{ "generated": "2026-04-30T20:25:54Z", "count": 743, "iocs": [ { "value": "CVE-2019-0708", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-09", "title": "ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories", "link": "https://thehackernews.com/2026/04/threatsday-bulletin-sms-blaster-busts.html", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "CVE-2019-15126", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-117", "title": "Supply chain dependencies: Have you checked your blind spot?", "link": "https://www.welivesecurity.com/en/business-security/supply-chain-dependencies-have-you-checked-your-blind-spot/", "published": "2026-04-16", "sev": "crit" } ], "first_seen": "2026-04-16" }, { "value": "CVE-2022-0847", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-15", "title": "New Linux 'Copy Fail' Vulnerability Enables Root Access on Major Distributions", "link": "https://thehackernews.com/2026/04/new-linux-copy-fail-vulnerability.html", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "CVE-2023-20198", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-90", "title": "IR Trends Q1 2026: Phishing reemerges as top initial access vector, as attacks targeting public administration persist", "link": "https://blog.talosintelligence.com/ir-trends-q1-2026/", "published": "2026-04-22", "sev": "crit" } ], "first_seen": "2026-04-22" }, { "value": "CVE-2023-32434", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-153", "title": "Coruna: the framework used in Operation Triangulation", "link": "https://securelist.com/coruna-framework-updated-operation-triangulation-exploit/119228/", "published": "2026-03-26", "sev": "crit" } ], "first_seen": "2026-03-26" }, { "value": "CVE-2023-33538", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" }, { "id": "art-113", "title": "A Deep Dive Into Attempted Exploitation of CVE-2023-33538", "link": "https://unit42.paloaltonetworks.com/exploitation-of-cve-2023-33538/", "published": "2026-04-16", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "CVE-2023-38606", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-153", "title": "Coruna: the framework used in Operation Triangulation", "link": "https://securelist.com/coruna-framework-updated-operation-triangulation-exploit/119228/", "published": "2026-03-26", "sev": "crit" } ], "first_seen": "2026-03-26" }, { "value": "CVE-2024-1708", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-33", "title": "CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV", "link": "https://thehackernews.com/2026/04/cisa-adds-actively-exploited.html", "published": "2026-04-29", "sev": "crit" }, { "id": "art-64", "title": "CISA KEV: CVE-2024-1708 \u2014 ConnectWise ScreenConnect Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-24", "sev": "high" } ], "first_seen": "2026-04-29" }, { "value": "CVE-2024-1709", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-33", "title": "CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV", "link": "https://thehackernews.com/2026/04/cisa-adds-actively-exploited.html", "published": "2026-04-29", "sev": "crit" } ], "first_seen": "2026-04-29" }, { "value": "CVE-2024-32114", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-74", "title": "ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories", "link": "https://thehackernews.com/2026/04/threatsday-bulletin-290m-defi-hack.html", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "CVE-2024-57046", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-74", "title": "ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories", "link": "https://thehackernews.com/2026/04/threatsday-bulletin-290m-defi-hack.html", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "CVE-2024-57726", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-53", "title": "CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline", "link": "https://thehackernews.com/2026/04/cisa-adds-4-exploited-flaws-to-kev-sets.html", "published": "2026-04-25", "sev": "crit" }, { "id": "art-67", "title": "CISA KEV: CVE-2024-57726 \u2014 SimpleHelp Missing Authorization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-24", "sev": "high" } ], "first_seen": "2026-04-25" }, { "value": "CVE-2024-57728", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-53", "title": "CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline", "link": "https://thehackernews.com/2026/04/cisa-adds-4-exploited-flaws-to-kev-sets.html", "published": "2026-04-25", "sev": "crit" }, { "id": "art-64", "title": "CISA KEV: CVE-2024-1708 \u2014 ConnectWise ScreenConnect Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-24", "sev": "high" } ], "first_seen": "2026-04-25" }, { "value": "CVE-2024-7399", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-53", "title": "CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline", "link": "https://thehackernews.com/2026/04/cisa-adds-4-exploited-flaws-to-kev-sets.html", "published": "2026-04-25", "sev": "crit" }, { "id": "art-66", "title": "CISA KEV: CVE-2024-7399 \u2014 Samsung MagicINFO 9 Server Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-24", "sev": "high" } ], "first_seen": "2026-04-25" }, { "value": "CVE-2025-0921", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-113", "title": "A Deep Dive Into Attempted Exploitation of CVE-2023-33538", "link": "https://unit42.paloaltonetworks.com/exploitation-of-cve-2023-33538/", "published": "2026-04-16", "sev": "crit" } ], "first_seen": "2026-04-16" }, { "value": "CVE-2025-14847", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)", "CISA KEV" ], "articles": [ { "id": "art-113", "title": "A Deep Dive Into Attempted Exploitation of CVE-2023-33538", "link": "https://unit42.paloaltonetworks.com/exploitation-of-cve-2023-33538/", "published": "2026-04-16", "sev": "crit" }, { "id": "art-250", "title": "CISA KEV: CVE-2025-14847 \u2014 MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-29", "sev": "high" } ], "first_seen": "2026-04-16" }, { "value": "CVE-2025-20333", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "Cisco Talos" ], "articles": [ { "id": "art-47", "title": "\u26a1 Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More", "link": "https://thehackernews.com/2026/04/weekly-recap-fast16-malware-xchat.html", "published": "2026-04-27", "sev": "crit" }, { "id": "art-56", "title": "FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches", "link": "https://thehackernews.com/2026/04/firestarter-backdoor-hit-federal-cisco.html", "published": "2026-04-24", "sev": "crit" }, { "id": "art-71", "title": "It pays to be a forever student", "link": "https://blog.talosintelligence.com/it-pays-to-be-a-forever-student/", "published": "2026-04-23", "sev": "crit" }, { "id": "art-72", "title": "UAT-4356's Targeting of Cisco Firepower Devices", "link": "https://blog.talosintelligence.com/uat-4356-firestarter/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-27" }, { "value": "CVE-2025-20362", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "Cisco Talos" ], "articles": [ { "id": "art-47", "title": "\u26a1 Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More", "link": "https://thehackernews.com/2026/04/weekly-recap-fast16-malware-xchat.html", "published": "2026-04-27", "sev": "crit" }, { "id": "art-56", "title": "FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches", "link": "https://thehackernews.com/2026/04/firestarter-backdoor-hit-federal-cisco.html", "published": "2026-04-24", "sev": "crit" }, { "id": "art-71", "title": "It pays to be a forever student", "link": "https://blog.talosintelligence.com/it-pays-to-be-a-forever-student/", "published": "2026-04-23", "sev": "crit" }, { "id": "art-72", "title": "UAT-4356's Targeting of Cisco Firepower Devices", "link": "https://blog.talosintelligence.com/uat-4356-firestarter/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-27" }, { "value": "CVE-2025-20393", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos", "CISA KEV" ], "articles": [ { "id": "art-90", "title": "IR Trends Q1 2026: Phishing reemerges as top initial access vector, as attacks targeting public administration persist", "link": "https://blog.talosintelligence.com/ir-trends-q1-2026/", "published": "2026-04-22", "sev": "crit" }, { "id": "art-257", "title": "CISA KEV: CVE-2025-20393 \u2014 Cisco Multiple Products Improper Input Validation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-17", "sev": "high" } ], "first_seen": "2026-04-22" }, { "value": "CVE-2025-21042", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)", "CISA KEV" ], "articles": [ { "id": "art-113", "title": "A Deep Dive Into Attempted Exploitation of CVE-2023-33538", "link": "https://unit42.paloaltonetworks.com/exploitation-of-cve-2023-33538/", "published": "2026-04-16", "sev": "crit" }, { "id": "art-298", "title": "CISA KEV: CVE-2025-21042 \u2014 Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-10", "sev": "high" } ], "first_seen": "2026-04-16" }, { "value": "CVE-2025-22952", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-74", "title": "ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories", "link": "https://thehackernews.com/2026/04/threatsday-bulletin-290m-defi-hack.html", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "CVE-2025-23304", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-113", "title": "A Deep Dive Into Attempted Exploitation of CVE-2023-33538", "link": "https://unit42.paloaltonetworks.com/exploitation-of-cve-2023-33538/", "published": "2026-04-16", "sev": "crit" } ], "first_seen": "2026-04-16" }, { "value": "CVE-2025-24371", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-47", "title": "\u26a1 Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More", "link": "https://thehackernews.com/2026/04/weekly-recap-fast16-malware-xchat.html", "published": "2026-04-27", "sev": "crit" } ], "first_seen": "2026-04-27" }, { "value": "CVE-2025-29635", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-53", "title": "CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline", "link": "https://thehackernews.com/2026/04/cisa-adds-4-exploited-flaws-to-kev-sets.html", "published": "2026-04-25", "sev": "crit" }, { "id": "art-65", "title": "CISA KEV: CVE-2025-29635 \u2014 D-Link DIR-823X Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-24", "sev": "high" } ], "first_seen": "2026-04-25" }, { "value": "CVE-2025-55182", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)", "CISA KEV" ], "articles": [ { "id": "art-54", "title": "The npm Threat Landscape: Attack Surface and Mitigations", "link": "https://unit42.paloaltonetworks.com/monitoring-npm-supply-chain-attacks/", "published": "2026-04-24", "sev": "crit" }, { "id": "art-91", "title": "When Wi-Fi Encryption Fails: Protecting Your Enterprise from AirSnitch Attacks", "link": "https://unit42.paloaltonetworks.com/air-snitch-enterprise-wireless-attacks/", "published": "2026-04-22", "sev": "crit" }, { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" }, { "id": "art-113", "title": "A Deep Dive Into Attempted Exploitation of CVE-2023-33538", "link": "https://unit42.paloaltonetworks.com/exploitation-of-cve-2023-33538/", "published": "2026-04-16", "sev": "crit" }, { "id": "art-136", "title": "Cracks in the Bedrock: Agent God Mode", "link": "https://unit42.paloaltonetworks.com/exploit-of-aws-agentcore-iam-god-mode/", "published": "2026-04-08", "sev": "crit" }, { "id": "art-138", "title": "Cracks in the Bedrock: Escaping the AWS AgentCore Sandbox", "link": "https://unit42.paloaltonetworks.com/bypass-of-aws-sandbox-network-isolation-mode/", "published": "2026-04-07", "sev": "crit" }, { "id": "art-140", "title": "Understanding Current Threats to Kubernetes Environments", "link": "https://unit42.paloaltonetworks.com/modern-kubernetes-threats/", "published": "2026-04-06", "sev": "crit" }, { "id": "art-142", "title": "When an Attacker Meets a Group of Agents: Navigating Amazon Bedrock's Multi-Agent Applications", "link": "https://unit42.paloaltonetworks.com/amazon-bedrock-multiagent-applications/", "published": "2026-04-03", "sev": "crit" }, { "id": "art-143", "title": "Threat Brief: Widespread Impact of the Axios Supply Chain Attack", "link": "https://unit42.paloaltonetworks.com/axios-supply-chain-attack/", "published": "2026-04-01", "sev": "crit" }, { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" }, { "id": "art-147", "title": "Double Agents: Exposing Security Blind Spots in GCP Vertex AI", "link": "https://unit42.paloaltonetworks.com/double-agents-vertex-ai/", "published": "2026-03-31", "sev": "crit" }, { "id": "art-274", "title": "CISA KEV: CVE-2025-55182 \u2014 Meta React Server Components Remote Code Execution Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-05", "sev": "high" } ], "first_seen": "2026-04-24" }, { "value": "CVE-2025-59287", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-113", "title": "A Deep Dive Into Attempted Exploitation of CVE-2023-33538", "link": "https://unit42.paloaltonetworks.com/exploitation-of-cve-2023-33538/", "published": "2026-04-16", "sev": "crit" } ], "first_seen": "2026-04-16" }, { "value": "CVE-2025-66478", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)", "CISA KEV" ], "articles": [ { "id": "art-113", "title": "A Deep Dive Into Attempted Exploitation of CVE-2023-33538", "link": "https://unit42.paloaltonetworks.com/exploitation-of-cve-2023-33538/", "published": "2026-04-16", "sev": "crit" }, { "id": "art-274", "title": "CISA KEV: CVE-2025-55182 \u2014 Meta React Server Components Remote Code Execution Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-05", "sev": "high" } ], "first_seen": "2026-04-16" }, { "value": "CVE-2026-0740", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-63", "title": "LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure", "link": "https://thehackernews.com/2026/04/lmdeploy-cve-2026-33626-flaw-exploited.html", "published": "2026-04-24", "sev": "crit" } ], "first_seen": "2026-04-24" }, { "value": "CVE-2026-1281", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-113", "title": "A Deep Dive Into Attempted Exploitation of CVE-2023-33538", "link": "https://unit42.paloaltonetworks.com/exploitation-of-cve-2023-33538/", "published": "2026-04-16", "sev": "crit" } ], "first_seen": "2026-04-16" }, { "value": "CVE-2026-1340", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)", "CISA KEV" ], "articles": [ { "id": "art-113", "title": "A Deep Dive Into Attempted Exploitation of CVE-2023-33538", "link": "https://unit42.paloaltonetworks.com/exploitation-of-cve-2023-33538/", "published": "2026-04-16", "sev": "crit" }, { "id": "art-222", "title": "CISA KEV: CVE-2026-1340 \u2014 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-01-29", "sev": "high" } ], "first_seen": "2026-04-16" }, { "value": "CVE-2026-1731", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "Unit 42 (Palo Alto)", "CISA KEV" ], "articles": [ { "id": "art-47", "title": "\u26a1 Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More", "link": "https://thehackernews.com/2026/04/weekly-recap-fast16-malware-xchat.html", "published": "2026-04-27", "sev": "crit" }, { "id": "art-113", "title": "A Deep Dive Into Attempted Exploitation of CVE-2023-33538", "link": "https://unit42.paloaltonetworks.com/exploitation-of-cve-2023-33538/", "published": "2026-04-16", "sev": "crit" }, { "id": "art-201", "title": "CISA KEV: CVE-2026-1731 \u2014 BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-13", "sev": "high" } ], "first_seen": "2026-04-27" }, { "value": "CVE-2026-21509", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity", "CISA KEV" ], "articles": [ { "id": "art-174", "title": "Sednit reloaded: Back in the trenches", "link": "https://www.welivesecurity.com/en/eset-research/sednit-reloaded-back-trenches/", "published": "2026-03-10", "sev": "crit" }, { "id": "art-229", "title": "CISA KEV: CVE-2026-21509 \u2014 Microsoft Office Security Feature Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-01-26", "sev": "high" } ], "first_seen": "2026-03-10" }, { "value": "CVE-2026-21510", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-33", "title": "CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV", "link": "https://thehackernews.com/2026/04/cisa-adds-actively-exploited.html", "published": "2026-04-29", "sev": "crit" }, { "id": "art-45", "title": "Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202", "link": "https://thehackernews.com/2026/04/microsoft-confirms-active-exploitation.html", "published": "2026-04-28", "sev": "crit" } ], "first_seen": "2026-04-29" }, { "value": "CVE-2026-21513", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-33", "title": "CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV", "link": "https://thehackernews.com/2026/04/cisa-adds-actively-exploited.html", "published": "2026-04-29", "sev": "crit" }, { "id": "art-45", "title": "Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202", "link": "https://thehackernews.com/2026/04/microsoft-confirms-active-exploitation.html", "published": "2026-04-28", "sev": "crit" }, { "id": "art-208", "title": "CISA KEV: CVE-2026-32202 \u2014 Microsoft Windows Protection Mechanism Failure Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-10", "sev": "high" } ], "first_seen": "2026-04-29" }, { "value": "CVE-2026-21571", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-47", "title": "\u26a1 Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More", "link": "https://thehackernews.com/2026/04/weekly-recap-fast16-malware-xchat.html", "published": "2026-04-27", "sev": "crit" } ], "first_seen": "2026-04-27" }, { "value": "CVE-2026-21876", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-47", "title": "\u26a1 Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More", "link": "https://thehackernews.com/2026/04/weekly-recap-fast16-malware-xchat.html", "published": "2026-04-27", "sev": "crit" } ], "first_seen": "2026-04-27" }, { "value": "CVE-2026-22584", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-113", "title": "A Deep Dive Into Attempted Exploitation of CVE-2023-33538", "link": "https://unit42.paloaltonetworks.com/exploitation-of-cve-2023-33538/", "published": "2026-04-16", "sev": "crit" } ], "first_seen": "2026-04-16" }, { "value": "CVE-2026-23627", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-09", "title": "ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories", "link": "https://thehackernews.com/2026/04/threatsday-bulletin-sms-blaster-busts.html", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "CVE-2026-24908", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-09", "title": "ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories", "link": "https://thehackernews.com/2026/04/threatsday-bulletin-sms-blaster-busts.html", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "CVE-2026-25262", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-47", "title": "\u26a1 Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More", "link": "https://thehackernews.com/2026/04/weekly-recap-fast16-malware-xchat.html", "published": "2026-04-27", "sev": "crit" } ], "first_seen": "2026-04-27" }, { "value": "CVE-2026-25874", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-41", "title": "Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE", "link": "https://thehackernews.com/2026/04/critical-cve-2026-25874-leaves-hugging.html", "published": "2026-04-28", "sev": "crit" } ], "first_seen": "2026-04-28" }, { "value": "CVE-2026-26268", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-16", "title": "Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution", "link": "https://thehackernews.com/2026/04/google-fixes-cvss-10-gemini-cli-ci-rce.html", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "CVE-2026-27174", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-74", "title": "ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories", "link": "https://thehackernews.com/2026/04/threatsday-bulletin-290m-defi-hack.html", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "CVE-2026-27175", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-74", "title": "ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories", "link": "https://thehackernews.com/2026/04/threatsday-bulletin-290m-defi-hack.html", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "CVE-2026-27654", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-47", "title": "\u26a1 Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More", "link": "https://thehackernews.com/2026/04/weekly-recap-fast16-malware-xchat.html", "published": "2026-04-27", "sev": "crit" } ], "first_seen": "2026-04-27" }, { "value": "CVE-2026-28950", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-81", "title": "Apple Fixes iOS Flaw That Let FBI Recover Deleted Signal Messages", "link": "https://thehackernews.com/2026/04/apple-patches-ios-flaw-that-stored.html", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "CVE-2026-31431", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "BleepingComputer", "The Hacker News" ], "articles": [ { "id": "art-10", "title": "New Linux \u2018Copy Fail\u2019 flaw gives hackers root on major distros", "link": "https://www.bleepingcomputer.com/news/security/new-linux-copy-fail-flaw-gives-hackers-root-on-major-distros/", "published": "2026-04-30", "sev": "high" }, { "id": "art-15", "title": "New Linux 'Copy Fail' Vulnerability Enables Root Access on Major Distributions", "link": "https://thehackernews.com/2026/04/new-linux-copy-fail-vulnerability.html", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "CVE-2026-32173", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-47", "title": "\u26a1 Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More", "link": "https://thehackernews.com/2026/04/weekly-recap-fast16-malware-xchat.html", "published": "2026-04-27", "sev": "crit" } ], "first_seen": "2026-04-27" }, { "value": "CVE-2026-32202", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "Cisco Talos", "CISA KEV" ], "articles": [ { "id": "art-04", "title": "PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials", "link": "https://thehackernews.com/2026/04/pytorch-lightning-compromised-in-pypi.html", "published": "2026-04-30", "sev": "crit" }, { "id": "art-09", "title": "ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories", "link": "https://thehackernews.com/2026/04/threatsday-bulletin-sms-blaster-busts.html", "published": "2026-04-30", "sev": "crit" }, { "id": "art-11", "title": "New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials", "link": "https://thehackernews.com/2026/04/new-python-backdoor-uses-tunneling.html", "published": "2026-04-30", "sev": "crit" }, { "id": "art-13", "title": "EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades", "link": "https://thehackernews.com/2026/04/etherrat-distribution-spoofing.html", "published": "2026-04-30", "sev": "crit" }, { "id": "art-15", "title": "New Linux 'Copy Fail' Vulnerability Enables Root Access on Major Distributions", "link": "https://thehackernews.com/2026/04/new-linux-copy-fail-vulnerability.html", "published": "2026-04-30", "sev": "crit" }, { "id": "art-16", "title": "Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution", "link": "https://thehackernews.com/2026/04/google-fixes-cvss-10-gemini-cli-ci-rce.html", "published": "2026-04-30", "sev": "crit" }, { "id": "art-23", "title": "SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack", "link": "https://thehackernews.com/2026/04/sap-npm-packages-compromised-by-mini.html", "published": "2026-04-29", "sev": "crit" }, { "id": "art-26", "title": "New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs", "link": "https://thehackernews.com/2026/04/new-wave-of-dprk-attacks-uses-ai.html", "published": "2026-04-29", "sev": "crit" }, { "id": "art-29", "title": "Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks", "link": "https://thehackernews.com/2026/04/webinar-how-to-automate-exposure.html", "published": "2026-04-29", "sev": "crit" }, { "id": "art-30", "title": "What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)", "link": "https://thehackernews.com/2026/04/what-to-look-for-in-exposure-management.html", "published": "2026-04-29", "sev": "crit" }, { "id": "art-32", "title": "Critical cPanel Authentication Vulnerability Identified \u2014 Update Your Server Immediately", "link": "https://thehackernews.com/2026/04/critical-cpanel-authentication.html", "published": "2026-04-29", "sev": "crit" }, { "id": "art-33", "title": "CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV", "link": "https://thehackernews.com/2026/04/cisa-adds-actively-exploited.html", "published": "2026-04-29", "sev": "crit" }, { "id": "art-34", "title": "LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure", "link": "https://thehackernews.com/2026/04/litellm-cve-2026-42208-sql-injection.html", "published": "2026-04-29", "sev": "crit" }, { "id": "art-35", "title": "Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push", "link": "https://thehackernews.com/2026/04/researchers-discover-critical-github.html", "published": "2026-04-28", "sev": "crit" }, { "id": "art-36", "title": "Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign", "link": "https://thehackernews.com/2026/04/brazilian-lofygang-resurfaces-after.html", "published": "2026-04-28", "sev": "crit" }, { "id": "art-37", "title": "VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi", "link": "https://thehackernews.com/2026/04/vect-20-ransomware-irreversibly.html", "published": "2026-04-28", "sev": "crit" }, { "id": "art-40", "title": "Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About", "link": "https://thehackernews.com/2026/04/why-secure-data-movement-is-zero-trust.html", "published": "2026-04-28", "sev": "crit" }, { "id": "art-41", "title": "Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE", "link": "https://thehackernews.com/2026/04/critical-cve-2026-25874-leaves-hugging.html", "published": "2026-04-28", "sev": "crit" }, { "id": "art-42", "title": "After Mythos: New Playbooks For a Zero-Window Era", "link": "https://thehackernews.com/2026/04/after-mythos-new-playbooks-for-zero.html", "published": "2026-04-28", "sev": "crit" }, { "id": "art-43", "title": "Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks", "link": "https://thehackernews.com/2026/04/chinese-silk-typhoon-hacker-extradited.html", "published": "2026-04-28", "sev": "crit" }, { "id": "art-44", "title": "Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover", "link": "https://thehackernews.com/2026/04/microsoft-patches-entra-id-role-flaw.html", "published": "2026-04-28", "sev": "crit" }, { "id": "art-45", "title": "Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202", "link": "https://thehackernews.com/2026/04/microsoft-confirms-active-exploitation.html", "published": "2026-04-28", "sev": "crit" }, { "id": "art-46", "title": "Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack", "link": "https://thehackernews.com/2026/04/checkmarx-confirms-github-repository.html", "published": "2026-04-27", "sev": "crit" }, { "id": "art-47", "title": "\u26a1 Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More", "link": "https://thehackernews.com/2026/04/weekly-recap-fast16-malware-xchat.html", "published": "2026-04-27", "sev": "crit" }, { "id": "art-48", "title": "Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren't Ready for the Remediation Side", "link": "https://thehackernews.com/2026/04/mythos-changed-math-on-vulnerability.html", "published": "2026-04-27", "sev": "crit" }, { "id": "art-49", "title": "PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks", "link": "https://thehackernews.com/2026/04/phantomcore-exploits-trueconf.html", "published": "2026-04-27", "sev": "crit" }, { "id": "art-50", "title": "Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware", "link": "https://thehackernews.com/2026/04/researchers-uncover-73-fake-vs-code.html", "published": "2026-04-27", "sev": "crit" }, { "id": "art-51", "title": "Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud", "link": "https://thehackernews.com/2026/04/fake-captcha-irsf-scam-and-120-keitaro.html", "published": "2026-04-27", "sev": "crit" }, { "id": "art-52", "title": "Researchers Uncover Pre-Stuxnet \u2018fast16\u2019 Malware Targeting Engineering Software", "link": "https://thehackernews.com/2026/04/researchers-uncover-pre-stuxnet-fast16.html", "published": "2026-04-25", "sev": "crit" }, { "id": "art-53", "title": "CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline", "link": "https://thehackernews.com/2026/04/cisa-adds-4-exploited-flaws-to-kev-sets.html", "published": "2026-04-25", "sev": "crit" }, { "id": "art-56", "title": "FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches", "link": "https://thehackernews.com/2026/04/firestarter-backdoor-hit-federal-cisco.html", "published": "2026-04-24", "sev": "crit" }, { "id": "art-57", "title": "NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software", "link": "https://thehackernews.com/2026/04/nasa-employees-duped-in-chinese.html", "published": "2026-04-24", "sev": "crit" }, { "id": "art-58", "title": "Bridging the AI Agent Authority Gap: Continuous Observability as the Decision Engine", "link": "https://thehackernews.com/2026/04/bridging-ai-agent-authority-gap.html", "published": "2026-04-24", "sev": "crit" }, { "id": "art-59", "title": "26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases", "link": "https://thehackernews.com/2026/04/26-fakewallet-apps-found-on-apple-app.html", "published": "2026-04-24", "sev": "crit" }, { "id": "art-60", "title": "Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2", "link": "https://thehackernews.com/2026/04/tropic-trooper-uses-trojanized.html", "published": "2026-04-24", "sev": "crit" }, { "id": "art-63", "title": "LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure", "link": "https://thehackernews.com/2026/04/lmdeploy-cve-2026-33626-flaw-exploited.html", "published": "2026-04-24", "sev": "crit" }, { "id": "art-70", "title": "UNC6692 Impersonates IT Help Desk via Microsoft Teams to Deploy SNOW Malware", "link": "https://thehackernews.com/2026/04/unc6692-impersonates-it-helpdesk-via.html", "published": "2026-04-23", "sev": "crit" }, { "id": "art-73", "title": "Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign", "link": "https://thehackernews.com/2026/04/bitwarden-cli-compromised-in-ongoing.html", "published": "2026-04-23", "sev": "crit" }, { "id": "art-74", "title": "ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories", "link": "https://thehackernews.com/2026/04/threatsday-bulletin-290m-defi-hack.html", "published": "2026-04-23", "sev": "crit" }, { "id": "art-75", "title": "[Webinar] Mythos Reality Check: Beating Automated Exploitation at AI Speed", "link": "https://thehackernews.com/2026/04/webinar-mythos-reality-check-beating.html", "published": "2026-04-23", "sev": "crit" }, { "id": "art-76", "title": "Project Glasswing Proved AI Can Find the Bugs. Who's Going to Fix Them?", "link": "https://thehackernews.com/2026/04/project-glasswing-proved-ai-can-find.html", "published": "2026-04-23", "sev": "crit" }, { "id": "art-78", "title": "China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors", "link": "https://thehackernews.com/2026/04/china-linked-gopherwhisper-infects-12.html", "published": "2026-04-23", "sev": "crit" }, { "id": "art-80", "title": "Vercel Finds More Compromised Accounts in Context.ai-Linked Breach", "link": "https://thehackernews.com/2026/04/vercel-finds-more-compromised-accounts.html", "published": "2026-04-23", "sev": "crit" }, { "id": "art-81", "title": "Apple Fixes iOS Flaw That Let FBI Recover Deleted Signal Messages", "link": "https://thehackernews.com/2026/04/apple-patches-ios-flaw-that-stored.html", "published": "2026-04-23", "sev": "crit" }, { "id": "art-84", "title": "Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain", "link": "https://thehackernews.com/2026/04/malicious-kics-docker-images-and-vs.html", "published": "2026-04-22", "sev": "crit" }, { "id": "art-85", "title": "Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens", "link": "https://thehackernews.com/2026/04/self-propagating-supply-chain-worm.html", "published": "2026-04-22", "sev": "crit" }, { "id": "art-88", "title": "Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack", "link": "https://thehackernews.com/2026/04/lotus-wiper-malware-targets-venezuelan.html", "published": "2026-04-22", "sev": "crit" }, { "id": "art-89", "title": "Toxic Combinations: When Cross-App Permissions Stack into Risk", "link": "https://thehackernews.com/2026/04/toxic-combinations-when-cross-app.html", "published": "2026-04-22", "sev": "crit" }, { "id": "art-92", "title": "Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug", "link": "https://thehackernews.com/2026/04/microsoft-patches-critical-aspnet-core.html", "published": "2026-04-22", "sev": "crit" }, { "id": "art-123", "title": "Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-april-2026/", "published": "2026-04-14", "sev": "high" }, { "id": "art-208", "title": "CISA KEV: CVE-2026-32202 \u2014 Microsoft Windows Protection Mechanism Failure Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-10", "sev": "high" } ], "first_seen": "2026-04-30" }, { "value": "CVE-2026-32604", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-47", "title": "\u26a1 Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More", "link": "https://thehackernews.com/2026/04/weekly-recap-fast16-malware-xchat.html", "published": "2026-04-27", "sev": "crit" } ], "first_seen": "2026-04-27" }, { "value": "CVE-2026-32613", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-47", "title": "\u26a1 Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More", "link": "https://thehackernews.com/2026/04/weekly-recap-fast16-malware-xchat.html", "published": "2026-04-27", "sev": "crit" } ], "first_seen": "2026-04-27" }, { "value": "CVE-2026-33032", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-87", "title": "Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API", "link": "https://thehackernews.com/2026/04/harvester-deploys-linux-gogra-backdoor.html", "published": "2026-04-22", "sev": "crit" } ], "first_seen": "2026-04-22" }, { "value": "CVE-2026-33626", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-04", "title": "PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials", "link": "https://thehackernews.com/2026/04/pytorch-lightning-compromised-in-pypi.html", "published": "2026-04-30", "sev": "crit" }, { "id": "art-09", "title": "ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories", "link": "https://thehackernews.com/2026/04/threatsday-bulletin-sms-blaster-busts.html", "published": "2026-04-30", "sev": "crit" }, { "id": "art-11", "title": "New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials", "link": "https://thehackernews.com/2026/04/new-python-backdoor-uses-tunneling.html", "published": "2026-04-30", "sev": "crit" }, { "id": "art-13", "title": "EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades", "link": "https://thehackernews.com/2026/04/etherrat-distribution-spoofing.html", "published": "2026-04-30", "sev": "crit" }, { "id": "art-15", "title": "New Linux 'Copy Fail' Vulnerability Enables Root Access on Major Distributions", "link": "https://thehackernews.com/2026/04/new-linux-copy-fail-vulnerability.html", "published": "2026-04-30", "sev": "crit" }, { "id": "art-16", "title": "Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution", "link": "https://thehackernews.com/2026/04/google-fixes-cvss-10-gemini-cli-ci-rce.html", "published": "2026-04-30", "sev": "crit" }, { "id": "art-23", "title": "SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack", "link": "https://thehackernews.com/2026/04/sap-npm-packages-compromised-by-mini.html", "published": "2026-04-29", "sev": "crit" }, { "id": "art-26", "title": "New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs", "link": "https://thehackernews.com/2026/04/new-wave-of-dprk-attacks-uses-ai.html", "published": "2026-04-29", "sev": "crit" }, { "id": "art-29", "title": "Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks", "link": "https://thehackernews.com/2026/04/webinar-how-to-automate-exposure.html", "published": "2026-04-29", "sev": "crit" }, { "id": "art-30", "title": "What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)", "link": "https://thehackernews.com/2026/04/what-to-look-for-in-exposure-management.html", "published": "2026-04-29", "sev": "crit" }, { "id": "art-32", "title": "Critical cPanel Authentication Vulnerability Identified \u2014 Update Your Server Immediately", "link": "https://thehackernews.com/2026/04/critical-cpanel-authentication.html", "published": "2026-04-29", "sev": "crit" }, { "id": "art-33", "title": "CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV", "link": "https://thehackernews.com/2026/04/cisa-adds-actively-exploited.html", "published": "2026-04-29", "sev": "crit" }, { "id": "art-34", "title": "LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure", "link": "https://thehackernews.com/2026/04/litellm-cve-2026-42208-sql-injection.html", "published": "2026-04-29", "sev": "crit" }, { "id": "art-35", "title": "Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push", "link": "https://thehackernews.com/2026/04/researchers-discover-critical-github.html", "published": "2026-04-28", "sev": "crit" }, { "id": "art-36", "title": "Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign", "link": "https://thehackernews.com/2026/04/brazilian-lofygang-resurfaces-after.html", "published": "2026-04-28", "sev": "crit" }, { "id": "art-37", "title": "VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi", "link": "https://thehackernews.com/2026/04/vect-20-ransomware-irreversibly.html", "published": "2026-04-28", "sev": "crit" }, { "id": "art-40", "title": "Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About", "link": "https://thehackernews.com/2026/04/why-secure-data-movement-is-zero-trust.html", "published": "2026-04-28", "sev": "crit" }, { "id": "art-41", "title": "Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE", "link": "https://thehackernews.com/2026/04/critical-cve-2026-25874-leaves-hugging.html", "published": "2026-04-28", "sev": "crit" }, { "id": "art-42", "title": "After Mythos: New Playbooks For a Zero-Window Era", "link": "https://thehackernews.com/2026/04/after-mythos-new-playbooks-for-zero.html", "published": "2026-04-28", "sev": "crit" }, { "id": "art-43", "title": "Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks", "link": "https://thehackernews.com/2026/04/chinese-silk-typhoon-hacker-extradited.html", "published": "2026-04-28", "sev": "crit" }, { "id": "art-44", "title": "Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover", "link": "https://thehackernews.com/2026/04/microsoft-patches-entra-id-role-flaw.html", "published": "2026-04-28", "sev": "crit" }, { "id": "art-45", "title": "Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202", "link": "https://thehackernews.com/2026/04/microsoft-confirms-active-exploitation.html", "published": "2026-04-28", "sev": "crit" }, { "id": "art-46", "title": "Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack", "link": "https://thehackernews.com/2026/04/checkmarx-confirms-github-repository.html", "published": "2026-04-27", "sev": "crit" }, { "id": "art-47", "title": "\u26a1 Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More", "link": "https://thehackernews.com/2026/04/weekly-recap-fast16-malware-xchat.html", "published": "2026-04-27", "sev": "crit" }, { "id": "art-48", "title": "Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren't Ready for the Remediation Side", "link": "https://thehackernews.com/2026/04/mythos-changed-math-on-vulnerability.html", "published": "2026-04-27", "sev": "crit" }, { "id": "art-49", "title": "PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks", "link": "https://thehackernews.com/2026/04/phantomcore-exploits-trueconf.html", "published": "2026-04-27", "sev": "crit" }, { "id": "art-50", "title": "Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware", "link": "https://thehackernews.com/2026/04/researchers-uncover-73-fake-vs-code.html", "published": "2026-04-27", "sev": "crit" }, { "id": "art-51", "title": "Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud", "link": "https://thehackernews.com/2026/04/fake-captcha-irsf-scam-and-120-keitaro.html", "published": "2026-04-27", "sev": "crit" }, { "id": "art-52", "title": "Researchers Uncover Pre-Stuxnet \u2018fast16\u2019 Malware Targeting Engineering Software", "link": "https://thehackernews.com/2026/04/researchers-uncover-pre-stuxnet-fast16.html", "published": "2026-04-25", "sev": "crit" }, { "id": "art-53", "title": "CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline", "link": "https://thehackernews.com/2026/04/cisa-adds-4-exploited-flaws-to-kev-sets.html", "published": "2026-04-25", "sev": "crit" }, { "id": "art-56", "title": "FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches", "link": "https://thehackernews.com/2026/04/firestarter-backdoor-hit-federal-cisco.html", "published": "2026-04-24", "sev": "crit" }, { "id": "art-57", "title": "NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software", "link": "https://thehackernews.com/2026/04/nasa-employees-duped-in-chinese.html", "published": "2026-04-24", "sev": "crit" }, { "id": "art-58", "title": "Bridging the AI Agent Authority Gap: Continuous Observability as the Decision Engine", "link": "https://thehackernews.com/2026/04/bridging-ai-agent-authority-gap.html", "published": "2026-04-24", "sev": "crit" }, { "id": "art-59", "title": "26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases", "link": "https://thehackernews.com/2026/04/26-fakewallet-apps-found-on-apple-app.html", "published": "2026-04-24", "sev": "crit" }, { "id": "art-60", "title": "Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2", "link": "https://thehackernews.com/2026/04/tropic-trooper-uses-trojanized.html", "published": "2026-04-24", "sev": "crit" }, { "id": "art-63", "title": "LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure", "link": "https://thehackernews.com/2026/04/lmdeploy-cve-2026-33626-flaw-exploited.html", "published": "2026-04-24", "sev": "crit" }, { "id": "art-70", "title": "UNC6692 Impersonates IT Help Desk via Microsoft Teams to Deploy SNOW Malware", "link": "https://thehackernews.com/2026/04/unc6692-impersonates-it-helpdesk-via.html", "published": "2026-04-23", "sev": "crit" }, { "id": "art-73", "title": "Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign", "link": "https://thehackernews.com/2026/04/bitwarden-cli-compromised-in-ongoing.html", "published": "2026-04-23", "sev": "crit" }, { "id": "art-74", "title": "ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories", "link": "https://thehackernews.com/2026/04/threatsday-bulletin-290m-defi-hack.html", "published": "2026-04-23", "sev": "crit" }, { "id": "art-75", "title": "[Webinar] Mythos Reality Check: Beating Automated Exploitation at AI Speed", "link": "https://thehackernews.com/2026/04/webinar-mythos-reality-check-beating.html", "published": "2026-04-23", "sev": "crit" }, { "id": "art-76", "title": "Project Glasswing Proved AI Can Find the Bugs. Who's Going to Fix Them?", "link": "https://thehackernews.com/2026/04/project-glasswing-proved-ai-can-find.html", "published": "2026-04-23", "sev": "crit" }, { "id": "art-78", "title": "China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors", "link": "https://thehackernews.com/2026/04/china-linked-gopherwhisper-infects-12.html", "published": "2026-04-23", "sev": "crit" }, { "id": "art-80", "title": "Vercel Finds More Compromised Accounts in Context.ai-Linked Breach", "link": "https://thehackernews.com/2026/04/vercel-finds-more-compromised-accounts.html", "published": "2026-04-23", "sev": "crit" }, { "id": "art-81", "title": "Apple Fixes iOS Flaw That Let FBI Recover Deleted Signal Messages", "link": "https://thehackernews.com/2026/04/apple-patches-ios-flaw-that-stored.html", "published": "2026-04-23", "sev": "crit" }, { "id": "art-84", "title": "Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain", "link": "https://thehackernews.com/2026/04/malicious-kics-docker-images-and-vs.html", "published": "2026-04-22", "sev": "crit" }, { "id": "art-85", "title": "Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens", "link": "https://thehackernews.com/2026/04/self-propagating-supply-chain-worm.html", "published": "2026-04-22", "sev": "crit" }, { "id": "art-88", "title": "Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack", "link": "https://thehackernews.com/2026/04/lotus-wiper-malware-targets-venezuelan.html", "published": "2026-04-22", "sev": "crit" }, { "id": "art-89", "title": "Toxic Combinations: When Cross-App Permissions Stack into Risk", "link": "https://thehackernews.com/2026/04/toxic-combinations-when-cross-app.html", "published": "2026-04-22", "sev": "crit" }, { "id": "art-92", "title": "Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug", "link": "https://thehackernews.com/2026/04/microsoft-patches-critical-aspnet-core.html", "published": "2026-04-22", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "CVE-2026-33694", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-47", "title": "\u26a1 Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More", "link": "https://thehackernews.com/2026/04/weekly-recap-fast16-malware-xchat.html", "published": "2026-04-27", "sev": "crit" } ], "first_seen": "2026-04-27" }, { "value": "CVE-2026-33824", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "Cisco Talos" ], "articles": [ { "id": "art-47", "title": "\u26a1 Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More", "link": "https://thehackernews.com/2026/04/weekly-recap-fast16-malware-xchat.html", "published": "2026-04-27", "sev": "crit" }, { "id": "art-123", "title": "Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-april-2026/", "published": "2026-04-14", "sev": "high" } ], "first_seen": "2026-04-27" }, { "value": "CVE-2026-33871", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-47", "title": "\u26a1 Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More", "link": "https://thehackernews.com/2026/04/weekly-recap-fast16-malware-xchat.html", "published": "2026-04-27", "sev": "crit" } ], "first_seen": "2026-04-27" }, { "value": "CVE-2026-34197", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "CISA KEV" ], "articles": [ { "id": "art-74", "title": "ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories", "link": "https://thehackernews.com/2026/04/threatsday-bulletin-290m-defi-hack.html", "published": "2026-04-23", "sev": "crit" }, { "id": "art-87", "title": "Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API", "link": "https://thehackernews.com/2026/04/harvester-deploys-linux-gogra-backdoor.html", "published": "2026-04-22", "sev": "crit" }, { "id": "art-120", "title": "CISA KEV: CVE-2026-34197 \u2014 Apache ActiveMQ Improper Input Validation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-16", "sev": "high" } ], "first_seen": "2026-04-23" }, { "value": "CVE-2026-3517", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-47", "title": "\u26a1 Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More", "link": "https://thehackernews.com/2026/04/weekly-recap-fast16-malware-xchat.html", "published": "2026-04-27", "sev": "crit" } ], "first_seen": "2026-04-27" }, { "value": "CVE-2026-3518", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-47", "title": "\u26a1 Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More", "link": "https://thehackernews.com/2026/04/weekly-recap-fast16-malware-xchat.html", "published": "2026-04-27", "sev": "crit" } ], "first_seen": "2026-04-27" }, { "value": "CVE-2026-3519", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-47", "title": "\u26a1 Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More", "link": "https://thehackernews.com/2026/04/weekly-recap-fast16-malware-xchat.html", "published": "2026-04-27", "sev": "crit" } ], "first_seen": "2026-04-27" }, { "value": "CVE-2026-3844", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-63", "title": "LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure", "link": "https://thehackernews.com/2026/04/lmdeploy-cve-2026-33626-flaw-exploited.html", "published": "2026-04-24", "sev": "crit" } ], "first_seen": "2026-04-24" }, { "value": "CVE-2026-3854", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-04", "title": "PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials", "link": "https://thehackernews.com/2026/04/pytorch-lightning-compromised-in-pypi.html", "published": "2026-04-30", "sev": "crit" }, { "id": "art-09", "title": "ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories", "link": "https://thehackernews.com/2026/04/threatsday-bulletin-sms-blaster-busts.html", "published": "2026-04-30", "sev": "crit" }, { "id": "art-11", "title": "New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials", "link": "https://thehackernews.com/2026/04/new-python-backdoor-uses-tunneling.html", "published": "2026-04-30", "sev": "crit" }, { "id": "art-13", "title": "EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades", "link": "https://thehackernews.com/2026/04/etherrat-distribution-spoofing.html", "published": "2026-04-30", "sev": "crit" }, { "id": "art-15", "title": "New Linux 'Copy Fail' Vulnerability Enables Root Access on Major Distributions", "link": "https://thehackernews.com/2026/04/new-linux-copy-fail-vulnerability.html", "published": "2026-04-30", "sev": "crit" }, { "id": "art-16", "title": "Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution", "link": "https://thehackernews.com/2026/04/google-fixes-cvss-10-gemini-cli-ci-rce.html", "published": "2026-04-30", "sev": "crit" }, { "id": "art-23", "title": "SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack", "link": "https://thehackernews.com/2026/04/sap-npm-packages-compromised-by-mini.html", "published": "2026-04-29", "sev": "crit" }, { "id": "art-26", "title": "New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs", "link": "https://thehackernews.com/2026/04/new-wave-of-dprk-attacks-uses-ai.html", "published": "2026-04-29", "sev": "crit" }, { "id": "art-29", "title": "Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks", "link": "https://thehackernews.com/2026/04/webinar-how-to-automate-exposure.html", "published": "2026-04-29", "sev": "crit" }, { "id": "art-30", "title": "What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)", "link": "https://thehackernews.com/2026/04/what-to-look-for-in-exposure-management.html", "published": "2026-04-29", "sev": "crit" }, { "id": "art-32", "title": "Critical cPanel Authentication Vulnerability Identified \u2014 Update Your Server Immediately", "link": "https://thehackernews.com/2026/04/critical-cpanel-authentication.html", "published": "2026-04-29", "sev": "crit" }, { "id": "art-33", "title": "CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV", "link": "https://thehackernews.com/2026/04/cisa-adds-actively-exploited.html", "published": "2026-04-29", "sev": "crit" }, { "id": "art-34", "title": "LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure", "link": "https://thehackernews.com/2026/04/litellm-cve-2026-42208-sql-injection.html", "published": "2026-04-29", "sev": "crit" }, { "id": "art-35", "title": "Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push", "link": "https://thehackernews.com/2026/04/researchers-discover-critical-github.html", "published": "2026-04-28", "sev": "crit" }, { "id": "art-36", "title": "Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign", "link": "https://thehackernews.com/2026/04/brazilian-lofygang-resurfaces-after.html", "published": "2026-04-28", "sev": "crit" }, { "id": "art-37", "title": "VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi", "link": "https://thehackernews.com/2026/04/vect-20-ransomware-irreversibly.html", "published": "2026-04-28", "sev": "crit" }, { "id": "art-40", "title": "Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About", "link": "https://thehackernews.com/2026/04/why-secure-data-movement-is-zero-trust.html", "published": "2026-04-28", "sev": "crit" }, { "id": "art-41", "title": "Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE", "link": "https://thehackernews.com/2026/04/critical-cve-2026-25874-leaves-hugging.html", "published": "2026-04-28", "sev": "crit" }, { "id": "art-42", "title": "After Mythos: New Playbooks For a Zero-Window Era", "link": "https://thehackernews.com/2026/04/after-mythos-new-playbooks-for-zero.html", "published": "2026-04-28", "sev": "crit" }, { "id": "art-43", "title": "Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks", "link": "https://thehackernews.com/2026/04/chinese-silk-typhoon-hacker-extradited.html", "published": "2026-04-28", "sev": "crit" }, { "id": "art-44", "title": "Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover", "link": "https://thehackernews.com/2026/04/microsoft-patches-entra-id-role-flaw.html", "published": "2026-04-28", "sev": "crit" }, { "id": "art-45", "title": "Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202", "link": "https://thehackernews.com/2026/04/microsoft-confirms-active-exploitation.html", "published": "2026-04-28", "sev": "crit" }, { "id": "art-46", "title": "Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack", "link": "https://thehackernews.com/2026/04/checkmarx-confirms-github-repository.html", "published": "2026-04-27", "sev": "crit" }, { "id": "art-47", "title": "\u26a1 Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More", "link": "https://thehackernews.com/2026/04/weekly-recap-fast16-malware-xchat.html", "published": "2026-04-27", "sev": "crit" }, { "id": "art-48", "title": "Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren't Ready for the Remediation Side", "link": "https://thehackernews.com/2026/04/mythos-changed-math-on-vulnerability.html", "published": "2026-04-27", "sev": "crit" }, { "id": "art-49", "title": "PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks", "link": "https://thehackernews.com/2026/04/phantomcore-exploits-trueconf.html", "published": "2026-04-27", "sev": "crit" }, { "id": "art-50", "title": "Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware", "link": "https://thehackernews.com/2026/04/researchers-uncover-73-fake-vs-code.html", "published": "2026-04-27", "sev": "crit" }, { "id": "art-51", "title": "Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud", "link": "https://thehackernews.com/2026/04/fake-captcha-irsf-scam-and-120-keitaro.html", "published": "2026-04-27", "sev": "crit" }, { "id": "art-52", "title": "Researchers Uncover Pre-Stuxnet \u2018fast16\u2019 Malware Targeting Engineering Software", "link": "https://thehackernews.com/2026/04/researchers-uncover-pre-stuxnet-fast16.html", "published": "2026-04-25", "sev": "crit" }, { "id": "art-53", "title": "CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline", "link": "https://thehackernews.com/2026/04/cisa-adds-4-exploited-flaws-to-kev-sets.html", "published": "2026-04-25", "sev": "crit" }, { "id": "art-56", "title": "FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches", "link": "https://thehackernews.com/2026/04/firestarter-backdoor-hit-federal-cisco.html", "published": "2026-04-24", "sev": "crit" }, { "id": "art-57", "title": "NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software", "link": "https://thehackernews.com/2026/04/nasa-employees-duped-in-chinese.html", "published": "2026-04-24", "sev": "crit" }, { "id": "art-58", "title": "Bridging the AI Agent Authority Gap: Continuous Observability as the Decision Engine", "link": "https://thehackernews.com/2026/04/bridging-ai-agent-authority-gap.html", "published": "2026-04-24", "sev": "crit" }, { "id": "art-59", "title": "26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases", "link": "https://thehackernews.com/2026/04/26-fakewallet-apps-found-on-apple-app.html", "published": "2026-04-24", "sev": "crit" }, { "id": "art-60", "title": "Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2", "link": "https://thehackernews.com/2026/04/tropic-trooper-uses-trojanized.html", "published": "2026-04-24", "sev": "crit" }, { "id": "art-63", "title": "LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure", "link": "https://thehackernews.com/2026/04/lmdeploy-cve-2026-33626-flaw-exploited.html", "published": "2026-04-24", "sev": "crit" }, { "id": "art-70", "title": "UNC6692 Impersonates IT Help Desk via Microsoft Teams to Deploy SNOW Malware", "link": "https://thehackernews.com/2026/04/unc6692-impersonates-it-helpdesk-via.html", "published": "2026-04-23", "sev": "crit" }, { "id": "art-73", "title": "Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign", "link": "https://thehackernews.com/2026/04/bitwarden-cli-compromised-in-ongoing.html", "published": "2026-04-23", "sev": "crit" }, { "id": "art-74", "title": "ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories", "link": "https://thehackernews.com/2026/04/threatsday-bulletin-290m-defi-hack.html", "published": "2026-04-23", "sev": "crit" }, { "id": "art-75", "title": "[Webinar] Mythos Reality Check: Beating Automated Exploitation at AI Speed", "link": "https://thehackernews.com/2026/04/webinar-mythos-reality-check-beating.html", "published": "2026-04-23", "sev": "crit" }, { "id": "art-76", "title": "Project Glasswing Proved AI Can Find the Bugs. Who's Going to Fix Them?", "link": "https://thehackernews.com/2026/04/project-glasswing-proved-ai-can-find.html", "published": "2026-04-23", "sev": "crit" }, { "id": "art-78", "title": "China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors", "link": "https://thehackernews.com/2026/04/china-linked-gopherwhisper-infects-12.html", "published": "2026-04-23", "sev": "crit" }, { "id": "art-80", "title": "Vercel Finds More Compromised Accounts in Context.ai-Linked Breach", "link": "https://thehackernews.com/2026/04/vercel-finds-more-compromised-accounts.html", "published": "2026-04-23", "sev": "crit" }, { "id": "art-81", "title": "Apple Fixes iOS Flaw That Let FBI Recover Deleted Signal Messages", "link": "https://thehackernews.com/2026/04/apple-patches-ios-flaw-that-stored.html", "published": "2026-04-23", "sev": "crit" }, { "id": "art-84", "title": "Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain", "link": "https://thehackernews.com/2026/04/malicious-kics-docker-images-and-vs.html", "published": "2026-04-22", "sev": "crit" }, { "id": "art-85", "title": "Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens", "link": "https://thehackernews.com/2026/04/self-propagating-supply-chain-worm.html", "published": "2026-04-22", "sev": "crit" }, { "id": "art-88", "title": "Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack", "link": "https://thehackernews.com/2026/04/lotus-wiper-malware-targets-venezuelan.html", "published": "2026-04-22", "sev": "crit" }, { "id": "art-89", "title": "Toxic Combinations: When Cross-App Permissions Stack into Risk", "link": "https://thehackernews.com/2026/04/toxic-combinations-when-cross-app.html", "published": "2026-04-22", "sev": "crit" }, { "id": "art-92", "title": "Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug", "link": "https://thehackernews.com/2026/04/microsoft-patches-critical-aspnet-core.html", "published": "2026-04-22", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "CVE-2026-3965", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "BleepingComputer" ], "articles": [ { "id": "art-09", "title": "ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories", "link": "https://thehackernews.com/2026/04/threatsday-bulletin-sms-blaster-busts.html", "published": "2026-04-30", "sev": "crit" }, { "id": "art-21", "title": "Hackers exploit RCE flaws in Qinglong task scheduler for cryptomining", "link": "https://www.bleepingcomputer.com/news/security/hackers-exploit-rce-flaws-in-qinglong-task-scheduler-for-cryptomining/", "published": "2026-04-29", "sev": "high" } ], "first_seen": "2026-04-30" }, { "value": "CVE-2026-40050", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-47", "title": "\u26a1 Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More", "link": "https://thehackernews.com/2026/04/weekly-recap-fast16-malware-xchat.html", "published": "2026-04-27", "sev": "crit" } ], "first_seen": "2026-04-27" }, { "value": "CVE-2026-40372", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-47", "title": "\u26a1 Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More", "link": "https://thehackernews.com/2026/04/weekly-recap-fast16-malware-xchat.html", "published": "2026-04-27", "sev": "crit" }, { "id": "art-92", "title": "Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug", "link": "https://thehackernews.com/2026/04/microsoft-patches-critical-aspnet-core.html", "published": "2026-04-22", "sev": "crit" } ], "first_seen": "2026-04-27" }, { "value": "CVE-2026-4047", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News", "BleepingComputer" ], "articles": [ { "id": "art-09", "title": "ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories", "link": "https://thehackernews.com/2026/04/threatsday-bulletin-sms-blaster-busts.html", "published": "2026-04-30", "sev": "crit" }, { "id": "art-21", "title": "Hackers exploit RCE flaws in Qinglong task scheduler for cryptomining", "link": "https://www.bleepingcomputer.com/news/security/hackers-exploit-rce-flaws-in-qinglong-task-scheduler-for-cryptomining/", "published": "2026-04-29", "sev": "high" } ], "first_seen": "2026-04-30" }, { "value": "CVE-2026-4048", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-47", "title": "\u26a1 Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More", "link": "https://thehackernews.com/2026/04/weekly-recap-fast16-malware-xchat.html", "published": "2026-04-27", "sev": "crit" } ], "first_seen": "2026-04-27" }, { "value": "CVE-2026-40872", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-47", "title": "\u26a1 Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More", "link": "https://thehackernews.com/2026/04/weekly-recap-fast16-malware-xchat.html", "published": "2026-04-27", "sev": "crit" } ], "first_seen": "2026-04-27" }, { "value": "CVE-2026-41651", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-47", "title": "\u26a1 Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More", "link": "https://thehackernews.com/2026/04/weekly-recap-fast16-malware-xchat.html", "published": "2026-04-27", "sev": "crit" } ], "first_seen": "2026-04-27" }, { "value": "CVE-2026-41940", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "BleepingComputer", "CISA KEV", "The Hacker News" ], "articles": [ { "id": "art-12", "title": "Critical cPanel and WHM bug exploited as a zero-day, PoC now available", "link": "https://www.bleepingcomputer.com/news/security/critical-cpanel-and-whm-bug-exploited-as-a-zero-day-poc-now-available/", "published": "2026-04-30", "sev": "high" }, { "id": "art-18", "title": "CISA KEV: CVE-2026-41940 \u2014 WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-30", "sev": "high" }, { "id": "art-32", "title": "Critical cPanel Authentication Vulnerability Identified \u2014 Update Your Server Immediately", "link": "https://thehackernews.com/2026/04/critical-cpanel-authentication.html", "published": "2026-04-29", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "CVE-2026-42208", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos", "The Hacker News" ], "articles": [ { "id": "art-01", "title": "Great responsibility, without great power", "link": "https://blog.talosintelligence.com/great-responsibility-without-great-power/", "published": "2026-04-30", "sev": "crit" }, { "id": "art-34", "title": "LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure", "link": "https://thehackernews.com/2026/04/litellm-cve-2026-42208-sql-injection.html", "published": "2026-04-29", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "CVE-2026-5752", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-47", "title": "\u26a1 Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More", "link": "https://thehackernews.com/2026/04/weekly-recap-fast16-malware-xchat.html", "published": "2026-04-27", "sev": "crit" } ], "first_seen": "2026-04-27" }, { "value": "CVE-2026-5754", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-47", "title": "\u26a1 Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More", "link": "https://thehackernews.com/2026/04/weekly-recap-fast16-malware-xchat.html", "published": "2026-04-27", "sev": "crit" } ], "first_seen": "2026-04-27" }, { "value": "CVE-2026-5756", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-47", "title": "\u26a1 Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More", "link": "https://thehackernews.com/2026/04/weekly-recap-fast16-malware-xchat.html", "published": "2026-04-27", "sev": "crit" } ], "first_seen": "2026-04-27" }, { "value": "CVE-2026-5757", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-47", "title": "\u26a1 Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More", "link": "https://thehackernews.com/2026/04/weekly-recap-fast16-malware-xchat.html", "published": "2026-04-27", "sev": "crit" } ], "first_seen": "2026-04-27" }, { "value": "CVE-2026-5760", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-47", "title": "\u26a1 Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More", "link": "https://thehackernews.com/2026/04/weekly-recap-fast16-malware-xchat.html", "published": "2026-04-27", "sev": "crit" } ], "first_seen": "2026-04-27" }, { "value": "2b1.916.mytemp.website", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "2pd.f22.mytemp.website", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "6688cf.jhxrpbgq.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "92j.130.mytemp.website", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "abc.3mkorealtd.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "abc.doublemobile.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "abc.fetish-friends.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "abc.haijing88.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "abc.ilptour.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "abc.petitechanson.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "abc.sudsmama.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "abc.woopami.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "adobe.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-90", "title": "IR Trends Q1 2026: Phishing reemerges as top initial access vector, as attacks targeting public administration persist", "link": "https://blog.talosintelligence.com/ir-trends-q1-2026/", "published": "2026-04-22", "sev": "crit" } ], "first_seen": "2026-04-22" }, { "value": "ae-payapp.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "airansupasdports.cyou", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "alpha.filehost36.sbs", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "alphafly-drones.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-49", "title": "PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks", "link": "https://thehackernews.com/2026/04/phantomcore-exploits-trueconf.html", "published": "2026-04-27", "sev": "crit" } ], "first_seen": "2026-04-27" }, { "value": "anadnet.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News", "BleepingComputer" ], "articles": [ { "id": "art-09", "title": "ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories", "link": "https://thehackernews.com/2026/04/threatsday-bulletin-sms-blaster-busts.html", "published": "2026-04-30", "sev": "crit" }, { "id": "art-20", "title": "Popular WordPress redirect plugin hid dormant backdoor for years", "link": "https://www.bleepingcomputer.com/news/security/popular-wordpress-redirect-plugin-hid-dormant-backdoor-for-years/", "published": "2026-04-29", "sev": "high" } ], "first_seen": "2026-04-30" }, { "value": "ao.online", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-98", "title": "New NGate variant hides in a trojanized NFC payment app", "link": "https://www.welivesecurity.com/en/eset-research/new-ngate-variant-hides-in-a-trojanized-nfc-payment-app/", "published": "2026-04-21", "sev": "crit" } ], "first_seen": "2026-04-21" }, { "value": "api.dc1637.xyz", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "api.npoint.io", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "api.ra-backup.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "app1password.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-293", "title": "How password managers can be hacked \u2013 and how to stay safe", "link": "https://www.welivesecurity.com/en/cybersecurity/password-managers-under-attack-what-you-should-know/", "published": "2025-11-13", "sev": "crit" } ], "first_seen": "2025-11-13" }, { "value": "appbitwarden.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-293", "title": "How password managers can be hacked \u2013 and how to stay safe", "link": "https://www.welivesecurity.com/en/cybersecurity/password-managers-under-attack-what-you-should-know/", "published": "2025-11-13", "sev": "crit" } ], "first_seen": "2025-11-13" }, { "value": "appleid.apple.com-update.required.kontol.emiratesbankgroup.info", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "appstoreios.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "aramcoamericainvest.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "arch2.maxdatahost1.cyou", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "arch2.megadatahost3.homes", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "audit.checkmarx.cx", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)", "The Hacker News" ], "articles": [ { "id": "art-54", "title": "The npm Threat Landscape: Attack Surface and Mitigations", "link": "https://unit42.paloaltonetworks.com/monitoring-npm-supply-chain-attacks/", "published": "2026-04-24", "sev": "crit" }, { "id": "art-73", "title": "Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign", "link": "https://thehackernews.com/2026/04/bitwarden-cli-compromised-in-ongoing.html", "published": "2026-04-23", "sev": "crit" }, { "id": "art-84", "title": "Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain", "link": "https://thehackernews.com/2026/04/malicious-kics-docker-images-and-vs.html", "published": "2026-04-22", "sev": "crit" } ], "first_seen": "2026-04-24" }, { "value": "b0p.c0d.mytemp.website", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "b1z.0f6.mytemp.website", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "bankiran.bet", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "bankofamerica.com.oidscreen.gorequestlocale.emiratesbankgroup.info", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "biransupasdports.cyou", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "bit.ly", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "bore.pub", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-11", "title": "New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials", "link": "https://thehackernews.com/2026/04/new-python-backdoor-uses-tunneling.html", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "bot.ddosvps.cc", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-113", "title": "A Deep Dive Into Attempted Exploitation of CVE-2023-33538", "link": "https://unit42.paloaltonetworks.com/exploitation-of-cve-2023-33538/", "published": "2026-04-16", "sev": "crit" } ], "first_seen": "2026-04-16" }, { "value": "bouleversement.niovapahrm.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Microsoft Security Blog" ], "articles": [ { "id": "art-07", "title": "Email threat landscape: Q1 2026 trends and insights", "link": "https://www.microsoft.com/en-us/security/blog/2026/04/30/email-threat-landscape-q1-2026-trends-and-insights/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "buydubaipropertywithcrypto.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "c1y.bf3.mytemp.website", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "c45.94b.mytemp.website", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "cache3.filehost36.sbs", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "callnrwise.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-143", "title": "Threat Brief: Widespread Impact of the Axios Supply Chain Attack", "link": "https://unit42.paloaltonetworks.com/axios-supply-chain-attack/", "published": "2026-04-01", "sev": "crit" } ], "first_seen": "2026-04-01" }, { "value": "centrastage.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-122", "title": "The n8n n8mare: How threat actors are misusing AI workflow automation", "link": "https://blog.talosintelligence.com/the-n8n-n8mare/", "published": "2026-04-15", "sev": "crit" } ], "first_seen": "2026-04-15" }, { "value": "championships-peoples-point-cassette.trycloudflare.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "checkmarx.cx", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)", "The Hacker News" ], "articles": [ { "id": "art-54", "title": "The npm Threat Landscape: Attack Surface and Mitigations", "link": "https://unit42.paloaltonetworks.com/monitoring-npm-supply-chain-attacks/", "published": "2026-04-24", "sev": "crit" }, { "id": "art-84", "title": "Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain", "link": "https://thehackernews.com/2026/04/malicious-kics-docker-images-and-vs.html", "published": "2026-04-22", "sev": "crit" } ], "first_seen": "2026-04-24" }, { "value": "checkmarx.zone", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)", "Securelist (Kaspersky)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" }, { "id": "art-152", "title": "An AI gateway designed to steal your data", "link": "https://securelist.com/litellm-supply-chain-attack/119257/", "published": "2026-03-26", "sev": "high" } ], "first_seen": "2026-03-31" }, { "value": "ciderurginsx.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-126", "title": "JanelaRAT: a financial threat targeting users in Latin America", "link": "https://securelist.com/janelarat-financial-threat-in-latin-america/119332/", "published": "2026-04-13", "sev": "crit" } ], "first_seen": "2026-04-13" }, { "value": "cjn37-uyaaa-aaaac-qgnva-cai.raw.icp0.io", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-85", "title": "Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens", "link": "https://thehackernews.com/2026/04/self-propagating-supply-chain-worm.html", "published": "2026-04-22", "sev": "crit" } ], "first_seen": "2026-04-22" }, { "value": "cnc.vietdediserver.shop", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-113", "title": "A Deep Dive Into Attempted Exploitation of CVE-2023-33538", "link": "https://unit42.paloaltonetworks.com/exploitation-of-cve-2023-33538/", "published": "2026-04-16", "sev": "crit" } ], "first_seen": "2026-04-16" }, { "value": "cnmaestro.sapb-aramco.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "com-govauv.top", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "cover.www.microsoft.com.irancell.courses", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "create-sensitivity-grad-sequence.trycloudflare.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "crypto-stroe.cc", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "cryptocurrencies-offers.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "csec-c2-server.onrender.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-26", "title": "New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs", "link": "https://thehackernews.com/2026/04/new-wave-of-dprk-attacks-uses-ai.html", "published": "2026-04-29", "sev": "crit" } ], "first_seen": "2026-04-29" }, { "value": "d1g.ccd.mytemp.website", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "dnshook.site", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-138", "title": "Cracks in the Bedrock: Escaping the AWS AgentCore Sandbox", "link": "https://unit42.paloaltonetworks.com/bypass-of-aws-sandbox-network-isolation-mode/", "published": "2026-04-07", "sev": "crit" } ], "first_seen": "2026-04-07" }, { "value": "ds20221202.dsc.wcsset.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-288", "title": "PlushDaemon compromises network devices for adversary-in-the-middle attacks", "link": "https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-network-devices-for-adversary-in-the-middle-attacks/", "published": "2025-11-19", "sev": "crit" } ], "first_seen": "2025-11-19" }, { "value": "dubai-custbims.top", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "dubai-custboms.top", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "dubai-customs.top", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "dubai-polices.ae-finesquery.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "dubaicuctoms.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "dubaicustoms.top", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "dubaicustonms.top", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "dubaiicuctoms.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "dubaipolice.gov-tollbillba.life", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "eg3.db1.mytemp.website", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "emirates-ae.pack-541202699.azmtrust.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "emirates-post.racunari-bl.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "emiratescryptobank.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "emiratesinvestunion.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "emiratespost-pay.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "emiratespost.traz.top", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "etisalataccount-quickpayae.click", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "etisalataccountquickpayae.top", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "etisalatquickpay.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "f43.c76.mytemp.website", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "file.io", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-78", "title": "China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors", "link": "https://thehackernews.com/2026/04/china-linked-gopherwhisper-infects-12.html", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "firansupport.cyou", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "fkiransusdpportsdf.cyou", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "fudcrypt.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-74", "title": "ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories", "link": "https://thehackernews.com/2026/04/threatsday-bulletin-290m-defi-hack.html", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "gcp-sa-aiplatform-re.iam.gserviceaccount.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-147", "title": "Double Agents: Exposing Security Blind Spots in GCP Vertex AI", "link": "https://unit42.paloaltonetworks.com/double-agents-vertex-ai/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "gov-tollbillba.life", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "govauv.top", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "haematogenesis.hvishay.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Microsoft Security Blog" ], "articles": [ { "id": "art-07", "title": "Email threat landscape: Q1 2026 trends and insights", "link": "https://www.microsoft.com/en-us/security/blog/2026/04/30/email-threat-landscape-q1-2026-trends-and-insights/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "helllo2025.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "hyperfilevault1.xyz", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "hyperfilevault2.mom", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "hyperfilevault3.mom", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "hyperfilevault3.pics", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "investigation-launches-hearings-copying.trycloudflare.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "iosfc.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "iran.drproxy.pro", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "iran11.drproxy.pro", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "iran14.drproxy.pro", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "iran15.drproxy.pro", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "iran16.drproxy.pro", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "iran18.drproxy.pro", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "iran19.drproxy.pro", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "iran2.drproxy.pro", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "irancross.shop", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "irandargah.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "irandonation.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "iranforward.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "iranpaye.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "iransupasdports.cyou", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "iransupports.cyou", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "iransupporttyst.cyou", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "iransusdpportsdf.cyou", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "kamikaze.sh", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "kiransupport.cyou", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "kiransupportsdf.cyou", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "kkkhhhnnn.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "kmd.8cd.mytemp.website", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "kube.py", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "kzw.ce3.mytemp.website", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "m1w.4a0.mytemp.website", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "majormetalcsorp.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-122", "title": "The n8n n8mare: How threat actors are misusing AI workflow automation", "link": "https://blog.talosintelligence.com/the-n8n-n8mare/", "published": "2026-04-15", "sev": "crit" } ], "first_seen": "2026-04-15" }, { "value": "mcagov.cc", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "media.hyperfilevault2.mom", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "media.megafilehost2.sbs", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "metadata.google.internal", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-147", "title": "Double Agents: Exposing Security Blind Spots in GCP Vertex AI", "link": "https://unit42.paloaltonetworks.com/double-agents-vertex-ai/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "mgi1y.siyangoil.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "models.litellm.cloud", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)", "Securelist (Kaspersky)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" }, { "id": "art-152", "title": "An AI gateway designed to steal your data", "link": "https://securelist.com/litellm-supply-chain-attack/119257/", "published": "2026-03-26", "sev": "high" } ], "first_seen": "2026-03-31" }, { "value": "monicasue.app.n8n.cloud", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-122", "title": "The n8n n8mare: How threat actors are misusing AI workflow automation", "link": "https://blog.talosintelligence.com/the-n8n-n8mare/", "published": "2026-04-15", "sev": "crit" } ], "first_seen": "2026-04-15" }, { "value": "mti4ywy4.lahuafa.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "mtjln.siyangoil.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "my-secret.dnshook.site", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-138", "title": "Cracks in the Bedrock: Escaping the AWS AgentCore Sandbox", "link": "https://unit42.paloaltonetworks.com/bypass-of-aws-sandbox-network-isolation-mode/", "published": "2026-04-07", "sev": "crit" } ], "first_seen": "2026-04-07" }, { "value": "myemiratespost.click", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "mziyytm5ytk.ahroar.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "newso.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-254", "title": "LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan", "link": "https://www.welivesecurity.com/en/eset-research/longnosedgoblin-tries-sniff-out-governmental-affairs-southeast-asia-japan/", "published": "2025-12-18", "sev": "crit" } ], "first_seen": "2025-12-18" }, { "value": "ngy2yjq0otlj.ahroar.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "njb.551.mytemp.website", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "nmu8n.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "ntm0mdkzymy3n.oukwww.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "nxj.e57.mytemp.website", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "nziwytu5n.lahuafa.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "odm0.siyangoil.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "onedrivedownload.zoholandingpage.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-122", "title": "The n8n n8mare: How threat actors are misusing AI workflow automation", "link": "https://blog.talosintelligence.com/the-n8n-n8mare/", "published": "2026-04-15", "sev": "crit" } ], "first_seen": "2026-04-15" }, { "value": "outlook.outlook.saudidigtalbank.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "packages.npm.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-143", "title": "Threat Brief: Widespread Impact of the Axios Supply Chain Attack", "link": "https://unit42.paloaltonetworks.com/axios-supply-chain-attack/", "published": "2026-04-01", "sev": "crit" } ], "first_seen": "2026-04-01" }, { "value": "pagepoinnc.app.n8n.cloud", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-122", "title": "The n8n n8mare: How threat actors are misusing AI workflow automation", "link": "https://blog.talosintelligence.com/the-n8n-n8mare/", "published": "2026-04-15", "sev": "crit" } ], "first_seen": "2026-04-15" }, { "value": "plug-tab-protective-relay.trycloudflare.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "pnd.86c.mytemp.website", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "policy-my.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-254", "title": "LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan", "link": "https://www.welivesecurity.com/en/eset-research/longnosedgoblin-tries-sniff-out-governmental-affairs-southeast-asia-japan/", "published": "2025-12-18", "sev": "crit" } ], "first_seen": "2025-12-18" }, { "value": "portal.0111etisalat.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "portal.sapb-aramco.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "pro.iranpanel.life", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "progamevl.ru", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-220", "title": "DynoWiper update: Technical analysis and attribution", "link": "https://www.welivesecurity.com/en/eset-research/dynowiper-update-technical-analysis-attribution/", "published": "2026-01-30", "sev": "crit" } ], "first_seen": "2026-01-30" }, { "value": "prop.py", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "proton.me", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-54", "title": "The npm Threat Landscape: Attack Surface and Mitigations", "link": "https://unit42.paloaltonetworks.com/monitoring-npm-supply-chain-attacks/", "published": "2026-04-24", "sev": "crit" } ], "first_seen": "2026-04-24" }, { "value": "recovery.cover.www.microsoft.com.irancell.courses", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "redalert.apk", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "requestrepo.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-63", "title": "LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure", "link": "https://thehackernews.com/2026/04/lmdeploy-cve-2026-33626-flaw-exploited.html", "published": "2026-04-24", "sev": "crit" } ], "first_seen": "2026-04-24" }, { "value": "robinhood.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-09", "title": "ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories", "link": "https://thehackernews.com/2026/04/threatsday-bulletin-sms-blaster-busts.html", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "roldco.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "s0u.210.mytemp.website", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "saudi-bill-pay.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "saudidigtalbank.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "scan.aquasecurtiy.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "secretemirates.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "server.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-254", "title": "LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan", "link": "https://www.welivesecurity.com/en/eset-research/longnosedgoblin-tries-sniff-out-governmental-affairs-southeast-asia-japan/", "published": "2025-12-18", "sev": "crit" } ], "first_seen": "2025-12-18" }, { "value": "sffifdsfsransupasdports.cyou", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "sfrclak.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-143", "title": "Threat Brief: Widespread Impact of the Axios Supply Chain Attack", "link": "https://unit42.paloaltonetworks.com/axios-supply-chain-attack/", "published": "2026-04-01", "sev": "crit" } ], "first_seen": "2026-04-01" }, { "value": "souls-entire-defined-routes.trycloudflare.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "srv2.filehost37.sbs", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "stardebug.app", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-49", "title": "PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks", "link": "https://thehackernews.com/2026/04/phantomcore-exploits-trueconf.html", "published": "2026-04-27", "sev": "crit" } ], "first_seen": "2026-04-27" }, { "value": "store.appleid-apple.com-confirmation.verif.emiratesbankgroup.info", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "stub.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-254", "title": "LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan", "link": "https://www.welivesecurity.com/en/eset-research/longnosedgoblin-tries-sniff-out-governmental-affairs-southeast-asia-japan/", "published": "2025-12-18", "sev": "crit" } ], "first_seen": "2025-12-18" }, { "value": "sudsmama.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "superset.0111etisalat.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "sxsfcc.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "tdtqy-oyaaa-aaaae-af2dq-cai.raw.icp0.io", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "tehran.t2.drproxy.pro", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "telemetry.api-monitor.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-85", "title": "Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens", "link": "https://thehackernews.com/2026/04/self-propagating-supply-chain-worm.html", "published": "2026-04-22", "sev": "crit" } ], "first_seen": "2026-04-22" }, { "value": "test.dsc.wcsset.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-288", "title": "PlushDaemon compromises network devices for adversary-in-the-middle attacks", "link": "https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-network-devices-for-adversary-in-the-middle-attacks/", "published": "2025-11-19", "sev": "crit" } ], "first_seen": "2025-11-19" }, { "value": "the-dubai-lifestyleapp.cryptocurrencies-offers.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "the1password.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-293", "title": "How password managers can be hacked \u2013 and how to stay safe", "link": "https://www.welivesecurity.com/en/cybersecurity/password-managers-under-attack-what-you-should-know/", "published": "2025-11-13", "sev": "crit" } ], "first_seen": "2025-11-13" }, { "value": "tinyurl.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "top1hbt.arm", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-113", "title": "A Deep Dive Into Attempted Exploitation of CVE-2023-33538", "link": "https://unit42.paloaltonetworks.com/exploitation-of-cve-2023-33538/", "published": "2026-04-16", "sev": "crit" } ], "first_seen": "2026-04-16" }, { "value": "top1hbt.mips", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-113", "title": "A Deep Dive Into Attempted Exploitation of CVE-2023-33538", "link": "https://unit42.paloaltonetworks.com/exploitation-of-cve-2023-33538/", "published": "2026-04-16", "sev": "crit" } ], "first_seen": "2026-04-16" }, { "value": "top1hbt.mpsl", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-113", "title": "A Deep Dive Into Attempted Exploitation of CVE-2023-33538", "link": "https://unit42.paloaltonetworks.com/exploitation-of-cve-2023-33538/", "published": "2026-04-16", "sev": "crit" } ], "first_seen": "2026-04-16" }, { "value": "tpcp.tar.gz", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "traz.top", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "trdfiransupport.cyou", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "trumpvsirancoin.xyz", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "tti.app.n8n.cloud", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-122", "title": "The n8n n8mare: How threat actors are misusing AI workflow automation", "link": "https://blog.talosintelligence.com/the-n8n-n8mare/", "published": "2026-04-15", "sev": "crit" } ], "first_seen": "2026-04-15" }, { "value": "ubiquitarianism.drilto.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Microsoft Security Blog" ], "articles": [ { "id": "art-07", "title": "Email threat landscape: Q1 2026 trends and insights", "link": "https://www.microsoft.com/en-us/security/blog/2026/04/30/email-threat-landscape-q1-2026-trends-and-insights/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "us-docker.pkg.dev", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-147", "title": "Double Agents: Exposing Security Blind Spots in GCP Vertex AI", "link": "https://unit42.paloaltonetworks.com/double-agents-vertex-ai/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "vnc.kcii2.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "wcsset.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-288", "title": "PlushDaemon compromises network devices for adversary-in-the-middle attacks", "link": "https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-network-devices-for-adversary-in-the-middle-attacks/", "published": "2025-11-19", "sev": "crit" } ], "first_seen": "2025-11-19" }, { "value": "www.emirates-post.ae-payapp.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "www.forever-iran.net", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "www.gxzhrc.cn", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "www.hyperfilevault2.mom", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "www.iran2026.org", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "www.portal.0111etisalat.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "www.shirideitch.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "www.superset.0111etisalat.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "xz.apps-store.im", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "yjzhengruol.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "yoshi.0111etisalat.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-110", "title": "Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)", "link": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/", "published": "2026-04-17", "sev": "crit" } ], "first_seen": "2026-04-17" }, { "value": "zdrhnmjjndu.ulbcl.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "zmx6f.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "101.99.88.113", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-254", "title": "LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan", "link": "https://www.welivesecurity.com/en/eset-research/longnosedgoblin-tries-sniff-out-governmental-affairs-southeast-asia-japan/", "published": "2025-12-18", "sev": "crit" } ], "first_seen": "2025-12-18" }, { "value": "101.99.88.188", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-254", "title": "LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan", "link": "https://www.welivesecurity.com/en/eset-research/longnosedgoblin-tries-sniff-out-governmental-affairs-southeast-asia-japan/", "published": "2025-12-18", "sev": "crit" } ], "first_seen": "2025-12-18" }, { "value": "103.116.72.119", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-63", "title": "LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure", "link": "https://thehackernews.com/2026/04/lmdeploy-cve-2026-33626-flaw-exploited.html", "published": "2026-04-24", "sev": "crit" } ], "first_seen": "2026-04-24" }, { "value": "103.159.132.30", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-254", "title": "LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan", "link": "https://www.welivesecurity.com/en/eset-research/longnosedgoblin-tries-sniff-out-governmental-affairs-southeast-asia-japan/", "published": "2025-12-18", "sev": "crit" } ], "first_seen": "2025-12-18" }, { "value": "104.21.91.170", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-98", "title": "New NGate variant hides in a trojanized NFC payment app", "link": "https://www.welivesecurity.com/en/eset-research/new-ngate-variant-hides-in-a-trojanized-nfc-payment-app/", "published": "2026-04-21", "sev": "crit" } ], "first_seen": "2026-04-21" }, { "value": "104.238.149.198", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-140", "title": "Understanding Current Threats to Kubernetes Environments", "link": "https://unit42.paloaltonetworks.com/modern-kubernetes-threats/", "published": "2026-04-06", "sev": "crit" } ], "first_seen": "2026-04-06" }, { "value": "108.165.230.223", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-98", "title": "New NGate variant hides in a trojanized NFC payment app", "link": "https://www.welivesecurity.com/en/eset-research/new-ngate-variant-hides-in-a-trojanized-nfc-payment-app/", "published": "2026-04-21", "sev": "crit" } ], "first_seen": "2026-04-21" }, { "value": "108.187.37.85", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "108.187.41.221", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "108.187.42.63", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "118.107.234.26", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-254", "title": "LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan", "link": "https://www.welivesecurity.com/en/eset-research/longnosedgoblin-tries-sniff-out-governmental-affairs-southeast-asia-japan/", "published": "2025-12-18", "sev": "crit" } ], "first_seen": "2025-12-18" }, { "value": "118.107.234.29", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-254", "title": "LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan", "link": "https://www.welivesecurity.com/en/eset-research/longnosedgoblin-tries-sniff-out-governmental-affairs-southeast-asia-japan/", "published": "2025-12-18", "sev": "crit" } ], "first_seen": "2025-12-18" }, { "value": "135.125.255.55", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-13", "title": "EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades", "link": "https://thehackernews.com/2026/04/etherrat-distribution-spoofing.html", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "139.180.128.251", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "139.180.139.209", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "142.11.206.73", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-143", "title": "Threat Brief: Widespread Impact of the Axios Supply Chain Attack", "link": "https://unit42.paloaltonetworks.com/axios-supply-chain-attack/", "published": "2026-04-01", "sev": "crit" } ], "first_seen": "2026-04-01" }, { "value": "154.82.81.192", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "154.82.81.205", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "158.247.193.100", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-60", "title": "Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2", "link": "https://thehackernews.com/2026/04/tropic-trooper-uses-trojanized.html", "published": "2026-04-24", "sev": "crit" } ], "first_seen": "2026-04-24" }, { "value": "192.163.167.14", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "192.229.115.229", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "192.238.205.47", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "195.5.171.242", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "207.56.119.216", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "207.56.138.28", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "209.34.235.18", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "212.71.124.188", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "216.126.237.71", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-26", "title": "New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs", "link": "https://thehackernews.com/2026/04/new-wave-of-dprk-attacks-uses-ai.html", "published": "2026-04-29", "sev": "crit" } ], "first_seen": "2026-04-29" }, { "value": "23.142.184.129", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "23.235.188.3", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-140", "title": "Understanding Current Threats to Kubernetes Environments", "link": "https://unit42.paloaltonetworks.com/modern-kubernetes-threats/", "published": "2026-04-06", "sev": "crit" } ], "first_seen": "2026-04-06" }, { "value": "24.152.36.241", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-36", "title": "Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign", "link": "https://thehackernews.com/2026/04/brazilian-lofygang-resurfaces-after.html", "published": "2026-04-28", "sev": "crit" } ], "first_seen": "2026-04-28" }, { "value": "31.172.71.5", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-220", "title": "DynoWiper update: Technical analysis and attribution", "link": "https://www.welivesecurity.com/en/eset-research/dynowiper-update-technical-analysis-attribution/", "published": "2026-01-30", "sev": "crit" } ], "first_seen": "2026-01-30" }, { "value": "38.54.17.131", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-254", "title": "LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan", "link": "https://www.welivesecurity.com/en/eset-research/longnosedgoblin-tries-sniff-out-governmental-affairs-southeast-asia-japan/", "published": "2025-12-18", "sev": "crit" } ], "first_seen": "2025-12-18" }, { "value": "45.118.133.203", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "45.148.10.212", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "45.192.219.60", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "45.32.108.178", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "45.76.155.14", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-140", "title": "Understanding Current Threats to Kubernetes Environments", "link": "https://unit42.paloaltonetworks.com/modern-kubernetes-threats/", "published": "2026-04-06", "sev": "crit" } ], "first_seen": "2026-04-06" }, { "value": "47.242.198.250", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-288", "title": "PlushDaemon compromises network devices for adversary-in-the-middle attacks", "link": "https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-network-devices-for-adversary-in-the-middle-attacks/", "published": "2025-11-19", "sev": "crit" } ], "first_seen": "2025-11-19" }, { "value": "51.38.137.113", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-113", "title": "A Deep Dive Into Attempted Exploitation of CVE-2023-33538", "link": "https://unit42.paloaltonetworks.com/exploitation-of-cve-2023-33538/", "published": "2026-04-16", "sev": "crit" } ], "first_seen": "2026-04-16" }, { "value": "57.133.212.106", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "63.251.162.11", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "65.111.25.67", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-34", "title": "LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure", "link": "https://thehackernews.com/2026/04/litellm-cve-2026-42208-sql-injection.html", "published": "2026-04-29", "sev": "crit" } ], "first_seen": "2026-04-29" }, { "value": "65.111.27.132", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "The Hacker News" ], "articles": [ { "id": "art-34", "title": "LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure", "link": "https://thehackernews.com/2026/04/litellm-cve-2026-42208-sql-injection.html", "published": "2026-04-29", "sev": "crit" } ], "first_seen": "2026-04-29" }, { "value": "8.212.132.120", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-288", "title": "PlushDaemon compromises network devices for adversary-in-the-middle attacks", "link": "https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-network-devices-for-adversary-in-the-middle-attacks/", "published": "2025-11-19", "sev": "crit" } ], "first_seen": "2025-11-19" }, { "value": "83.142.209.11", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "83.142.209.203", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "91.195.240.123", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)", "The Hacker News" ], "articles": [ { "id": "art-54", "title": "The npm Threat Landscape: Attack Surface and Mitigations", "link": "https://unit42.paloaltonetworks.com/monitoring-npm-supply-chain-attacks/", "published": "2026-04-24", "sev": "crit" }, { "id": "art-84", "title": "Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain", "link": "https://thehackernews.com/2026/04/malicious-kics-docker-images-and-vs.html", "published": "2026-04-22", "sev": "crit" } ], "first_seen": "2026-04-24" }, { "value": "94.154.172.43", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)", "The Hacker News" ], "articles": [ { "id": "art-54", "title": "The npm Threat Landscape: Attack Surface and Mitigations", "link": "https://unit42.paloaltonetworks.com/monitoring-npm-supply-chain-attacks/", "published": "2026-04-24", "sev": "crit" }, { "id": "art-84", "title": "Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain", "link": "https://thehackernews.com/2026/04/malicious-kics-docker-images-and-vs.html", "published": "2026-04-22", "sev": "crit" } ], "first_seen": "2026-04-24" }, { "value": "039E93B98EF5E329F8666A424237AE73", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "04194f8ddd0518fd8005f0e87ae96335", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "043e457726f1bbb6046cb0c9869dbd7d", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "0565364633b5acdd24a498a6a9ab4eca", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "06130DC648621E93ACB9EFB9FABB9651", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "075b4aa105e728f2b659723e3f36c72c", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "0B9B420E3EDD2ADE5EDC44F60CA745A2", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "0C3B60FFC4EA9CCCE744BFA03B1A3556", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "0ff6abe0252d4f37a196a1231fae5f26", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "1020497BEF56F4181AEFB7A0A9873FB4", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "114721fbc23ff9d188535bd736a0d30e", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "11705121f64fa36f1e9d7e59867b0724", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "13669b8f2bd0af53a3fe9ac0490499e5", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "19733e0dfa804e3676f97eff90f2e467", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "1AA72CD19E37570E14D898DFF3F2E380", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "1D1F71936DB05F67765F442FEB95F3FD", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "1d2f32c57ae2f2013f513d342925e972", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "202A5BCB87C34993318CFA3FA0C7ECB0", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "2375193669e243e830ef5794226352e7", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "2717b58246237b35d44ef2e49712d3a2", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "2740a703859cbd8b43425d4a2cacb5ec", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "27A3C439308F5C4956D77E23E1AAD1A9", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "2915b3f8b703eb744fc54c81f4a9c67f", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-01", "title": "Great responsibility, without great power", "link": "https://blog.talosintelligence.com/great-responsibility-without-great-power/", "published": "2026-04-30", "sev": "crit" }, { "id": "art-71", "title": "It pays to be a forever student", "link": "https://blog.talosintelligence.com/it-pays-to-be-a-forever-student/", "published": "2026-04-23", "sev": "crit" }, { "id": "art-115", "title": "The Q1 vulnerability pulse", "link": "https://blog.talosintelligence.com/the-q1-vulnerability-pulse/", "published": "2026-04-16", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "2b92e125184469a0c3740abcaa10350c", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "2c5a1dd4cb53287fe0ed14e0b7b7b1b7", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "31d25ddf2697b9e13ee883fff328b22f", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "32407207e9e9a0948d167dca96c41d1a", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "3279307508F3E5FB3A2420DEC645F583", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "3417B9CF7ACB22FAE9E24603D4DE1194", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "3C6AEC25EBB2D51E1F16C2EEF181C82A", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "410eddfc19de44249897986ecc8ac449", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "4126348d783393dd85ede3468e48405d", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "41444d7018601b599beac0c60ed1bf83", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-01", "title": "Great responsibility, without great power", "link": "https://blog.talosintelligence.com/great-responsibility-without-great-power/", "published": "2026-04-30", "sev": "crit" }, { "id": "art-115", "title": "The Q1 vulnerability pulse", "link": "https://blog.talosintelligence.com/the-q1-vulnerability-pulse/", "published": "2026-04-16", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "417ae7f384c49de8c672aec86d5a2860", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "44299A368000AE1EE9E9E584377B8757", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "49a8934ccd34e2aaae6ea1e6a6313ffe", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "4a5195a38a458cdd2c1b5ab13af3b393", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "4d343515f4c87b9a2ffd2f46665d2d57", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "4FC5EC1DE89CE3FCDD3E70DB4A9C39D1", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "4FC8C78516A8C2130286429686E200ED", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "5390E8BF7131CAAAA98A5DD63E27B2BC", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "53B68CA8D7A54C15700CF9500AE4A4E2", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "5b998a5bc5ad1c550564294034d4a62c", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "5bdae6cb778d002c806bb7ed130985f3", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "5ED84B2099E220D645934E1FD552AE3A", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "6495c409b59deb72cfcb2b2da983b3bb", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "6611E902945E97A1B27F322A50566D48", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "686989d97cf0d70346cbde2031207cbf", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "6cf382d3a0eae57b8baaa263e4ed8d00", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "70016DDBCB8543BDB06E0F8C509EE980", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "70AE9CA2A285DA9005A8ACB32DD31ACE", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "79CD56FC9ABF294B9BA8751E618EC642", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "79fe383f0963ae741193989c12aefacc", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "7b4c61ff418f6fe80cf8adb474278311", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "7bdbd180c081fa63ca94f9c22c457376", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-01", "title": "Great responsibility, without great power", "link": "https://blog.talosintelligence.com/great-responsibility-without-great-power/", "published": "2026-04-30", "sev": "crit" }, { "id": "art-115", "title": "The Q1 vulnerability pulse", "link": "https://blog.talosintelligence.com/the-q1-vulnerability-pulse/", "published": "2026-04-16", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "7e678ca2f01dc853e85d13924e6c8a45", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "7F27818E4244310A645984CCC41EA818", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "808c87015194c51d74356854dfb10d9e", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-126", "title": "JanelaRAT: a financial threat targeting users in Latin America", "link": "https://securelist.com/janelarat-financial-threat-in-latin-america/119332/", "published": "2026-04-13", "sev": "crit" } ], "first_seen": "2026-04-13" }, { "value": "814032eec3bc31643f8faa4234d0e049", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "84c81a5e49291fe60eb9f5c1e2ac184b", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "84E54C3602D8240ED905B07217C451CD", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "891DE2FF486A1824F2DB01C1BDF1D2E9", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "8AC5BEE89436B29F9817E434507FEF55", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "8cbd34393d1d54a90be3c2b53d8fc17a", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "8d45a67b648d2cb46292ff5041a5dd44", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "8f51f82393c6467f9392fb9eb46f9301", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "8FC911CA37F9F451A213B967F016F1F8", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "90257aa1e7c9118055c09d4a978d4bee", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "933F1CB8ED2CED5D0DD2877C5EA374E8", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "9bf9f635019494c4b70fb0a7c0fb53e4", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "A083C546DC66B0F2A5E0E2E68032F62C", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "A0D1223CA4327AA5F7674BDA8779323F", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "A234850DFDFD7EE128F648F9750DD2C4", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "a2cf85d22a54e26794cbc7be16840bb1", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-71", "title": "It pays to be a forever student", "link": "https://blog.talosintelligence.com/it-pays-to-be-a-forever-student/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "a543b96b0938de798dd4f683dd92a94a", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "A75713F0310E74FFD24D91E5731C4D31", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "aac3165ece2959f39ff98334618d10d9", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-01", "title": "Great responsibility, without great power", "link": "https://blog.talosintelligence.com/great-responsibility-without-great-power/", "published": "2026-04-30", "sev": "crit" }, { "id": "art-71", "title": "It pays to be a forever student", "link": "https://blog.talosintelligence.com/it-pays-to-be-a-forever-student/", "published": "2026-04-23", "sev": "crit" }, { "id": "art-115", "title": "The Q1 vulnerability pulse", "link": "https://blog.talosintelligence.com/the-q1-vulnerability-pulse/", "published": "2026-04-16", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "AD39A5790B79178D02AC739099B8E1F4", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "af4461a149bfd2ba566f2abefe7dcde4", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "B0E06925DB5416DFC90BABF46402CD6F", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "B23D302B7F23453C98C11CA7B2E4616E", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "b500e0a8c87dffe6f20c6e067b51afbf", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "B53E3CC11947E5645DFBB19934B69833", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "B5CA812843570DCF8E7F35CACAB36D4A", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "b639f7f81a8faca9c62fd227fef5e28c", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "B6DF7C59756AB655CA752B8A1B20CFFA", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "bafba3d044a4f674fc9edc67ef6b8a6b", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "be9e0d516f59ae57f5553bcc3cf296d1", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "c2efb2dcacba6d3ccc175b6ce1b7ed0a", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-01", "title": "Great responsibility, without great power", "link": "https://blog.talosintelligence.com/great-responsibility-without-great-power/", "published": "2026-04-30", "sev": "crit" }, { "id": "art-71", "title": "It pays to be a forever student", "link": "https://blog.talosintelligence.com/it-pays-to-be-a-forever-student/", "published": "2026-04-23", "sev": "crit" }, { "id": "art-115", "title": "The Q1 vulnerability pulse", "link": "https://blog.talosintelligence.com/the-q1-vulnerability-pulse/", "published": "2026-04-16", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "c50c980d3f4b7ed970f083b0d37a6a6a", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "CB3D86E3EC2736EE1C883706FCA172F8", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "cb66a4d52a30bfcd980fe50e7e3f73f0", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "cf859f164870d113608a843e4a9600ab", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "d138a63436b4dd8c5a55d184e025ef99", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "d17caf6f5d6ba3393a3a865d1c43c3d2", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "D1D78CD1436991ADB9C005CC7C6B5B98", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "d48b580718b0e1617afc1dec028e9059", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "d749e0f8f2cd4e14178a787571534121", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-71", "title": "It pays to be a forever student", "link": "https://blog.talosintelligence.com/it-pays-to-be-a-forever-student/", "published": "2026-04-23", "sev": "crit" }, { "id": "art-115", "title": "The Q1 vulnerability pulse", "link": "https://blog.talosintelligence.com/the-q1-vulnerability-pulse/", "published": "2026-04-16", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "d7a68749635604d6d7297e4fa2530eb6", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-126", "title": "JanelaRAT: a financial threat targeting users in Latin America", "link": "https://securelist.com/janelarat-financial-threat-in-latin-america/119332/", "published": "2026-04-13", "sev": "crit" } ], "first_seen": "2026-04-13" }, { "value": "daea40562458fc7ae1adb812137d3d05", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "dbd8dbecaa80795c135137d69921fdba", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-01", "title": "Great responsibility, without great power", "link": "https://blog.talosintelligence.com/great-responsibility-without-great-power/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "dbe51eabebf9d4ef9581ef99844a2944", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "DD0114FFACC6610B5A4A1CB0E79624CC", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "de8f0008b15f2404f721f76fac34456a", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "dfc64dd9d8f776ca5440c35fef5d406e", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "e0c10106626711f287ff91c0d6314407", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "E5E8EF65B4D265BD5FB77FE165131C2F", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "e6362a81991323e198a463a8ce255533", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "e66bae6e8621db2a835fa6721c3e5bbe", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "ebff5b7d4c5becb8715009df596c5a91", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "eefc28e9f2c0c0592af186be8e3570d2", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "f15a67899cfe4decff76d4cd1677c254", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "f4dbbb78979c1ee8a1523c77065e18a5", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "F7037CC9A5659D5A1F68E88582242375", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "f8371097121549feb21e3bcc2eeea522", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "fa08b243f12e31940b8b4b82d3498804", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "fc546acf1735127db05fb5bc354093e0", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-17", "title": "Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India", "link": "https://securelist.com/silver-fox-tax-notification-campaign/119575/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "fd0dc5d4bba740c7b4cc78c4b19a5840", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-101", "title": "FakeWallet crypto stealer spreading through iOS apps in the App Store", "link": "https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/", "published": "2026-04-20", "sev": "crit" } ], "first_seen": "2026-04-20" }, { "value": "145ef372c3e9c352eaaa53bb0893749163e49892", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "1ce1111702b765f5c4d09315ff1f0d914f7e5c70", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "2fa28ef1c6744bdc2021abd4048eefc777dccf22", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "3ce5b358c2ddd116ac9582efbb38354809999cb5", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "586edef41c3b3fba87bf0f0346c7e402f86fc11e", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "650fc6b3e4f62ecdc1ec5728f36bb46ba0f74d05", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "675cb83cec5f25ebbe8d9f90dea3d836fcb1c234", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "829f8be65dfe159d2b0dc7ee7a61a017acb54b7b", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "92e9dcaf7249110047ef121b7586c81d4b8cb4e5", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "952ed694b60c34ba12df9d392269eae3a4f11be4", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "99B454262DC26B081600E844371982A49D334E5E", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-174", "title": "Sednit reloaded: Back in the trenches", "link": "https://www.welivesecurity.com/en/eset-research/sednit-reloaded-back-trenches/", "published": "2026-03-10", "sev": "crit" } ], "first_seen": "2026-03-10" }, { "value": "9e089a733fb2740c0e408b2a25d8f5a451584cf6", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "bc544f455d7c06c8a1f3446160a6d9a4a8236b11", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-54", "title": "The npm Threat Landscape: Attack Surface and Mitigations", "link": "https://unit42.paloaltonetworks.com/monitoring-npm-supply-chain-attacks/", "published": "2026-04-24", "sev": "crit" } ], "first_seen": "2026-04-24" }, { "value": "ca665b59bc590292f94c23e04fa458f90d7b20c9", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "D0DB619A7A160949528D46D20FC0151BF9775C32", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-174", "title": "Sednit reloaded: Back in the trenches", "link": "https://www.welivesecurity.com/en/eset-research/sednit-reloaded-back-trenches/", "published": "2026-03-10", "sev": "crit" } ], "first_seen": "2026-03-10" }, { "value": "d475ace24b9aedebf431efc68f9db32d5ae761bd", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "de584703c78a60a56028f9834086facd1401b355", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "e6018cd482c012de8b69c64dc3165337bc121b86", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "00078aeeaca54b5d3c1237e964e9f956690b782e4ea160d81edc3c6b44e7f620", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-113", "title": "A Deep Dive Into Attempted Exploitation of CVE-2023-33538", "link": "https://unit42.paloaltonetworks.com/exploitation-of-cve-2023-33538/", "published": "2026-04-16", "sev": "crit" } ], "first_seen": "2026-04-16" }, { "value": "01c9484abc948daa525516464785009d1e7a63ffd6012b9e85b56477acc3e624", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-143", "title": "Threat Brief: Widespread Impact of the Axios Supply Chain Attack", "link": "https://unit42.paloaltonetworks.com/axios-supply-chain-attack/", "published": "2026-04-01", "sev": "crit" } ], "first_seen": "2026-04-01" }, { "value": "05eac3663d47a29da0d32f67e10d161f831138e10958dcd88b9dc97038948f69", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-140", "title": "Understanding Current Threats to Kubernetes Environments", "link": "https://unit42.paloaltonetworks.com/modern-kubernetes-threats/", "published": "2026-04-06", "sev": "crit" } ], "first_seen": "2026-04-06" }, { "value": "06361562cc53d759fb5a4c2b7aac348e4d23fe59be3b2871b14678365283ca47", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "07c69fc33271cf5a2ce03ac1fed7a3b16357aec093c5bf9ef61fbfa4348d0529", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "0880819ef821cff918960a39c1c1aada55a5593c61c608ea9215da858a86e349", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "09ca719e06a526f70aadf34fb66b136ed20f923776e6b33a33a9059ef674da22", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "0c0d206d5e68c0cf64d57ffa8bc5b1dad54f2dda52f24e96e02e237498cb9c3a", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "0c6a3555c4eb49f240d7e0e3edbfbb3c900f123033b4f6e99ac3724b9b76278f", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "0d83030ab8bfba675fc1661f0756b6770be7dd80b1b718de3d68a01f2e79a5f4", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-143", "title": "Threat Brief: Widespread Impact of the Axios Supply Chain Attack", "link": "https://unit42.paloaltonetworks.com/axios-supply-chain-attack/", "published": "2026-04-01", "sev": "crit" } ], "first_seen": "2026-04-01" }, { "value": "167ce57ef59a32a6a0ef4137785828077879092d7f83ddbc1755d6e69116e0ad", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-54", "title": "The npm Threat Landscape: Attack Surface and Mitigations", "link": "https://unit42.paloaltonetworks.com/monitoring-npm-supply-chain-attacks/", "published": "2026-04-24", "sev": "crit" } ], "first_seen": "2026-04-24" }, { "value": "18a24f83e807479438dcab7a1804c51a00dafc1d526698a66e0640d1e5dd671a", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "18f784b3bc9a0bcdcb1a8d7f51bc5f54323fc40cbd874119354ab609bef6e4cb", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-54", "title": "The npm Threat Landscape: Attack Surface and Mitigations", "link": "https://unit42.paloaltonetworks.com/monitoring-npm-supply-chain-attacks/", "published": "2026-04-24", "sev": "crit" } ], "first_seen": "2026-04-24" }, { "value": "1e559c51f19972e96fcc5a92d710732159cdae72f407864607a513b20729decb", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "20df0909a3a0ef26d74ae139763a380e49f77207aa1108d4640d8b6f14cab8ca", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-143", "title": "Threat Brief: Widespread Impact of the Axios Supply Chain Attack", "link": "https://unit42.paloaltonetworks.com/axios-supply-chain-attack/", "published": "2026-04-01", "sev": "crit" } ], "first_seen": "2026-04-01" }, { "value": "30015DD1E2CF4DBD49FFF9DDEF2AD4622DA2E60E5C0B6228595325532E948F14", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "37414d9ca87a132ec5081f3e7590d04498237746f9a7479c6b443accee17a062", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "38d053135ddceaef0abb8296f3b0bf6114b25e10e6fa1bb8050aeecec4ba8f55", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-01", "title": "Great responsibility, without great power", "link": "https://blog.talosintelligence.com/great-responsibility-without-great-power/", "published": "2026-04-30", "sev": "crit" }, { "id": "art-115", "title": "The Q1 vulnerability pulse", "link": "https://blog.talosintelligence.com/the-q1-vulnerability-pulse/", "published": "2026-04-16", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "3c1dbc3f56e91cc79f0014850e773a7f12bbfef06680f08f883b2bf12873eccc", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-71", "title": "It pays to be a forever student", "link": "https://blog.talosintelligence.com/it-pays-to-be-a-forever-student/", "published": "2026-04-23", "sev": "crit" }, { "id": "art-115", "title": "The Q1 vulnerability pulse", "link": "https://blog.talosintelligence.com/the-q1-vulnerability-pulse/", "published": "2026-04-16", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "3fbd2a2e82ceb5e91eadbad02cb45ac618324da9b1895d81ebe7de765dca30e7", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-113", "title": "A Deep Dive Into Attempted Exploitation of CVE-2023-33538", "link": "https://unit42.paloaltonetworks.com/exploitation-of-cve-2023-33538/", "published": "2026-04-16", "sev": "crit" } ], "first_seen": "2026-04-16" }, { "value": "41C4F2F37C0B257D1E20FE167F2098DA9D2E0A939B09ED3F63BC4FE010F8365C", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "4465bdeaddc8c049a67a3d5ec105b2f07dae72fa080166e51b8f487516eb8d07", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-143", "title": "Threat Brief: Widespread Impact of the Axios Supply Chain Attack", "link": "https://unit42.paloaltonetworks.com/axios-supply-chain-attack/", "published": "2026-04-01", "sev": "crit" } ], "first_seen": "2026-04-01" }, { "value": "4caaa18982cd4056fead54b98d57f9a2a1ddd654cf19a7ba2366dfadbd6033da", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-113", "title": "A Deep Dive Into Attempted Exploitation of CVE-2023-33538", "link": "https://unit42.paloaltonetworks.com/exploitation-of-cve-2023-33538/", "published": "2026-04-16", "sev": "crit" } ], "first_seen": "2026-04-16" }, { "value": "506690fcbd10fbe6f2b85b49a1fffa9d984c376c25ef6b73f764f670e932cab4", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-143", "title": "Threat Brief: Widespread Impact of the Axios Supply Chain Attack", "link": "https://unit42.paloaltonetworks.com/axios-supply-chain-attack/", "published": "2026-04-01", "sev": "crit" } ], "first_seen": "2026-04-01" }, { "value": "526ab39d1f56732e4e926715aaa797feb13b1ae86882ec570a4d292e7fdc3699", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-143", "title": "Threat Brief: Widespread Impact of the Axios Supply Chain Attack", "link": "https://unit42.paloaltonetworks.com/axios-supply-chain-attack/", "published": "2026-04-01", "sev": "crit" } ], "first_seen": "2026-04-01" }, { "value": "534b654531a6a540a144da9545ee343e1046f843d7de4c1091b46c3ee66a508b", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-113", "title": "A Deep Dive Into Attempted Exploitation of CVE-2023-33538", "link": "https://unit42.paloaltonetworks.com/exploitation-of-cve-2023-33538/", "published": "2026-04-16", "sev": "crit" } ], "first_seen": "2026-04-16" }, { "value": "56f21f412e898ad9e3ee05d5f44c44d9d7bcb9ecbfbdb9de11b8fa5a637aeef6", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-113", "title": "A Deep Dive Into Attempted Exploitation of CVE-2023-33538", "link": "https://unit42.paloaltonetworks.com/exploitation-of-cve-2023-33538/", "published": "2026-04-16", "sev": "crit" } ], "first_seen": "2026-04-16" }, { "value": "58401c195fe0a6204b42f5f90995ece5fab74ce7c69c67a24c61a057325af668", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-143", "title": "Threat Brief: Widespread Impact of the Axios Supply Chain Attack", "link": "https://unit42.paloaltonetworks.com/axios-supply-chain-attack/", "published": "2026-04-01", "sev": "crit" } ], "first_seen": "2026-04-01" }, { "value": "59336a964f110c25c112bcc5adca7090296b54ab33fa95c0744b94f8a0d80c0f", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-143", "title": "Threat Brief: Widespread Impact of the Axios Supply Chain Attack", "link": "https://unit42.paloaltonetworks.com/axios-supply-chain-attack/", "published": "2026-04-01", "sev": "crit" } ], "first_seen": "2026-04-01" }, { "value": "5966513a12a5601b262c4ee4d3e32091feb05b666951d06431c30a8cece83010", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "5b5fbc627502c5797d97b206b6dcf537889e6bea6d4e81a835e103e311690e22", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-143", "title": "Threat Brief: Widespread Impact of the Axios Supply Chain Attack", "link": "https://unit42.paloaltonetworks.com/axios-supply-chain-attack/", "published": "2026-04-01", "sev": "crit" } ], "first_seen": "2026-04-01" }, { "value": "5bb67e88846096f1f8d42a0f0350c9c46260591567612ff9af46f98d1b7571cd", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-143", "title": "Threat Brief: Widespread Impact of the Axios Supply Chain Attack", "link": "https://unit42.paloaltonetworks.com/axios-supply-chain-attack/", "published": "2026-04-01", "sev": "crit" } ], "first_seen": "2026-04-01" }, { "value": "5e2ab672c3f98f21925bd26d9a9bba036b67d84fde0dfdbe2cf9b85b170cab71", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-143", "title": "Threat Brief: Widespread Impact of the Axios Supply Chain Attack", "link": "https://unit42.paloaltonetworks.com/axios-supply-chain-attack/", "published": "2026-04-01", "sev": "crit" } ], "first_seen": "2026-04-01" }, { "value": "5e2ba7c4c53fa6e0cef58011acdd50682cf83fb7b989712d2fcf1b5173bad956", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "5e6060df7e8114cb7b412260870efd1dc05979454bd907d8750c669ae6fcbcfe", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-71", "title": "It pays to be a forever student", "link": "https://blog.talosintelligence.com/it-pays-to-be-a-forever-student/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-143", "title": "Threat Brief: Widespread Impact of the Axios Supply Chain Attack", "link": "https://unit42.paloaltonetworks.com/axios-supply-chain-attack/", "published": "2026-04-01", "sev": "crit" } ], "first_seen": "2026-04-01" }, { "value": "61ff00a81b19624adaad425b9129ba2f312f4ab76fb5ddc2c628a5037d31a4ba", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "6328a34b26a63423b555a61f89a6a0525a534e9c88584c815d937910f1ddd538", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "66fe485f29a6405265756aaf7f822b9ceb56e108afabd414ee222ee9657dd7e2", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "7321caa303fe96ded0492c747d2f353c4f7d17185656fe292ab0a59e2bd0b8d9", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "7b47ed28e84437aee64ffe9770d315c1b984135105f7f608a8b9579517bc0695", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-143", "title": "Threat Brief: Widespread Impact of the Axios Supply Chain Attack", "link": "https://unit42.paloaltonetworks.com/axios-supply-chain-attack/", "published": "2026-04-01", "sev": "crit" } ], "first_seen": "2026-04-01" }, { "value": "7b5cc85e82249b0c452c66563edca498ce9d0c70badef04ab2c52acef4d629ca", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "7bbb21fec19512d932b7a92652ed0c8f0fedea89f34b9d6f267cf39de0eb9b20", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-113", "title": "A Deep Dive Into Attempted Exploitation of CVE-2023-33538", "link": "https://unit42.paloaltonetworks.com/exploitation-of-cve-2023-33538/", "published": "2026-04-16", "sev": "crit" } ], "first_seen": "2026-04-16" }, { "value": "7d2c9b4a3942f6029d2de7f73723b505b64caa8e1763e4eb1f134360465185d0", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-140", "title": "Understanding Current Threats to Kubernetes Environments", "link": "https://unit42.paloaltonetworks.com/modern-kubernetes-threats/", "published": "2026-04-06", "sev": "crit" } ], "first_seen": "2026-04-06" }, { "value": "7df6cef7ab9aae2ea08f2f872f6456b5d51d896ddda907a238cd6668ccdc4bb7", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "7e00030a35504de5c0d16020aa40cbaf5d36561e0716feb8f73235579a7b0909", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "7f30259d72eb7432b2454c07be83365ecfa835188185b35b30d11654aadf86a0", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-122", "title": "The n8n n8mare: How threat actors are misusing AI workflow automation", "link": "https://blog.talosintelligence.com/the-n8n-n8mare/", "published": "2026-04-15", "sev": "crit" } ], "first_seen": "2026-04-15" }, { "value": "822dd269ec10459572dfaaefe163dae693c344249a0161953f0d5cdd110bd2a0", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "8449341ddc3f7fcc2547639e21e704400ca6a8a6841ae74e57c04445b1276a10", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-143", "title": "Threat Brief: Widespread Impact of the Axios Supply Chain Attack", "link": "https://unit42.paloaltonetworks.com/axios-supply-chain-attack/", "published": "2026-04-01", "sev": "crit" } ], "first_seen": "2026-04-01" }, { "value": "887e1f5b5b50162a60bd03b66269e0ae545d0aef0583c1c5b00972152ad7e073", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "8b018452fdd64c346af4d97da420681e2e0b55b8c9ce2b8de75e330993b759a0", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "8fcb4d3d4df61719ee3da98241393779290e0efcd88a49e363e2a2dfbc04dae9", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "90b1456cdbe6bc2779ea0b4736ed9a998a71ae37390331b6ba87e389a49d3d59", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-01", "title": "Great responsibility, without great power", "link": "https://blog.talosintelligence.com/great-responsibility-without-great-power/", "published": "2026-04-30", "sev": "crit" }, { "id": "art-71", "title": "It pays to be a forever student", "link": "https://blog.talosintelligence.com/it-pays-to-be-a-forever-student/", "published": "2026-04-23", "sev": "crit" }, { "id": "art-115", "title": "The Q1 vulnerability pulse", "link": "https://blog.talosintelligence.com/the-q1-vulnerability-pulse/", "published": "2026-04-16", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "919f292a07a37f163f88527e725406187c8ecc637387ad24853fe49ce4e6ddf4", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-113", "title": "A Deep Dive Into Attempted Exploitation of CVE-2023-33538", "link": "https://unit42.paloaltonetworks.com/exploitation-of-cve-2023-33538/", "published": "2026-04-16", "sev": "crit" } ], "first_seen": "2026-04-16" }, { "value": "92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-143", "title": "Threat Brief: Widespread Impact of the Axios Supply Chain Attack", "link": "https://unit42.paloaltonetworks.com/axios-supply-chain-attack/", "published": "2026-04-01", "sev": "crit" } ], "first_seen": "2026-04-01" }, { "value": "93a09e54e607930dfc068fcbc7ea2c2ea776c504aa20a8ca12100a28cfdcc75a", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-122", "title": "The n8n n8mare: How threat actors are misusing AI workflow automation", "link": "https://blog.talosintelligence.com/the-n8n-n8mare/", "published": "2026-04-15", "sev": "crit" } ], "first_seen": "2026-04-15" }, { "value": "96fa6a7714670823c83099ea01d24d6d3ae8fef027f01a4ddac14f123b1c9974", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-01", "title": "Great responsibility, without great power", "link": "https://blog.talosintelligence.com/great-responsibility-without-great-power/", "published": "2026-04-30", "sev": "crit" }, { "id": "art-71", "title": "It pays to be a forever student", "link": "https://blog.talosintelligence.com/it-pays-to-be-a-forever-student/", "published": "2026-04-23", "sev": "crit" }, { "id": "art-115", "title": "The Q1 vulnerability pulse", "link": "https://blog.talosintelligence.com/the-q1-vulnerability-pulse/", "published": "2026-04-16", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "9a10e1faa86a5d39417cae44da5adf38824dfb9a16432e34df766aa1dc9e3525", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "9c64f1c7eba080b4e5ff17369ddcd00b9fe2d47dacdc61444b4cbfebb23a166c", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-143", "title": "Threat Brief: Widespread Impact of the Axios Supply Chain Attack", "link": "https://unit42.paloaltonetworks.com/axios-supply-chain-attack/", "published": "2026-04-01", "sev": "crit" } ], "first_seen": "2026-04-01" }, { "value": "9df711c3aef2bba17b622ddfd955452f8d8eb55899528fbc13d9540c52f13402", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-113", "title": "A Deep Dive Into Attempted Exploitation of CVE-2023-33538", "link": "https://unit42.paloaltonetworks.com/exploitation-of-cve-2023-33538/", "published": "2026-04-16", "sev": "crit" } ], "first_seen": "2026-04-16" }, { "value": "9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-01", "title": "Great responsibility, without great power", "link": "https://blog.talosintelligence.com/great-responsibility-without-great-power/", "published": "2026-04-30", "sev": "crit" }, { "id": "art-71", "title": "It pays to be a forever student", "link": "https://blog.talosintelligence.com/it-pays-to-be-a-forever-student/", "published": "2026-04-23", "sev": "crit" }, { "id": "art-115", "title": "The Q1 vulnerability pulse", "link": "https://blog.talosintelligence.com/the-q1-vulnerability-pulse/", "published": "2026-04-16", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "a224dd73b7ed33e0bf6a2ea340c8f8859dfa9ec5736afa8baea6225bf066b248", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-143", "title": "Threat Brief: Widespread Impact of the Axios Supply Chain Attack", "link": "https://unit42.paloaltonetworks.com/axios-supply-chain-attack/", "published": "2026-04-01", "sev": "crit" } ], "first_seen": "2026-04-01" }, { "value": "a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-01", "title": "Great responsibility, without great power", "link": "https://blog.talosintelligence.com/great-responsibility-without-great-power/", "published": "2026-04-30", "sev": "crit" }, { "id": "art-115", "title": "The Q1 vulnerability pulse", "link": "https://blog.talosintelligence.com/the-q1-vulnerability-pulse/", "published": "2026-04-16", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "a98e04dec3a7fe507eb30c72da808bad60bc14d9d80f9770ec99c438faa85a1a", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-143", "title": "Threat Brief: Widespread Impact of the Axios Supply Chain Attack", "link": "https://unit42.paloaltonetworks.com/axios-supply-chain-attack/", "published": "2026-04-01", "sev": "crit" } ], "first_seen": "2026-04-01" }, { "value": "ad8ba560ae5c4af4758bc68cc6dcf43bae0e0bbf9da680a8dc60a9ef78e22ff7", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-143", "title": "Threat Brief: Widespread Impact of the Axios Supply Chain Attack", "link": "https://unit42.paloaltonetworks.com/axios-supply-chain-attack/", "published": "2026-04-01", "sev": "crit" } ], "first_seen": "2026-04-01" }, { "value": "aeaa389453f04a9e79ff6c8b7b66db7b65d4aaffc6cac0bd7957257a30468e33", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "bb470a803b6d7b12fb596d2e4a18ea9ca91f40fd34ded7f01a487eed9a1d814d", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-140", "title": "Understanding Current Threats to Kubernetes Environments", "link": "https://unit42.paloaltonetworks.com/modern-kubernetes-threats/", "published": "2026-04-06", "sev": "crit" } ], "first_seen": "2026-04-06" }, { "value": "bd04715c5c43c862c38a4ad6c2167ad082a352881e04a35117af9bbfad8e5613", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "bef7e2c5a92c4fa4af17791efc1e46311c0f304796f1172fce192f5efc40f5d7", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "c11a210cb98095422d0d33cbd4e9ecc86b95024f956ede812e17c97e79591cfa", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "c321933e4e5970ba7299fe21778dab9398994c22ca0ba0422c6cbc3fbb95ea26", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-113", "title": "A Deep Dive Into Attempted Exploitation of CVE-2023-33538", "link": "https://unit42.paloaltonetworks.com/exploitation-of-cve-2023-33538/", "published": "2026-04-16", "sev": "crit" } ], "first_seen": "2026-04-16" }, { "value": "c37c0ae9641d2e5329fcdee847a756bf1140fdb7f0b7c78a40fdc39055e7d926", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "cd08115806662469bbedec4b03f8427b97c8a4b3bc1442dc18b72b4e19395fe3", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "cdc05cd30eb53315dadb081a7b942bb876f0d252d20e8ed4d2f36be79ee691fa", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-143", "title": "Threat Brief: Widespread Impact of the Axios Supply Chain Attack", "link": "https://unit42.paloaltonetworks.com/axios-supply-chain-attack/", "published": "2026-04-01", "sev": "crit" } ], "first_seen": "2026-04-01" }, { "value": "D53FCC01038E20193FBD51B7400075CF7C9C4402B73DA7B0DB836B000EBD8B1C", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-254", "title": "LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan", "link": "https://www.welivesecurity.com/en/eset-research/longnosedgoblin-tries-sniff-out-governmental-affairs-southeast-asia-japan/", "published": "2025-12-18", "sev": "crit" } ], "first_seen": "2025-12-18" }, { "value": "d5edd791021b966fb6af0ace09319ace7b97d6642363ef27b3d5056ca654a94c", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "D8CAF4581C9F0000C7568D78FB7D2E595AB36134E2346297D78615942CBBD727", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "da2b170994031477091be89c8835ff9db1a5304f3f2f25344654f44d0430ced1", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-143", "title": "Threat Brief: Widespread Impact of the Axios Supply Chain Attack", "link": "https://unit42.paloaltonetworks.com/axios-supply-chain-attack/", "published": "2026-04-01", "sev": "crit" } ], "first_seen": "2026-04-01" }, { "value": "e49c2732fb9861548208a78e72996b9c3c470b6b562576924bcc3a9fb75bf9ff", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-143", "title": "Threat Brief: Widespread Impact of the Axios Supply Chain Attack", "link": "https://unit42.paloaltonetworks.com/axios-supply-chain-attack/", "published": "2026-04-01", "sev": "crit" } ], "first_seen": "2026-04-01" }, { "value": "e4edd126e139493d2721d50c3a8c49d3a23ad7766d0b90bc45979ba675f35fea", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "e60ab99da105ee27ee09ea64ed8eb46d8edc92ee37f039dbc3e2bb9f587a33ba", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-01", "title": "Great responsibility, without great power", "link": "https://blog.talosintelligence.com/great-responsibility-without-great-power/", "published": "2026-04-30", "sev": "crit" } ], "first_seen": "2026-04-30" }, { "value": "e6310d8a003d7ac101a6b1cd39ff6c6a88ee454b767c1bdce143e04bc1113243", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "e64e152afe2c722d750f10259626f357cdea40420c5eedae37969fbf13abbecf", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "e775049d1ecf68dee870f1a5c36b2f3542d1182782eb497b8ccfd2309c400b3a", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-68", "title": "fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet", "link": "https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/", "published": "2026-04-23", "sev": "crit" } ], "first_seen": "2026-04-23" }, { "value": "e87a55d3ba1c47e84207678b88cacb631a32d0cb3798610e7ef2d15307303c49", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "e9b1e069efc778c1e77fb3f5fcc3bd3580bbc810604cbf4347897ddb4b8c163b", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "ecce7ae5ffc9f57bb70efd3ea136a2923f701334a8cd47d4fbf01a97fd22859c", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "f35475829991b303c5efc2ee0f343dd38f8614e8b5e69db683923135f85cf60d", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-54", "title": "The npm Threat Landscape: Attack Surface and Mitigations", "link": "https://unit42.paloaltonetworks.com/monitoring-npm-supply-chain-attacks/", "published": "2026-04-24", "sev": "crit" } ], "first_seen": "2026-04-24" }, { "value": "f398f06eefcd3558c38820a397e3193856e4e6e7c67f81ecc8e533275284b152", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "f7084b0229dce605ccc5506b14acd4d954a496da4b6134a294844ca8d601970d", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-146", "title": "Weaponizing the Protectors: TeamPCP\u2019s Multi-Stage Supply Chain Attack on Security Infrastructure", "link": "https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/", "published": "2026-03-31", "sev": "crit" } ], "first_seen": "2026-03-31" }, { "value": "f7d335205b8d7b20208fb3ef93ee6dc817905dc3ae0c10a0b164f4e7d07121cd", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-143", "title": "Threat Brief: Widespread Impact of the Axios Supply Chain Attack", "link": "https://unit42.paloaltonetworks.com/axios-supply-chain-attack/", "published": "2026-04-01", "sev": "crit" } ], "first_seen": "2026-04-01" }, { "value": "fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf", "type": "sha256", "confidence": "high", "extraction": "regex", "severity": "crit", "sources": [ "Unit 42 (Palo Alto)" ], "articles": [ { "id": "art-143", "title": "Threat Brief: Widespread Impact of the Axios Supply Chain Attack", "link": "https://unit42.paloaltonetworks.com/axios-supply-chain-attack/", "published": "2026-04-01", "sev": "crit" } ], "first_seen": "2026-04-01" }, { "value": "CVE-2008-0015", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-200", "title": "CISA KEV: CVE-2008-0015 \u2014 Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-17", "sev": "high" } ], "first_seen": "2026-02-17" }, { "value": "CVE-2009-0238", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-124", "title": "CISA KEV: CVE-2009-0238 \u2014 Microsoft Office Remote Code Execution", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-14", "sev": "high" } ], "first_seen": "2026-04-14" }, { "value": "CVE-2009-0556", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-248", "title": "CISA KEV: CVE-2009-0556 \u2014 Microsoft Office PowerPoint Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-01-07", "sev": "high" } ], "first_seen": "2026-01-07" }, { "value": "CVE-2012-1854", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-127", "title": "CISA KEV: CVE-2012-1854 \u2014 Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-13", "sev": "high" } ], "first_seen": "2026-04-13" }, { "value": "CVE-2014-6271", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-31", "title": "AI-powered honeypots: Turning the tables on malicious AI agents", "link": "https://blog.talosintelligence.com/ai-powered-honeypots-turning-the-tables-on-malicious-ai-agents/", "published": "2026-04-29", "sev": "high" } ], "first_seen": "2026-04-29" }, { "value": "CVE-2017-7921", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-180", "title": "CISA KEV: CVE-2017-7921 \u2014 Hikvision Multiple Products Improper Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-05", "sev": "high" } ], "first_seen": "2026-03-05" }, { "value": "CVE-2018-14634", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-226", "title": "CISA KEV: CVE-2018-14634 \u2014 Linux Kernel Integer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-01-26", "sev": "high" } ], "first_seen": "2026-01-26" }, { "value": "CVE-2018-4063", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-263", "title": "CISA KEV: CVE-2018-4063 \u2014 Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-12", "sev": "high" } ], "first_seen": "2025-12-12" }, { "value": "CVE-2019-19006", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-218", "title": "CISA KEV: CVE-2019-19006 \u2014 Sangoma FreePBX Improper Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-03", "sev": "high" } ], "first_seen": "2026-02-03" }, { "value": "CVE-2020-7796", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-198", "title": "CISA KEV: CVE-2020-7796 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-17", "sev": "high" } ], "first_seen": "2026-02-17" }, { "value": "CVE-2020-9715", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-131", "title": "CISA KEV: CVE-2020-9715 \u2014 Adobe Acrobat Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-13", "sev": "high" } ], "first_seen": "2026-04-13" }, { "value": "CVE-2021-22054", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-176", "title": "CISA KEV: CVE-2021-22054 \u2014 Omnissa Workspace ONE Server-Side Request Forgery", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-09", "sev": "high" } ], "first_seen": "2026-03-09" }, { "value": "CVE-2021-22175", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-217", "title": "CISA KEV: CVE-2021-22175 \u2014 GitLab Server-Side Request Forgery (SSRF) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-03", "sev": "high" } ], "first_seen": "2026-02-03" }, { "value": "CVE-2021-22681", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-181", "title": "CISA KEV: CVE-2021-22681 \u2014 Rockwell Multiple Products Insufficient Protected Credentials Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-05", "sev": "high" } ], "first_seen": "2026-03-05" }, { "value": "CVE-2021-26828", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-276", "title": "CISA KEV: CVE-2021-26828 \u2014 OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-03", "sev": "high" } ], "first_seen": "2025-12-03" }, { "value": "CVE-2021-26829", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-282", "title": "CISA KEV: CVE-2021-26829 \u2014 OpenPLC ScadaBR Cross-site Scripting Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-28", "sev": "high" } ], "first_seen": "2025-11-28" }, { "value": "CVE-2021-30952", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-182", "title": "CISA KEV: CVE-2021-30952 \u2014 Apple Multiple Products Integer Overflow or Wraparound Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-05", "sev": "high" } ], "first_seen": "2026-03-05" }, { "value": "CVE-2021-39935", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-217", "title": "CISA KEV: CVE-2021-22175 \u2014 GitLab Server-Side Request Forgery (SSRF) Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-03", "sev": "high" } ], "first_seen": "2026-02-03" }, { "value": "CVE-2022-20775", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-187", "title": "CISA KEV: CVE-2022-20775 \u2014 Cisco SD-WAN Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-25", "sev": "high" } ], "first_seen": "2026-02-25" }, { "value": "CVE-2022-37055", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-272", "title": "CISA KEV: CVE-2022-37055 \u2014 D-Link Routers Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-08", "sev": "high" } ], "first_seen": "2025-12-08" }, { "value": "CVE-2023-21529", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-129", "title": "CISA KEV: CVE-2023-21529 \u2014 Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-13", "sev": "high" } ], "first_seen": "2026-04-13" }, { "value": "CVE-2023-27351", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-105", "title": "CISA KEV: CVE-2023-27351 \u2014 PaperCut NG/MF Improper Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-20", "sev": "high" } ], "first_seen": "2026-04-20" }, { "value": "CVE-2023-36424", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-130", "title": "CISA KEV: CVE-2023-36424 \u2014 Microsoft Windows Out-of-Bounds Read Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-13", "sev": "high" } ], "first_seen": "2026-04-13" }, { "value": "CVE-2023-43000", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-260", "title": "CISA KEV: CVE-2023-43000 \u2014 Apple Multiple products Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-15", "sev": "high" } ], "first_seen": "2025-12-15" }, { "value": "CVE-2023-52163", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-253", "title": "CISA KEV: CVE-2023-52163 \u2014 Digiever DS-2105 Pro Missing Authorization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-22", "sev": "high" } ], "first_seen": "2025-12-22" }, { "value": "CVE-2024-27199", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-108", "title": "CISA KEV: CVE-2024-27199 \u2014 JetBrains TeamCity Relative Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-20", "sev": "high" } ], "first_seen": "2026-04-20" }, { "value": "CVE-2024-37079", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-231", "title": "CISA KEV: CVE-2024-37079 \u2014 Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-01-23", "sev": "high" } ], "first_seen": "2026-01-23" }, { "value": "CVE-2024-43468", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-205", "title": "CISA KEV: CVE-2024-43468 \u2014 Microsoft Configuration Manager SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-12", "sev": "high" } ], "first_seen": "2026-02-12" }, { "value": "CVE-2024-7694", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-199", "title": "CISA KEV: CVE-2024-7694 \u2014 TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-17", "sev": "high" } ], "first_seen": "2026-02-17" }, { "value": "CVE-2025-11371", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-305", "title": "CISA KEV: CVE-2025-11371 \u2014 Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-04", "sev": "high" } ], "first_seen": "2025-11-04" }, { "value": "CVE-2025-11953", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-213", "title": "CISA KEV: CVE-2025-11953 \u2014 React Native Community CLI OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-05", "sev": "high" } ], "first_seen": "2026-02-05" }, { "value": "CVE-2025-13223", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-289", "title": "CISA KEV: CVE-2025-13223 \u2014 Google Chromium V8 Type Confusion Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-19", "sev": "high" } ], "first_seen": "2025-11-19" }, { "value": "CVE-2025-14174", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-264", "title": "CISA KEV: CVE-2025-14174 \u2014 Google Chromium Out of Bounds Memory Access Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-12", "sev": "high" } ], "first_seen": "2025-12-12" }, { "value": "CVE-2025-14611", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-261", "title": "CISA KEV: CVE-2025-14611 \u2014 Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-15", "sev": "high" } ], "first_seen": "2025-12-15" }, { "value": "CVE-2025-14733", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-295", "title": "CISA KEV: CVE-2025-14733 \u2014 WatchGuard Firebox Out of Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-12", "sev": "high" } ], "first_seen": "2025-11-12" }, { "value": "CVE-2025-26399", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-216", "title": "CISA KEV: CVE-2025-26399 \u2014 SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-03", "sev": "high" } ], "first_seen": "2026-02-03" }, { "value": "CVE-2025-2749", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-246", "title": "CISA KEV: CVE-2025-2749 \u2014 Kentico Xperience Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-01-12", "sev": "high" } ], "first_seen": "2026-01-12" }, { "value": "CVE-2025-31125", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-294", "title": "CISA KEV: CVE-2025-31125 \u2014 Vite Vitejs Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-12", "sev": "high" } ], "first_seen": "2025-11-12" }, { "value": "CVE-2025-31277", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-161", "title": "CISA KEV: CVE-2025-43510 \u2014 Apple Multiple Products Improper Locking Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-20", "sev": "high" } ], "first_seen": "2026-03-20" }, { "value": "CVE-2025-32432", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-159", "title": "CISA KEV: CVE-2025-32432 \u2014 Craft CMS Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-20", "sev": "high" } ], "first_seen": "2026-03-20" }, { "value": "CVE-2025-32975", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-107", "title": "CISA KEV: CVE-2025-32975 \u2014 Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-20", "sev": "high" } ], "first_seen": "2026-04-20" }, { "value": "CVE-2025-34026", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-234", "title": "CISA KEV: CVE-2025-34026 \u2014 Versa Concerto Improper Authentication Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-01-22", "sev": "high" } ], "first_seen": "2026-01-22" }, { "value": "CVE-2025-37164", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-249", "title": "CISA KEV: CVE-2025-37164 \u2014 Hewlett Packard Enterprise (HPE) OneView Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-01-07", "sev": "high" } ], "first_seen": "2026-01-07" }, { "value": "CVE-2025-40536", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-206", "title": "CISA KEV: CVE-2025-40536 \u2014 SolarWinds Web Help Desk Security Control Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-12", "sev": "high" } ], "first_seen": "2026-02-12" }, { "value": "CVE-2025-40551", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-216", "title": "CISA KEV: CVE-2025-26399 \u2014 SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-03", "sev": "high" } ], "first_seen": "2026-02-03" }, { "value": "CVE-2025-40602", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-256", "title": "CISA KEV: CVE-2025-40602 \u2014 SonicWall SMA1000 Missing Authorization Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-17", "sev": "high" } ], "first_seen": "2025-12-17" }, { "value": "CVE-2025-43510", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-161", "title": "CISA KEV: CVE-2025-43510 \u2014 Apple Multiple Products Improper Locking Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-20", "sev": "high" } ], "first_seen": "2026-03-20" }, { "value": "CVE-2025-43520", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-204", "title": "CISA KEV: CVE-2025-43520 \u2014 Apple Multiple Products Classic Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-12", "sev": "high" } ], "first_seen": "2026-02-12" }, { "value": "CVE-2025-43529", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-260", "title": "CISA KEV: CVE-2023-43000 \u2014 Apple Multiple products Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-15", "sev": "high" } ], "first_seen": "2025-12-15" }, { "value": "CVE-2025-47813", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-168", "title": "CISA KEV: CVE-2025-47813 \u2014 Wing FTP Server Information Disclosure Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-16", "sev": "high" } ], "first_seen": "2026-03-16" }, { "value": "CVE-2025-48572", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-279", "title": "CISA KEV: CVE-2025-48572 \u2014 Android Framework Privilege Escalation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-02", "sev": "high" } ], "first_seen": "2025-12-02" }, { "value": "CVE-2025-48633", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-278", "title": "CISA KEV: CVE-2025-48633 \u2014 Android Framework Information Disclosure Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-02", "sev": "high" } ], "first_seen": "2025-12-02" }, { "value": "CVE-2025-48700", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-165", "title": "CISA KEV: CVE-2025-48700 \u2014 Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-18", "sev": "high" } ], "first_seen": "2026-03-18" }, { "value": "CVE-2025-48703", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-304", "title": "CISA KEV: CVE-2025-48703 \u2014 CWP Control Web Panel OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-04", "sev": "high" } ], "first_seen": "2025-11-04" }, { "value": "CVE-2025-49113", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-191", "title": "CISA KEV: CVE-2025-49113 \u2014 RoundCube Webmail Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-20", "sev": "high" } ], "first_seen": "2026-02-20" }, { "value": "CVE-2025-50165", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-252", "title": "Revisiting CVE-2025-50165: A critical flaw in Windows Imaging Component", "link": "https://www.welivesecurity.com/en/eset-research/revisiting-cve-2025-50165-critical-flaw-windows-imaging-component/", "published": "2025-12-22", "sev": "high" } ], "first_seen": "2025-12-22" }, { "value": "CVE-2025-52691", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-227", "title": "CISA KEV: CVE-2025-52691 \u2014 SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-01-26", "sev": "high" } ], "first_seen": "2026-01-26" }, { "value": "CVE-2025-53521", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-151", "title": "CISA KEV: CVE-2025-53521 \u2014 F5 BIG-IP Stack-Based Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-27", "sev": "high" } ], "first_seen": "2026-03-27" }, { "value": "CVE-2025-54068", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-160", "title": "CISA KEV: CVE-2025-54068 \u2014 Laravel Livewire Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-20", "sev": "high" } ], "first_seen": "2026-03-20" }, { "value": "CVE-2025-54313", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-235", "title": "CISA KEV: CVE-2025-54313 \u2014 Prettier eslint-config-prettier Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-01-22", "sev": "high" } ], "first_seen": "2026-01-22" }, { "value": "CVE-2025-58360", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-267", "title": "CISA KEV: CVE-2025-58360 \u2014 OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-11", "sev": "high" } ], "first_seen": "2025-12-11" }, { "value": "CVE-2025-59374", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-255", "title": "CISA KEV: CVE-2025-59374 \u2014 ASUS Live Update Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-17", "sev": "high" } ], "first_seen": "2025-12-17" }, { "value": "CVE-2025-59718", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-259", "title": "CISA KEV: CVE-2025-59718 \u2014 Fortinet Multiple Products Improper Verification of Cryptographic Signature Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-16", "sev": "high" } ], "first_seen": "2025-12-16" }, { "value": "CVE-2025-59719", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-259", "title": "CISA KEV: CVE-2025-59718 \u2014 Fortinet Multiple Products Improper Verification of Cryptographic Signature Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-16", "sev": "high" } ], "first_seen": "2025-12-16" }, { "value": "CVE-2025-60710", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-128", "title": "CISA KEV: CVE-2025-60710 \u2014 Microsoft Windows Link Following Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-13", "sev": "high" } ], "first_seen": "2026-04-13" }, { "value": "CVE-2025-61757", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-286", "title": "CISA KEV: CVE-2025-61757 \u2014 Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-21", "sev": "high" } ], "first_seen": "2025-11-21" }, { "value": "CVE-2025-6218", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-270", "title": "CISA KEV: CVE-2025-6218 \u2014 RARLAB WinRAR Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-09", "sev": "high" } ], "first_seen": "2025-12-09" }, { "value": "CVE-2025-62215", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-296", "title": "CISA KEV: CVE-2025-62215 \u2014 Microsoft Windows Race Condition Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-12", "sev": "high" } ], "first_seen": "2025-11-12" }, { "value": "CVE-2025-62221", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-271", "title": "CISA KEV: CVE-2025-62221 \u2014 Microsoft Windows Use After Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-09", "sev": "high" } ], "first_seen": "2025-12-09" }, { "value": "CVE-2025-64328", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-290", "title": "CISA KEV: CVE-2025-64328 \u2014 Sangoma FreePBX OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-18", "sev": "high" } ], "first_seen": "2025-11-18" }, { "value": "CVE-2025-64446", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-292", "title": "CISA KEV: CVE-2025-64446 \u2014 Fortinet FortiWeb Path Traversal Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-11-14", "sev": "high" } ], "first_seen": "2025-11-14" }, { "value": "CVE-2025-66644", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-273", "title": "CISA KEV: CVE-2025-66644 \u2014 Array Networks ArrayOS AG OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2025-12-08", "sev": "high" } ], "first_seen": "2025-12-08" }, { "value": "CVE-2025-68461", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-192", "title": "CISA KEV: CVE-2025-68461 \u2014 RoundCube Webmail Cross-site Scripting Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-20", "sev": "high" } ], "first_seen": "2026-02-20" }, { "value": "CVE-2025-68613", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-173", "title": "CISA KEV: CVE-2025-68613 \u2014 n8n Improper Control of Dynamically-Managed Code Resources Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-11", "sev": "high" } ], "first_seen": "2026-03-11" }, { "value": "CVE-2025-68645", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-233", "title": "CISA KEV: CVE-2025-68645 \u2014 Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-01-22", "sev": "high" } ], "first_seen": "2026-01-22" }, { "value": "CVE-2026-0390", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-123", "title": "Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-april-2026/", "published": "2026-04-14", "sev": "high" } ], "first_seen": "2026-04-14" }, { "value": "CVE-2026-1603", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-177", "title": "CISA KEV: CVE-2026-1603 \u2014 Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-09", "sev": "high" } ], "first_seen": "2026-03-09" }, { "value": "CVE-2026-20045", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-237", "title": "CISA KEV: CVE-2026-20045 \u2014 Cisco Unified Communications Products Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-01-21", "sev": "high" } ], "first_seen": "2026-01-21" }, { "value": "CVE-2026-20122", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-103", "title": "CISA KEV: CVE-2026-20122 \u2014 Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-20", "sev": "high" } ], "first_seen": "2026-04-20" }, { "value": "CVE-2026-20127", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-188", "title": "CISA KEV: CVE-2026-20127 \u2014 Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-25", "sev": "high" } ], "first_seen": "2026-02-25" }, { "value": "CVE-2026-20128", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-106", "title": "CISA KEV: CVE-2026-20128 \u2014 Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-20", "sev": "high" } ], "first_seen": "2026-04-20" }, { "value": "CVE-2026-20131", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-164", "title": "CISA KEV: CVE-2026-20131 \u2014 Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-19", "sev": "high" } ], "first_seen": "2026-03-19" }, { "value": "CVE-2026-20133", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-104", "title": "CISA KEV: CVE-2026-20133 \u2014 Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-20", "sev": "high" } ], "first_seen": "2026-04-20" }, { "value": "CVE-2026-20700", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-204", "title": "CISA KEV: CVE-2025-43520 \u2014 Apple Multiple Products Classic Buffer Overflow Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-12", "sev": "high" } ], "first_seen": "2026-02-12" }, { "value": "CVE-2026-20805", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-245", "title": "CISA KEV: CVE-2026-20805 \u2014 Microsoft Windows Information Disclosure Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-01-13", "sev": "high" } ], "first_seen": "2026-01-13" }, { "value": "CVE-2026-20963", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-166", "title": "CISA KEV: CVE-2026-20963 \u2014 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-18", "sev": "high" } ], "first_seen": "2026-03-18" }, { "value": "CVE-2026-21385", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-185", "title": "CISA KEV: CVE-2026-21385 \u2014 Qualcomm Multiple Chipsets Memory Corruption Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-03", "sev": "high" } ], "first_seen": "2026-03-03" }, { "value": "CVE-2026-21514", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-212", "title": "CISA KEV: CVE-2026-21514 \u2014 Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-10", "sev": "high" } ], "first_seen": "2026-02-10" }, { "value": "CVE-2026-21519", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-211", "title": "CISA KEV: CVE-2026-21519 \u2014 Microsoft Windows Type Confusion Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-10", "sev": "high" } ], "first_seen": "2026-02-10" }, { "value": "CVE-2026-21525", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-209", "title": "CISA KEV: CVE-2026-21525 \u2014 Microsoft Windows NULL Pointer Dereference Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-10", "sev": "high" } ], "first_seen": "2026-02-10" }, { "value": "CVE-2026-21533", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-210", "title": "CISA KEV: CVE-2026-21533 \u2014 Microsoft Windows Improper Privilege Management Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-10", "sev": "high" } ], "first_seen": "2026-02-10" }, { "value": "CVE-2026-21643", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-132", "title": "CISA KEV: CVE-2026-21643 \u2014 Fortinet FortiClient EMS SQL Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-13", "sev": "high" } ], "first_seen": "2026-04-13" }, { "value": "CVE-2026-22719", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-184", "title": "CISA KEV: CVE-2026-22719 \u2014 Broadcom VMware Aria Operations Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-03", "sev": "high" } ], "first_seen": "2026-03-03" }, { "value": "CVE-2026-22769", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-195", "title": "CISA KEV: CVE-2026-22769 \u2014 Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-18", "sev": "high" } ], "first_seen": "2026-02-18" }, { "value": "CVE-2026-23666", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-123", "title": "Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-april-2026/", "published": "2026-04-14", "sev": "high" } ], "first_seen": "2026-04-14" }, { "value": "CVE-2026-23760", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-225", "title": "CISA KEV: CVE-2026-24858 \u2014 Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-01-26", "sev": "high" } ], "first_seen": "2026-01-26" }, { "value": "CVE-2026-24061", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-228", "title": "CISA KEV: CVE-2026-24061 \u2014 GNU InetUtils Argument Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-01-26", "sev": "high" } ], "first_seen": "2026-01-26" }, { "value": "CVE-2026-24423", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-214", "title": "CISA KEV: CVE-2026-24423 \u2014 SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-05", "sev": "high" } ], "first_seen": "2026-02-05" }, { "value": "CVE-2026-24858", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-225", "title": "CISA KEV: CVE-2026-24858 \u2014 Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-01-26", "sev": "high" } ], "first_seen": "2026-01-26" }, { "value": "CVE-2026-25108", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-189", "title": "CISA KEV: CVE-2026-25108 \u2014 Soliton Systems K.K FileZen OS Command Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-24", "sev": "high" } ], "first_seen": "2026-02-24" }, { "value": "CVE-2026-26151", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-123", "title": "Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-april-2026/", "published": "2026-04-14", "sev": "high" } ], "first_seen": "2026-04-14" }, { "value": "CVE-2026-26169", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-123", "title": "Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-april-2026/", "published": "2026-04-14", "sev": "high" } ], "first_seen": "2026-04-14" }, { "value": "CVE-2026-26173", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-123", "title": "Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-april-2026/", "published": "2026-04-14", "sev": "high" } ], "first_seen": "2026-04-14" }, { "value": "CVE-2026-26177", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-123", "title": "Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-april-2026/", "published": "2026-04-14", "sev": "high" } ], "first_seen": "2026-04-14" }, { "value": "CVE-2026-26182", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-123", "title": "Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-april-2026/", "published": "2026-04-14", "sev": "high" } ], "first_seen": "2026-04-14" }, { "value": "CVE-2026-27906", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-123", "title": "Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-april-2026/", "published": "2026-04-14", "sev": "high" } ], "first_seen": "2026-04-14" }, { "value": "CVE-2026-27908", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-123", "title": "Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-april-2026/", "published": "2026-04-14", "sev": "high" } ], "first_seen": "2026-04-14" }, { "value": "CVE-2026-27909", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-123", "title": "Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-april-2026/", "published": "2026-04-14", "sev": "high" } ], "first_seen": "2026-04-14" }, { "value": "CVE-2026-27913", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-123", "title": "Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-april-2026/", "published": "2026-04-14", "sev": "high" } ], "first_seen": "2026-04-14" }, { "value": "CVE-2026-27914", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-123", "title": "Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-april-2026/", "published": "2026-04-14", "sev": "high" } ], "first_seen": "2026-04-14" }, { "value": "CVE-2026-27921", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-123", "title": "Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-april-2026/", "published": "2026-04-14", "sev": "high" } ], "first_seen": "2026-04-14" }, { "value": "CVE-2026-27922", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-123", "title": "Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-april-2026/", "published": "2026-04-14", "sev": "high" } ], "first_seen": "2026-04-14" }, { "value": "CVE-2026-3055", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-148", "title": "CISA KEV: CVE-2026-3055 \u2014 Citrix NetScaler Out-of-Bounds Read Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-30", "sev": "high" } ], "first_seen": "2026-03-30" }, { "value": "CVE-2026-32070", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-123", "title": "Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-april-2026/", "published": "2026-04-14", "sev": "high" } ], "first_seen": "2026-04-14" }, { "value": "CVE-2026-32075", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-123", "title": "Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-april-2026/", "published": "2026-04-14", "sev": "high" } ], "first_seen": "2026-04-14" }, { "value": "CVE-2026-32093", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-123", "title": "Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-april-2026/", "published": "2026-04-14", "sev": "high" } ], "first_seen": "2026-04-14" }, { "value": "CVE-2026-32152", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-123", "title": "Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-april-2026/", "published": "2026-04-14", "sev": "high" } ], "first_seen": "2026-04-14" }, { "value": "CVE-2026-32154", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-123", "title": "Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-april-2026/", "published": "2026-04-14", "sev": "high" } ], "first_seen": "2026-04-14" }, { "value": "CVE-2026-32155", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-123", "title": "Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-april-2026/", "published": "2026-04-14", "sev": "high" } ], "first_seen": "2026-04-14" }, { "value": "CVE-2026-32157", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-123", "title": "Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-april-2026/", "published": "2026-04-14", "sev": "high" } ], "first_seen": "2026-04-14" }, { "value": "CVE-2026-32162", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-123", "title": "Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-april-2026/", "published": "2026-04-14", "sev": "high" } ], "first_seen": "2026-04-14" }, { "value": "CVE-2026-32190", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-123", "title": "Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-april-2026/", "published": "2026-04-14", "sev": "high" } ], "first_seen": "2026-04-14" }, { "value": "CVE-2026-32201", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos", "CISA KEV" ], "articles": [ { "id": "art-123", "title": "Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-april-2026/", "published": "2026-04-14", "sev": "high" }, { "id": "art-125", "title": "CISA KEV: CVE-2026-32201 \u2014 Microsoft SharePoint Server Improper Input Validation Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-14", "sev": "high" } ], "first_seen": "2026-04-14" }, { "value": "CVE-2026-32225", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-123", "title": "Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-april-2026/", "published": "2026-04-14", "sev": "high" } ], "first_seen": "2026-04-14" }, { "value": "CVE-2026-33017", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-156", "title": "CISA KEV: CVE-2026-33017 \u2014 Langflow Code Injection Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-25", "sev": "high" } ], "first_seen": "2026-03-25" }, { "value": "CVE-2026-33114", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-123", "title": "Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-april-2026/", "published": "2026-04-14", "sev": "high" } ], "first_seen": "2026-04-14" }, { "value": "CVE-2026-33115", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-123", "title": "Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-april-2026/", "published": "2026-04-14", "sev": "high" } ], "first_seen": "2026-04-14" }, { "value": "CVE-2026-33634", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-154", "title": "CISA KEV: CVE-2026-33634 \u2014 Aquasecurity Trivy Embedded Malicious Code Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-26", "sev": "high" } ], "first_seen": "2026-03-26" }, { "value": "CVE-2026-33825", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV", "Cisco Talos" ], "articles": [ { "id": "art-93", "title": "CISA KEV: CVE-2026-33825 \u2014 Microsoft Defender Insufficient Granularity of Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-22", "sev": "high" }, { "id": "art-123", "title": "Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-april-2026/", "published": "2026-04-14", "sev": "high" } ], "first_seen": "2026-04-22" }, { "value": "CVE-2026-33826", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-123", "title": "Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-april-2026/", "published": "2026-04-14", "sev": "high" } ], "first_seen": "2026-04-14" }, { "value": "CVE-2026-33827", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-123", "title": "Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities", "link": "https://blog.talosintelligence.com/microsoft-patch-tuesday-april-2026/", "published": "2026-04-14", "sev": "high" } ], "first_seen": "2026-04-14" }, { "value": "CVE-2026-34621", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-133", "title": "CISA KEV: CVE-2026-34621 \u2014 Adobe Acrobat and Reader Prototype Pollution Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-13", "sev": "high" } ], "first_seen": "2026-04-13" }, { "value": "CVE-2026-3502", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-203", "title": "CISA KEV: CVE-2026-3502 \u2014 TrueConf Client Download of Code Without Integrity Check Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-12", "sev": "high" } ], "first_seen": "2026-02-12" }, { "value": "CVE-2026-35616", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-141", "title": "CISA KEV: CVE-2026-35616 \u2014 Fortinet FortiClient EMS Improper Access Control Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-06", "sev": "high" } ], "first_seen": "2026-04-06" }, { "value": "CVE-2026-3909", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-171", "title": "CISA KEV: CVE-2026-3909 \u2014 Google Skia Out-of-Bounds Write Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-13", "sev": "high" } ], "first_seen": "2026-03-13" }, { "value": "CVE-2026-3910", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-170", "title": "CISA KEV: CVE-2026-3910 \u2014 Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-03-13", "sev": "high" } ], "first_seen": "2026-03-13" }, { "value": "CVE-2026-39987", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-82", "title": "CISA KEV: CVE-2026-39987 \u2014 Marimo Remote Code Execution Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-04-23", "sev": "high" } ], "first_seen": "2026-04-23" }, { "value": "CVE-2026-5281", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "CISA KEV" ], "articles": [ { "id": "art-197", "title": "CISA KEV: CVE-2026-5281 \u2014 Google Dawn Use-After-Free Vulnerability", "link": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "published": "2026-02-17", "sev": "high" } ], "first_seen": "2026-02-17" }, { "value": "chiaselinks.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-135", "title": "The long road to your crypto: ClipBanker and its marathon infection chain", "link": "https://securelist.com/clipbanker-malware-distributed-via-trojanized-proxifier/119341/", "published": "2026-04-09", "sev": "high" } ], "first_seen": "2026-04-09" }, { "value": "crystalxrat.top", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-145", "title": "A laughing RAT: CrystalX combines spyware, stealer, and prankware features", "link": "https://securelist.com/crystalx-rat-with-prankware-features/119283/", "published": "2026-04-01", "sev": "high" } ], "first_seen": "2026-04-01" }, { "value": "git.parat.swiss", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-135", "title": "The long road to your crypto: ClipBanker and its marathon infection chain", "link": "https://securelist.com/clipbanker-malware-distributed-via-trojanized-proxifier/119341/", "published": "2026-04-09", "sev": "high" } ], "first_seen": "2026-04-09" }, { "value": "gofile.io", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-150", "title": "A cunning predator: How Silver Fox preys on Japanese firms this tax season", "link": "https://www.welivesecurity.com/en/business-security/cunning-predator-how-silver-fox-preys-japanese-firms-tax-season/", "published": "2026-03-27", "sev": "high" } ], "first_seen": "2026-03-27" }, { "value": "maper.info", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-135", "title": "The long road to your crypto: ClipBanker and its marathon infection chain", "link": "https://securelist.com/clipbanker-malware-distributed-via-trojanized-proxifier/119341/", "published": "2026-04-09", "sev": "high" } ], "first_seen": "2026-04-09" }, { "value": "paste.kealper.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-135", "title": "The long road to your crypto: ClipBanker and its marathon infection chain", "link": "https://securelist.com/clipbanker-malware-distributed-via-trojanized-proxifier/119341/", "published": "2026-04-09", "sev": "high" } ], "first_seen": "2026-04-09" }, { "value": "pinhole.rootcode.ru", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-135", "title": "The long road to your crypto: ClipBanker and its marathon infection chain", "link": "https://securelist.com/clipbanker-malware-distributed-via-trojanized-proxifier/119341/", "published": "2026-04-09", "sev": "high" } ], "first_seen": "2026-04-09" }, { "value": "rlim.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-135", "title": "The long road to your crypto: ClipBanker and its marathon infection chain", "link": "https://securelist.com/clipbanker-malware-distributed-via-trojanized-proxifier/119341/", "published": "2026-04-09", "sev": "high" } ], "first_seen": "2026-04-09" }, { "value": "w.anadnet.com", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "BleepingComputer" ], "articles": [ { "id": "art-20", "title": "Popular WordPress redirect plugin hid dormant backdoor for years", "link": "https://www.bleepingcomputer.com/news/security/popular-wordpress-redirect-plugin-hid-dormant-backdoor-for-years/", "published": "2026-04-29", "sev": "high" } ], "first_seen": "2026-04-29" }, { "value": "webcrystal.lol", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-145", "title": "A laughing RAT: CrystalX combines spyware, stealer, and prankware features", "link": "https://securelist.com/crystalx-rat-with-prankware-features/119283/", "published": "2026-04-01", "sev": "high" } ], "first_seen": "2026-04-01" }, { "value": "webcrystal.sbs", "type": "domain", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-145", "title": "A laughing RAT: CrystalX combines spyware, stealer, and prankware features", "link": "https://securelist.com/crystalx-rat-with-prankware-features/119283/", "published": "2026-04-01", "sev": "high" } ], "first_seen": "2026-04-01" }, { "value": "1.3.6.1", "type": "ipv4", "confidence": "high", "extraction": "defanged", "severity": "high", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-97", "title": "Bad Apples: Weaponizing native macOS primitives for movement and execution", "link": "https://blog.talosintelligence.com/bad-apples-weaponizing-native-macos-primitives-for-movement-and-execution/", "published": "2026-04-21", "sev": "high" } ], "first_seen": "2026-04-21" }, { "value": "05BACBE163EF0393C2416CBD05E45E74", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-152", "title": "An AI gateway designed to steal your data", "link": "https://securelist.com/litellm-supply-chain-attack/119257/", "published": "2026-03-26", "sev": "high" } ], "first_seen": "2026-03-26" }, { "value": "0FCCC8E3A03896F45726203074AE225D", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-152", "title": "An AI gateway designed to steal your data", "link": "https://securelist.com/litellm-supply-chain-attack/119257/", "published": "2026-03-26", "sev": "high" } ], "first_seen": "2026-03-26" }, { "value": "107484d66423cb601f418344cd648f12", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-135", "title": "The long road to your crypto: ClipBanker and its marathon infection chain", "link": "https://securelist.com/clipbanker-malware-distributed-via-trojanized-proxifier/119341/", "published": "2026-04-09", "sev": "high" } ], "first_seen": "2026-04-09" }, { "value": "1A68AE614FB2D8875CB0573E6A721B46", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-145", "title": "A laughing RAT: CrystalX combines spyware, stealer, and prankware features", "link": "https://securelist.com/crystalx-rat-with-prankware-features/119283/", "published": "2026-04-01", "sev": "high" } ], "first_seen": "2026-04-01" }, { "value": "2DBE6DE177241C144D06355C381B868C", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-145", "title": "A laughing RAT: CrystalX combines spyware, stealer, and prankware features", "link": "https://securelist.com/crystalx-rat-with-prankware-features/119283/", "published": "2026-04-01", "sev": "high" } ], "first_seen": "2026-04-01" }, { "value": "2E3A4412A7A487B32C5715167C755D08", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-152", "title": "An AI gateway designed to steal your data", "link": "https://securelist.com/litellm-supply-chain-attack/119257/", "published": "2026-03-26", "sev": "high" } ], "first_seen": "2026-03-26" }, { "value": "34a0f70ab100c47caaba7a5c85448e3d", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-135", "title": "The long road to your crypto: ClipBanker and its marathon infection chain", "link": "https://securelist.com/clipbanker-malware-distributed-via-trojanized-proxifier/119341/", "published": "2026-04-09", "sev": "high" } ], "first_seen": "2026-04-09" }, { "value": "47ACCB0ECFE8CCD466752DDE1864F3B0", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-145", "title": "A laughing RAT: CrystalX combines spyware, stealer, and prankware features", "link": "https://securelist.com/crystalx-rat-with-prankware-features/119283/", "published": "2026-04-01", "sev": "high" } ], "first_seen": "2026-04-01" }, { "value": "49C74B302BFA32E45B7C1C5780DD0976", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-145", "title": "A laughing RAT: CrystalX combines spyware, stealer, and prankware features", "link": "https://securelist.com/crystalx-rat-with-prankware-features/119283/", "published": "2026-04-01", "sev": "high" } ], "first_seen": "2026-04-01" }, { "value": "7528bf597fd7764fcb7ec06512e073e0", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-135", "title": "The long road to your crypto: ClipBanker and its marathon infection chain", "link": "https://securelist.com/clipbanker-malware-distributed-via-trojanized-proxifier/119341/", "published": "2026-04-09", "sev": "high" } ], "first_seen": "2026-04-09" }, { "value": "8354223cd6198b05904337b5dff7772b", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-135", "title": "The long road to your crypto: ClipBanker and its marathon infection chain", "link": "https://securelist.com/clipbanker-malware-distributed-via-trojanized-proxifier/119341/", "published": "2026-04-09", "sev": "high" } ], "first_seen": "2026-04-09" }, { "value": "85ED77A21B88CAE721F369FA6B7BBBA3", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-152", "title": "An AI gateway designed to steal your data", "link": "https://securelist.com/litellm-supply-chain-attack/119257/", "published": "2026-03-26", "sev": "high" } ], "first_seen": "2026-03-26" }, { "value": "88C60DF2A1414CBF24430A74AE9836E0", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-145", "title": "A laughing RAT: CrystalX combines spyware, stealer, and prankware features", "link": "https://securelist.com/crystalx-rat-with-prankware-features/119283/", "published": "2026-04-01", "sev": "high" } ], "first_seen": "2026-04-01" }, { "value": "CDE4951BEE7E28AC8A29D33D34A41AE5", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-152", "title": "An AI gateway designed to steal your data", "link": "https://securelist.com/litellm-supply-chain-attack/119257/", "published": "2026-03-26", "sev": "high" } ], "first_seen": "2026-03-26" }, { "value": "E540E9797E3B814BFE0A82155DFE135D", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-145", "title": "A laughing RAT: CrystalX combines spyware, stealer, and prankware features", "link": "https://securelist.com/crystalx-rat-with-prankware-features/119283/", "published": "2026-04-01", "sev": "high" } ], "first_seen": "2026-04-01" }, { "value": "F5560871F6002982A6A2CC0B3EE739F7", "type": "md5", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-152", "title": "An AI gateway designed to steal your data", "link": "https://securelist.com/litellm-supply-chain-attack/119257/", "published": "2026-03-26", "sev": "high" } ], "first_seen": "2026-03-26" }, { "value": "3F3767D05E5A91184005D98427074711F68D9950", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-252", "title": "Revisiting CVE-2025-50165: A critical flaw in Windows Imaging Component", "link": "https://www.welivesecurity.com/en/eset-research/revisiting-cve-2025-50165-critical-flaw-windows-imaging-component/", "published": "2025-12-22", "sev": "high" } ], "first_seen": "2025-12-22" }, { "value": "4EC1DC0431432BC318E78C520387911EC44F84FC", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-252", "title": "Revisiting CVE-2025-50165: A critical flaw in Windows Imaging Component", "link": "https://www.welivesecurity.com/en/eset-research/revisiting-cve-2025-50165-critical-flaw-windows-imaging-component/", "published": "2025-12-22", "sev": "high" } ], "first_seen": "2025-12-22" }, { "value": "4EC3C90846AF6B79EE1A5188EEFA3FD21F6D4CF6", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-230", "title": "ESET Research: Sandworm behind cyberattack on Poland\u2019s power grid in late 2025", "link": "https://www.welivesecurity.com/en/eset-research/eset-research-sandworm-cyberattack-poland-power-grid-late-2025/", "published": "2026-01-23", "sev": "high" } ], "first_seen": "2026-01-23" }, { "value": "5887D96565749067564BABCD3DC5D107AB6666BD", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "ESET WeLiveSecurity" ], "articles": [ { "id": "art-252", "title": "Revisiting CVE-2025-50165: A critical flaw in Windows Imaging Component", "link": "https://www.welivesecurity.com/en/eset-research/revisiting-cve-2025-50165-critical-flaw-windows-imaging-component/", "published": "2025-12-22", "sev": "high" } ], "first_seen": "2025-12-22" }, { "value": "60c8128c48aac890a6d01448d1829a6edcdce0d2", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-162", "title": "Building an Adversarial Consensus Engine | Multi-Agent LLMs for Automated Malware Analysis", "link": "https://www.sentinelone.com/labs/building-an-adversarial-consensus-engine-multi-agent-llms-for-automated-malware-analysis/", "published": "2026-03-19", "sev": "high" } ], "first_seen": "2026-03-19" }, { "value": "678aa572faa73f6873d24f24e423d315e7eb2c2d", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-162", "title": "Building an Adversarial Consensus Engine | Multi-Agent LLMs for Automated Malware Analysis", "link": "https://www.sentinelone.com/labs/building-an-adversarial-consensus-engine-multi-agent-llms-for-automated-malware-analysis/", "published": "2026-03-19", "sev": "high" } ], "first_seen": "2026-03-19" }, { "value": "d85cef60cdb9e8d0f3cb3546de6ab657f9498ac7", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "Securelist (Kaspersky)" ], "articles": [ { "id": "art-135", "title": "The long road to your crypto: ClipBanker and its marathon infection chain", "link": "https://securelist.com/clipbanker-malware-distributed-via-trojanized-proxifier/119341/", "published": "2026-04-09", "sev": "high" } ], "first_seen": "2026-04-09" }, { "value": "f5149543014e5b1bd7030711fd5c7d2a4bef0c2f", "type": "sha1", "confidence": "high", "extraction": "regex", "severity": "high", "sources": [ "SentinelLabs" ], "articles": [ { "id": "art-162", "title": "Building an Adversarial Consensus Engine | Multi-Agent LLMs for Automated Malware Analysis", "link": "https://www.sentinelone.com/labs/building-an-adversarial-consensus-engine-multi-agent-llms-for-automated-malware-analysis/", "published": "2026-03-19", "sev": "high" } ], "first_seen": "2026-03-19" }, { "value": "CVE-2026-20884", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "med", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-114", "title": "Foxit, LibRaw vulnerabilities", "link": "https://blog.talosintelligence.com/foxit-libraw-vulnerabilities/", "published": "2026-04-16", "sev": "med" } ], "first_seen": "2026-04-16" }, { "value": "CVE-2026-20889", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "med", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-114", "title": "Foxit, LibRaw vulnerabilities", "link": "https://blog.talosintelligence.com/foxit-libraw-vulnerabilities/", "published": "2026-04-16", "sev": "med" } ], "first_seen": "2026-04-16" }, { "value": "CVE-2026-20911", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "med", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-114", "title": "Foxit, LibRaw vulnerabilities", "link": "https://blog.talosintelligence.com/foxit-libraw-vulnerabilities/", "published": "2026-04-16", "sev": "med" } ], "first_seen": "2026-04-16" }, { "value": "CVE-2026-21413", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "med", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-114", "title": "Foxit, LibRaw vulnerabilities", "link": "https://blog.talosintelligence.com/foxit-libraw-vulnerabilities/", "published": "2026-04-16", "sev": "med" } ], "first_seen": "2026-04-16" }, { "value": "CVE-2026-24450", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "med", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-114", "title": "Foxit, LibRaw vulnerabilities", "link": "https://blog.talosintelligence.com/foxit-libraw-vulnerabilities/", "published": "2026-04-16", "sev": "med" } ], "first_seen": "2026-04-16" }, { "value": "CVE-2026-24660", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "med", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-114", "title": "Foxit, LibRaw vulnerabilities", "link": "https://blog.talosintelligence.com/foxit-libraw-vulnerabilities/", "published": "2026-04-16", "sev": "med" } ], "first_seen": "2026-04-16" }, { "value": "CVE-2026-3779", "type": "cve", "confidence": "high", "extraction": "regex", "severity": "med", "sources": [ "Cisco Talos" ], "articles": [ { "id": "art-114", "title": "Foxit, LibRaw vulnerabilities", "link": "https://blog.talosintelligence.com/foxit-libraw-vulnerabilities/", "published": "2026-04-16", "sev": "med" } ], "first_seen": "2026-04-16" } ] }