2026-04-06 11:47 UTC
FortiClient EMS CVE-2026-35616 (0day) & CVE-2026-21643 exploitation
Heads up FortiClient EMS users! CVE-2026-35616 (new) & CVE-2026-21643 - both unauthenticated RCE observed to be exploited in the wild! We see around 2000 publicly exposed IPs (note: this is a not a vulnerability assessment).
Links
2026-04-01 13:41 UTC
Now scanning/reporting F5 BIG-IP APM instances (Over 17.1K seen)
F5 BIG-IP APM CVE-2025-53521 impact has recently been updated from a DoS to RCE & added to US CISA KEV. We are now fingerprinting & sharing F5 BIG-IP APM instances - over 17.1K IPs seen on 2026-03-31 globally. This is just a population assessment.
References
- https://x.com/Shadowserver/status/2039330895270715500
- https://bsky.app/profile/shadowserver.bsky.social/post/3migrp4lkjs2u
- https://infosec.exchange/@shadowserver/116329649566841580
- https://www.linkedin.com/feed/update/urn:li:activity:7445099309764726785
- https://my.f5.com/manage/s/article/K000156741
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-53521
2026-03-23 11:40 UTC
Over 511 000 End-of-Life Microsoft IIS instances seen in our daily scans, out of those over 227 000 instances that are beyond the official Microsoft Extended Security Updates (ESU) period
Over 511 000 End-of-Life Microsoft IIS instances seen in our daily scans, out of those over 227 000 instances that are beyond the official Microsoft Extended Security Updates (ESU) period. We now tag those 'eol-iis' and 'eos-iis' respectively in our Vulnerable HTTP reports. Top countries running outdated IIS instances: China & USA
References
- https://x.com/Shadowserver/status/2036017138750861391
- https://infosec.exchange/@shadowserver/116277884431680440
- https://bsky.app/profile/shadowserver.bsky.social/post/3mhprwqd2xs26
- https://www.linkedin.com/feed/update/urn:li:activity:7441785045998174208
- https://cisa.gov/resources-tools/resources/reducing-attack-surface-end-support-edge-devices