", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Snyk" ], "articles": [ { "id": "art-1349", "title": "Weak Hash vulnerability discovered in crypto-js and crypto-es (CVE-2023-46233 & CVE-2023-46133)", "link": "https://snyk.io/blog/weak-hash-vulnerability-crypto-js-crypto-es/", "published": "2023-10-25", "sev": "crit" } ], "first_seen": "2023-10-25" }, { "value": "CVE-2021-23369", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1351", "title": "Adding Snyk security to Jira and Bitbucket Cloud", "link": "https://snyk.io/blog/adding-snyk-security-jira-bitbucket-cloud/", "published": "2023-10-25", "sev": "high" } ], "first_seen": "2023-10-25" }, { "value": "CVE-2022-24785", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1351", "title": "Adding Snyk security to Jira and Bitbucket Cloud", "link": "https://snyk.io/blog/adding-snyk-security-jira-bitbucket-cloud/", "published": "2023-10-25", "sev": "high" } ], "first_seen": "2023-10-25" }, { "value": "CVE-2023-44487", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1360", "title": "Find and fix HTTP/2 rapid reset zero-day vulnerability CVE-2023-44487", "link": "https://snyk.io/blog/find-fix-http-2-rapid-reset-zero-day-vulnerability-cve-2023-44487/", "published": "2023-10-11", "sev": "high" } ], "first_seen": "2023-10-11" }, { "value": "CVE-2023-38545", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1365", "title": "High severity vulnerability found in libcurl and curl (CVE-2023-38545)", "link": "https://snyk.io/blog/curl-high-severity-vulnerability-oct-2023/", "published": "2023-10-04", "sev": "high" } ], "first_seen": "2023-10-04" }, { "value": "CVE-2023-38546", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1365", "title": "High severity vulnerability found in libcurl and curl (CVE-2023-38545)", "link": "https://snyk.io/blog/curl-high-severity-vulnerability-oct-2023/", "published": "2023-10-04", "sev": "high" } ], "first_seen": "2023-10-04" }, { "value": "CVE-2023-41061", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1370", "title": "Critical WebP 0-day security CVE-2023-4863 impacts wider software ecosystem", "link": "https://snyk.io/blog/critical-webp-0-day-cve-2023-4863/", "published": "2023-09-28", "sev": "high" } ], "first_seen": "2023-09-28" }, { "value": "CVE-2023-41064", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1370", "title": "Critical WebP 0-day security CVE-2023-4863 impacts wider software ecosystem", "link": "https://snyk.io/blog/critical-webp-0-day-cve-2023-4863/", "published": "2023-09-28", "sev": "high" } ], "first_seen": "2023-09-28" }, { "value": "CVE-2023-4863", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1370", "title": "Critical WebP 0-day security CVE-2023-4863 impacts wider software ecosystem", "link": "https://snyk.io/blog/critical-webp-0-day-cve-2023-4863/", "published": "2023-09-28", "sev": "high" } ], "first_seen": "2023-09-28" }, { "value": "CVE-2023-5129", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1370", "title": "Critical WebP 0-day security CVE-2023-4863 impacts wider software ecosystem", "link": "https://snyk.io/blog/critical-webp-0-day-cve-2023-4863/", "published": "2023-09-28", "sev": "high" } ], "first_seen": "2023-09-28" }, { "value": "CVE-2022-229", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1398", "title": "Manage security issues in Jira with Snyk Security in Jira Cloud", "link": "https://snyk.io/blog/snyk-security-in-jira-cloud/", "published": "2023-08-09", "sev": "high" } ], "first_seen": "2023-08-09" }, { "value": "CVE-2022-22967", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1398", "title": "Manage security issues in Jira with Snyk Security in Jira Cloud", "link": "https://snyk.io/blog/snyk-security-in-jira-cloud/", "published": "2023-08-09", "sev": "high" } ], "first_seen": "2023-08-09" }, { "value": "cdn.devlooped.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1399", "title": ".NET developers alert: Moq NuGET package exfiltrates user emails from git", "link": "https://snyk.io/blog/moq-package-exfiltrates-user-emails/", "published": "2023-08-09", "sev": "high" } ], "first_seen": "2023-08-09" }, { "value": "CVE-2022-1471", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Snyk" ], "articles": [ { "id": "art-1431", "title": "SnakeYaml 2.0: Solving the unsafe deserialization vulnerability", "link": "https://snyk.io/blog/snakeyaml-unsafe-deserialization-vulnerability/", "published": "2023-06-21", "sev": "high" } ], "first_seen": "2023-06-21" } ] }