Advertisement · 728 × 90

Posts by The Shadowserver Foundation

#CyberCivilDefense

14 hours ago 1 0 0 0
Known Exploited Vulnerabilities Catalog | CISA For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative so...

CISA KEV entry: www.cisa.gov/known-exploi...

NVD CVE entry: nvd.nist.gov/vuln/detail/...

14 hours ago 1 0 1 0
MEDIUM: Accessible ActiveMQ Service Report | The Shadowserver Foundation DESCRIPTION LAST UPDATED: 2026-04-20 DEFAULT SECURITY LEVEL: MEDIUM Introduction This report identifies accessible Apache ActiveMQ servers on port 61616/TCP. ActiveMQ is a popular open source multi-pr...

IP data shared in our Accessible ActiveMQ reporting www.shadowserver.org/what-we-do/n...

For Dashboard viewing, select sources 'activemq' and 'cve-2026-34197'

ActiveMQ Security advisory: activemq.apache.org/security-adv...

Background with details from Horizon3.ai horizon3.ai/attack-resea...

14 hours ago 0 0 1 0
Post image

We are now scanning daily for CVE-2026-34197 (Apache ActiveMQ Improper Input Validation Vulnerability) which has recently been added to US CISA KEV.

6364 IPs seen vulnerable on 2026-04-19 based on a version check.

Dashboard Tree Map view:
dashboard.shadowserver.org/statistics/c...

14 hours ago 5 2 1 0

We added CVE-2026-35616 scans based on the vulnerability detector developed by Bishop Fox
bishopfox.com/blog/api-aut....

Over 60 IPs still assessed as vulnerable: dashboard.shadowserver.org/statistics/c...

Data shared daily in our Vulnerable HTTP reporting: shadowserver.org/what-we-do/n...

17 hours ago 6 3 0 0
Become a Partner | The Shadowserver Foundation Shadowserver doesn’t sell data or services. We’re a team of altruists, funded entirely by those who share our vision of a more secure Internet. Join us.

Become an Alliance Partner today: www.shadowserver.org/partner/

6 days ago 2 0 0 0
Post image

We’re excited to announce that the Canadian Centre for Cyber Security (CCCS) has increased its annual Shadowserver Alliance Partnership tier from Gold to Diamond! Thank you CCCS for your generous support and for being a valuable and trusted partner in making the Internet more secure.

6 days ago 9 3 1 0
Become a Partner | The Shadowserver Foundation Shadowserver doesn’t sell data or services. We’re a team of altruists, funded entirely by those who share our vision of a more secure Internet. Join us.

Become an Alliance Partner today: www.shadowserver.org/partner/

6 days ago 0 0 0 0

We have also added CVE-2026-2699 tagging to our scans, which now detect unpatched Progress ShareFile instances. 120 seen 2026-04-06
dashboard.shadowserver.org/statistics/c...

Tree Map view: dashboard.shadowserver.org/statistics/c...

IP data in Vulnerable HTTP: www.shadowserver.org/what-we-do/n...

1 week ago 6 3 0 0
PSIRT | FortiGuard Labs None

Patch info:
CVE-2026-35616 (0day reported by Defused Cyber): fortiguard.fortinet.com/psirt/FG-IR-...
CVE-2026-21643: fortiguard.fortinet.com/psirt/FG-IR-...

2 weeks ago 0 0 0 0
Advertisement
World map · IoT device statistics · The Shadowserver Foundation

World Map view: dashboard.shadowserver.org/statistics/i...

Raw IP data shared in our Device ID reporting www.shadowserver.org/what-we-do/n...
If you receive data from us on exposed instances, check for compromise & patch!

2 weeks ago 0 0 1 0
Post image

Heads up FortiClient EMS users! CVE-2026-35616 (new) & CVE-2026-21643 - both unauthenticated RCE observed to be exploited in the wild! We fingerprint about 2000 instances globally, see public Dashboard: dashboard.shadowserver.org/statistics/i...

Top affected: US & Germany

2 weeks ago 7 2 1 1
NVD - CVE-2026-2699

CVE-2026-2699 NVD entry: nvd.nist.gov/vuln/detail/...

CVE-2026-2701 NVD entry:
nvd.nist.gov/vuln/detail/...

#CyberCivilDefense

2 weeks ago 0 0 0 0
Security Vulnerability Fix For ShareFile Storage Zones Controller 5.x (February 2026) Critical Security – February 2026 – CVE-2026-2699 and CVE-2026-2701.The Progress ShareFile team recently confirmed critical security vulnerabilities in ShareFile Storage Zones Controller v5 version de...

Thank you to Validin for the collaboration!

Top affected: US, Germany

Note: we are just sharing the exposed population, there is no vulnerability assessment

Patch: docs.sharefile.com/en-us/storag...

Background: labs.watchtowr.com/youre-not-su...

2 weeks ago 0 0 1 0
INFO: Device Identification Report | The Shadowserver Foundation DESCRIPTION LAST UPDATED: 2023-12-06 DEFAULT SEVERITY LEVEL: INFO This report contains a list of devices we have identified in our daily Internet scans. The assessment is made based on all our Interne...

Raw IP data in Device ID reports, with device_vendor set to Progress & device_model to ShareFile: www.shadowserver.org/what-we-do/n...

Dashboard World Map view: dashboard.shadowserver.org/statistics/i...

Dashboard Tree Map view:
dashboard.shadowserver.org/statistics/i...

2 weeks ago 0 0 1 0
Post image

We added Progress ShareFile fingerprinting to our scans & reports with 784 unique IPs seen exposed on 2026-04-02.

watchTowr recently disclosed details behind an RCE CVE-2026-2699 & CVE-2026-2701 exploit chain affecting ShareFile. Make sure to apply the latest patch!

2 weeks ago 8 3 2 1

#CyberCivilDefense

2 weeks ago 1 0 0 0
NVD - CVE-2025-53521

Top affected: US, Japan

If you have APM running on your services/network make sure you are patched & review for any compromise

NVD entry: nvd.nist.gov/vuln/detail/...

2 weeks ago 1 0 1 0
Advertisement
INFO: Device Identification Report | The Shadowserver Foundation DESCRIPTION LAST UPDATED: 2023-12-06 DEFAULT SEVERITY LEVEL: INFO This report contains a list of devices we have identified in our daily Internet scans. The assessment is made based on all our Interne...

IP data is shared in our Device ID reporting www.shadowserver.org/what-we-do/n... with device_vendor set to 'F5', device_model set to 'BIG-IP APM'

Dashboard Tree Map view: dashboard.shadowserver.org/statistics/i...

Dashboard World Map view:
dashboard.shadowserver.org/statistics/i...

2 weeks ago 1 0 1 0
Post image Post image

F5 BIG-IP APM CVE-2025-53521 impact has recently been updated from a DoS to RCE (see: my.f5.com/manage/s/art...) & added to CISA KEV.

We are fingerprinting & sharing F5 BIG-IP APM instances - over 17.1K IPs seen on 2026-03-31 globally. This is just a population assessment.

2 weeks ago 9 2 1 0
Become a Partner | The Shadowserver Foundation Shadowserver doesn’t sell data or services. We’re a team of altruists, funded entirely by those who share our vision of a more secure Internet. Join us.

Become a Shadowserver Alliance partner today: www.shadowserver.org/partner/

2 weeks ago 1 0 0 0
Post image

We’re excited to welcome KPN to the Shadowserver Alliance as a bronze tier partner!

KPN is a leading telecommunications and IT provider in the Netherlands. www.kpn.com/algemeen/eng...

Together we will raise the bar on cybersecurity to make the Internet more secure.

2 weeks ago 6 2 1 0

IIS EOL tracker: dashboard.shadowserver.org/statistics/c...

4 weeks ago 2 1 0 0
Reducing the Attack Surface for End-of-Support Edge Devices | CISA

More on associated risks & on reducing attack surface from EOL devices from US CISA www.cisa.gov/resources-to...

MS IIS lifecycle: learn.microsoft.com/en-us/lifecy...

MS Extended Security Update program (ESU) learn.microsoft.com/en-us/lifecy...

#CyberCivilDefense

4 weeks ago 0 0 0 0
CRITICAL: Vulnerable HTTP Report | The Shadowserver Foundation DESCRIPTION LAST UPDATED: 2026-03-20 DEFAULT SEVERITY LEVEL: CRITICAL This report identifies hosts that have the Hypertext Transfer Protocol (HTTP) service running on some port that may have a vulnera...

Raw IP data shared in www.shadowserver.org/what-we-do/n... filtered by recipient network/constituency

Top affected: China & USA

EOL IIS Dashboard World Map view: dashboard.shadowserver.org/statistics/c...

EOS (beyond ESU) IIS Dashboard World Map view: dashboard.shadowserver.org/statistics/c...

4 weeks ago 0 0 1 0
Post image Post image

Over 511 000 End-of-Life Microsoft IIS instances seen in our daily scans, out of those over 227 000 instances that are beyond the official Microsoft Extended Security Updates (ESU) period. We now tag those 'eol-iis' and 'eos-iis' respectively in our Vulnerable HTTP reports.

4 weeks ago 13 6 1 1
Time series · General statistics · The Shadowserver Foundation

CVE-2026-20963 Dashboard Tracker: dashboard.shadowserver.org/statistics/c...

Dashboard Tree Map view: dashboard.shadowserver.org/statistics/c...

#CyberCivilDefense

1 month ago 0 0 0 0
CRITICAL: Vulnerable HTTP Report | The Shadowserver Foundation DESCRIPTION LAST UPDATED: 2026-03-20 DEFAULT SEVERITY LEVEL: CRITICAL This report identifies hosts that have the Hypertext Transfer Protocol (HTTP) service running on some port that may have a vulnera...

Vulnerable IPs (tagged 'cve-2026-20963') shared daily in our Vulnerable HTTP reporting: www.shadowserver.org/what-we-do/n...

CVE-2026-20963 is known exploited in the wild and on CISA KEV: www.cisa.gov/known-exploi...

Check for compromise.

Microsoft Advisory: msrc.microsoft.com/update-guide...

1 month ago 0 0 1 0
Advertisement
Post image

We added Microsoft SharePoint CVE-2026-20963 (post-auth deserialization RCE) to our scanning & daily feeds. 1109 IPs found running vulnerable instances worldwide (close to 1900 FQDNs) on 2026-03-19, with 510 IPs in the US.

Dashboard World Map: dashboard.shadowserver.org/statistics/c...

1 month ago 6 2 1 0
CRITICAL: Compromised Website Report | The Shadowserver Foundation This report is a list of all the websites we (or our collaborative partners) have been able to identify and verify to be compromised.

Compromised Website Report: www.shadowserver.org/what-we-do/n...

Dashboard World Map view of infected IPs:
dashboard.shadowserver.org/statistics/c...

Dashboard Tree Map view of infected IPs:
dashboard.shadowserver.org/statistics/c...

#CyberCivilDefense

1 month ago 1 0 0 0