2026-06-19 13:05 UTC
FortiBleed Fortinet compromised devices!
We shared a one-off "FortiBleed" dataset of compromised Fortinet devices in our Compromised Website Report https://www.shadowserver.org/what-we-do/network-reporting/compromised-website-report/ thanks to collaboration with SOCRadar! IP data tagged 'fortibleed' with timestamp set to 2026-06-18
Links
2026-05-01 14:21 UTC
Attention! cPanel/WHM CVE-2026-41940 attacks ongoing - at least 44K instances compromised
cPanel/WHM CVE-2026-41940 attacks are ongoing, with at least 44K IPs likely compromised & seen scanning our honeypots on 2026-04-30. 44K unique IP number is based on cPanel spike of devices seen scanning/running exploits/brute force attacks against our honeypot sensors.
Links
References
- https://x.com/Shadowserver/status/2050208472386396568
- https://bsky.app/profile/shadowserver.bsky.social/post/3mksb7b5qfc2u
- https://infosec.exchange/@shadowserver/116499627192882664
- https://www.linkedin.com/feed/update/urn:li:activity:7455976703832580096
- https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026
2026-04-06 11:47 UTC
FortiClient EMS CVE-2026-35616 (0day) & CVE-2026-21643 exploitation
Heads up FortiClient EMS users! CVE-2026-35616 (new) & CVE-2026-21643 - both unauthenticated RCE observed to be exploited in the wild! We see around 2000 publicly exposed IPs (note: this is a not a vulnerability assessment).