Shadowserver

Over 1,200 IceWarp servers still vulnerable to unauthenticated RCE flaw (CVE-2025-14500)

CVE, Don't miss, enterprise, Hot stuff, IceWarp, News, security update, Shadowserver, SMBs, vulnerability /

Over 1,200 IceWarp servers still vulnerable to unauthenticated RCE flaw (CVE-2025-14500) 2026-03-04 at 15:57 By Zeljka Zorz A critical RCE vulnerability (CVE-2025-14500) in IceWarp, an EU-made business communication and collaboration platform, may be exploited by attackers to gain unauthorized access to exposed unpatched servers. According to the Shadowserver Foundation, there are currently over 1,200 internet-facing […]

Over 1,200 IceWarp servers still vulnerable to unauthenticated RCE flaw (CVE-2025-14500) Read More »

574 arrests, $3 million recovered in Africa-wide cybercrime crackdown

Africa, arrest, cybercrime, Don't miss, Interpol, law enforcement, News, Shadowserver, Team Cymru, Trend Micro, Uppsala Security /

574 arrests, $3 million recovered in Africa-wide cybercrime crackdown 2025-12-22 at 15:09 By Anamarija Pogorelec Law enforcement agencies across 19 countries arrested 574 suspects and recovered approximately $3 million during a major cybercrime operation spanning Africa. Suspects were arrested in Ghana in connection to the cyber-fraud case, with over 100 digital devices seized. (Source: Europol)

574 arrests, $3 million recovered in Africa-wide cybercrime crackdown Read More »

Rhadamanthys infostealer operation disrupted by law enforcement

Don't miss, Europol, Hot stuff, law enforcement, Malware, News, Shadowserver /

Rhadamanthys infostealer operation disrupted by law enforcement 2025-11-13 at 14:05 By Zeljka Zorz The rumors were true: Operation Endgame, a joint effort between law enforcement and judicial authorities of several European countries, Australia, Canada, the UK and the US, has disrupted the infrastructure supporting the operation of the Rhadamanthys infostealer. “Between 10 and 14 November

Rhadamanthys infostealer operation disrupted by law enforcement Read More »

Too many Cisco ASA firewalls still unsecure despite zero-day attack alerts

0-day, Cisco, Don't miss, firewall, Government, government-backed attacks, GreyNoise, Hot stuff, News, Shadowserver /

Too many Cisco ASA firewalls still unsecure despite zero-day attack alerts 2025-10-01 at 13:36 By Zeljka Zorz Despite Cisco and various cybersecurity agencies warning about attackers actively exploting zero-day vulnerabilities (CVE-2025-20333 and CVE-2025-20362) in Cisco Adaptive Security Appliances (ASA) for months, there are still around 48,000 vulnerable appliances out there. The number is provided by

Too many Cisco ASA firewalls still unsecure despite zero-day attack alerts Read More »

Exploit for critical SAP Netweaver flaws released (CVE-2025-31324, CVE-2025-42999)

Don't miss, exploit, Hot stuff, News, Onapsis, SAP, SAP security, Shadowserver, vulnerability /

Exploit for critical SAP Netweaver flaws released (CVE-2025-31324, CVE-2025-42999) 2025-08-20 at 19:25 By Zeljka Zorz A working exploit concatenating two critical SAP Netweaver vulnerabilities (CVE-2025-31324, CVE-2025-42999) that have been previously exploited in the wild has been made public by VX Underground, Onapsis security researchers have warned. The exploit has allegedly been released on a Telegram

Exploit for critical SAP Netweaver flaws released (CVE-2025-31324, CVE-2025-42999) Read More »

Netscaler vulnerability was exploited as zero-day for nearly two months (CVE-2025-6543)

Citrix, Don't miss, Europe, Fortinet, Hot stuff, NCSC-NL, NetScaler, News, Shadowserver /

Netscaler vulnerability was exploited as zero-day for nearly two months (CVE-2025-6543) 2025-08-12 at 17:51 By Zeljka Zorz FortiGuard Labs has reported a dramatic spike in exploitation attempts targeting Citrix Bleed 2, a critical buffer over‑read flaw (CVE‑2025‑5777) affecting Citrix NetScaler ADC (Application Delivery Controller) and Gateway devices. Since July 28, 2025, they have detected over 6,000 exploitation

Netscaler vulnerability was exploited as zero-day for nearly two months (CVE-2025-6543) Read More »

Critical CrushFTP vulnerability exploited. Have you been targeted? (CVE-2025-54309)

CrushFTP, Don't miss, enterprise, exploit, file-sharing, Hot stuff, News, Rapid7, Shadowserver, SMBs, vulnerability /

Critical CrushFTP vulnerability exploited. Have you been targeted? (CVE-2025-54309) 2025-07-21 at 15:42 By Zeljka Zorz Unknown attackers have exploited a vulnerability (CVE-2025‑54309) in the CrushFTP enterprise file-transfer server solution to gain administrative access to vulnerable deployments. It’s currently unclear what the attackers are using this access for, but data theft looks most likely. According to

Critical CrushFTP vulnerability exploited. Have you been targeted? (CVE-2025-54309) Read More »

Roundcube RCE: Dark web activity signals imminent attacks (CVE-2025-49113)

CERT-PL, Don't miss, exploit, FearsOff, Hot stuff, News, PoC, Roundcube, Shadowserver, vulnerability /

Roundcube RCE: Dark web activity signals imminent attacks (CVE-2025-49113) 2025-06-09 at 15:18 By Zeljka Zorz With an exploit for a critical Roundcube vulnerability (CVE-2025-49113) being offered for sale on underground forums and a PoC exploit having been made public, attacks exploiting the flaw are incoming and possibly already happening. According to the Shadowserver Foundation, there

Roundcube RCE: Dark web activity signals imminent attacks (CVE-2025-49113) Read More »

145 criminal domains linked to BidenCash Marketplace seized

Cryptocurrency, cybersecurity, FBI, Government, law enforcement, News, Searchlight Cyber, Shadowserver, US DoJ, USA /

145 criminal domains linked to BidenCash Marketplace seized 2025-06-06 at 13:01 By Help Net Security Approximately 145 darknet and conventional internet domains, along with cryptocurrency funds linked to the BidenCash marketplace, have been seized by the U.S. Attorney’s Office for the Eastern District of Virginia. The operators of the BidenCash marketplace use the platform to

145 criminal domains linked to BidenCash Marketplace seized Read More »

DanaBot botnet disrupted, QakBot leader indicted

court, CrowdStrike, Don't miss, ESET, Eurojust, Europol, Fox-IT, Hot stuff, law enforcement, News, Proofpoint, Shadowserver, US DoJ, Zscaler /

DanaBot botnet disrupted, QakBot leader indicted 2025-05-23 at 14:17 By Zeljka Zorz Operation Endgame, mounted by law enforcement and judicial authorities from the US, Canada and the EU, continues to deliver positive results by disrupting the DanaBot botnet and indicting the leaders of both the DanaBot and Qakbot Malware-as-a-Service operations. Operation Endgame 2.0 Coordinated by

DanaBot botnet disrupted, QakBot leader indicted Read More »

Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825)

CrushFTP, CVE, Don't miss, Hot stuff, News, PoC, Rapid7, Shadowserver, VulnCheck /

Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825) 2025-04-01 at 18:49 By Zeljka Zorz Exploitation attempts targeting the CVE-2025-2825 vulnerability on internet-facing CrushFTP instances are happening, the Shadowserver Foundation has shared on Monday, and the attackers have been leveraging publicly available PoC exploit code. What can be done? CVE-2025-2825, affecting CrushFTP versions 10.0.0 through

Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825) Read More »

48,000+ internet-facing Fortinet firewalls still open to attack

Arctic Wolf Networks, Asia, Don't miss, enterprise, firewall, Fortinet, Hot stuff, Kroll, News, Shadowserver, USA /

48,000+ internet-facing Fortinet firewalls still open to attack 2025-01-22 at 14:34 By Zeljka Zorz Despite last week’s confirmation of and warnings about long-standing exploitation of CVE-2024-55591, a critical vulnerability affecting Fortinet Fortigate firewalls, too many vulnerable devices are still accessible from the Internet and open to attack: over 48,000, according to data from the Shadowserver

48,000+ internet-facing Fortinet firewalls still open to attack Read More »

UK domain registry Nominet breached via Ivanti zero-day

0-day, CISA, Don't miss, Hot stuff, Ivanti, Mandiant, News, Nominet, Shadowserver, WatchTowr /

UK domain registry Nominet breached via Ivanti zero-day 2025-01-13 at 22:17 By Zeljka Zorz The number of internet-facing Ivanti Connect Secure instances vulnerable to attack via CVE-2025-0282 has fallen from 2,048 to 800 in the last four days, the Shadowserver Foundation shared today. In the meantime, UK domain registry Nominet became the first publicly known

UK domain registry Nominet breached via Ivanti zero-day Read More »

How the Shadowserver Foundation helps network defenders with free intelligence feeds

automation, cybersecurity, Don't miss, Features, Hot stuff, Incident Response, network, News, opinion, Shadowserver, Threat Intelligence /

How the Shadowserver Foundation helps network defenders with free intelligence feeds 2024-12-05 at 07:01 By Mirko Zorz In this Help Net Security interview, Piotr Kijewski, CEO of The Shadowserver Foundation, discusses the organization’s mission to enhance internet security by exposing vulnerabilities, malicious activity, and emerging threats. Kijewski explains the foundation’s automated efforts to track and

How the Shadowserver Foundation helps network defenders with free intelligence feeds Read More »

2,000 Palo Alto Networks devices compromised in latest attacks

CVE, Don't miss, enterprise, firewall, Hot stuff, India, News, Palo Alto Networks, Shadowserver, USA /

2,000 Palo Alto Networks devices compromised in latest attacks 2024-11-21 at 13:27 By Zeljka Zorz Attackers have compromised around 2,000 Palo Alto Networks firewalls by leveraging the two recently patched zero-days (CVE-2024-0012 and CVE-2024-9474), Shadowserver Foundation’s internet-wide scanning has revealed. Compromised devices are predominantly located in the US and India, the nonprofit says. Manual and

2,000 Palo Alto Networks devices compromised in latest attacks Read More »

87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113)

CVE, Don't miss, enterprise, Fortinet, FortiOS, Hot stuff, News, Shadowserver, vulnerability, WatchTowr /

87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113) 2024-10-15 at 14:49 By Zeljka Zorz Last week, CISA added CVE-2024-23113 – a critical vulnerability that allows unauthenticated remote code/command execution on unpatched Fortinet FortiGate firewalls – to its Known Exploited Vulnerabilities catalog, thus confirming that it’s being leveraged by attackers in the

87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113) Read More »

17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns

BSI, Don't miss, enterprise, Germany, Hot stuff, Microsoft Exchange, News, Shadowserver, vulnerability /

17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns 2024-03-26 at 15:31 By Zeljka Zorz Around 12% of the 45,000 or so Microsoft Exchange servers in Germany that can be accessed from the Internet without restrictions “are so outdated that security updates are no longer offered for them,” the German Federal Office

17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns Read More »

Attackers exploiting ConnectWise ScreenConnect flaws, fixes available for all users (CVE-2024-1709, CVE-2024-1708)

ConnectWise, Don't miss, exploit, Hot stuff, Huntress, MSP, News, Palo Alto Networks, PoC, remote access, remote management, Shadowserver, vulnerability, WatchTowr /

Attackers exploiting ConnectWise ScreenConnect flaws, fixes available for all users (CVE-2024-1709, CVE-2024-1708) 2024-02-22 at 12:31 By Zeljka Zorz The two ScreenConnect vulnerabilities ConnectWise has recently urged customers to patch have finally been assigned CVE numbers: CVE-2024-1709 for the authentication bypass, CVE-2024-1708 for the path traversal flaw. ConnectWise has also released a newer version of ScreenConnect

Attackers exploiting ConnectWise ScreenConnect flaws, fixes available for all users (CVE-2024-1709, CVE-2024-1708) Read More »

Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893)

Don't miss, exploit, Hot stuff, Ivanti, News, Shadowserver, vulnerability /

Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893) 2024-02-07 at 12:16 By Zeljka Zorz CVE-2024-21893, a server-side request forgery (SSRF) vulnerability affecting Ivanti Connect Secure VPN gateways and Policy Secure (a network access control solution), is being exploited by attackers. About CVE-2024-21893 CVE-2024-21893 allows a attackers to bypass authentication requirements and access certain restricted

Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893) Read More »

Russian hackers target unpatched JetBrains TeamCity servers

APT, CISA, cyber espionage, Don't miss, enterprise, exploit, Fortinet, Hot stuff, JetBrains, National Cyber Security Centre, News, Shadowserver, vulnerability /

Russian hackers target unpatched JetBrains TeamCity servers 14/12/2023 at 16:04 By Helga Labus Russian state-sponsored hackers have been exploiting CVE-2023-42793 to target unpatched, internet-facing JetBrains TeamCity servers since September 2023, US, UK and Polish cybersecurity and law enforcement authorities have warned. The targets APT 29 (aka CozyBear, aka Midnight Blizzard), believed to be associated with

Russian hackers target unpatched JetBrains TeamCity servers Read More »

Scroll to Top