Live · Global Threat Intelligence

Global Threat Monitor.

Real cyber-threats unfolding around the world right now — ransomware, phishing, malware, breaches and zero-day exploits. Click any threat to see what happened and exactly how to stay protected.

Last synced: Jul 16, 2026 · 5:05 AM GMT · 54 active advisories · auto-refreshing
54
Active Threats
9
Critical
20
High
25
Medium / Watch
// LIVE THREAT MAP — worldwide activity Critical High Medium STELNEX HQ
N. America · 8 S. America Europe · 5 Africa · 12 Ghana Russia · 6 Middle East · 12 India · 5 China · 6 Japan Australia
Sort:
Medium

Dutch police bust investment fraud ring stealing over €100 million

The Dutch Police announced the arrest of multiple individuals suspected of being part of an international investment fr…

◉ GlobalBleepingComputer · 7h ago
What happened & how to fix →
High

Forgotten Bootloaders Expose Secure Boot Blind Spot

Nearly a dozen vulnerable and now revoked UEFI shim bootloaders remained trusted for years, giving attackers a path to …

◉ GlobalDark Reading · 8h ago
What happened & how to fix →
High

Identity Attacks Overtake Exploits as Top Ransomware Cause

Email attacks overtook exploits as the top ransomware root cause last year. Multifactor authentication (MFA) was deploy…

◉ GlobalDark Reading · 9h ago
What happened & how to fix →
Critical

Zoom warns of critical account takeover vulnerability

Zoom is warning of a critical vulnerability in its desktop client and software development kit for Windows that could b…

◉ GlobalBleepingComputer · 9h ago
What happened & how to fix →
Medium

TuxBot v3 Evolution Shows Signs of LLM-Assisted IoT Botnet Development

Cybersecurity researchers have disclosed details of a previously unreported Internet-of-Things (IoT) botnet framework d…

◉ GlobalThe Hacker News · 10h ago
What happened & how to fix →
Medium

Google Gemini CLI abused as a hacking agent, malware botnet operator

A Russian-speaking threat actor known as "bandcampro" used Google's open-source Gemini CLI AI tool as a hacking agent a…

◉ RussiaBleepingComputer · 11h ago
What happened & how to fix →
Medium

Guten Tag, Bonjour, Hola to Our European Cyber Defenders!

We're thrilled to unveil the latest evolution of Dark Reading's DR Global section — your go-to source for region-specif…

◉ North AmericaDark Reading · 11h ago
What happened & how to fix →
Medium

Is 'Tech-xit' Imminent? UK Steps Up Sovereignty Push Amid AI Strife

The US government's restrictions on Anthropic and OpenAI frontier models have intensified calls in the UK and other cou…

◉ United StatesDark Reading · 12h ago
What happened & how to fix →
Medium

AsyncAPI npm packages infected with credential-stealing malware

Five malicious versions of AsyncAPI packages were published to the Node Package Manager (npm) in a supply-chain attack …

◉ GlobalBleepingComputer · 13h ago
What happened & how to fix →
Medium

OkoBot Malware Framework Injects Seed Phrase Phishing Into Ledger and Trezor Apps

A malware framework called OkoBot has been running on Windows machines since April 2025, and one of its modules is buil…

◉ GlobalThe Hacker News · 14h ago
What happened & how to fix →
High

Claude Flaw Automatically Sends Malicious Prompts to AI Agents

When combined with another exploit, the "PromptFiction" vulnerability, which has been fixed, could have enabled an end-…

◉ GlobalDark Reading · 14h ago
What happened & how to fix →
Critical

We built a vulnerability vending machine: AI tokens in, zero-days out

Intruder built an AI-powered "vulnerability vending machine" that combines code slicing with LLMs to automatically disc…

◉ GlobalBleepingComputer · 15h ago
What happened & how to fix →
Critical

Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws

Mozilla has released updates to address two critical flaws in Firefox for which it warned that exploit code has been pu…

◉ GlobalThe Hacker News · 16h ago
What happened & how to fix →
High

2-Click Cursor Exploit Enables Dev Environment Takeover

Simple age-old bugs give bad actors access to developers' secrets and source code-rich environments.

◉ GlobalDark Reading · 16h ago
What happened & how to fix →
High

Establishing a Coordinated Vulnerability Disclosure Program to Work With Security Researchers

Developed by CISA, the National Security Agency (NSA) and international partners, this joint guidance contains best pra…

◉ GlobalCISA Advisories · 17h ago
What happened & how to fix →
High

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of activ…

◉ GlobalCISA Advisories · 17h ago
What happened & how to fix →
Medium

SASE Has An AI Blind Spot. Inspecting Packets Is No Longer Enough.

For years, routing traffic through cloud proxies was good enough. Then work moved to the browser, AI entered the workfl…

◉ GlobalThe Hacker News · 17h ago
What happened & how to fix →
Critical

Researcher Drops New Windows Zero-Day PoC Hours After Microsoft Patch Tuesday

Security researcher Chaotic Eclipse (aka Nightmare-Eclipse) has released a new proof-of-concept (PoC) exploit called Le…

◉ GlobalThe Hacker News · 18h ago
What happened & how to fix →
Medium

New Webinar: Closing the Approval Gap in AI-Era Ad Tech

A single approved marketing tag can quietly load fourth-party code your security team has never seen, granting full acc…

◉ GlobalThe Hacker News · 18h ago
What happened & how to fix →
Medium

Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution

Open a repository in Cursor on Windows and, if a file named git.exe is sitting in the project root, Cursor runs it. No …

◉ GlobalThe Hacker News · 18h ago
What happened & how to fix →
Medium

OkoBot: new sophisticated malware framework targets cryptocurrency users

Kaspersky GReAT experts dissect the new OkoBot campaign targeting cryptocurrency users. This complex framework employs …

◉ GlobalSecurelist · 19h ago
What happened & how to fix →
Critical

CISA warns admins to patch actively exploited SharePoint flaws

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned Tuesday that attackers are actively exploiting …

◉ United StatesBleepingComputer · 19h ago
What happened & how to fix →
Medium

Compromised AsyncAPI npm Packages Deliver Multi-Stage Botnet Malware

Four compromised npm packages in the @asyncapi namespace have been observed distributing a multi-stage botnet loader, a…

◉ GlobalThe Hacker News · 20h ago
What happened & how to fix →
Medium

Microsoft: Some Dell PCs shut down after recent Windows updates

Microsoft is blocking this month's Windows 11 security updates on some Dell devices because they are causing shutdowns …

◉ GlobalBleepingComputer · 21h ago
What happened & how to fix →
Medium

Nigeria Deepens Cybersecurity Efforts as Cybercriminals See More Profits

The West African country advanced rules to force organizations to disclose cyberattacks, joining other nations in a shi…

◉ West AfricaDark Reading · 21h ago
What happened & how to fix →
High

US charges alleged operators of Russian bulletproof hosting service

U.S. federal prosecutors have unsealed charges against three Russian nationals, accusing them of providing bulletproof …

◉ United StatesBleepingComputer · 21h ago
What happened & how to fix →
Critical

Two SonicWall SMA 1000 Zero-Days Exploited, One Could Enable Admin Commands

SonicWall has warned of active exploitation of two zero-day vulnerabilities impacting Secure Mobile Access (SMA) 1000 s…

◉ GlobalThe Hacker News · 1d ago
What happened & how to fix →
Medium

Cribl Adds Agentic Detection Engineering & Boosts SecOps With CardinalOps Deal

CardinalOps will give Cribl customers the ability to map detection rules and security controls to the MITRE ATT&CK fram…

◉ GlobalDark Reading · 1d ago
What happened & how to fix →
Critical

Records Are Made to Be Broken: Patch Tuesday Raises Triage Stakes

Three of the 622 CVEs for which Microsoft issued patches this week are zero-days; there are more than 60 critical vulne…

◉ GlobalDark Reading · 1d ago
What happened & how to fix →
Critical

SonicWall warns of SMA1000 flaws exploited in zero-day attacks, patch now

SonicWall warns that threat actors have been exploiting two SMA1000 vulnerabilities, tracked as CVE-2026-15409 and CVE-…

◉ GlobalBleepingComputer · 1d ago
What happened & how to fix →
High

Microsoft Patches a Record 570 Security Flaws

Microsoft Corp. today released software updates to plug at least 570 security holes in its Windows operating systems an…

◉ GlobalKrebs on Security · 1d ago
What happened & how to fix →
High

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of acti…

◉ GlobalCISA Advisories · 1d ago
What happened & how to fix →
High

ABB Ability Edgenius

View CSAF Summary ABB is aware of public reports of a vulnerability CVE‑2026‑31431 (Copy Fail) in the product versions …

◉ GlobalCISA Advisories · 1d ago
What happened & how to fix →
High

ABB Advant Master Online Builder

View CSAF Summary ABB became aware of vulnerability in the products versions listed as affected in the advisory, where …

◉ GlobalCISA Advisories · 1d ago
What happened & how to fix →
High

ABB T-MAC Plus

View CSAF Summary ABB became aware of vulnerability in the products versions listed as affected in the advisory. An upd…

◉ GlobalCISA Advisories · 1d ago
What happened & how to fix →
High

CISA Urges SharePoint Hardening After New Exploitations

CISA is aware of active exploitation of vulnerabilities CVE-2026-32201, CVE-2026-45659, and CVE-2026-56164, enabling cy…

◉ GlobalCISA Advisories · 1d ago
What happened & how to fix →
High

Rockwell Automation 1715-AENTR EtherNet/IP Adapter

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to read or delete files, stop t…

◉ GlobalCISA Advisories · 1d ago
What happened & how to fix →
Medium

Lessons Learned from CISA’s Recent GitHub Leak

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a postmortem on a data leak in which a contracto…

◉ GlobalKrebs on Security · 2d ago
What happened & how to fix →
High

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active …

◉ GlobalCISA Advisories · 2d ago
What happened & how to fix →
Critical

Felons, Fraudsters Flog Offensive Cybersecurity Startup

A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software i…

◉ GlobalKrebs on Security · Jul 8, 2026
What happened & how to fix →
Medium

Threat landscape for industrial automation systems. Q1 2026

This report contains industrial threat statistics for Q1 2026, including industrial threat distribution by type, source…

◉ GlobalSecurelist · Jul 7, 2026
What happened & how to fix →
Medium

When checking the URL isn’t enough: a Device Code Phishing attack via a Microsoft website

The OAuth 2.0 Device Authorization Grant specification was designed to streamline authentication for Smart TVs, IoT dev…

◉ GlobalSecurelist · Jul 6, 2026
What happened & how to fix →
High

Armored Likho digging a snake pit: inside the covert BusySnake Stealer campaign

An inside look at the active Armored Likho APT campaign. The attackers are using spear-phishing, AI-generated loaders, …

◉ RussiaSecurelist · Jul 3, 2026
What happened & how to fix →
Medium

FBI Seizes NetNut Proxy Platform, Popa Botnet

The Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains asso…

◉ IsraelKrebs on Security · Jul 2, 2026
What happened & how to fix →
Medium

Missed incidents, persistent threats, and response gaps: Insights from compromise assessment projects

Kaspersky Compromise Assessment specialists analyze trends from the service's 2025 projects and provide tips on how to …

◉ GlobalSecurelist · Jul 2, 2026
What happened & how to fix →
Medium

The SOC Files: ScreenConnect masked as freeware. An inside look at a large-scale campaign

Kaspersky experts have uncovered a malicious network infrastructure for delivering AsyncRAT. The Trojan is dropped via …

◉ GlobalSecurelist · Jul 1, 2026
What happened & how to fix →
High

OpenClaw: risks for the users and how to mitigate them

Researching OpenClaw vulnerabilities, malicious skills, and other security issues with the popular agent, and providing…

◉ GlobalSecurelist · Jul 1, 2026
What happened & how to fix →
Medium

ToddyCat: your hidden email assistant. Part 2

An in-depth analysis of Umbrij, a new tool used by the ToddyCat APT group to compromise corporate email communications …

◉ GlobalSecurelist · Jun 30, 2026
What happened & how to fix →
High

The Gentlemen are knocking: сustom backdoors and evolving tactics

Kaspersky researchers analyze incidents related to The Gentlemen RaaS group, disclose their tools and TTPs, and find a …

◉ GlobalSecurelist · Jun 29, 2026
What happened & how to fix →
Medium

Scattered Spider Hackers Plead Guilty on Day 1 of Trial

Two men pleaded guilty in the United Kingdom this week to criminal charges stemming from an August 2024 cyberattack tha…

◉ United KingdomKrebs on Security · Jun 23, 2026
What happened & how to fix →
High

‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm

For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay…

◉ IsraelKrebs on Security · Jun 18, 2026
What happened & how to fix →
High

Who Runs the Ransomware Group ‘The Gentlemen?’

A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidl…

◉ GlobalKrebs on Security · Jun 10, 2026
What happened & how to fix →
Medium

A Record-Breaking Patch Tuesday for June 2026

Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and su…

◉ GlobalKrebs on Security · Jun 9, 2026
What happened & how to fix →
Medium

Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts

The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly def…

◉ United StatesKrebs on Security · Jun 1, 2026
What happened & how to fix →