Ivanti Innovators Hub
If you receive an alert from us, please review the security advisory and guidance from Ivanti at hub.ivanti.com/s/article/Se... including the ExploitationΒ Detection RPM Package co-developed by Ivanti & NCSC.nl
07.02.2026 16:22 β π 0 π 0 π¬ 0 π 0
We have started to report webshells (or other artifacts) found on Ivanti EPMM devices, likely compromised via CVE-2026-1281. 56 IPs found on 2026-02-06
Data in shadowserver.org/what-we-do/n...
Tree Map view: dashboard.shadowserver.org/statistics/c...
Thank you to the KSA NCA for the heads up!
07.02.2026 16:22 β π 0 π 0 π¬ 1 π 0
These reports help people defend the country against cyber attacks and also helps people fight scammer networks
#CyberCivilDefense #take9
05.02.2026 11:53 β π 13 π 4 π¬ 0 π 0
SolarWinds Trust Center Security Advisories | CVE-2025-40551
See advisory and patch info from SolarWinds: www.solarwinds.com/trust-center...
If you receive an alert from us, make sure to review for compromise.
NVD entry: nvd.nist.gov/vuln/detail/...
Thank you to Validin for collaboration on the scan.
05.02.2026 10:54 β π 0 π 0 π¬ 0 π 0
For the last few days, we have been sharing SolarWinds Help Desk CVE-2025-40551 RCE vulnerable IPs (version check based) - ~ 170 seen. This vuln is now on CISAKEV. Data in Vulnerable HTTP reports: www.shadowserver.org/what-we-do/n...
Dashboard Tree Map: dashboard.shadowserver.org/statistics/c...
05.02.2026 10:54 β π 4 π 1 π¬ 1 π 1
SolarWinds Trust Center Security Advisories | CVE-2025-40551
See advisory and patch info from SolarWinds: www.solarwinds.com/trust-center...
If you receive an alert from us, make sure to review for compromise.
NVD entry: nvd.nist.gov/vuln/detail/...
Thank you to Validin for collaboration on the scan.
05.02.2026 10:51 β π 0 π 0 π¬ 0 π 0
Tree map by country Β·
IoT device statistics Β·
The Shadowserver Foundation
Dashboard Tree Map view: dashboard.shadowserver.org/statistics/i...
OpenClaw Dashboard exposure tracker (for past data, select vendor Moltbot on the Dashabord):
dashboard.shadowserver.org/statistics/i...
03.02.2026 17:35 β π 1 π 0 π¬ 0 π 0
Hacking Moltbook: AI Social Network Reveals 1.5M API Keys | Wiz Blog
Learn how a misconfigured Supabase database at Moltbook exposed 1.5M API keys, private messages, and user emails, enabling full AI agent takeover.
Most instances are across various cloud providers.
Our reporting is for awareness purposes.
OpenClaw has had various security risks highlighted recently (such as for example www.wiz.io/blog/exposed... & CVE-2026-25253 (1-Click RCE via Authentication Token Exfiltration)
03.02.2026 17:35 β π 2 π 0 π¬ 1 π 0
We are scanning & reporting out exposed OpenClaw/Clawdbot/Moltbot instances, with ~25K seen 2026-02-02. We report these out in our Device Identification reporting, with vendor set to OpenClaw for all cases: www.shadowserver.org/what-we-do/n...
World Map: dashboard.shadowserver.org/statistics/i...
03.02.2026 17:35 β π 6 π 3 π¬ 1 π 0
CISA Adds One Known Exploited Vulnerability to Catalog | CISA
CVE-2026-1281 has been added to CISA Known Exploited Vulnerability catalog: www.cisa.gov/news-events/...
Additional background from watchTowr: labs.watchtowr.com/someone-know...
31.01.2026 15:32 β π 0 π 0 π¬ 0 π 0
INFO: Device Identification Report | The Shadowserver Foundation
DESCRIPTION LAST UPDATED: 2023-12-06 DEFAULT SEVERITY LEVEL: INFO This report contains a list of devices we have identified in our daily Internet scans. The assessment is made based on all our Interne...
IP data on exposed instances shared in Device ID (device_vendor Ivanti, device_model EPMM ): www.shadowserver.org/what-we-do/n...
Dashboard World Map of exposed instances: dashboard.shadowserver.org/statistics/i...
Tree Map breakdown of exposed instances: dashboard.shadowserver.org/statistics/i...
31.01.2026 15:32 β π 0 π 0 π¬ 1 π 0
Spike in Ivanti EPMM CVE-2026-1281 RCE exploitation attempts seen by our sensors last 24 hours from at least 13 source IPs. In our scans, we see ~1600 exposed instances worldwide (no vulnerability assessment). Top exposed: Germany (516)
Ivanti hotfix guidance: forums.ivanti.com/s/article/Se...
31.01.2026 15:32 β π 6 π 2 π¬ 1 π 1
CVE-2026-24858, a Fortinet authentication bypass vulnerability affecting multiple Fortinet products with FortiCloud SSO enabled, has been added by CISA to the KEV catalog.
We share exposed Fortinet instances with FortiCloud SSO enabled daily in our feeds (~10 000 seen)
28.01.2026 18:48 β π 4 π 4 π¬ 1 π 0
Time series Β·
General statistics Β·
The Shadowserver Foundation
Tracker: dashboard.shadowserver.org/statistics/c...
Please update to the latest build (9518 as of time of writing) www.smartertools.com/smartermail/...
Background: labs.watchtowr.com/attackers-wi...
#CyberCivilDefense
26.01.2026 14:03 β π 0 π 0 π¬ 0 π 0
We added SmarterTools SmarterMail CVE-2026-23760 RCE to our daily Vulnerable HTTP scans. Around 6000 IPs globally found likely vulnerable based on our version check. We also see exploitation attempts in the wild.
CVE-2026-23760 Geo Treemap View: dashboard.shadowserver.org/statistics/c...
26.01.2026 14:03 β π 1 π 2 π¬ 1 π 0
oss-sec: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd
We have been tweaking the scan the last few days to better weed out non-telnet protocols. Some honeypots may remain.
Telnet should not be publicly exposed, but often is especially on legacy iot devices.
CVE-2026-24061 info & patch: seclists.org/oss-sec/2026...
26.01.2026 10:31 β π 0 π 0 π¬ 0 π 0
Tree map Β·
General statistics Β·
The Shadowserver Foundation
Dashboard Tree Map view of telnet exposure (no vulnerability assessment): dashboard.shadowserver.org/statistics/c...
Like others, we also see exploitation attempts in the wild at scale.
#CyberCivilDefense
26.01.2026 10:26 β π 0 π 0 π¬ 1 π 0
Regarding CVE-2026-24061 in GNU InetUtils telnetd: while we are not scanning for it explicitly (due to current lack of ability to check in a safe way, we do share - and have for years - data on exposed instances in our Accessible Telnet Report: www.shadowserver.org/what-we-do/n...
~800K exposed
26.01.2026 10:26 β π 5 π 2 π¬ 0 π 1
NVD - CVE-2025-52691
NVD entry: nvd.nist.gov/vuln/detail/...
Singapore CSA advisory: www.csa.gov.sg/alerts-and-a...
CVE-2025-52691 Tracker: dashboard.shadowserver.org/statistics/c...
SmarterMail exposure tracker (not a vulnerability assessment):
dashboard.shadowserver.org/statistics/i...
13.01.2026 12:29 β π 0 π 1 π¬ 1 π 0
We are scanning & reporting out SmarterMail hosts vulnerable to CVE-2025-52691 RCE (CVSS 10).
8001 unique IPs likely vulnerable on 2026-01-12 (18783 exposed). Note Exploit PoCs are public.
Tree Map: dashboard.shadowserver.org/statistics/c...
Raw IP data: www.shadowserver.org/what-we-do/n...
13.01.2026 12:29 β π 2 π 2 π¬ 1 π 0
Iran Internet blackout visualized on our Public Dashboard - drop to near zero exposure after 2026-01-08 in scan and sinkhole telemetry:
Scan results: dashboard.shadowserver.org/statistics/c...
Sinkhole results:
dashboard.shadowserver.org/statistics/c...
13.01.2026 10:51 β π 4 π 3 π¬ 0 π 0
You can also track different scan results for recent n8n vulns (not just CVE-2026-21858 but also CVE-2025-68668, CVE-2025-68613, CVE-2026-21877) on Dashboard:
dashboard.shadowserver.org/statistics/c...
dashboard.shadowserver.org/statistics/c...
12.01.2026 17:17 β π 1 π 0 π¬ 1 π 0
NVD - CVE-2026-21858
Note this is a version based scan. If you receive an alert from us make sure to update!
Vulnerability details: www.cyera.com/research-lab...
10.01.2026 20:18 β π 1 π 0 π¬ 0 π 0
World map Β·
General statistics Β·
The Shadowserver Foundation
Thank you to Validin for the collaboration on the scan!
Dashboard World Map view:
dashboard.shadowserver.org/statistics/c...
CVE-2026-21858 Tracker:
dashboard.shadowserver.org/statistics/c...
Advisory with patch info: github.com/n8n-io/n8n/s...
NVD entry: nvd.nist.gov/vuln/detail/...
10.01.2026 20:18 β π 0 π 0 π¬ 1 π 0
Scan results for n8n CVE-2026-21858 (CVSS 10.0 RCE) for 2026-01-09: 105,753 vulnerable instances by unique IP found - out of 230,562 IPs with n8n we see that day.
Dashboard Tree Map view: dashboard.shadowserver.org/statistics/c...
IP data in Vulnerable HTTP: www.shadowserver.org/what-we-do/n...
10.01.2026 20:18 β π 3 π 0 π¬ 1 π 1
World map Β·
General statistics Β·
The Shadowserver Foundation
CVE-2020-12812 is also on CISA KEV.
Dashboard World Map view:
dashboard.shadowserver.org/statistics/c...
Dashboard Tree Map view:
dashboard.shadowserver.org/statistics/c...
Original Fortinet advisory from July 2020: www.fortiguard.com/psirt/FG-IR-...
#CyberCivilDefense
02.01.2026 11:10 β π 2 π 0 π¬ 0 π 0
