Vigil

Daily Intelligence Brief

0 Critical CVEs (7d) — same

0 New KEVs Today 1 due ≤14d

0 Ransomware Victims Today — same

0 New IOCs Today — same

0 APT Campaigns Today — same

Ransomware
Victims
Last 90 days

Priority Threats

VULNERABILITY 10.0 CVSS

CVE-2026-4370 — Unknown Unknown

A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the internal Dqlite database cluster fails to per…

Also: CVE-2026-34162 (CVSS 10.0), CVE-2025-15379 (CVSS 10.0)

RANSOMWARE 20 victims / 7d

thegentlemen

Targeting: Manufacturing (4 incidents) · Financial Services (3 incidents) · Telecommunication (2 incidents)

APT CAMPAIGN 50 IOCs

Disclosing new PebbleDash-based tools

Top Targeted Sector (30d)

Business Services

110

Manufacturing

Healthcare

Technology

Consumer Services

Top Targeted Countries (30d)

159

Live Feed Last 24 hours

No events in the last 24 hours yet.
Data refreshes every 30 minutes.

Active IOC Feed

IOC Value	Type	Malware / Family	Threat Type	Source	Confidence	First Seen	Ref
`57f4cdc0363e85d6542a2473eb252711dfc1667d6a2875d2c507fc817bced680`	sha256	exe	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`358346be7566fc2ffb13141eabc5af270a9e0e8f71fa99aebc6a5b5d6281a101`	sha256	js	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`2b27f573a2803501782484e855ed67d53d9c6bdba5e94172871fb91d9eb06780`	sha256	sh	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`9d5a4fcba60a9f9459570417411e8d4a90da4d274de8f352ef5d4ff6d50c2b9a`	sha256	exe	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`http://123.8.154.235:54627/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://27.215.81.133:43043/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://91.214.78.173:8080/bins/bot-mips`	url	91-214-78-173-8080, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://91.214.78.173:8080/bins/bot-arm7`	url	91-214-78-173-8080, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://91.214.78.173:8080/bins/bot-amd64`	url	91-214-78-173-8080, ua-wget	malware_download	URLhaus	—	2026-05-14
`https://cloudruntime.courses/354b7637-d386-4074-8286-cbcc7ae1a08f/google.cl`	url	ClearFake	malware_download	URLhaus	—	2026-05-14
`http://91.214.78.173:8080/d.sh`	url	91-214-78-173-8080, sh, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://115.49.208.50:60662/i`	url	Mozi	malware_download	URLhaus	—	2026-05-14
`http://175.173.191.206:59847/i`	url	—	malware_download	URLhaus	—	2026-05-14
`https://packet-routing-lab.courses/f8dc7215-b51d-4762-b7cd-08a21b0bba3b/google.cl`	url	ClearFake	malware_download	URLhaus	—	2026-05-14
`http://182.122.131.240:41588/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://123.8.154.235:54627/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://222.138.101.226:35477/bin.sh`	url	Mozi	malware_download	URLhaus	—	2026-05-14
`http://115.53.243.30:49524/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://222.138.101.226:35477/i`	url	Mozi	malware_download	URLhaus	—	2026-05-14
`http://115.48.163.93:39204/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://115.48.163.93:39204/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://182.122.131.240:41588/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://162.221.222.179:48314/bin.sh`	url	—	malware_download	URLhaus	—	2026-05-14
`https://microservicehub.courses/e9238b57-9112-46cd-a4ed-fa8a8cf04ec7/google.cl`	url	ClearFake	malware_download	URLhaus	—	2026-05-14
`http://115.53.243.30:49524/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://221.14.37.195:36180/bin.sh`	url	Mozi	malware_download	URLhaus	—	2026-05-14
`http://123.5.112.174:35968/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://42.58.18.164:43772/bin.sh`	url	32-bit, arm, elf, mirai, Mozi	malware_download	URLhaus	—	2026-05-14
`https://serverless-mesh-core.courses/848b17c1-37ea-4abf-a4ee-9c59c9a4f888/google.cl`	url	ClearFake	malware_download	URLhaus	—	2026-05-14
`104.243.248.63:1806`	ip:port	win.asyncrat	botnet_cc	ThreatFox	75%	2026-05-14	🔗
`138.9.219.221:8015`	ip:port	win.remcos	botnet_cc	ThreatFox	75%	2026-05-14	🔗
`95.141.133.7:7443`	ip:port	unknown	botnet_cc	ThreatFox	75%	2026-05-14	🔗
`cloudruntime.courses`	domain	js.clearfake	payload_delivery	ThreatFox	100%	2026-05-14	🔗
`packet-routing-lab.courses`	domain	js.clearfake	payload_delivery	ThreatFox	100%	2026-05-14	🔗
`https://sup.dusapp.com.br/`	url	win.vidar	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`sup.dusapp.com.br`	domain	win.vidar	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`206.119.0.252:8884`	ip:port	win.vshell	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`206.119.0.249:8884`	ip:port	win.vshell	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`206.119.0.251:8884`	ip:port	win.vshell	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`https://evamotion.com/`	url	unknown	payload_delivery	ThreatFox	90%	2026-05-14	🔗
`best-seller.lavanille.buzz`	domain	win.cobalt_strike	botnet_cc	ThreatFox	50%	2026-05-14	🔗
`attachment-storage-asset-static.needbinding.icu`	domain	win.picasso_loader	botnet_cc	ThreatFox	50%	2026-05-14	🔗
`book-happy.needbinding.icu`	domain	win.picasso_loader	botnet_cc	ThreatFox	50%	2026-05-14	🔗
`nama-belakang.nebao.icu`	domain	win.picasso_loader	botnet_cc	ThreatFox	50%	2026-05-14	🔗
`easiestnewsfromourpointofview.algsat.icu`	domain	win.picasso_loader	botnet_cc	ThreatFox	50%	2026-05-14	🔗
`mickeymousegamesdealer.alexavegas.icu`	domain	win.picasso_loader	botnet_cc	ThreatFox	50%	2026-05-14	🔗
`hinesafar.sardk.icu`	domain	win.picasso_loader	botnet_cc	ThreatFox	50%	2026-05-14	🔗
`shinesafar.sardk.icu`	domain	win.picasso_loader	botnet_cc	ThreatFox	50%	2026-05-14	🔗
`microservicehub.courses`	domain	js.clearfake	payload_delivery	ThreatFox	100%	2026-05-14	🔗
`serverless-mesh-core.courses`	domain	js.clearfake	payload_delivery	ThreatFox	100%	2026-05-14	🔗
`1y9a9xkq.bitter-salty.digital`	domain	js.clearfake	payload_delivery	ThreatFox	100%	2026-05-14	🔗
`p4l3fctz.bitter-salty.digital`	domain	js.clearfake	payload_delivery	ThreatFox	100%	2026-05-14	🔗
`91.215.85.121:8848`	ip:port	win.dcrat	botnet_cc	ThreatFox	75%	2026-05-14	🔗
`129920ec14a26075d60b2c7cd717067460b4a201d8ee775036a9975364d6b388`	sha256	Mirai	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`1f1b8eeb3b796743977fa1427422f05a636dc3b16f5f71ff44740de7461a819e`	sha256	Mirai	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`53b1fda699801c9de8888444132062ebeea7698b6e9b4c670dbbf5591a08962d`	sha256	Mirai	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`9f47d69c21e6131b0055331232c3e8f6fbdead4ff6e2c50c71ebbebb8cf3feaa`	sha256	Mirai	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`503205ff7ccad32d1286c98c5dfdb1731a4cf881d7539eb84e5d7e9a55c66f11`	sha256	Mirai	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`0d271ecf2ec206ecd419bc43cc7a57291d3542763c957646883bc97aad9240ff`	sha256	Mirai	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`4b492c9bcd6fb439206027ac7b5250fbf0b3bbc56d4dde28477589413b126ed9`	sha256	elf	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`1316a7a0bef67ed870bf9c15a60461b2774e28a2219d815378b89bbdb99935c3`	sha256	elf	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`ea54d5bf0258daaca1b6c1cc5e31335bafe4c402fee264e159cdb6a72da6b8f5`	sha256	elf	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`bc228da3d90ff1974d9d4d11ea8bac700567427a5b3e85b9ee84c484b4a3f079`	sha256	elf	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`25ec24e0b0130b7c6042e21ead1c7407fca85d4bbe80393e506e64366474ea7c`	sha256	elf	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`f7f01b7578e96c7745d3752384a32b8aaab1100353d90183d45c867173902664`	sha256	elf	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`b70205e17ba18a88089e41ea3b0ae890b47a5e25596dcbc467d00866aa5a93e7`	sha256	elf	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`73f6ca608570362be180d6d4c5cbded8e8f3de9fc4fae43ade4697522273155e`	sha256	elf	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`f3c98a3f47639b69968e75c99a87fdbee9e7aa910997f85bf01417bcbfbf77aa`	sha256	elf	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`20c686f849df9dd452ec0a2eaf19225341607b886d42b454ece270ae32dd4470`	sha256	Mirai	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`6f90f1f5a4b13bbb2280245cd86ecc3d2d916d91d3a497d902702ae8b7c455a7`	sha256	elf	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`07e0f63403ff2161e1fd30f5a5027f9d2e566f2ae301b3a945294155d036695c`	sha256	elf	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`1f79b7fbb4dc5efda34246c5703b2cbb07424d77762a312d716ec5881655ebfc`	sha256	elf	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`31598947ad76c55e0c4f159925e74c3813d09e3080e1f5b5c7963b5ee7a69ada`	sha256	elf	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`04e390688d9f52d33c25e7e0bf6b5068ee47411f67a16fbf2224a5b9b72372c4`	sha256	elf	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`a2dc1a576ef43b335e3dfc2ae905d5dcd4997ae3b3c18a47d9bf3ea4f9c77d58`	sha256	elf	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`8e247f24515a0caf92ac8205556c9b84ef18bac4fa6a662c3d7d49b47322b72b`	sha256	elf	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`12975876ab7d54b7d120a35569f3d9e0140ae7b803fe81dfa69f4982683d3dad`	sha256	elf	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`4f3efcfcfc24df90f64118a2fea1de5bb50f1a55a843841f071eda1f9d3ce672`	sha256	elf	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`c9e164b96ba7916e6ab6c5ad4f94c11858a72c495b81de2cd64c3dbf543b2cb3`	sha256	sh	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`a592a83e5773dbea9bbbe10f7fdeb9aeed07e077e0fac85b0bcd1d8e485dac0e`	sha256	sh	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`https://212.232.22.81/Bin/ScreenConnect.ClientSetup.exe`	url	212-232-22-81, connectwise, exe, ua-wget	malware_download	URLhaus	—	2026-05-13
`http://176.65.139.177/bot.m68k`	url	elf, m68k, mirai, opendir, ua-wget	malware_download	URLhaus	—	2026-05-13
`http://110.38.223.172:60712/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://27.37.84.228:34846/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://112.239.97.62:43725/bin.sh`	url	Mozi	malware_download	URLhaus	—	2026-05-14
`https://coder-logic-vault.courses/0afb7780-04e8-40be-b342-45a8dd51c61e/google.cl`	url	ClearFake	malware_download	URLhaus	—	2026-05-14
`http://115.49.208.50:60662/bin.sh`	url	Mozi	malware_download	URLhaus	—	2026-05-14
`http://64.89.163.218/bins/7`	url	64-89-163-218, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://64.89.163.218/bins/axis.x86_64`	url	64-89-163-218, mirai, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://64.89.163.218/bins/axis.mips`	url	64-89-163-218, mirai, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://64.89.163.218/bins/8`	url	64-89-163-218, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://64.89.163.218/bins/axis.ppc`	url	64-89-163-218, mirai, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://64.89.163.218/bins/5`	url	64-89-163-218, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://64.89.163.218/bins/11`	url	64-89-163-218, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://64.89.163.218/bins/axis.x86`	url	64-89-163-218, mirai, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://64.89.163.218/bins/2`	url	64-89-163-218, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://64.89.163.218/bins/3`	url	64-89-163-218, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://64.89.163.218/bins/1`	url	64-89-163-218, mirai, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://64.89.163.218/bins/axis.sh4`	url	64-89-163-218, mirai, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://64.89.163.218/bins/axis.arm6`	url	64-89-163-218, mirai, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://64.89.163.218/bins/10`	url	64-89-163-218, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://64.89.163.218/bins/axis.arm7`	url	64-89-163-218, mirai, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://64.89.163.218/bins/6`	url	64-89-163-218, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://64.89.163.218/bins/axis.arm5`	url	64-89-163-218, mirai, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://64.89.163.218/bins/9`	url	64-89-163-218, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://64.89.163.218/bins/axis.mpsl`	url	64-89-163-218, mirai, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://64.89.163.218/loader.sh`	url	64-89-163-218, sh, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://64.89.163.218/bins.sh`	url	64-89-163-218, elf, mirai, sh, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://64.89.163.218/1.sh`	url	64-89-163-218, elf, mirai, sh, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://64.89.163.218/b.sh`	url	64-89-163-218, elf, mirai, sh, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://64.89.163.218/d.sh`	url	64-89-163-218, elf, mirai, sh, ua-wget	malware_download	URLhaus	—	2026-05-14
`https://sup.fatherchrismas.com/`	url	win.vidar	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`sup.fatherchrismas.com`	domain	win.vidar	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`1439913d6d2fde1e73eed936da25933f5cab5890aa98f99124e0f36d1e1d1472`	sha256	exe	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`b437a764869ac93e13448746c789757541d6ab3675592ceca3315d6ec1ef8086`	sha256	sh	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`417759d58ed424b4a6af6be1472107b959b8125b9a3fa1e0b6072f76849cf180`	sha256	exe	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`4f20681b24c041a10ed71ea49b0859e486cada3381ed16372e8e3cb6e9af8d62`	sha256	AsyncRAT	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`https://46.151.182.208/bin/support.client.exe`	url	46-151-182-208, connectwise, exe, ua-wget	malware_download	URLhaus	—	2026-05-13
`https://46.151.182.208/Bin/ScreenConnect.ClientSetup.exe`	url	46-151-182-208, connectwise, exe, ua-wget	malware_download	URLhaus	—	2026-05-13
`http://156.238.242.196/bins/linux_mips_hardfloat`	url	elf, mips, mirai, opendir, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://156.238.242.196/bins/manji.x86`	url	elf, mirai, opendir, ua-wget, x86	malware_download	URLhaus	—	2026-05-14
`http://218.24.16.123:49959/i`	url	—	malware_download	URLhaus	—	2026-05-14
`http://112.248.191.168:54211/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://221.13.248.82:42225/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`https://130.12.181.111/Bin/ScreenConnect.ClientSetup.exe`	url	130-12-181-111, connectwise, exe, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://116.140.2.94:46035/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://219.156.178.218:42176/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://125.43.225.65:53092/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://110.36.19.51:35149/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://81.29.156.127/ppc64`	url	81-29-156-127, DDoSAgent, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://81.29.156.127/mipsel`	url	81-29-156-127, DDoSAgent, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://81.29.156.127/mips`	url	81-29-156-127, DDoSAgent, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://81.29.156.127/x86`	url	81-29-156-127, mirai, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://81.29.156.127/i686`	url	81-29-156-127, mirai, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://81.29.156.127/armv5l`	url	81-29-156-127, elf, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://81.29.156.127/armv6l`	url	81-29-156-127, elf, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://81.29.156.127/armv7l`	url	81-29-156-127, elf, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://182.126.183.211:52352/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://182.126.183.211:52352/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://123.4.44.212:49087/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://130.12.182.175:8080/21.exe`	url	130-12-182-175-8080, exe, Tofsee, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://125.43.225.65:53092/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://123.4.44.212:49087/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`https://masteringdigital-arch.courses/851ed414-d2ca-4b11-a466-a9f58b025cc8/google.cl`	url	ClearFake	malware_download	URLhaus	—	2026-05-14
`http://42.227.177.133:54013/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://110.38.201.35:46732/i`	url	Mozi	malware_download	URLhaus	—	2026-05-14
`http://125.46.215.186:38346/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://123.5.152.185:45274/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://61.243.140.9:60983/i`	url	—	malware_download	URLhaus	—	2026-05-14
`http://123.5.152.185:45274/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`https://quickwebdevops.courses/1e815954-32e3-4c4c-8e1a-c1ee19b912e6/google.cl`	url	ClearFake	malware_download	URLhaus	—	2026-05-14
`https://enterprise-security-log.courses/0281b943-135c-4e7e-a18f-3a0caed9eff6/google.cl`	url	ClearFake	malware_download	URLhaus	—	2026-05-14
`http://200.115.102.14:42192/i`	url	32-bit, arm, elf, mirai, Mozi	malware_download	URLhaus	—	2026-05-14
`http://60.18.56.21:39045/bin.sh`	url	—	malware_download	URLhaus	—	2026-05-14
`http://60.18.56.21:39045/i`	url	—	malware_download	URLhaus	—	2026-05-14
`https://advanced-it-infrastructure.courses/f8c73b68-f542-4300-a89e-6d1778c42196/google.cl`	url	ClearFake	malware_download	URLhaus	—	2026-05-14
`http://64.89.163.218/x.sh`	url	64-89-163-218, elf, mirai, sh, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://64.89.163.218/lol.sh`	url	64-89-163-218, elf, mirai, sh, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://27.215.81.133:43043/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`https://coder-logic-vault.courses/7e533182-9ac1-48de-8948-ec74b0f1aee9/google.cl`	url	ClearFake	malware_download	URLhaus	—	2026-05-14
`ws09ax4h.limous-nitout.digital`	domain	js.clearfake	payload_delivery	ThreatFox	100%	2026-05-14	🔗
`jmlzwn2l.limous-nitout.digital`	domain	js.clearfake	payload_delivery	ThreatFox	100%	2026-05-14	🔗
`expert-trading-academy.courses`	domain	js.clearfake	payload_delivery	ThreatFox	100%	2026-05-14	🔗
`172.233.38.244:25001`	ip:port	apk.kimwolf	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`172.235.191.18:25001`	ip:port	apk.kimwolf	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`172.235.191.229:25001`	ip:port	apk.kimwolf	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`38.244.38.42:80`	ip:port	unknown	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`66.154.104.204:8084`	ip:port	win.vshell	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`118.31.62.238:80`	ip:port	win.cobalt_strike	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`coder-logic-vault.courses`	domain	js.clearfake	payload_delivery	ThreatFox	100%	2026-05-14	🔗
`41.98.219.186:1177`	ip:port	win.njrat	botnet_cc	ThreatFox	75%	2026-05-14	🔗
`46.253.143.52:8080`	ip:port	win.adaptix_c2	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`46.253.143.52:80`	ip:port	win.adaptix_c2	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`46.253.143.52:443`	ip:port	win.adaptix_c2	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`154.213.180.50:10000`	ip:port	win.vshell	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`103.75.190.47:49152`	ip:port	win.vshell	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`advanced-it-infrastructure.courses`	domain	js.clearfake	payload_delivery	ThreatFox	100%	2026-05-14	🔗
`sd9arw2r.flos-strip.digital`	domain	js.clearfake	payload_delivery	ThreatFox	100%	2026-05-14	🔗
`3az65saf.flos-strip.digital`	domain	js.clearfake	payload_delivery	ThreatFox	100%	2026-05-14	🔗
`https://whbackend.ru/files/jar/elevator`	url	unknown	payload_delivery	ThreatFox	100%	2026-05-14	🔗
`https://whbackend.ru/files/jar/module2`	url	unknown	payload_delivery	ThreatFox	100%	2026-05-14	🔗
`https://whbackend.ru/files/jar/component`	url	unknown	payload_delivery	ThreatFox	100%	2026-05-14	🔗
`https://whbackend.ru/files/jar/RuntimeBroker.exe`	url	unknown	payload_delivery	ThreatFox	100%	2026-05-14	🔗
`https://whbackend.ru/files/jar/Pjibf.exe`	url	unknown	payload_delivery	ThreatFox	100%	2026-05-14	🔗
`https://whbackend.ru/files/jar/security`	url	unknown	payload_delivery	ThreatFox	100%	2026-05-14	🔗
`https://whbackend.ru/files/jar/module`	url	unknown	payload_delivery	ThreatFox	100%	2026-05-14	🔗
`https://remotev2.whbackend.ru/ws/client`	url	unknown	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`remotev2.whbackend.ru`	domain	unknown	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`enterprise-security-log.courses`	domain	js.clearfake	payload_delivery	ThreatFox	100%	2026-05-14	🔗
`whbackend.ru`	domain	unknown	payload_delivery	ThreatFox	100%	2026-05-14	🔗
`quickwebdevops.courses`	domain	js.clearfake	payload_delivery	ThreatFox	100%	2026-05-14	🔗
`45.138.16.182:8080`	ip:port	unknown_stealer	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`vanta.st`	domain	unknown	payload_delivery	ThreatFox	100%	2026-05-14	🔗
`http://latiendadelafelicidad.com:5200/`	url	win.remus	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`154.213.180.27:10000`	ip:port	win.vshell	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`8.137.157.249:8085`	ip:port	win.vshell	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`47.110.87.212:9999`	ip:port	win.vshell	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`38.244.38.42:8080`	ip:port	unknown	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`118.31.62.238:8080`	ip:port	win.cobalt_strike	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`latiendadelafelicidad.com`	domain	win.remus	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`172.235.173.185:25001`	ip:port	apk.kimwolf	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`system-analytics-pro-guide.courses`	domain	js.clearfake	payload_delivery	ThreatFox	100%	2026-05-14	🔗
`172.235.173.105:25001`	ip:port	apk.kimwolf	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`172.233.40.153:25001`	ip:port	apk.kimwolf	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`0x295bae89192c32.com`	domain	unknown	botnet_cc	ThreatFox	50%	2026-05-14	🔗
`masteringdigital-arch.courses`	domain	js.clearfake	payload_delivery	ThreatFox	100%	2026-05-14	🔗
`logic-buffer-skills.courses`	domain	js.clearfake	payload_delivery	ThreatFox	100%	2026-05-14	🔗
`e9e15953ad2b9424d4bb72097bdb5d993bfec22f19797c739ef7eb2bd87783c9`	sha256	chm	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`a55a560802bea130e690d55e0ea059bd8eb1657ae2cdfdafaf6e3413413fa2d6`	sha256	chm	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`http://123.9.242.177:40138/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://115.57.181.25:42778/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://42.237.56.4:50021/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`https://smartworkflowmanagement.courses/db517e21-2d05-4ee9-960d-670ce7fe4cbd/google.cl`	url	ClearFake	malware_download	URLhaus	—	2026-05-14
`http://222.136.153.49:43357/i`	url	Mozi	malware_download	URLhaus	—	2026-05-14
`http://110.39.249.174:34779/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://116.140.2.94:46035/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://123.9.242.177:40138/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`smartworkflowmanagement.courses`	domain	js.clearfake	payload_delivery	ThreatFox	100%	2026-05-14	🔗
`df77fa417aee26c656609dfb92a3f982dc70077e24de46915bb0360b40bd837a`	sha256	elf	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`http://140.237.44.205:56557/i`	url	32-bit, arm, elf, Mozi	malware_download	URLhaus	—	2026-05-14
`http://113.229.119.138:46079/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://123.5.174.131:55099/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`https://pro-cyber-defense.courses/655a1817-12cf-47d9-ae92-6a7092e43547/google.cl`	url	ClearFake	malware_download	URLhaus	—	2026-05-14
`http://182.121.109.8:32975/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://123.5.174.131:55099/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`https://pro-cyber-defense.courses/b6b778a2-9a7b-4b46-84c1-822dfdda5a21/google.cl`	url	ClearFake	malware_download	URLhaus	—	2026-05-14
`https://obese-table-usweb-play.wiki/b7f892e0-e5c3-4e36-9aa6-26e0daecc724/google.cl`	url	ClearFake	malware_download	URLhaus	—	2026-05-14
`http://42.238.170.120:33629/i`	url	—	malware_download	URLhaus	—	2026-05-14
`38.60.253.35:80`	ip:port	win.vshell	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`obese-table-usweb-play.wiki`	domain	js.clearfake	payload_delivery	ThreatFox	100%	2026-05-14	🔗
`pro-cyber-defense.courses`	domain	js.clearfake	payload_delivery	ThreatFox	100%	2026-05-14	🔗
`38.190.198.12:8084`	ip:port	win.vshell	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`a13224ad7037a6fdadde2373f83dd0a35ad9afdb888544c529720d3fbababbc2`	sha256	exe	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`5fb830acf3046ba7152112c03a62f85feeef592dee7bdbecd41c9d40e38dc203`	sha256	exe	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`8549cad41837c921ad75b6a84e1dca4b53850694cd637102cdcd5fd7a6b1fa2e`	sha256	exe	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`03f18e137625b7f7ee2b53b70a37474b5674080aab67a7298f909af621d1c866`	sha256	NanoCore	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`135607be3db66b1e5d6894ac1e8a02c81acbb99491b542840df6ec3299bf0822`	sha256	exe	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`69f5515ff3f554233840ad2f2397b345f955013017a9ae14ed4e762f52d936af`	sha256	exe	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`bddf223ac334758b8373de1b46ab12c80032c9b141d972681dd2fd9b14b27bce`	sha256	exe	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`4209b66b89a5c71726b5fbadc8e3ce04ea92d935143170fd25c8928bd1fcdf50`	sha256	NanoCore	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`913e879e80d3e3dcf8341c43145ed5f6a85d1cdd2d3e0b5c006788dba6d2dc7c`	sha256	NanoCore	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`9cf20bbcb95106f2a5b8cdb1d9586adbeb8b3ebf356c2d4dea6f77dcfe8f3477`	sha256	NanoCore	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`http://219.156.101.252:38613/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://222.136.153.49:43357/bin.sh`	url	Mozi	malware_download	URLhaus	—	2026-05-14
`http://112.239.97.62:43725/i`	url	Mozi	malware_download	URLhaus	—	2026-05-14
`https://layer-obs-usget-tron.wiki/62622778-096e-4c6b-abd0-0fc14d34237c/google.cl`	url	ClearFake	malware_download	URLhaus	—	2026-05-14
`http://112.242.22.75:51862/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://42.239.153.29:37445/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`https://layer-get-win-tron.wiki/a99f888b-41bd-4e51-bcc0-653742cd92a8/google.cl`	url	ClearFake	malware_download	URLhaus	—	2026-05-14
`http://112.242.22.75:51862/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://222.139.36.21:34142/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`https://card-oracle-mac-laptop.wiki/aeb4036d-536c-40b9-b8ab-9f8a2ef9cec5/google.cl`	url	ClearFake	malware_download	URLhaus	—	2026-05-14
`https://212.232.22.81/bin/support.client.exe`	url	212-232-22-81, connectwise, exe, ua-wget	malware_download	URLhaus	—	2026-05-13
`layer-obs-usget-tron.wiki`	domain	js.clearfake	payload_delivery	ThreatFox	100%	2026-05-14	🔗
`bigsolutionsgc.com`	domain	win.remus	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`sahalexchange.com`	domain	win.remus	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`revvedupnet.com`	domain	win.remus	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`brullercorp.com`	domain	win.remus	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`iasolopreneur.com`	domain	win.remus	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`layer-get-win-tron.wiki`	domain	js.clearfake	payload_delivery	ThreatFox	100%	2026-05-14	🔗
`123.57.106.8:33972`	ip:port	win.vshell	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`38.244.38.42:60000`	ip:port	unknown	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`38.244.38.42:443`	ip:port	unknown	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`ywh94lky.champag-mannered.digital`	domain	js.clearfake	payload_delivery	ThreatFox	100%	2026-05-14	🔗
`jpfwdwpz.champag-mannered.digital`	domain	js.clearfake	payload_delivery	ThreatFox	100%	2026-05-14	🔗
`card-oracle-mac-laptop.wiki`	domain	js.clearfake	payload_delivery	ThreatFox	100%	2026-05-14	🔗
`4b7a0879cf0a7ab62b248281e4075ada4988501fe8e5c6fb7b42d79e1e5b2a8a`	sha256	exe	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`5274bee0128b0dda0c02dbe44bc195ab77999283104cbdbb97106d041dc1ff01`	sha256	exe	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`http://27.207.241.68:58150/i`	url	—	malware_download	URLhaus	—	2026-05-14
`https://www.terramarketgroup.com/`	url	unknown	payload_delivery	ThreatFox	90%	2026-05-14	🔗
`https://www.alfonsocerreti.it/`	url	unknown	payload_delivery	ThreatFox	90%	2026-05-14	🔗
`https://eternalchess.com/`	url	unknown	payload_delivery	ThreatFox	90%	2026-05-14	🔗
`https://cmvpl.com/`	url	unknown	payload_delivery	ThreatFox	90%	2026-05-14	🔗
`31ab874b463588727ebd9635124f3f02125c87b6cb93dd348bf2f60d0d12ac1b`	sha256	exe	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`https://handout-voivo-desk-ship-link.wiki/15ce3a08-7c9c-4292-b549-6f4bc27fb873/google.cl`	url	ClearFake	malware_download	URLhaus	—	2026-05-14
`https://master-voivo-system-shop-slink.wiki/7ba6e339-50bb-4db5-b1f8-2bc8118b7b23/google.cl`	url	ClearFake	malware_download	URLhaus	—	2026-05-14
`http://41.216.188.223/files/admin/ClipClap.exe`	url	exe	malware_download	URLhaus	—	2026-05-14
`http://108.170.136.155:59643/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://162.141.92.192/arm`	url	elf, moobot, ua-wget	malware_download	URLhaus	—	2026-05-14
`handout-voivo-desk-ship-link.wiki`	domain	js.clearfake	payload_delivery	ThreatFox	100%	2026-05-14	🔗
`77.90.51.233:443`	ip:port	elf.mirai	botnet_cc	ThreatFox	75%	2026-05-14	🔗
`static.alfreshup.com`	domain	js.fakeupdates	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`185.203.39.71:8853`	ip:port	unknown	botnet_cc	ThreatFox	75%	2026-05-14	🔗
`185.203.39.71:7070`	ip:port	unknown	botnet_cc	ThreatFox	75%	2026-05-14	🔗
`6hndc.com`	domain	unknown	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`l1.topayapp.org`	domain	unknown	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`158.94.209.207:57872`	ip:port	unknown	botnet_cc	ThreatFox	75%	2026-05-14	🔗
`158.94.209.207:58827`	ip:port	unknown	botnet_cc	ThreatFox	75%	2026-05-14	🔗
`75.119.154.8:8808`	ip:port	win.asyncrat	botnet_cc	ThreatFox	100%	2026-05-14	🔗
`5.230.201.146:5003`	ip:port	unknown	botnet_cc	ThreatFox	75%	2026-05-14	🔗
`master-voivo-system-shop-slink.wiki`	domain	js.clearfake	payload_delivery	ThreatFox	100%	2026-05-14	🔗
`833a0e0ed8bc34a1af0fbb43c56f7bea2c73dde2295f4df2e2c27011d70f52fa`	sha256	zip	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`a8b208b931f88bf8bc1d2fb6d7c069dd9221a113a0c760428eb177e322c8aaa4`	sha256	Mirai	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`500b9d6ee3192a79d387f8322d0c1e2c6a3d175eb17c599de0eab9108f9f5de3`	sha256	Mirai	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`e6483ecd2e263e5cb67b7e8c9c0c9ba8c0f389152b7e81e30d0eaa41bc071ebb`	sha256	Mirai	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`60ca5fc1dbf606dccb5bb39bd3d886ba8122a9006558eecda848930a454f32f3`	sha256	elf	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`1411c4c559644f98145acbc86325b60f4be944d5deddac2c9995cdd4c0ceeb93`	sha256	elf	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`8bff0e268e72794a1f8f583d4de731b77ec809f45560e0eec34d59c4d9b6a8d1`	sha256	elf	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`9c841796f660355e6d516fc6cef6f101e40d1cf41067c4a1d9b0dea13fa1b30f`	sha256	Mirai	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`30a944907d868d2f820cf2e8f569ef6271cedbb2c44dd20decc9d7b3f6b4fc42`	sha256	exe	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`ccff4653ff6519f2083c22b877a28e33f7bb73a5af6b6043170666958095f3a6`	sha256	SalatStealer	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`683e886963d1644a6369652d94410c1fdde649108821860fbdca00eb97a12508`	sha256	exe	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`f5286c639c299102c296f129dd23d814615f98e71d03f7853e43e901c400ff55`	sha256	exe	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`5f5f33d963ef205ea5ccf35dd75105c99572dba9ec8ed66d8268481ad56f274d`	sha256	exe	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`9fbf6e1bd7ca3922c017491ef52ffa8c123084e231021e7610942f65303c86b2`	sha256	exe	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`8e982c2dda21e95c9f6d58774cc34f61962d7a83a606904c6123920f5624aab9`	sha256	elf	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`0bd46b20aee11ffba45eefd514e8706cef747e8856237bf4af0282a3504c37bd`	sha256	elf	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`37cd2dedf46cd8a98a917b92b9a141e7e84c82312b0fb07c0c6c31ab47e538b2`	sha256	elf	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`2a6805cb595d2ba98ec779dc127a3e7f86a89b75172ee5bc0486394e5622ecb6`	sha256	elf	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`a287341f1aeb319a71d9e0b029ce2b007b97ac93889abe69813f537a0f2c9a9e`	sha256	elf	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`http://94.156.152.234/bot.arc`	url	elf, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://94.156.152.234/bot.m68k`	url	elf, mirai, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://94.156.152.234/bot.sh4`	url	elf, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://110.167.74.66:33448/i`	url	32-bit, arm, elf, mirai, Mozi	malware_download	URLhaus	—	2026-05-14
`http://176.65.139.161/iran.armv5l`	url	elf, mirai, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://94.156.152.234/bot.aarch64`	url	elf, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://94.156.152.234/bot.mipsr`	url	elf, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://94.156.152.234/bot.powerpc`	url	elf, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://110.37.53.25:53775/bin.sh`	url	Mozi	malware_download	URLhaus	—	2026-05-14
`http://83.217.208.211/files/big.exe`	url	83-217-208-211, exe, ua-wget	malware_download	URLhaus	—	2026-05-14
`https://master-core-system-date-slink.wiki/6717bd2a-2cb6-4d1c-94fa-369d8db4a3e9/google.cl`	url	ClearFake	malware_download	URLhaus	—	2026-05-14
`http://219.71.131.225:40182/i`	url	32-bit, arm, elf, mirai, Mozi	malware_download	URLhaus	—	2026-05-14
`http://150.40.126.53/bins/rcuop_0`	url	150-40-126-53, elf, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://156.238.242.196/bins/manji.sh4`	url	elf, mirai, opendir, SuperH, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://42.87.156.224:45818/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://176.65.139.177/bot.mipsel`	url	elf, mips, mirai, opendir, ua-wget	malware_download	URLhaus	—	2026-05-13
`qiig7t2nzog.com`	domain	js.kongtuke	payload_delivery	ThreatFox	100%	2026-05-14	🔗
`https://qiig7t2nzog.com/d`	url	js.kongtuke	payload_delivery	ThreatFox	100%	2026-05-14	🔗
`45.192.219.138:443`	ip:port	win.ghost_rat	botnet_cc	ThreatFox	50%	2026-05-14	🔗
`144.31.123.157:443`	ip:port	win.ghostsocks	botnet_cc	ThreatFox	75%	2026-05-14	🔗
`mas.uk.net`	domain	win.quasar_rat	botnet_cc	ThreatFox	75%	2026-05-14	🔗
`185.99.255.17:80`	ip:port	apk.ermac	botnet_cc	ThreatFox	75%	2026-05-14	🔗
`217.60.241.17:8080`	ip:port	win.tofsee	botnet_cc	ThreatFox	75%	2026-05-14	🔗
`f76ea661fa050e2198e2a54aec00c24a9e4a8b54e2264ee458a04343ec6c6460`	sha256	exe	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`9347c058bb6f40a699fc045feb9d56382513832f03ff1806c2de36de3f4a442f`	sha256	xls	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`882903a1cee7804fdc607853cc9e55e17534c658fa20100a63dffb0a30b7ee5f`	sha256	Mirai	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`01da321b6f411f6ffcf3e8940eee85af6eae509763ad4840c6c26b7da10de07d`	sha256	Mirai	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`f98076654c6eeddd06a769bda19f30b89ab7fc0f759b95a495a1267001f5a8c2`	sha256	exe	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`beea94b8354c143732dba555c69097d42d42b960af644b038cc3ba46ef877d64`	sha256	exe	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`c4e4085c85a398ae4b50c00ea3d6d71786c36ab090e011e5a012a117dab71662`	sha256	exe	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`6b8b21d4f66549ac52afc30837731ea8d1fc57b58b52f3b23542f05008135336`	sha256	exe	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`22b502b08268e7456fb021aa970ab1c36c706c411a8f43ab0420636845bee395`	sha256	ConnectWise	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`8b40a7652af4b2195f37dc49682d459f791b94fba7aa5a193892412f60aa13c5`	sha256	sh	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`fb5aff6d737ab1bda82cbfaf4d73c612026f3cbc7321ddc44cffa899de2a6daa`	sha256	Mirai	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`bb8c834d4066f900b01783087299e5da97ee27ac1d6a09bd7c231eabc2b77569`	sha256	exe	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`1b8a000dc510563fac3f4084727d6fc53736f4b4425137651c426d8d44291a4b`	sha256	elf	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`2cec1784a799f5b5953eaf1ab81be78b3b01a8803b11ffb34b497e9abc09a372`	sha256	elf	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`a43b3acee42de96b27a990e9c19b6fd7081d73c3e0516fc77de3bf4153f077e7`	sha256	Mirai	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`eebad34642be1e5256c715ab3746d4a67a7d3ee8685b6055a0f1a45744ce9e56`	sha256	exe	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`4d515501de5304db50daeb0bc151326a940d6a19ff7911a298ba666c5aa9a499`	sha256	sh	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`ab7bf496e32643527f16b2e424af5b7edb75f89bca7ab0bdb875d6534a9ccd70`	sha256	exe	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`423d6172df1acc2ef2ea751ef28727a2589a1677f08d666e4d553e06600284a2`	sha256	ConnectWise	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`5739b9652302bf52b2dea790956581dba814d9750643e29b1cd829f4a6e24d2a`	sha256	ConnectWise	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`9bb75b8ff8cf75c4f203c6572ee9cf65125d9b659f3f3aa4b0e1ece717a495e5`	sha256	Mirai	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`5d21ddaa89883041716417e15c840f6146c9d9d15f38ce97109aeafd8b12022e`	sha256	msi	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`3b1b289f81132244d9aa0702967464db3b99f296141faee92f30e66c20707b0f`	sha256	Mirai	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`c2253567a3f2d21e6967ccde19dd2dbaede5da54a46eb872c68a732358a81796`	sha256	exe	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`1080a64f454e01a3e5b59aced1413d72148223604923ad1fc8bd22372b3cc8f9`	sha256	exe	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`6d9fcd1b3561b2aea68f18825e9b0e8b804bcc3cd12c75f03f793acc255675b5`	sha256	Mirai	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`5d7918225442451dd8b9d685cf4e61e0128a49d31a33027bf57a7ddff5d16812`	sha256	Mirai	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`14c1d6d39878896f5835960e9c2c9c9058f81201236c4003f0ccbe269b4b41db`	sha256	Mirai	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`b4400659a6dd40962ec00446ece5fbec3094ac8576f77bba15e464258d83784c`	sha256	elf	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`d72cb6182e844f8364c0112659cdc82f1fc405179a1810846896269633ac18df`	sha256	Mirai	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`45e3ced4a54c9f4c38ae7f36c50e1ea6ccdc09ad0594f0353b34b857314db72f`	sha256	vbs	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`4fbef1d0d9d4673d1256e875ab9e45151f932aff093bf5030bf3d2d784d63150`	sha256	DDoSAgent	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`06ac500275281828fb427d399463d0442e08cee3744137e0f8bf61e13c1b78e1`	sha256	Mirai	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`3312af307463d657e729cd5e466e0dfbb2e13969458547492b51a04b67caa494`	sha256	Mirai	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`e8318d2c5023d9b1a29b20918610d7625ba04e58dfe1fc5da51aeac65dbdff9d`	sha256	xlsx	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`e0149c0c3476c97e13ab5f4d656ad0b53ba45dea1b3f8fdaf51d0e4ef5db2aa9`	sha256	xlsx	Malware Sample	MalwareBazaar	—	2026-05-14	🔗
`http://156.238.242.196/bins/ARMV4L`	url	arm, elf, mirai, opendir, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://156.238.242.196/bins/manji.ppc440`	url	elf, mirai, opendir, PowerPC, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://156.238.242.196/bins/ARMV6L`	url	arm, elf, mirai, opendir, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://156.238.242.196/bins/linux_ak.sh`	url	opendir, sh, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://156.238.242.196/bins/manji.arm5`	url	arm, elf, mirai, opendir, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://156.238.242.196/w.sh`	url	opendir, sh, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://156.238.242.196/bins/manji.mips`	url	elf, mips, mirai, opendir, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://60.211.105.231:33275/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://182.121.215.49:58921/bin.sh`	url	Mozi	malware_download	URLhaus	—	2026-05-14
`http://162.141.92.192/x86_64`	url	elf, mirai, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://162.141.92.192/mipsel`	url	elf, mirai, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://162.141.92.192/arm7`	url	elf, mirai, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://182.116.39.138:49602/i`	url	Mozi	malware_download	URLhaus	—	2026-05-14
`http://162.141.92.192/arm5`	url	elf, mirai, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://222.137.86.183:57761/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://110.36.80.162:54927/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://42.52.194.3:40757/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://182.116.39.138:49602/bin.sh`	url	Mozi	malware_download	URLhaus	—	2026-05-14
`http://60.211.105.231:33275/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://116.149.146.119:46205/i`	url	32-bit, arm, elf, mirai, Mozi	malware_download	URLhaus	—	2026-05-14
`http://94.156.152.234/selfrep.sh`	url	mirai, opendir, sh, ua-wget	malware_download	URLhaus	—	2026-05-14
`http://110.38.221.182:46486/bin.sh`	url	Mozi	malware_download	URLhaus	—	2026-05-14
`http://110.39.237.192:40532/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://116.149.146.119:46205/bin.sh`	url	32-bit, arm, elf, mirai, Mozi	malware_download	URLhaus	—	2026-05-14
`http://27.210.35.32:36830/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://219.157.159.219:57032/i`	url	Mozi	malware_download	URLhaus	—	2026-05-14
`http://42.87.156.224:45818/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://115.55.31.109:50067/i`	url	—	malware_download	URLhaus	—	2026-05-14
`http://27.210.35.32:36830/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-14
`http://171.39.12.170:54831/i`	url	32-bit, arm, elf, mirai, Mozi	malware_download	URLhaus	—	2026-05-14
`http://61.52.106.147:34515/i`	url	Mozi	malware_download	URLhaus	—	2026-05-14
`http://115.55.31.109:50067/bin.sh`	url	—	malware_download	URLhaus	—	2026-05-13
`http://42.224.65.149:38218/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://42.224.65.149:38218/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://222.137.75.23:41212/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://221.13.149.86:41083/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://222.137.75.23:41212/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://221.13.149.86:41083/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://175.175.55.124:46567/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://222.139.32.25:46329/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://42.55.139.100:53832/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://42.224.67.26:35749/i`	url	Mozi	malware_download	URLhaus	—	2026-05-13
`http://42.239.150.156:57296/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://182.122.239.203:47211/i`	url	mirai	malware_download	URLhaus	—	2026-05-13
`http://42.239.150.156:57296/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://110.36.12.61:47712/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://42.224.67.26:35749/bin.sh`	url	Mozi	malware_download	URLhaus	—	2026-05-13
`http://176.65.139.177/bot.arc`	url	arc, elf, mirai, opendir, ua-wget	malware_download	URLhaus	—	2026-05-13
`http://176.65.139.177/bot.armv6l`	url	arm, elf, mirai, opendir, ua-wget	malware_download	URLhaus	—	2026-05-13
`http://176.65.139.177/bot.powerpc`	url	elf, mirai, opendir, PowerPC, ua-wget	malware_download	URLhaus	—	2026-05-13
`http://176.65.139.177/bot.aarch64`	url	arm, elf, mirai, opendir, ua-wget	malware_download	URLhaus	—	2026-05-13
`http://176.65.139.177/load.sh`	url	opendir, sh, ua-wget	malware_download	URLhaus	—	2026-05-13
`http://176.65.139.177/bot.armv7l`	url	arm, elf, mirai, opendir, ua-wget	malware_download	URLhaus	—	2026-05-13
`http://176.65.139.177/bot.armv5l`	url	arm, elf, mirai, opendir, ua-wget	malware_download	URLhaus	—	2026-05-13
`http://176.65.139.177/bot.i486`	url	elf, mirai, opendir, ua-wget, x86	malware_download	URLhaus	—	2026-05-13
`http://176.65.139.177/bot.armv4l`	url	arm, elf, mirai, opendir, ua-wget	malware_download	URLhaus	—	2026-05-13
`http://176.65.139.177/bot.x86_64`	url	elf, mirai, opendir, ua-wget, x86	malware_download	URLhaus	—	2026-05-13
`http://176.65.139.177/bot.mips`	url	elf, mips, mirai, opendir, ua-wget	malware_download	URLhaus	—	2026-05-13
`http://176.65.139.177/bot.sh4`	url	elf, mirai, opendir, SuperH, ua-wget	malware_download	URLhaus	—	2026-05-13
`http://176.65.139.177/bot.mipsr`	url	elf, mips, mirai, opendir, ua-wget	malware_download	URLhaus	—	2026-05-13
`http://61.53.82.252:46127/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://27.220.243.108:45016/i`	url	Mozi	malware_download	URLhaus	—	2026-05-13
`http://60.23.224.10:60412/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://27.220.243.108:45016/bin.sh`	url	Mozi	malware_download	URLhaus	—	2026-05-13
`http://182.117.151.166:55410/i`	url	Mozi	malware_download	URLhaus	—	2026-05-13
`http://112.249.61.9:34551/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://60.23.224.10:60412/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://182.117.151.166:55410/bin.sh`	url	Mozi	malware_download	URLhaus	—	2026-05-13
`http://123.5.5.135:56083/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://125.44.46.158:59841/i`	url	Mozi	malware_download	URLhaus	—	2026-05-13
`http://123.5.5.135:56083/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://61.52.185.69:46774/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://123.13.28.236:50656/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://39.81.90.118:53969/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://39.81.90.118:53969/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://112.248.185.5:57152/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://112.248.185.5:57152/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://221.203.124.220:60683/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://42.57.219.68:52228/i`	url	—	malware_download	URLhaus	—	2026-05-13
`http://27.215.121.135:58017/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://221.203.124.220:60683/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://27.215.121.135:58017/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://60.22.192.81:59759/bin.sh`	url	—	malware_download	URLhaus	—	2026-05-13
`http://125.41.231.11:40951/bin.sh`	url	Mozi	malware_download	URLhaus	—	2026-05-13
`http://42.57.219.68:52228/bin.sh`	url	—	malware_download	URLhaus	—	2026-05-13
`http://60.162.33.50:45659/i`	url	32-bit, arm, elf, mirai, Mozi	malware_download	URLhaus	—	2026-05-13
`http://42.57.53.136:59615/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://123.190.79.253:32873/i`	url	—	malware_download	URLhaus	—	2026-05-13
`http://175.149.170.129:37335/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://175.149.170.129:37335/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://110.36.80.162:54927/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`https://solar-sanat.net/imagetest0071154z7.png`	url	—	malware_download	URLhaus	—	2026-05-13
`https://solar-sanat.net/imagetest00711z5.png`	url	—	malware_download	URLhaus	—	2026-05-13
`https://solar-sanat.net/imagetest0093t536.png`	url	—	malware_download	URLhaus	—	2026-05-13
`https://solar-sanat.net/imagecab001.png`	url	—	malware_download	URLhaus	—	2026-05-13
`https://solar-sanat.net/imagetext0117z45.png`	url	—	malware_download	URLhaus	—	2026-05-13
`http://222.137.76.7:35441/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://218.16.164.153:55697/i`	url	mirai	malware_download	URLhaus	—	2026-05-13
`http://222.137.76.7:35441/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`https://solar-sanat.net/MDClient.exe`	url	VenomRAT	malware_download	URLhaus	—	2026-05-13
`http://124.29.223.148:54801/i`	url	Mozi	malware_download	URLhaus	—	2026-05-13
`http://107.173.9.85/67/img_171102.png`	url	Formbook	malware_download	URLhaus	—	2026-05-13
`http://107.173.9.85/67/weneedbetterthingsforbest.HtA`	url	Formbook	malware_download	URLhaus	—	2026-05-13
`http://124.29.223.148:54801/bin.sh`	url	Mozi	malware_download	URLhaus	—	2026-05-13
`http://209.54.103.178/32/img_221919.png`	url	—	malware_download	URLhaus	—	2026-05-13
`http://209.54.103.178/32/givemegoodpersoninlifeforlove.hta`	url	—	malware_download	URLhaus	—	2026-05-13
`http://110.36.12.61:47712/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://24.95.54.96:57781/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://123.148.241.62:43983/i`	url	32-bit, arm, elf, mirai, Mozi	malware_download	URLhaus	—	2026-05-13
`http://39.87.238.242:44751/i`	url	Mozi	malware_download	URLhaus	—	2026-05-13
`http://123.148.241.62:43983/bin.sh`	url	32-bit, arm, elf, mirai, Mozi	malware_download	URLhaus	—	2026-05-13
`http://115.61.111.142:46490/i`	url	Mozi	malware_download	URLhaus	—	2026-05-13
`http://216.129.184.213:51759/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://27.37.112.190:41763/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://216.129.184.213:51759/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://27.37.112.190:41763/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://42.52.194.3:40757/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://175.149.123.111:52663/i`	url	—	malware_download	URLhaus	—	2026-05-13
`http://110.37.95.117:53934/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://150.255.27.41:55895/i`	url	32-bit, arm, elf, mirai, Mozi	malware_download	URLhaus	—	2026-05-13
`http://42.227.177.133:54013/bin.sh`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13
`http://175.149.123.111:52663/bin.sh`	url	—	malware_download	URLhaus	—	2026-05-13
`http://45.153.34.170/huhu/titanjr.i686`	url	elf, mirai, ua-wget	malware_download	URLhaus	—	2026-05-13
`http://45.153.34.170/huhu/titanjr.ppc`	url	elf, mirai, ua-wget	malware_download	URLhaus	—	2026-05-13
`http://45.153.34.170/huhu/titanjr.i486`	url	elf, mirai, ua-wget	malware_download	URLhaus	—	2026-05-13
`http://45.153.34.170/huhu/titanjr.ppc440`	url	elf, mirai, ua-wget	malware_download	URLhaus	—	2026-05-13
`http://45.153.34.170/huhu/titanjr.arm5`	url	elf, mirai, ua-wget	malware_download	URLhaus	—	2026-05-13
`http://45.153.34.170/huhu/titanjr.arm7`	url	elf, mirai, ua-wget	malware_download	URLhaus	—	2026-05-13
`http://45.153.34.170/huhu/titanjr.arc`	url	elf, mirai, ua-wget	malware_download	URLhaus	—	2026-05-13
`http://45.153.34.170/huhu/titanjr.spc`	url	elf, mirai, ua-wget	malware_download	URLhaus	—	2026-05-13
`http://78.25.107.160:58641/i`	url	32-bit, elf, mips, Mozi	malware_download	URLhaus	—	2026-05-13

Analyst Tools

Paste raw text — emails, reports, logs — to automatically extract and classify all IOCs.

Enter any IOC — type is auto-detected and a curated set of intel sources appears.

Decode common obfuscation schemes found in malware, phishing kits, and threat reports.

Convert IOCs between defanged (report-safe) and live formats. Handles hxxp, [.], and [://] notations.

Convert timestamps between Unix epoch, UTC, and local time. Paste any format into any field.

Unix Epoch (seconds)

Unix Epoch (milliseconds)

UTC / ISO 8601

Local Time

Human Readable (UTC)

Relative Time

Paste raw email headers to extract the sending chain, authentication results (SPF / DKIM / DMARC), originating IPs, and timing data.

Ransomware activity

0 New Victims Today

158 Victims This Week UP 3850%

thegentlemen Most Active Group (7d)

Business Services Most Targeted Sector (30d)

Victim Name	Ransom Group	Industry / Sector	Country	Date Discovered
Houston Eye Associates CRITICAL SECTOR	cmdorganization	Healthcare	US	2026-05-14
PowerCampus	shadowbyt3$	Education	IN	2026-05-14
Ellucian PowerCampus Warning (Contact Us)	shadowbyt3$	Education	US	2026-05-14
Stride Learning	shadowbyt3$	Education	US	2026-05-14
Amplify Technology	shadowbyt3$	Technology	GB	2026-05-14
University Of Georgia	shadowbyt3$	Education	US	2026-05-14
Hotelogix	shadowbyt3$	Hospitality and Tourism	SG	2026-05-14
Schulte-Lindhorst GmbH & Co.	qilin	Manufacturing	DE	2026-05-14
Institute of PrivateEnterprise Development	akira	Business Services	Unknown	2026-05-14
Fab-Masters	qilin	Manufacturing	US	2026-05-14
technic.com	abyss	Technology	US	2026-05-14
Goodstone Group	cmdorganization	General	AU	2026-05-14
BAYTECH A/S	morpheus	Business Services	DK	2026-05-14
Ira & Larry Goldberg Coins & Collectibles	cmdorganization	Consumer Services	US	2026-05-14
dsdlawfirm.com	killsec	Business Services	US	2026-05-14
ttt.vn UPDATE-FULL DATA DUMP	stormous	General	VN	2026-05-13
vspsolutions.com.au SAMPLE-FREE 20GB	stormous	Business Services	AU	2026-05-13
Silergy Corp	incransom	Technology	US	2026-05-13
Spirit Medical Transport CRITICAL SECTOR	qilin	Healthcare	US	2026-05-13
Mayer	qilin	General	US	2026-05-13
Bluize	qilin	Technology	AU	2026-05-13
Brand X Hydrovac Services CRITICAL SECTOR	qilin	Energy	CA	2026-05-13
LTJ Industrial Services	qilin	Business Services	GB	2026-05-13
Johnson Carter Architects	qilin	Construction	US	2026-05-13
Domaine Des Tournels	qilin	Agriculture and Food Production	FR	2026-05-13
MicroMarketing	dragonforce	Business Services	Unknown	2026-05-13
Pamil Modulsystem	dragonforce	Manufacturing	SE	2026-05-13
Tricon Infotech	dragonforce	Technology	IN	2026-05-13
One Legal	qilin	Business Services	SG	2026-05-13
John G Yphantides A Professional Law	qilin	Business Services	US	2026-05-13
Belz Institutions	qilin	General	IL	2026-05-13
Buenos Aires Software	coinbasecartel	Technology	AR	2026-05-13
Allele Diagnostics CRITICAL SECTOR	akira	Healthcare	FR	2026-05-13
Institute of Private Enterprise Development	akira	Business Services	US	2026-05-13
Gorey Community School	payload	Education	IE	2026-05-13
Inteceng.com.my (+ Tsksynergy.com.my + Amemanufacturing.com.my + Woodnova.com.my)	payload	Manufacturing	MY	2026-05-13
A.R.Ge.Co	anubis	Business Services	IT	2026-05-13
NTN Bearing Corporation of America	payoutsking	Manufacturing	US	2026-05-13
The Gravity Group	qilin	Business Services	US	2026-05-12
Porter Wright	SilentRansomGroup	Business Services	US	2026-05-12
Marshall Dennehey	SilentRansomGroup	Business Services	US	2026-05-12
SHERIFF	qilin	Public Sector	UA	2026-05-12
Infoworld Membership Systems	play	Technology	Unknown	2026-05-12
Town Car International	play	Transportation/Logistics	US	2026-05-12
Northern Mechanical Contractors	play	Construction	CA	2026-05-12
ACC Construction	play	Construction	US	2026-05-12
IWC Food Service	play	Agriculture and Food Production	US	2026-05-12
Ashcroft Homes	play	Construction	CA	2026-05-12
DURAND-WAYLAND	play	Manufacturing	US	2026-05-12
Focus Design Partners	thegentlemen	Business Services	QA	2026-05-12
Shajarpak Securities	thegentlemen	Financial Services	IR	2026-05-12
Qatar National Broadband	thegentlemen	Telecommunication	QA	2026-05-12
Electroban SAE	thegentlemen	Manufacturing	PY	2026-05-12
Oriental Diamond	thegentlemen	Manufacturing	JP	2026-05-12
SETCAR	thegentlemen	Transportation/Logistics	TN	2026-05-12
Value Exchange International	thegentlemen	Financial Services	HK	2026-05-12
Dodson & Horrell	thegentlemen	Agriculture and Food Production	GB	2026-05-12
Amstel Securities	thegentlemen	Financial Services	NL	2026-05-12
GeTeCe	thegentlemen	General	DE	2026-05-12
dentoncalvary.org CRITICAL SECTOR	lockbit5	Healthcare	US	2026-05-12
Bestat Pharmaservices Corp. CRITICAL SECTOR	worldleaks	Healthcare	TW	2026-05-12
Notification.	shinyhunters	Technology	Unknown	2026-05-12
Taylor Clay Products	akira	Manufacturing	US	2026-05-12
Kaplan Companies	akira	Business Services	US	2026-05-12
PRESS STATEMENT 13/05/2026	shinyhunters	General	Unknown	2026-05-12
Mediapost Spain	qilin	Business Services	ES	2026-05-12
Manhattan Broadcasting	akira	Telecommunication	US	2026-05-12
Vision 3 Architects	akira	Construction	US	2026-05-12
Avanti Windows & Doors	aurora	Manufacturing	US	2026-05-12
NaRaYa	lamashtu	General	TH	2026-05-12
Saharuang	lamashtu	General	TH	2026-05-12
Startec Group of Companies	aurora	Business Services	PH	2026-05-12
NorthWest Handling Systems	aurora	Transportation/Logistics	CA	2026-05-12
Rivadeneyra Treviño	bravox	General	MX	2026-05-12
SmilePoint Dental Group CRITICAL SECTOR	spacebears	Healthcare	US	2026-05-12
Pequod Associates	genesis	General	US	2026-05-12
rbh aerospace inc	incransom	Manufacturing	US	2026-05-11
Bideawee	incransom	Consumer Services	US	2026-05-11
Casino Gaming Commission	genesis	Public Sector	JM	2026-05-11
Fargo Moorhead West Fargo Chamber	genesis	Business Services	US	2026-05-11
Integrated Process Engineers & Constructors.	genesis	Construction	US	2026-05-11
Ben F. Barcus and associates pllc	genesis	Business Services	US	2026-05-11
Palo	genesis	Technology	US	2026-05-11
HostBooks (HOT!)	genesis	Business Services	US	2026-05-11
FANASA.COM UPDATE-FULL DATA DUMP	stormous	General	Unknown	2026-05-11
arc-reins.com + fidelityunited.ae UPDATE-FULL DATA DUMP	stormous	Financial Services	AE	2026-05-11
AppDirect	qilin	Technology	CA	2026-05-11
Arwini	kairos	General	DE	2026-05-11
Ayuntamiento de Valdemoro	kairos	Public Sector	ES	2026-05-11
lalsgroup.com	incransom	General	AE	2026-05-11
Advanced Software Products Group	cmdorganization	Technology	US	2026-05-11
Keller Williams Real Estate - Exton	qilin	Consumer Services	US	2026-05-11
International Customer Care Services	qilin	Business Services	GB	2026-05-11
Pangolin Editions	qilin	Consumer Services	GB	2026-05-11
Forestdale	moneymessage	Business Services	GB	2026-05-11
Depósito Dental Universitario CRITICAL SECTOR	lamashtu	Healthcare	MX	2026-05-11
Sistemas Electrónicos y de Telecomunicaciones	lamashtu	Telecommunication	MX	2026-05-11
First United Methodist Church Boerne	interlock	Consumer Services	US	2026-05-11
ice.org.uk	BrainCipher	Education	GB	2026-05-11
Kent District Library	interlock	Public Sector	US	2026-05-11

0 Victims (30d)

PIVOT Ready ID: #ZER

zerotolerance

DORMANT

zerotolerance

0 Victims (30d)

PIVOT Ready ID: #ZER

Global Victim Distribution (30 days)

Targeted Sectors (30 days)

Top Targeted Countries (30 days)

Country	Incidents (30d)	Share
US	159	50.2%
GB	35	11.0%
DE	30	9.5%
CA	18	5.7%
AU	9	2.8%
ES	8	2.5%
FR	8	2.5%
MX	7	2.2%
BR	7	2.2%
ID	7	2.2%
IT	6	1.9%
SG	6	1.9%
IN	6	1.9%
TH	6	1.9%
AT	5	1.6%

158 This Week ▲ 3850% vs last week

0 Today

75 Single-Day Peak (30d)

Vulnerabilities

May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fi...

KEV

CVSS: 9.6 2026-05-14

CVE-2026-41615

Microsoft / Microsoft Authenticator for Android

No description provided yet.

CVSS: 9.4 2026-05-14

CVE-2026-42596

gotenberg / gotenberg

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, the default deny-lists used by Gotenberg's d...

CVSS: 9.6 2026-05-14

CVE-2026-44482

richardhbtz / soundcloud-rpc

soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8...

CVSS: 10 2026-05-14

CVE-2026-44523

enchant97 / note-mark

Note Mark is an open-source note-taking application. Prior to 0.19.4, no minimum length or entropy is enforced on the JW...

Medium Severity (5.0 - 8.9)

CVSS: 6.4 2026-05-14

CVE-2026-6504

wproyal / Royal Addons for Elementor – Addons and Templates Kit for Elementor

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scr...

CVSS: 8.8 2026-05-14

CVE-2026-42559

modelcontextprotocol / rust-sdk

RMCP is an official Rust SDK for the Model Context Protocol. Prior to version 1.4.0, the rmcp crate'...

CVSS: 6.4 2026-05-14

CVE-2026-6252

mr2p / Meta Field Block – Display custom fields in the Block Editor without coding

The Meta Field Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tagN...

CVSS: 7.5 2026-05-14

CVE-2026-6479

n/a / PostgreSQL

Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a...

CVSS: 8.3 2026-05-14

CVE-2026-44586

siyuan-note / siyuan

SiYuan is an open-source personal knowledge management system. From 2.1.12 to before 3.7.0. SiYuan's...

CVSS: 6.5 2026-05-14

CVE-2026-6225

taskbuilder / Taskbuilder – Project Management & Task Management Tool With Kanban Board

The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress i...

CVSS: 8.8 2026-05-14

CVE-2026-6473

n/a / PostgreSQL

Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to ca...

CVSS: 6.5 2026-05-14

CVE-2026-6478

n/a / PostgreSQL

Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an at...

CVSS: 5.4 2026-05-14

CVE-2026-3829

gowebsmarty / WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan

The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugi...

CVSS: 8.2 2026-05-14

CVE-2026-40893

gotenberg / gotenberg

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if...

CVSS: 7.2 2026-05-14

CVE-2026-41937

givanz / Vvveb

Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload endpoin...

CVSS: 5.3 2026-05-14

CVE-2026-42592

gotenberg / gotenberg

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, FilterOutboundURL resolv...

CVSS: 8.3 2026-05-14

CVE-2026-43907

AcademySoftwareFoundation / OpenImageIO

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format...

CVSS: 5.8 2026-05-14

CVE-2026-44312

premailer / css_parser

css_parser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTT...

CVSS: 7.6 2026-05-14

CVE-2026-44516

valtimo-platform / valtimo

Valtimo is an open-source business process automation platform. From 12.4.0 to 12.33.0 and 13.26.0, ...

CVSS: 7.7 2026-05-14

CVE-2026-45370

universal-tool-calling-protocol / python-utcp

python-utcp is the python implementation of UTCP. Prior to 1.1.3, _prepare_environment() in cli_comm...

CVSS: 6.4 2026-05-14

CVE-2026-5243

posimyththemes / The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce

The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCom...

CVSS: 5.3 2026-05-14

CVE-2026-6145

wpeverest / User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder

The User Registration & Membership plugin for WordPress is vulnerable to Missing Authorization in al...

CVSS: 5.3 2026-05-14

CVE-2026-6206

websoudan / MW WP Form

The MW WP Form plugin for WordPress is vulnerable to Information Exposure in all versions up to, and...

CVSS: 5.4 2026-05-14

CVE-2026-6335

GitLab / GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.3 that...

CVSS: 5.4 2026-05-14

CVE-2026-6472

n/a / PostgreSQL

Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries tha...

CVSS: 8.8 2026-05-14

CVE-2026-6475

n/a / PostgreSQL

Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superus...

CVSS: 8.8 2026-05-14

CVE-2026-6477

n/a / PostgreSQL

Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export()...

CVSS: 7.5 2026-05-14

CVE-2026-6514

Infused Addons / InfusedWoo Pro

The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, ...

CVSS: 6.5 2026-05-14

CVE-2026-6670

erolsk8 / Media Sync

The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and inclu...

CVSS: 7.2 2026-05-14

CVE-2026-3718

managewp / ManageWP Worker

The ManageWP Worker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'MWP-K...

CVSS: 8.1 2026-05-14

CVE-2026-3892

stylemix / Motors – Car Dealership & Classified Listings Plugin

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbit...

CVSS: 7.5 2026-05-14

CVE-2026-4031

wpengine / Database Backup for WordPress

The Database Backup for WordPress plugin for WordPress is vulnerable to authorization bypass in all ...

CVSS: 6.1 2026-05-14

CVE-2026-41932

givanz / Vvveb

Vvveb before 1.0.8.3 contains a stored cross-site scripting vulnerability in the customer signup flo...

CVSS: 7.1 2026-05-14

CVE-2026-41935

givanz / Vvveb

Vvveb before 1.0.8.3 contains an uncontrolled recursion vulnerability in the admin controller dispat...

CVSS: 7.5 2026-05-14

CVE-2026-42334

Automattic / mongoose

Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Prior to...

CVSS: 8.2 2026-05-14

CVE-2026-42591

gotenberg / gotenberg

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the LibreOffice conversi...

CVSS: 8.6 2026-05-14

CVE-2026-42595

gotenberg / gotenberg

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, Gotenberg's Chromium URL...

CVSS: 5.5 2026-05-14

CVE-2026-43996

AcademySoftwareFoundation / OpenImageIO

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format...

CVSS: 6.5 2026-05-14

CVE-2026-8280

GitLab / GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.9.7, 18.10 ...

CVSS: 8.8 2026-05-14

CVE-2026-44513

huggingface / diffusers

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trust_remote_code by...

CVSS: 5.7 2026-05-14

CVE-2026-44520

docling-project / docling-graph

Docling-Graph turns documents into validated Pydantic objects, then builds a directed knowledge grap...

CVSS: 7.1 2026-05-14

CVE-2026-44637

saitoha / libsixel

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a ...

CVSS: 8.3 2026-05-14

CVE-2026-45369

universal-tool-calling-protocol / python-utcp

python-utcp is the python implementation of UTCP. Prior to 1.1.3, the _substitute_utcp_args method i...

CVSS: 7.1 2026-05-14

CVE-2026-46446

Alinto / SOGo

SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows S...

CVSS: 6.5 2026-05-14

CVE-2026-5193

wpdevteam / Essential Addons for Elementor – Popular Elementor Templates & Widgets

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is v...

CVSS: 6.5 2026-05-14

CVE-2026-5486

unitecms / Unlimited Elements For Elementor

The Unlimited Elements for Elementor plugin for WordPress is vulnerable to SQL Injection via the 'da...

CVSS: 8.7 2026-05-14

CVE-2026-6073

GitLab / GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 be...

CVSS: 6.4 2026-05-14

CVE-2026-6174

caterhamcomputing / CC Child Pages

The CC Child Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'more' ...

CVSS: 6.1 2026-05-14

CVE-2026-6417

bojansliskovicglscroatiacom / GLS Shipping for WooCommerce

The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scriptin...

CVSS: 7.2 2026-05-14

CVE-2026-6476

n/a / PostgreSQL

SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_create_subscription right...

CVSS: 8.8 2026-05-14

CVE-2026-6506

Infused Addons / InfusedWoo Pro

The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to,...

CVSS: 8.8 2026-05-14

CVE-2026-6637

n/a / PostgreSQL

Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute ...

CVSS: 5.4 2026-05-14

CVE-2026-20209

Cisco / Cisco Catalyst SD-WAN Manager

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow...

CVSS: 5.4 2026-05-14

CVE-2026-20210

Cisco / Cisco Catalyst SD-WAN Manager

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow...

CVSS: 8.6 2026-05-14

CVE-2026-20224

Cisco / Cisco Catalyst SD-WAN Manager

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow...

CVSS: 8.7 2026-05-14

CVE-2026-7377

GitLab / GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 be...

CVSS: 8.7 2026-05-14

CVE-2026-7481

GitLab / GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.9.7, 18.10 be...

CVSS: 6.4 2026-05-14

CVE-2026-3694

boldthemes / Bold Page Builder

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tex...

CVSS: 7.5 2026-05-14

CVE-2026-1659

GitLab / GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.0 before 18.9.7, 18.10 ...

CVSS: 7.5 2026-05-14

CVE-2026-4029

wpengine / Database Backup for WordPress

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export...

CVSS: 8.1 2026-05-14

CVE-2026-4030

wpengine / Database Backup for WordPress

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file ...

CVSS: 5.8 2026-05-14

CVE-2026-3160

GitLab / GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.9.7, 18.10...

CVSS: 5.3 2026-05-14

CVE-2026-41933

givanz / Vvveb

Vvveb before 1.0.8.3 contains a directory listing information disclosure vulnerability that allows u...

CVSS: 7.7 2026-05-14

CVE-2026-42283

devspace-sh / devspace

DevSpace is a client-only developer tool for cloud-native development with Kubernetes. Prior to 6.3....

CVSS: 5.3 2026-05-14

CVE-2026-42572

hatchet-dev / hatchet

Hatchet is a platform for orchestrating background tasks, AI agents, and durable workflows at scale....

CVSS: 8.2 2026-05-14

CVE-2026-42590

gotenberg / gotenberg

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata wr...

CVSS: 5.3 2026-05-14

CVE-2026-42593

gotenberg / gotenberg

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, pdfengines/merge, pdfeng...

CVSS: 7.5 2026-05-14

CVE-2026-42594

gotenberg / gotenberg

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the webhook middleware s...

CVSS: 5.9 2026-05-14

CVE-2026-42597

gotenberg / gotenberg

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the /forms/chromium/conv...

CVSS: 8.1 2026-05-14

CVE-2026-42897

Microsoft / Microsoft Exchange Server 2016 Cumulative Update 23

No description provided yet.

CVSS: 5.4 2026-05-14

CVE-2026-43644

stefanprodan / podinfo

podinfo through 6.11.2 contains a reflected cross-site scripting vulnerability in the /echo and /api...

CVSS: 8.8 2026-05-14

CVE-2026-43908

AcademySoftwareFoundation / OpenImageIO

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format...

CVSS: 8.8 2026-05-14

CVE-2026-43909

AcademySoftwareFoundation / OpenImageIO

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format...

CVSS: 6.5 2026-05-14

CVE-2026-1184

GitLab / GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 11.9 before 18.9.7, 18.10 be...

CVSS: 7.5 2026-05-14

CVE-2026-44375

AArnott / Nerdbank.MessagePack

Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, N...

CVSS: 7.4 2026-05-14

CVE-2026-44511

katalyst / koi

Katalyst Koi is a framework for building Rails admin functionality. Prior to 4.20.0 and 5.6.0, admin...

CVSS: 6.5 2026-05-14

CVE-2026-44514

kubetail-org / kubetail

Kubetail is a real-time logging dashboard for Kubernetes. Prior to 0.14.0, Kubetail's dashboard expo...

CVSS: 7.4 2026-05-14

CVE-2026-44636

saitoha / libsixel

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, si...

CVSS: 8.1 2026-05-14

CVE-2026-44633

LiveHelperChat / livehelperchat

Live Helper Chat is an open-source application that enables live support websites. In 4.84v, the Liv...

CVSS: 6.8 2026-05-14

CVE-2026-1322

GitLab / GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.0 before 18.9.7, 18.10...

CVSS: 7.5 2026-05-14

CVE-2026-44673

CESNET / libyang

libyang is a YANG data modeling language library. Prior to SO 5.2.15, lyb_read_string() in src/parse...

CVSS: 8.8 2026-05-14

CVE-2026-44827

huggingface / diffusers

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allow...

CVSS: 6.5 2026-05-14

CVE-2026-4524

GitLab / GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9.1 before 18.9.7, 18....

CVSS: 6.5 2026-05-14

CVE-2026-4527

GitLab / GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.9.7, 18.1...

CVSS: 7.5 2026-05-14

CVE-2026-46419

Yubico / webauthn-server-core

Yubico webauthn-server-core (aka java-webauthn-server) 2.8.0 before 2.8.2 incorrectly checks a funct...

CVSS: 7.1 2026-05-14

CVE-2026-46445

Alinto / SOGo

SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection.

CVSS: 6.4 2026-05-14

CVE-2026-5361

smub / Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More

The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the RE...

CVSS: 8.2 2026-05-14

CVE-2026-5395

techjewel / Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin fo...

CVSS: 8.2 2026-05-14

CVE-2026-5396

techjewel / Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled ...

CVSS: 6.8 2026-05-14

CVE-2026-6008

Im Park Information Technology, Electronics, Press, Publishing and Advertising, Education Ltd. Co. / DijiDemi

siyuan-note / siyuan

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, b...

CVSS: 4 2026-05-14

CVE-2026-46469

GStreamer / Good Plug-ins

An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsin...

CVSS: 4 2026-05-14

CVE-2026-46470

GStreamer / Good Plug-ins

An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsin...

Sort by:

CVSS: 8.6

2026-05-14

CVE-2026-20224

Cisco - Cisco Catalyst SD-WAN Manager

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to read arbitrary files that are stored in an affected system. The attacker does not need to have valid user credentials. This vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to read arbitrary files that are stored in the affected system.

CRITICAL VENDOR

CVSS: 4.3

2026-05-14

CVE-2026-45147

siyuan-note - siyuan

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, POST /api/tag/getTag is registered with model.CheckAuth only, omitting both model.CheckAdminRole and model.CheckReadonly, despite the handler performing a configuration write that is normally guarded by both. Any authenticated user — including publish-service RoleReader accounts and RoleEditor accounts on a read-only workspace — can call this endpoint with a sort argument to mutate model.Conf.Tag.Sort and trigger model.Conf.Save(), which atomically rewrites the entire workspace conf.json. This vulnerability is fixed in 3.7.0.

CVSS: 4

2026-05-14

GStreamer - Good Plug-ins

An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_parse_trak function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero.

CVSS: 10 ACTIVE EXPLOIT

2026-05-14

CVE-2026-20182

Cisco - Cisco Catalyst SD-WAN Manager

May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The section of this advisory includes Show Control Connections guidance to help with system checks.  A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to the affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.

CRITICAL VENDOR

CVSS: 5.3

2026-05-14

CVE-2026-42572

hatchet-dev - hatchet

Hatchet is a platform for orchestrating background tasks, AI agents, and durable workflows at scale. Prior to 0.83.39, a missing authorization directive on the GET /api/v1/stable/dags/tasks endpoint caused Hatchet's tenant-membership check to be skipped for this route. A user authenticated to any tenant on the same Hatchet instance could query the endpoint with another tenant's UUID and a DAG UUID belonging to that tenant, and receive task metadata for that DAG. This vulnerability is fixed in 0.83.39.

AWAITING CVSS

2026-05-14

CVE-2026-43904

AcademySoftwareFoundation - OpenImageIO

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, softimageinput.cpp:469 (mixed RLE) and :345 (pure RLE) do not clamp the run length to remaining scanline width before writing pixels. The raw packet path (line 403) correctly clamps with std::min, but RLE paths skip this check. A crafted .pic file causes heap overflow up to 65535 bytes. This vulnerability is fixed in 3.0.18.0 and 3.1.13.0.

CVSS: 10

2026-05-14

CVE-2026-44523

enchant97 - note-mark

Note Mark is an open-source note-taking application. Prior to 0.19.4, no minimum length or entropy is enforced on the JWT_SECRET configuration value. The application accepts any base64-decodable secret regardless of size, including secrets as short as 1 byte. This vulnerability is fixed in 0.19.4.

AWAITING CVSS

2026-05-14

CVE-2026-42281

MagicMirrorOrg - MagicMirror

Cisco - Cisco Catalyst SD-WAN Manager

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform unauthorized actions on an affected system. This vulnerability exists because of a failure to redact sensitive information within device configurations and templates. An attacker could exploit this vulnerability by elevating their read-only permissions to those of a high-privileged user. A successful exploit could allow the attacker to access or modify configuration settings within Cisco Catalyst SD-WAN Manager as a high-privileged user.

CRITICAL VENDOR

CVSS: 7.4

2026-05-14

CVE-2026-44511

katalyst - koi

Katalyst Koi is a framework for building Rails admin functionality. Prior to 4.20.0 and 5.6.0, admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the cookie expired or session secrets were rotated. This vulnerability is fixed in 4.20.0 and 5.6.0.

CVSS: 3.1

2026-05-14

CVE-2026-27680

SAP_SE - SAP NetWeaver Application Server ABAP

Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets (CSS) data into a web page served by the application. When a user accesses or clicks the affected page, the injected CSS is executed. As a result, the issue has a low impact on confidentiality, while integrity and availability are not impacted.

AWAITING CVSS

2026-05-14

CVE-2026-24712

n/a - n/a

Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection.

CVSS: 9.6

2026-05-14

CVE-2026-41615

Microsoft - Microsoft Authenticator for Android

No description provided yet.

CRITICAL VENDOR

CVSS: 9.4

2026-05-14

OSC - ondemand

Open OnDemand is an open-source high-performance computing portal. Prior to 4.0.11, 4.1.5, and 4.2.2, specially crafted filenames can execute javascript in the file browser This vulnerability is fixed in 4.0.11, 4.1.5, and 4.2.2.

CVSS: 6.1

2026-05-14

siyuan-note - siyuan

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, he tooltip mouseover handler in app/src/block/popover.ts reads aria-label via getAttribute and passes it through decodeURIComponent before assigning to messageElement.innerHTML in app/src/dialog/tooltip.ts:41. The encoder used at the producer side, escapeAriaLabel in app/src/util/escape.ts:19-25, only handles HTML special characters (", ', <, literal <) — it leaves %XX URL-escapes untouched. So a doc title containing %3Cimg src=x onerror=...%3E round-trips through escapeAriaLabel and the HTML attribute layer unmodified. Then decodeURIComponent on the consumer side converts %3C to a literal < character (a real <, NOT a character reference). When that string is assigned to innerHTML, the HTML5 tokenizer enters TagOpenState on the literal <, parses the <img> element, and the onerror handler fires. Because the renderer runs with nodeIntegration: true, contextIsolation: false, webSecurity: false (app/electron/main.js:407-411), require('child_process') is reachable from the injected handler, escalating to arbitrary code execution.This vulnerability is fixed in 3.7.0.

CVSS: 9

2026-05-14

GitLab - GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to bypass package protection rules due to improper access control.

CVSS: 6.5

2026-05-14

ntop - ntopng

CWE-601 URL redirection to untrusted site ('open redirect')

CVSS: 5.7

2026-05-14

CVE-2026-44520

docling-project - docling-graph

CVE-2026-42881

squinky86 - STIGQter

STIGQter is an open-source reimplementation of DISA's STIG Viewer. From 0.1.2 to before 1.2.7, an attacker can achieve local code execution (LCE) with the privileges of the user running STIGQter. This requires user interaction: the victim must open the malicious .stigqter file and explicitly run the "Export HTML" action. This vulnerability is fixed in 1.2.7.

CVSS: 7.1

2026-05-14

CVE-2026-41935

givanz - Vvveb

Vvveb before 1.0.8.3 contains an uncontrolled recursion vulnerability in the admin controller dispatch cycle where Base::init() repeatedly invokes permission() on error handlers, causing infinite recursion until PHP memory limits are exhausted. Attackers can send sustained requests to forbidden admin URLs from a low-privilege account to exhaust PHP memory on all workers and cause denial of service to legitimate traffic.

AWAITING CVSS

2026-05-14

CVE-2026-24711

n/a - n/a

Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control.

CVSS: 7.5

2026-05-14

CVE-2026-44375

AArnott - Nerdbank.MessagePack

Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the reader to allocate an attacker-controlled number of bytes on the stack. This can trigger a StackOverflowException, which is not catchable by user code and terminates the process. This vulnerability is fixed in 1.1.62.

AWAITING CVSS

2026-05-14

WEBCON - WEBCON BPS

WEBCON BPS is vulnerable to Reflected XSS via one of parameters used by "/openinmobileapp" endpoint. An attacker can send a specially crafted URL that, when opened by an authenticated user, results in arbitrary JavaScript execution in the victim's browser. This issue was fixed in versions 2026.1.3.109 and 2025.2.1.293.

AWAITING CVSS

2026-05-14

GitLab - GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to cause denial of service through excessive memory consumption due to improper input validation.

CVSS: 5.4

2026-05-14

CVE-2026-43644

stefanprodan - podinfo

podinfo through 6.11.2 contains a reflected cross-site scripting vulnerability in the /echo and /api/echo endpoints where the echoHandler writes request body content directly to the response without setting explicit Content-Type or X-Content-Type-Options headers. Attackers can craft cross-origin HTML pages with auto-submitting forms containing script payloads in the request body, which are served as text/html due to Go's content type detection, allowing the reflected script to execute in the podinfo origin context when victims visit the attacker's page.

CVSS: 5.3

2026-05-14

CVE-2026-42592

gotenberg - gotenberg

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, FilterOutboundURL resolves the hostname, checks the resolved IPs against the private-address deny-list, and returns only the error. It discards the resolved addresses. Chromium later performs its own DNS resolution when it navigates to the URL. An attacker who controls DNS for a hostname with a short TTL returns a public IP on the first query (Gotenberg allows) and a private IP on the second query (Chromium connects to the attacker-chosen internal address). The CDP Fetch.requestPaused handler re-checks the URL but runs its own DNS resolution, leaving a timing window before Chromium's actual TCP connect. The rendered internal service response returns to the caller as a PDF. This vulnerability is fixed in 8.32.0.

CRITICAL VENDOR

CVSS: 7.2

2026-05-14

caterhamcomputing - CC Child Pages

The CC Child Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'more' parameter in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: 6.8

2026-05-14

Infused Addons - InfusedWoo Pro

The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing authorization in all versions up to, and including, 5.1.2. This is due to missing nonce verification and capability checks in the iwar_save_recipe() AJAX handler. This makes it possible for unauthenticated attackers to create a malicious automation recipe that pairs an HTTP post trigger with an auto-login action, allowing any unauthenticated visitor to visit a crafted URL and receive authentication cookies for any targeted user account (e.g., administrator), achieving complete authentication bypass and privilege escalation.

AWAITING CVSS

2026-05-14

CVE-2026-22599

strapi - strapi

Strapi is an open source headless content management system. In versions on the 4.x branch prior to 4.26.1 and on the 5.x branch prior to 5.33.2, a database-query injection vulnerability existed in the Strapi Content-Type Builder write API. An authenticated administrator could inject arbitrary database statements through the `column.defaultTo` attribute when creating or modifying a content type. Setting `defaultTo` as a tuple `[value, { isRaw: true }]` caused the value to be passed directly into Knex's `db.connection.raw()` during schema migration without sanitization, allowing arbitrary statement execution at the database layer. Depending on the database engine, this enabled arbitrary file read via database utility functions, denial of service via forced server crash on schema-migration error, and on engines that permit external program execution, remote code execution against the database server. The patch in versions 4.26.1 and 5.33.2 addresses this by restricting all Content-Type Builder write APIs to development mode only. Production deployments running v5.33.2 or later return 404 for requests against `/content-type-builder/content-types` and related endpoints, removing the network-reachable attack surface entirely.

CVSS: 4.3

2026-05-14

CVE-2026-1338

GitLab - GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to delete protected container registry tags due to improper authorization checks.

CVSS: 6.5

2026-05-14

CVE-2026-5193

wpdevteam - Essential Addons for Elementor – Popular Elementor Templates & Widgets

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.5.13. This is due to insufficient role validation in the 'register_user' function, which only blocks the 'administrator' role. This makes it possible for authenticated attackers, with author level access and above, to create new user accounts with elevated privileges such as editor.

CVSS: 8.8

2026-05-14

CVE-2026-6477

n/a - PostgreSQL

Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets(), PQfn(..., result_is_int=0, ...) stores arbitrary-length, server-determined data into a buffer of unspecified size. Because both the \lo_export command in psql and pg_dump call lo_read(), the server superuser can overwrite pg_dump or psql stack memory. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.

CRITICAL VENDOR

CVSS: 8.1

2026-05-14

wpengine - Database Backup for WordPress

The Database Backup for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.5.2. This is due to the plugin not restricting access to the wp_db_temp_dir parameter, which controls where database backups are written. This makes it possible for unauthenticated attackers to send a request to wp-cron.php with a poisoned wp_db_temp_dir value pointing to a publicly accessible directory (e.g., wp-content/uploads/), and if a scheduled backup is due, intercept the backup file before it is cleaned up. The backup file has a predictable name based on the database name, table prefix, date, and Swatch Internet Time, making interception reliable. Successful exploitation leads to Sensitive Information Exposure including database credentials, user password hashes, and personally identifiable information. This vulnerability requires that the site administrator has configured scheduled backups.

CVSS: 7.2

2026-05-14

CVE-2026-41937

givanz - Vvveb

Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload endpoint that allows super_admin users to execute arbitrary PHP code by uploading a malicious plugin ZIP file. Attackers can craft a ZIP containing a plugin.php with a valid Slug header and a public/index.php file with arbitrary PHP code, which executes as the web server user when accessed via unauthenticated HTTP requests to the plugin's public path.

CVSS: 3.7

2026-05-14

CVE-2026-6638

n/a - PostgreSQL

Alinto - SOGo

SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to c_password = '%@' in changePasswordForLogin.

CRITICAL VENDOR

CVSS: 4.3

2026-05-14

CVE-2026-6063

GitLab - GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user with developer-role permissions to remove code owner approval rules from merge requests due to improper access control.

CVSS: 7.5

2026-05-14

CVE-2026-46419

Yubico - webauthn-server-core

Yubico webauthn-server-core (aka java-webauthn-server) 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation.

CVSS: 4.3

2026-05-14

wpeverest - User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder

The User Registration & Membership plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.1.5. This is due to the is_admin_creation_process() method relying solely on the presence of action=createuser in the $_REQUEST superglobal without performing any authentication or capability check. This makes it possible for unauthenticated attackers to bypass the admin approval requirement when registering new accounts via the fallback submission path.

CVSS: 5.3

2026-05-14

CVE-2026-41933

givanz - Vvveb

Vvveb before 1.0.8.3 contains a directory listing information disclosure vulnerability that allows unauthenticated attackers to enumerate files and directories by accessing multiple paths lacking proper index directives in .htaccess files. Attackers can access directories such as admin asset paths, plugins, themes, and media folders to view filenames, file sizes, modification timestamps, and unrendered admin templates containing sensitive route maps.

CVSS: 7.5

2026-05-14

CVE-2026-6514

Infused Addons - InfusedWoo Pro

The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.1.2 via the popup_submit. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

CVSS: 5.3

2026-05-14

CVE-2026-6206

websoudan - MW WP Form

The MW WP Form plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.1.2 via the _get_post_property_from_querystring() function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to.

CVSS: 6.5

2026-05-14

CVE-2026-6478

n/a - PostgreSQL

Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed passwords originating in upgrades from PostgreSQL 13 or earlier. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.

CRITICAL VENDOR

CVSS: 8.8

2026-05-14

CVE-2026-6506

Infused Addons - InfusedWoo Pro

The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.1.2. This is due to the infusedwoo_gdpr_upddata() function missing authorization and capability checks, as well as lacking restrictions on which user meta keys can be updated. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their own wp_capabilities user meta to grant themselves Administrator role privileges.

CVSS: 2.7

2026-05-14

CVE-2026-2900

GitLab - GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that when instance-level approval rule editing prevention was enabled, could have allowed an authenticated user with Maintainer permissions to modify or delete project approval rules due to missing authorization checks.

CVSS: 6.5

2026-05-14

CVE-2026-5486

unitecms - Unlimited Elements For Elementor

The Unlimited Elements for Elementor plugin for WordPress is vulnerable to SQL Injection via the 'data[filter_search]' parameter in the get_cat_addons AJAX action in versions up to and including 2.0.7. This is due to insufficient input sanitization and the use of deprecated escaping functions combined with direct string concatenation in SQL query construction. The vulnerability is exacerbated because the normalizeAjaxInputData() function calls stripslashes() on all user input, removing the protection provided by WordPress's wp_magic_quotes() function. Subsequently, the filter_search parameter is escaped using the deprecated wpdb->_escape() function and then directly concatenated into a LIKE clause without using prepared statements. This makes it possible for authenticated attackers, with Contributor-level access and above (who can obtain a valid nonce through the Elementor editor), to inject arbitrary SQL commands and extract sensitive information from the database.

CVSS: 5.4

2026-05-14

CVE-2026-6472

n/a - PostgreSQL

Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use search_path to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.

CRITICAL VENDOR

CVSS: 6.1

2026-05-14

CVE-2026-6417

bojansliskovicglscroatiacom - GLS Shipping for WooCommerce

The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failed_orders' parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

AWAITING CVSS

2026-05-14

CVE-2026-5790

Stel Order - Stel Order

Stored Cross-Site Scripting (XSS) in Stel Order v3.25.1 and earlier, located at the ‘/app/FrontController’ endpoint via the ‘legalName’ and ‘employeeID’ parameters. The lack of proper input sanitization allows an attacker to inject malicious code that is persistently stored in the database. When other users or administrators access the affected sections, the code executes in their browsers, enabling the theft of session cookies and account hijacking.

CVSS: 7.5

2026-05-14

CVE-2026-6335

GitLab - GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user to execute arbitrary code in another user's browser session due to improper sanitization.

CVSS: 6.4

2026-05-14

CVE-2026-6504

wproyal - Royal Addons for Elementor – Addons and Templates Kit for Elementor

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title_tag' parameter in all versions up to, and including, 1.7.1058 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: 4.3

2026-05-14

CVE-2026-7648

thimpress - LearnPress – WordPress LMS Plugin for Create and Sell Online Courses

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all versions up to, and including, 4.3.5. This is due to improper handling of user-supplied request parameters in the REST API endpoint, which passes the unsanitized parameter array to the add_to_cart() function where array_merge() allows attacker-controlled values to overwrite hardcoded defaults. This makes it possible for authenticated attackers, with subscriber-level access and above, to enroll in any paid course entirely free of charge by supplying a quantity value of zero, which causes the order total to calculate as $0 and bypasses all payment gateway requirements.

AWAITING CVSS

2026-05-14

CVE-2026-43905

AcademySoftwareFoundation - OpenImageIO

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, jpeg2000input.cpp:395 computes buffer size as const int bufsize = w * h * ch * buffer_bpp using signed 32-bit arithmetic. When the product exceeds INT_MAX, the result wraps to 0 or a small value. m_buf.resize() allocates an undersized buffer, and subsequent pixel write loops cause heap overflow. Conditional on USE_OPENJPH build flag. This vulnerability is fixed in 3.0.18.0 and 3.1.13.0.

Sort by:

EPSS: N/A

2026-05-14

CVE-2026-20182

Cisco Catalyst SD-WAN Controller & Manager contain an authentication bypass vulnerability that allows an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.

Product: Catalyst SD-WAN

EPSS: 37.4%

2026-05-08

CVE-2026-42208

BerriAI LiteLLM contains a SQL injection vulnerability that allows an attacker to read data from the proxy's database and potentially modify it, leading to unauthorized access to the proxy and the credentials it manages.

Product: LiteLLM

EPSS: 5.0%

2026-05-07

CVE-2026-6973

Ivanti Endpoint Manager Mobile (EPMM) contains an improper input validation vulnerability that allows a remotely authenticated user with administrative access to achieve remote code execution.

Product: Endpoint Manager Mobile (EPMM)

EPSS: 5.3%

2026-05-06

CVE-2026-0300

Palo Alto Networks PAN-OS contains an out-of-bounds write vulnerability in the User-ID Authentication Portal (aka Captive Portal) service that can allow an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets.

Product: PAN-OS

Advanced Persistent Threats (APT)

200 Tracked Actors

5 Active (OTX Matched)

50 Live OTX Pulses

1937CN

1937CN is a Chinese hacking group that has been active since at least 2013. The group is known for targeting Vietnamese organizati…

IQ DORMANT

313 Team

313 Team is an Iraq-based threat actor that has conducted coordinated DDoS campaigns targeting multiple government servers in the …

SY DORMANT

APT-C-27

A threat actor which is ac tive since at least November 2014. This group launched long-term at tacks against organizations in the …

AKA: GoldMouse Golden RAT ATK80

PLA Navy Anchor Panda is an adversary that CrowdStrike has tracked extensively over the last year targeting both civilian and mili…

AKA: ANCHOR PANDA QAZTeam ALUMINUM

Targets: Other Aerospace Defense

CN DORMANT

APT15

This threat actor uses phishing techniques to compromise the networks of foreign ministries of European countries for espionage pu…

AKA: VIXEN PANDA Ke3Chang Playful Dragon Metushy

Targets: Government Administration

CN DORMANT

Putter Panda were the subject of an extensive report by CrowdStrike, which stated: 'The CrowdStrike Intelligence team has been tra…

AKA: PLA Unit 61486 PUTTER PANDA MSUpdater 4HCrew

CN DORMANT

APT20

We’ve uncovered some new data and likely attribution regarding a series of APT watering hole attacks this past summer. Watering ho…

AKA: VIOLIN PANDA TH3Bug Crawling Taurus

CN DORMANT

APT21

AKA: HAMMER PANDA TEMP.Zhenbao NetTraveler

CN DORMANT

APT22

Suckfly is a China-based threat group that has been active since at least 2014

AKA: G0039 Suckfly BRONZE OLIVE Group 46

CN DORMANT

APT23

TrendMicro described Tropic Trooper in a 2015 report as: 'Taiwan and the Philippines have become the targets of an ongoing campaig…

AKA: PIRATE PANDA KeyBoy Tropic Trooper BRONZE HOBART

Targets: Military Government Administration

CN DORMANT

APT24

The Pitty Tiger group has been active since at least 2011. They have been seen using HeartBleed vulnerability in order to directly…

AKA: PITTY PANDA G0011 Temp.Pittytiger

CN DORMANT

APT26

AKA: JerseyMikes TURBINE PANDA BRONZE EXPRESS TECHNETIUM

CN DORMANT

APT27

A China-based actor that targets foreign embassies to collect data on government, defence, and technology sectors.

AKA: GreedyTaotie TG-3390 EMISSARY PANDA TEMP.Hippo

Targets: Technology Government Administration

RU DORMANT

APT28

The Sofacy Group (also known as APT28, Pawn Storm, Fancy Bear and Sednit) is a cyber espionage group believed to have ties to the …

AKA: Pawn Storm FANCY BEAR Sednit SNAKEMACKEREL

Targets: Military Government Administration

RU DORMANT

APT29

A 2015 report by F-Secure describe APT29 as: 'The Dukes are a well-resourced, highly dedicated and organized cyberespionage group …

AKA: Group 100 COZY BEAR The Dukes Minidionis

Targets: Think Tanks Government Administration

CN ACTIVE

APT3

Symantec described UPS in 2016 report as: 'Buckeye (also known as APT3, Gothic Panda, UPS Team, and TG-0110) is a cyberespionage …

AKA: GOTHIC PANDA TG-0110 Group 6 UPS

Targets: Political party

CN DORMANT

APT30

APT30 is a threat group suspected to be associated with the Chinese government. While Naikon shares some characteristics with APT3…

AKA: G0013

CN DORMANT

APT31

FireEye characterizes APT31 as an actor specialized on intellectual property theft, focusing on data and projects that make a part…

AKA: ZIRCONIUM JUDGMENT PANDA BRONZE VINEWOOD Red keres

VN DORMANT

APT32

Cyber espionage actors, now designated by FireEye as APT32 (OceanLotus Group), are carrying out intrusions into private sector com…

AKA: OceanLotus Group Ocean Lotus OceanLotus Cobalt Kitty

Targets: Dissidents Government Administration

IR DORMANT

APT33

Our analysis reveals that APT33 is a capable group that has carried out cyber espionage operations since at least 2013. We assess …

AKA: APT 33 Elfin MAGNALLIUM Refined Kitten

IR DORMANT

APT35

FireEye has identified APT35 operations dating back to 2014. APT35, also known as the Newscaster Team, is a threat group sponsored…

AKA: Newscaster Team Magic Hound G0059 Phosphorus

KP ACTIVE

APT37

APT37 has likely been active since at least 2012 and focuses on targeting the public and private sectors primarily in South Korea.…

AKA: APT 37 Group 123 Group123 InkySquid

IR DORMANT

APT39

APT39 was created to bring together previous activities and methods used by this actor, and its activities largely align with a gr…

AKA: Chafer REMIX KITTEN COBALT HICKMAN G0087

CN ACTIVE

APT4

AKA: PLA Navy MAVERICK PANDA BRONZE EDISON SODIUM

CN DORMANT

APT40

Leviathan is an espionage actor targeting organizations and high-value targets in defense and government. Active since at least 20…

AKA: TEMP.Periscope TEMP.Jumper Leviathan BRONZE MOHAWK

CN ACTIVE

APT41

APT41 is a prolific cyber threat group that carries out Chinese state-sponsored espionage activity in addition to financially moti…

AKA: G0096 TA415 Blackfly Grayfly

IR DORMANT

APT42

Iranian state-sponsored cyber espionage group tasked with conducting information collection and surveillance operations against in…

AKA: UNC788 CALANQUE

KP DORMANT

APT45

APT45 is a North Korean cyber threat actor that has been active since at least 2009. They have conducted espionage campaigns targe…

CN DORMANT

APT5

We have observed one APT group, which we call APT5, particularly focused on telecommunications and technology companies. More than…

AKA: KEYHOLE PANDA MANGANESE BRONZE FLEETWOOD TEMP.Bottle

Targets: Electronic Telecoms Technology

CN DORMANT

APT6

The FBI issued a rare bulletin admitting that a group named Advanced Persistent Threat 6 (APT6) hacked into US government computer…

AKA: 1.php Group

CN DORMANT

APT9

APT9 engages in cyber operations where the goal is data theft, usually focusing on the data and projects that make a particular or…

AKA: NIGHTSHADE PANDA Red Pegasus Group 27

IR DORMANT

APTIran

APTIran has claimed responsibility for a large-scale campaign targeting Israeli critical infrastructure, asserting infiltration of…

IR DORMANT

Ababil of Minab

Ababil of Minab is an emerging pro-Iranian hacktivist group with a limited public profile and little verifiable prior activity in …

IQ DORMANT

Altahrea Team

Altahrea Team is a pro-Iranian hacking group that has been active since at least 2020. The group has claimed responsibility for a …

CN DORMANT

Amaranth-Dragon

Amaranth-Dragon is a previously untracked threat actor assessed to be closely linked to the China-affiliated APT 41 ecosystem, exh…

RU DORMANT

Angry Likho

Angry Likho is an APT group that has been active since 2023, primarily targeting large organizations and government agencies in Ru…

AKA: Sticky Werewolf

TW DORMANT

Anonymous64

Anonymous 64 is a group accused by China's national security ministry of attempting to gain control of web portals, outdoor electr…

AKA: Anonymous 64

CN DORMANT

Antlion

Antlion is a Chinese state-backed advanced persistent threat (APT) group, who has been targeting financial institutions in Taiwan.…

CN DORMANT

Aoqin Dragon

SentinelLabs has uncovered a cluster of activity beginning at least as far back as 2013 and continuing to the present day, primari…

AKA: UNC94

IR DORMANT

AppMilad

AppMilad is an Iranian hacking group that has been identified as the source of a spyware campaign called RatMilad. This spyware is…

PS DORMANT

AridViper

AridViper is a state-sponsored APT primarily targeting military personnel, journalists, and dissidents in the Middle East, with a …

AKA: Desert Falcon Arid Viper APT-C-23 Bearded Barbie

TR DORMANT

Aslan Neferler Tim

Turkish nationalist hacktivist group that has been active for roughly one year. According to Domaintools, the group’s site has bee…

AKA: Lion Soldiers Team Phantom Turk

Targets: Government Administration News - Media

CN DORMANT

Avivore

The group’s existence came to light during Context’s investigation of a number of attacks against multinational enterprises that c…

TR DORMANT

Ayyıldız Tim

Ayyıldız (Crescent and Star) Tim is a nationalist hacking group founded in 2002. It performs defacements and DDoS attacks against …

AKA: Crescent and Star

Targets: Government Administration

IT DORMANT

AzzaSec

AzzaSec is a hacktivist group that originated in Italy. Known for their pro-Palestine stance, they have been involved in various c…

IR DORMANT

BANISHED KITTEN

BANISHED KITTEN is an Iranian state-nexus adversary active since at least 2008. While the adversary’s most prominent activity is t…

AKA: DUNE Storm-0842 Red Sandstorm

In December 2020, the IT management software provider SolarWinds announced that an unidentified threat actor had exploited a vulne…

CN DORMANT

BRONZE SPRING

BRONZE SPRING is a threat group that CTU researchers assess with high confidence operates on behalf of China in the theft of intel…

AKA: UNC302

CN DORMANT

BRONZE STARLIGHT

BRONZE STARLIGHT has been active since mid 2021 and targets organizations globally across a range of industry verticals. The group…

AKA: SLIME34 DEV-0401 Cinnamon Tempest Emperor Dragonfly

CN DORMANT

BRONZE VAPOR

BRONZE VAPOR is a targeted threat group assessed with moderate confidence to be of Chinese origin. Artefacts from tools associated…

VN DORMANT

BatShadow

BatShadow is a Vietnamese threat actor that targets job seekers and digital marketing professionals through social engineering cam…

UA DORMANT

Bearlyfy

Bearlyfy has been attributed to over 70 cyber attacks targeting Russian companies since its emergence in January 2025, employing a…

AKA: Labubu

CN DORMANT

Beijing Group

AKA: SNEAKY PANDA Elderwood Elderwood Gang SIG22

PS DORMANT

BiBiGun

A pro-Hamas hacktivist group developed a wiper called BiBi-Linux to target and destroy data on Israeli systems. The malware impers…

KE DORMANT

Bignosa

Bignosa is a threat actor known for launching malware campaigns targeting Australian and US organizations using phishing emails wi…

UA DORMANT

BlackJack

Blackjack, a threat actor linked to Ukraine's security apparatus, has targeted critical Russian entities such as ISPs, utilities, …

CN DORMANT

BlackTech

BlackTech is a cyber espionage group operating against targets in East Asia, particularly Taiwan, and occasionally, Japan and Hong…

AKA: CIRCUIT PANDA Temp.Overboard HUAPI Palmerworm

PS DORMANT

Blackatom

Recent campaigns suggest Hamas-linked actors may be advancing their TTPs to include intricate social engineering lures specially c…

CN DORMANT

Blackgear

BLACKGEAR is an espionage campaign which has targeted users in Taiwan for many years. Multiple papers and talks have been released…

AKA: Topgear Comnie BLACKGEAR

PS DORMANT

Blackmeta

BLACKMETA is a pro-Palestinian hacktivist group that has claimed responsibility for a series of DDoS attacks and data breaches tar…

AKA: SN Blackmeta

CN DORMANT

Blackwood

Blackwood is a China-aligned APT group that has been active since at least 2018. They primarily engage in cyberespionage operation…

IR DORMANT

BladedFeline

BladedFeline is an Iran-aligned APT group that has been active since at least 2017, targeting Iraqi and Kurdish government officia…

CN DORMANT

Blue Termite

Blue Termite is a group of suspected Chinese origin active in Japan.

AKA: Cloudy Omega Emdivi

IL DORMANT

Blue Tsunami

Blue Tsunami, also known as Black Cube, is a cyber mercenary group associated with the private intelligence firm Black Cube. They …

AKA: Black Cube

IR DORMANT

Bohrium

Bohrium is an Iranian threat actor that has been involved in spear-phishing operations targeting organizations in the US, Middle E…

AKA: Smoke Sandstorm BOHRIUM IMPERIAL KITTEN

RU DORMANT

Boulder Bear

First observed activity in December 2013.

CN DORMANT

BrazenBamboo

BrazenBamboo is a Chinese state-affiliated threat actor known for developing the LIGHTSPY, DEEPDATA, and DEEPPOST malware families…

CN DORMANT

Budminer

Based on the evidence we have presented Symantec attributed the activity involving theDripion malware to the Budminer advanced thr…

AKA: Budminer cyberespionage group

RU DORMANT

BuhTrap

Buhtrap has been active since 2014, however their first attacks against financial institutions were only detected in August 2015. …

Targets: Bank Payment Finance

RU DORMANT

CIRCUS SPIDER

According to Crowdstrike, the NetWalker ransomware is being developed and maintained by a Russian-speaking actor designated as CIR…

CN DORMANT

CL-STA-0048

CL-STA-0048 is a Chinese state-backed APT that targets strategic sectors in South Asia, particularly government and telecommunicat…

AKA: CL STA 0048

CN DORMANT

TN DORMANT

Corsair Jackal

AKA: TunisianCyberArmy

IR DORMANT

Cotton Sandstorm

Cotton Sandstorm is an Iranian threat actor involved in hack-and-leak operations. They have targeted various organizations, includ…

AKA: Emennet Pasargad Holy Souls MARNANBRIDGE NEPTUNIUM

IR DORMANT

Cuboid Sandstorm

Cuboid Sandstorm is an Iranian threat actor that targeted an Israel-based IT company in July 2021. They gained access to the compa…

AKA: DEV-0228

CN DORMANT

Curious Gorge

Curious Gorge, a group TAG attributes to China's PLA SSF, has conducted campaigns against government and military organizations in…

AKA: UNC3742

RU DORMANT

Curly COMrades

Curly COMrades is a threat actor identified by Amazon Threat Intelligence and Bitdefender, believed to operate in support of Russi…

IR DORMANT

Cutting Kitten

One of the threat actors responsible for the denial of service attacks against U.S in 2012–2013. Three individuals associated with…

AKA: ITsecTeam

UA DORMANT

Cyber Alliance

The Ukrainian Cyber Alliance is a pro-Ukraine hacktivist group formed in 2016, primarily targeting Russian entities since the inva…

IR DORMANT

Cyber Av3ngers

The hacktivist group ‘Cyber Av3ngers’ has historically claimed attacks on Israel’s critical infrastructures. It has been launching…

RU DORMANT

Cyber Berkut

IR DORMANT

Cyber Islamic Resistance

Cyber Islamic Resistance is a hacktivist collective ideologically aligned with Iran, engaging in operations such as website deface…

BY DORMANT

Cyber Partisans

The Cyber Partisans, a hacktivist group based in Belarus, has been involved in various cyber-attacks targeting organizations and i…

RU DORMANT

Cyber Serp

UAC-0255 is a threat actor that conducted a phishing campaign impersonating CERT-UA to distribute the AGEWHEEZE RAT, targeting org…

AKA: UAC-0255

IR DORMANT

Cyber Toufan

Cyber Toufan is a threat actor group that has gained prominence for its cyberattacks targeting Israeli organizations. The group's …

IR DORMANT

Cyber fighters of Izz Ad-Din Al Qassam

AKA: Fraternal Jackal

UA DORMANT

Cyber.Anarchy.Squad

Cyber Anarchy Squad is a pro-Ukrainian hacktivist group known for targeting Russian companies and infrastructure. They have carrie…

AKA: Cyber Anarchy Squad

CN DORMANT

DAGGER PANDA

Operate since at least 2011, from several locations in China, with members in Korea and Japan as well. Possibly linked to Onion D…

AKA: IceFog Trident RedFoxtrot Red Wendigo

Targets: Other Maritime Military

CN DORMANT

DEV-0147

DEV-0147 is a China-based cyber espionage actor was observed compromising diplomatic targets in South America, a notable expansion…

IR DORMANT

DEV-0270

Microsoft threat intelligence teams have been tracking multiple ransomware campaigns and have tied these attacks to DEV-0270, also…

AKA: Nemesis Kitten Storm-0270

RU DORMANT

DEV-0586

MSTIC has not found any notable associations between this observed activity, tracked as DEV-0586, and other known activity groups.…

AKA: Ruinous Ursa Cadet Blizzard

CN DORMANT

Dalbit

The group usually targets vulnerable servers to breach information including internal data from companies or encrypts files and de…

LB DORMANT

Dark Caracal

Lookout and Electronic Frontier Foundation (EFF) have discovered Dark Caracal, a persistent and prolific actor, who at the time of…

AKA: G0070

KR DORMANT

DarkHotel

Kaspersky described DarkHotel in a 2014 report as: '... DarkHotel drives its campaigns by spear-phishing targets with highly advan…

AKA: DUBNIUM Fallout Team Karba Luder

SY DORMANT

Deadeye Jackal

The Syrian Electronic Army (SEA) is a group of computer hackers which first surfaced online in 2011 to support the government of S…

AKA: SyrianElectronicArmy SEA

CN DORMANT

ELOQUENT PANDA

KP DORMANT

ELUSIVE COMET

ELUSIVE COMET is a threat actor responsible for significant cryptocurrency theft through sophisticated social engineering attacks,…

RU DORMANT

ENERGETIC BEAR

A Russian group that collects intelligence on the energy industry.

AKA: BERSERK BEAR ALLANITE CASTLE DYMALLOY

Targets: Energy

CN DORMANT

Earth Alux

Earth Alux is a China-linked APT group known for conducting cyberespionage attacks across various sectors, including government, t…

CN DORMANT

Earth Baxia

Earth Baxia is a threat actor opearting out of China, targeting government organizations in Taiwan and potentially across the APAC…

CN DORMANT

Earth Berberoka

According to TrendMicro, Earth Berberoka is a threat group originating from China that mainly focuses on targeting gambling websit…

AKA: GamblingPuppet

CN DORMANT

Earth Freybug

Earth Freybug, identified as a subset of APT41, is a cyberthreat group active since at least 2012, engaging in espionage and finan…

CN DORMANT

Earth Naga is an APT group that has persistently targeted high-value organizations, including government agencies, telecommunicati…

CN DORMANT

Earth Wendigo

Earth Wendigo is a threat actor from China that has been targeting several organizations — including government organizations, res…

IR DORMANT

Edalat-e Ali

Edalat-e Ali is a hacktivist group known for disrupting Iranian state-run TV and radio transmissions during significant events, su…

IR DORMANT

Educated Manticore

Educated Manticore is an Iranian APT group aligned with the Islamic Revolutionary Guard Corps, primarily engaged in espionage targ…

US DORMANT

Equation Group

The Equation Group is a highly sophisticated threat actor described by its discoverers at Kaspersky Labs as one of the most sophis…

AKA: Tilded Team EQGRP G0020

CN DORMANT

Evasive Panda

Evasive Panda is an APT group that has been active since at least 2012, conducting cyberespionage targeting individuals, governmen…

AKA: BRONZE HIGHLAND

RU DORMANT

EvilWeb

EvilWeb is a pro-Russian hacktivist group created in March 2024 that targets American and European entities using a hack-and-leak …

RU DORMANT

FIN1

FireEye first identified this activity during a recent investigation at an organization in the financial industry. They identified…

RU DORMANT

FIN13

Since 2017, Mandiant has been tracking FIN13, an industrious and versatile financially motivated threat actor conducting long-term…

AKA: TG2003 Elephant Beetle

RU DORMANT

FIN7

Groups targeting financial organizations or people with significant financial assets.

AKA: CARBON SPIDER GOLD NIAGARA Calcium ATK32

CN DORMANT

FOXY PANDA

Adversary group targeting telecommunication and technology organizations.

Targets: Technology Telecoms

RU DORMANT

Femwar02

Femwar02 is a previously unknown pro-Russian ransomware threat actor that emerged in early 2026, linked to a major cyberattack on …

IR DORMANT

Ferocious Kitten

Ferocious Kitten is an APT group that has been active against Persian-speaking individuals since 2015 and appears to be based in I…

CN DORMANT

Flax Typhoon

Flax Typhoon is a Chinese state-sponsored threat actor that primarily targets organizations in Taiwan. They conduct espionage camp…

AKA: Ethereal Panda Storm-0919

IR DORMANT

Flying Kitten

GTG-1002

GTG-1002 is a Chinese state-sponsored APT that conducted a large-scale autonomous cyber espionage campaign targeting approximately…

RU DORMANT

Gamaredon Group

Unit 42 threat researchers have recently observed a threat group distributing new, custom developed malware. We have labelled this…

AKA: ACTINIUM DEV-0157 Blue Otso BlueAlpha

CN DORMANT

GhostEmperor

Greenbug

Greenbug was discovered targeting a range of organizations in the Middle East including companies in the aviation, energy, governm…

Targets: Education Energy Investment

UA DORMANT

Groundbait

Groundbait is a group targeting anti-government separatists in the self-declared Donetsk and Luhansk People’s Republics.

Targets: Separatists

CN DORMANT

HAFNIUM

HAFNIUM primarily targets entities in the United States across a number of industry sectors, including infectious disease research…

AKA: ATK233 G0125 Operation Exchange Marauder Red Dev 13

IN DORMANT

HAZY TIGER

The Bitter threat group initially started using RAT tools in their campaigns, as the first Bitter versions, for Android released i…

AKA: Bitter T-APT-17 APT-C-08 Orange Yali

CN DORMANT

HURRICANE PANDA

We have investigated their intrusions since 2013 and have been battling them nonstop over the last year at several large telecommu…

Targets: Technology Telecoms

PS DORMANT

Handala

Handala is a pro-Palestinian hacktivist group that targets Israeli organizations, employing tactics such as phishing, data theft, …

CN DORMANT

Hellsing

This threat actor uses spear-phishing techniques to compromise diplomatic targets in Southeast Asia, India, and the United States.…

ID DORMANT

INDOHAXSEC TEAM

INDOHAXSEC TEAM is an Indonesian group that claims to have developed a web-based version of WannaCry, asserting the ability to enc…

RU DORMANT

INDRIK SPIDER

INDRIK SPIDER is a sophisticated eCrime group that has been operating Dridex since June 2014. In 2015 and 2016, Dridex was one of …

AKA: Manatee Tempest

IR DORMANT

IRIDIUM

IronHusky

IronHusky is a Chinese-based threat actor first attributed in July 2017 targeting Russian and Mongolian governments, as well as av…

Priority Threats

Live Feed Last 24 hours

Active IOC Feed

Analyst Tools

Threat Intelligence News

Ransomware activity

qilin

thegentlemen

apt73

incransom

akira

coinbasecartel

shinyhunters

genesis

payload

lockbit5

braincipher

worldleaks

dragonforce

leakbazaar

safepay

threeam

blacknevas

everest

lamashtu

lynx

silentransomgroup

play

anubis

krybit

pear

shadowbyt3$

interlock

kairos

stormous

cmdorganization

nightspire

ransomhouse

ailock

aurora

bravox

chaos

killsec

insomnia

lapsus$

mnt6

ransomexx

abyss

auditteam

beast

crypto24

fulcrumsec

moneymessage

morpheus

nitrogen

payoutsking

securotrop

sinobi

spacebears

termite

0apt

0mega

8base

abrahams_ax

adminlocker

againstthewest

agl0bgvycg

ako

alp-001

alphalocker

alphv

apos

arcusmedia

argonauts

arkana

arvinclub

atomsilo

avaddon

avos

avoslocker