The Shadowserver Foundation

We are scanning & reporting out VMware ESXi CVE-2025-22224 vulnerable instances ("a malicious actor with local admin privileges on a virtual machine may exploit this to execute code as virtual machine's VMX process running on host"). Nearly 41.5K found vulnerable on 2025-03-04. IP data shared in our Vulnerable HTTP report, tagged 'cve-2025-22224': https://lnkd.in/dX7Afu4a Dashboard tree map breakdown: https://lnkd.in/dhPUH5YH Track patching progress here: https://lnkd.in/dWik6Cxs This vulnerability is known to be exploited in the wild and on the US Cybersecurity and Infrastructure Security Agency list: https://lnkd.in/gRGpREQS Patch info from Broadcom: https://lnkd.in/dCYyq_Qs #cybersecurity #vmware #attacksurface #vulnerabilitymanagement #assetmanagement #riskmanagement #shadowserver #CyberCivilDefense

Attention! We started scanning for IoT devices compromised by the Eleven11bot DDoS botnet, with ~86.4K discovered on 2025-03-03. IP data is shared daily in our Compromised IoT report https://lnkd.in/dMxUgJjc Top affected: US (24.7K), UK (10.8K). Dashboard map view: https://lnkd.in/dh2sfXfV For background, please see Nokia Deepfield Emergency Response Team (ERT) announcement: https://lnkd.in/dpKWkweu Dashboard breakdown by US state: https://lnkd.in/d8qKFNmk #cybersecurity #botnet #ddos #malware #iot #iotsecurity #threatintelligence #situationalawareness #shadowserver #CyberCivilDefense

We are scanning for & reporting Nakivo Backup & Replication CVE-2024-48248 (arbitrary file read) vulnerable instances in our Vulnerable HTTP report: https://lnkd.in/dX7Afu4a. ~208 vulnerable instances seen 2025-02-26 Dashboard map view of vulnerable instances: https://lnkd.in/dpB7hrSP Data is tagged 'vulnerable-nakivo-backup' since 2025-02-13 thanks to watchTowr. We have also added the 'cve-2024-48248' tag as well starting today. These kind of products have historically been targeted by ransomware operators. If you run Nakivo, make sure to update your instance to the latest version! (vulnerability was silently patched 2024-11-04). For an in-depth analysis of the vulnerability, please read the watchTowr blog at https://lnkd.in/esdzVTGv #cybersecurity #vulnerabilitymanagement #riskmanagement #situationalwareness #threatintelligence #attacksurface #shadowserver #CyberCivilDefense

Delighted to attend the Cybersecurity Conference for the Banking & Telecommunications sectors in Nkopola, Malawi and have the opportunity to promote the work of The Shadowserver Foundation to stakeholders in Malawi & the region. https://lnkd.in/dtYRTmpB Thanks to: FIRST Foreign, Commonwealth and Development Office Enovise Group® MACRA and mwCERT and the new Zimbabwe CERT #AfricaCyber

We started scanning & reporting out Ivanti Connect Secure CVE-2025-22467 vulnerable (unpatched) instances in our daily feeds. ~2850 IP seen unpatched worldwide in our daily scans. Top affected: US (852) & Japan (384) Dashboard world map view: https://lnkd.in/djHK3A9q CVE-2025-22467 is stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution. This is a version based check. See advisory from Ivanti on this & other vulns: https://lnkd.in/dW9awCND We share IP level data on CVE-2025-22467 in our Vulnerable HTTP report for your network/constituency: https://lnkd.in/dX7Afu4a Not receiving our free daily feeds? Subscribe here: https://lnkd.in/eNcqy6h #cybersecurity #vulnerabilitymanagement #riskmanagement #attacksurface #RCE #situationalwareness #threatintelligence #shadowserver #CyberCivilDefense

The Shadowserver Foundation recently posted the 2024 "Year in Review". This is the first time Shadowserver has captured and summarized the full year of accomplishments. It's a great report and hard to believe all that was delivered in the year - I recommend a read! I also recommend following to keep an eye out for more news in the future. A big thank you to Craig Newmark for his continuing and excellent support of improving the state of cybersecurity for the world! I encourage everyone to follow Craig's lead and contribute to Shadowserver's mission of making the Internet more secure. Shadowserver continues to make the Internet more secure on an annual spend of $5million. Imagine what it could do with more. Link: https://lnkd.in/gzPtQgjh Some key highlights: 1) Major Cybersecurity Activities: Vulnerability Detection: * Jenkins instances: 45,000 vulnerable systems (CVE-2024-23897) * Fortinet FortiOS: 87,390 vulnerable devices (CVE-2024-23113) * VMware ESXi: 20,275 potentially vulnerable hypervisors * Discovered zero-day exploit in GeoVision devices (CVE-2024-11120) 2) Law Enforcement Operations: * Operation Dying Ember: Disrupted GRU's Moobot malware botnet * Operation PhishOFF: Shut down LabHost phishing platform, 37 arrests * Operation Tunnel Rat: Dismantled world's largest botnet (911 S5) with 19M+ IPs * Operation Endgame: Largest operation against loader/dropper botnets * Operation MORPHEUS: Targeted illicit Cobalt Strike software used in attacks 3) Global Capacity Building: * Extended UK FCDO partnership through 2027 * Added 69 new languages to public Dashboard * Launched new projects in Africa, Indo-Pacific, and Middle East * Received £1 million pledge from UK government * Partnered on NGO cybersecurity resilience project

Thank you to EU Institute for Security Studies for inviting me to participate in a panel discussion earlier this week at the United Nations Open-Ended Working Group #OEWG on Information and Communications Technologies. I highlighted the work of The Shadowserver Foundation, one of the many great nonprofit cybersecurity organizations that make up Common Good Cyber, as part of a larger discussion on Cybersecurity for the Common Good: Strengthening Nonprofits Engagement in a Permanent UN Mechanism on ICT Security, alongside panelists Kayle Giroud (Global Cyber Alliance, Common Good Cyber), Catalina Vera Toro (Ministerio de Relaciones Exteriores de Chile), Christina Rupp (interface (formerly SNV)), and moderator Fee-Marie von der Brelie (EU Institute for Security Studies).

We are excited to collaborate with WACREN and Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH on our joint project to strengthen the cyber resilience, situational awareness and incident response of the West African research & education sector!

We are excited to publish our 2024 Highlights of the Year in Review, covering improvements to public benefit services, response to emerging threats/vulnerabilities, reporting to nCSIRTs & system defenders globally, Law Enforcement cybercrime disruption support & cyber capacity building efforts worldwide Read the 2024 Review at: https://lnkd.in/dqxUAkFm We would like to take this opportunity to thank all of our supporters, particularly the United Kingdom’s Foreign, Commonwealth and Development Office Craig Newmark, all of our Shadowserver Alliance partners and all other donors & sponsors. Become an Alliance partner today: https://lnkd.in/evvmgePm #cybersecurity #cybercrime #malware #ransomware #botnets #threatintelligence #disruption #vulnerabilitymanagement #CVE #KEV #cybercapacitybuilding #collaboration #shadowserver #CyberCivilDefense

About a year ago, I set out to partner with The Shadowserver Foundation to strengthen our local digital forensic incident response program at the Buffalo Field Office. The Shadowserver Foundation is a non-profit organization dedicated to making the internet more secure by identifying vulnerabilities, malicious activity, and emerging threats. I worked closely with Stewart Garrick and his team to identify critical alerts relevant to our area of responsibility. My focus was on vulnerabilities listed in CISA’s Known Exploited Vulnerabilities catalog and those known to be targeted by ransomware. Being able to reach out and provide this information to businesses has been rewarding. The feedback has been positive, with vulnerabilities mitigated almost immediately. Ransomware can be devastating to a business. During this operation I have seen firsthand how some attacks could have been prevented if victims had better access to actionable intelligence and deeper network insights. Unfortunately, these vulnerabilities often affect small and medium-sized businesses that lack the resources available to critical infrastructure and larger enterprises. Special thanks to the New York State Intelligence Center CAU, New York State Division of Homeland Security & Emergency Services, and CISA, who have all provided assistance with this project over the past year. I’m looking forward to continuing this collaboration in 2025 to further enhance cybersecurity across the state. #Shadowserver