Threats
Who is attacking, what they exploit, and how we know — 568 threat actors tracked, 159 CVEs attributed to the actors that exploit them.
Last updated: 04 July 2026 01:29 UTC
Act
In the newsadvisories, KEV adds, and SEC filings from the last 14 daysNewly attributedfresh CVE→actor attributions, evidence-linkedCVE→actor lookupwhich actors exploit a given CVEExplore
Threat actors568 tracked groups, filterable by sponsor and activityCompare actorsside-by-side TTPs, targets, and timelinesENISA Threat Landscapethe European view of the threat pictureEU vs NVD severitywhere European CSIRTs rate differentlyEUVD criticalswhat ENISA rates critical right nowAttributed CVEs (research)the raw CVE→actor attribution corpusSimilarity graphwho operates like whom, by technique and victim overlapCampaignsnamed operations mapped to actors and CVEsIncidentsmaterial breaches and intrusions, monthly cadenceIndustrial espionageIP-theft actors and their beneficiariesIn the news — advisories, KEV, filingslast 14 days
- CISA KEVMicrosoft SharePoint Server Deserialization of Untrusted Data VulnerabilityCVE-2026-45659Jul 1
- NCSCBuilding more resilient CNI: what industry pen testers told usJul 1
- CISA KEVSimpleHelp Authentication Bypass VulnerabilityCVE-2026-48558Jun 29
- CISA KEVPTC Windchill and FlexPLM Improper Input Validation VulnerabilityCVE-2026-12569Jun 25
- CISA KEVCisco Unified Communications Manager Server-Side Request Forgery (SSRF) VulnerabilityCVE-2026-20230Jun 25
- SEC 8-KRiver Financial Corp reports a material cybersecurity incident (Form 8-K)Jun 25
Newly attributed — CVE→actormost recent
- CVE-2022-29464attributed toClopJun 11
- CVE-2022-27924attributed toClopJun 11
- CVE-2022-26134attributed toClopJun 11
- CVE-2022-41082attributed toClopJun 11
- CVE-2022-47966attributed toClopJun 11
- CVE-2023-0669attributed toClopJun 11