2025-11-13
Proud to once again support our LE partners in Operation Endgame Season 3 — 86M stolen data items from 525K victim IPs across 226 countries included in our new Rhadamanthys Historic Bot Victims Special Report, run overnight 2025-11-12 — More details: — shadowserver.org/news/rhadama... …
BleepingComputer
Europol, Eurojust, and others dismantle 1,025 servers used by the Rhadamanthys infostealer, VenomRAT, and Elysium botnet, in the latest Operation Endgame phase
Law enforcement authorities from nine countries have taken down over 1,000 servers used by the Rhadamanthys infolstealer …
2025-07-21
Alert: SharePoint CVE-2025-53770 incidents! In collaboration with Eye Security & watchTowr we are notifying compromised parties. See: research.eye.security/sharepoint- u... ~9300 Sharepoint IPs seen exposed daily (population, no vulnerability assessment): dashboard.shadowserver.org/statistics/ i... …
Bloomberg
Microsoft releases a patch for a SharePoint 0-day RCE flaw exploited globally on thousands of on-prem servers and says SharePoint 2016 updates are in the works
Microsoft Corp. warned that hackers are actively targeting customers of its document management software SharePoint …
Alert: SharePoint CVE-2025-53770 incidents! In collaboration with @eyesecurity & @watchtowrcyber we are notifying compromised parties. Read: https://research.eye.security/ ... ~9300 Sharepoint IPs seen exposed daily (just population, no vulnerability assessment): https://dashboard.shadowserver.org/ ... [image]
Bloomberg
Microsoft releases a patch for a SharePoint 0-day RCE flaw exploited globally on thousands of on-prem servers and says SharePoint 2016 updates are in the works
Microsoft Corp. warned that hackers are actively targeting customers of its document management software SharePoint …
2024-06-27
Background on CVE-2024-5806: https://labs.watchtowr.com/... You can track Progress MOVEit Transfer exposed instances here: https://dashboard.shadowserver.org/ ... IP Data shared daily in https://www.shadowserver.org/ ... (please note this is a population count, not on a vulnerability assessment)
Ars Technica
Progress Software discloses a critical vulnerability in MOVEit's SFTP module; hackers exploited a similar flaw in MOVEit in 2023 to breach almost 1,800 networks
A similar flaw last year left 1,800 networks breached. Will the latest one be as potent? — A critical vulnerability …
Very shortly after vulnerability details were published today we started observing Progress MOVEit Transfer CVE-2024-5806 POST /guestaccess.aspx exploit attempts. If you run MOVEit & have not patched yet - please do so now: https://community.progress.com/ ... NVD: https://nvd.nist.gov/...
Ars Technica
Progress Software discloses a critical vulnerability in MOVEit's SFTP module; hackers exploited a similar flaw in MOVEit in 2023 to breach almost 1,800 networks
A similar flaw last year left 1,800 networks breached. Will the latest one be as potent? — A critical vulnerability …
2024-02-23
Using ScreenConnect? ConnectWise has released a security bulletin regarding critical vulnerabilities (incl. a CVSS 10 RCE): https://www.connectwise.com/ ... You can track accessible instances on our Dashboard: https://dashboard.shadowserver.org/ ... ~4300 accessible daily (no vulnerability assessment) [image]
TechCrunch
Researchers warn that hackers are exploiting ConnectWise's remote access tool via a flaw “embarrassingly easy” to exploit; ConnectWise has confirmed the attacks
~3800 vulnerable ConnectWise ScreenConnect instances (authentication bypass using an alternate path or channel (CVSS 10) & path traversal (CVSS 8.4)) https://www.connectwise.com/ ... IP data in: https://www.shadowserver.org/ ... ~93% instances of ScreenConnect seen on 2024-02-20 still vulnerable: [image]
TechCrunch
Researchers warn that hackers are exploiting ConnectWise's remote access tool via a flaw “embarrassingly easy” to exploit; ConnectWise has confirmed the attacks
2024-02-22
~3800 vulnerable ConnectWise ScreenConnect instances (authentication bypass using an alternate path or channel (CVSS 10) & path traversal (CVSS 8.4)) https://www.connectwise.com/ ... IP data in: https://www.shadowserver.org/ ... ~93% instances of ScreenConnect seen on 2024-02-20 still vulnerable: [image]
TechCrunch
Researchers warn that hackers are exploiting ConnectWise's remote access tool via a flaw “embarrassingly easy” to exploit; ConnectWise has confirmed the attacks
“I can't sugarcoat it — this shit is bad," said Huntress' CEO — Security experts are warning that a high-risk vulnerability …
Using ScreenConnect? ConnectWise has released a security bulletin regarding critical vulnerabilities (incl. a CVSS 10 RCE): https://www.connectwise.com/ ... You can track accessible instances on our Dashboard: https://dashboard.shadowserver.org/ ... ~4300 accessible daily (no vulnerability assessment) [image]
TechCrunch
Researchers warn that hackers are exploiting ConnectWise's remote access tool via a flaw “embarrassingly easy” to exploit; ConnectWise has confirmed the attacks
“I can't sugarcoat it — this shit is bad," said Huntress' CEO — Security experts are warning that a high-risk vulnerability …
2023-11-09
36 IPs seen last 24 hours testing for Atlassian Confluence CVE-2023-22518 critical RCE. POST requests to ‘/json/setup-restore.action’ & ‘/confluence/json/setup-restore.action’ endpoints & file upload based check. Make sure to check your Confluence instance and patch.
The Register
Atlassian raises the severity rating of a vulnerability in its Confluence Data Center and Server to maximum, and confirms the flaw is being actively exploited
Connor Jones / The Register :
2020-05-31
Thanks @lilyhnewman for @WIRED article on @TrendMicro & @internetsociety generously stepping up to help save our data center, continue our public benefit services and fight #cybercrime together. Awesome support and much appreciated! #CISO https://www.wired.com/... https://twitter.com/...
Wired
Internet security group Shadowserver receives $600K over 3 years from Trend Micro and a $400K donation from Internet Society, says it can now operate into 2021
Ten weeks ago, Shadowserver's main source of funding dried up. Now, it's back on level footing. Tweets: @internetsociety , @wired , and @shadowserver Tweets: @internetsociety : We...