2025-03-27 18:26 UTC
Detecting exposed Ingress NGINX Controller for Kubernetes (Admission Controller feature)
We are scanning & reporting out exposed Ingress NGINX Controller for Kubernetes (Admission Controller feature). These may possibly be also vulnerable to CVE-2025-1974 & other recently disclosed vulnerabilities. Patch info: https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974/
2025-02-12 19:12 UTC
Massive Palo Alto GlobalProtect & Ivanti Connect Secure Brute Force Login Attacks
Since the second half of January 2025 we are seeing a large scale brute force botnet attack against Palo Alto GlobalProtect and Ivanti Connect Secure instances. Up to 2.8M unique IPs seen attacking on 2025-01-27 (~1M from Brazil)
Links
2025-01-20 20:06 UTC
Fortinet CVE-2024-55591 scanning results
We are sharing daily results of Fortinet CVE-2024-55591 (auth bypass) vulnerable instances in our Vulnerable HTTP report - https://shadowserver.org/what-we-do/network-reporting/vulnerable-http-report/
References
2025-01-13 11:45 UTC
Ivanti Connect Secure CVE-2025-0282 vulnerability scanning results
On January 10th, 2025, we have started reporting unpatched Ivanti Connect Secure instances likely vulnerable to the new known to be exploited in the wild CVE-2025-0282.
References
- https://bsky.app/profile/shadowserver.bsky.social/post/3lfes4x4ew22v
- https://x.com/Shadowserver/status/1877635751984111870
- https://infosec.exchange/@shadowserver/113803168454472005
- https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283?language=en_US