@Shadowserver profile picture
The Shadowserver Foundation @Shadowserver

Our mission is to make the Internet more secure by bringing to light vulnerabilities, malicious activity and emerging threats. Join our Alliance!

Joined March 2009
  • Tweets 2,353
  • Following 0
  • Followers 21,796
608 Photos and videos
Pinned Tweet
The Shadowserver Foundation@Shadowserver
13 Dec 2025
Using ELK & interested in automating ingestion of our threat intel for your network/constituency via our API? We have introduced an ECS logging script for our intelligence reports. This script uses Redis to queue events for Logstash. Check it out at github.com/The-Shadowserver-…
1
11
53
11,736
Happy to once again support LE partners in disruption of the AudiA6 service, allegedly responsible for $389 million USD in cryptocurrency money laundering: justice.gov/usao-edpa/pr/two… secretservice.gov/newsroom/r… europol.europa.eu/media-pres…
2
6
887
Heads up! New report going out daily: the Initial Access Broker Report shadowserver.org/what-we-do/… on compromised hosts likely under control of IABs Data thanks to collaboration with anonymous researchers & @spycloudco - thank you! Check your free daily reports from us!
12
24
3,560
We are observing a large amount of Ivanti Sentry CVE-2026-10520 exploitation attempts based on the public PoC today. We see 19 vulnerable instances in our own scans, with at least 2 backdoored (thanks to @NCA_KSA for the tip!). However, all remaining likely compromised too.
2
13
22
3,862
more replies
Compromised IP data shared in our Compromised Website reporting tagged as 'ivanti-sentry,injected-code,backdoor'. See: shadowserver.org/what-we-do/… Advisory/patch: hub.ivanti.com/s/article/Sec…

1
1
1
907
Map has a typo in the date, should of course be 2026-06-10
1
1
570
Shadowserver is excited to share its cybersecurity insights and actionable recommendations in a report aimed at helping ECOWAS stakeholders make West Africa more secure! Read the report & accompanying fact sheets in English, French & Portuguese at shadowserver.org/news/shadow…
1
4
5
1,522
Direct links (full report) - English: shadowserver.org/wp-content/… French: shadowserver.org/wp-content/… Portuguese: shadowserver.org/wp-content/… Direct links (fact sheet) - English: shadowserver.org/wp-content/… French: shadowserver.org/wp-content/… Portuguese: shadowserver.org/wp-content/…
3
790
We added scanning of Automatic Tank Gauge (ATG) systems to our Accessible ICS reporting with 1061 IPs seen on 2026-06-05 (on port 10001/tcp). This is after weeding out vast majority which appear to be honeypots (including ports 8001/9001). Vast majority exposed are in the US.
1
4
13
2,097
IP data in shadowserver.org/what-we-do/… (tagged 'atg') Dashboard World Map view: dashboard.shadowserver.org/s… These should not be publicly exposed - read why at cisa.gov/resources-tools/res… from @CISACyber

1
1
2
704
See also: bitsight.com/blog/critical-v…

Critical Vulnerabilities Discovered in Automated Tank Gauge Systems | Bitsight

Recent investigation by Bitsight TRACE has discovered multiple critical 0-day vulnerabilities across six ATG systems from five different vendors.

bitsight.com
2
2
526
Very happy to support @CrowdStrike and @Google in disruption of the Glassworm botnet, which features 4x C2 channels, and targets developers via open-source supply chains: crowdstrike.com/en-us/blog/i…
1
5
20
2,555
more replies
Daily aggregated country level statistics available via our public Dashboard: Graph dashboard.shadowserver.org/s… Heatmap dashboard.shadowserver.org/s… Worldmap dashboard.shadowserver.org/s…

1
974
Check your network logs and endpoint telemetry for connections to benign "lighthouse" IP address 164.92.88[.]210 - any activity suggests Glassworm infections, which require immediate remediation
1
359
We published a "Shadowserver-in-a-box" platform based on IntelMQ ELK that can ingest, process and visualize our threat/vulnerability/victim data feeds. Available as a VM or Docker image for free download. Use it for training or in production! github.com/The-Shadowserver-…
2
28
89
9,263
more replies
Development was supported by the cyber capacity building project under the ECOWAS-G7 partnership for cybersecurity, the “Joint Platform for Advancing Cyber Security” (JPAC) in West Africa. @ecowas_cedeao @G7 @EU_Commission @GermanyDiplo @giz_gmbh
1
2
877
The project was launched by the ECOWAS Commission in collaboration with Germany’s G7 presidency in 2022, commissioned by the German Federal Foreign Office & the European Union Commission in 2023 & implemented by Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH.
2
566
We are scanning & reporting daily Wazuh CVE-2026-30893 (CVSS 9.9) vulnerable instances, with over 3500 IPs seen unpatched on 2026-05-10. See advisory & update to latest version: github.com/wazuh/wazuh/secur… ... Worth keeping your security platforms up to date!
2
10
36
6,091
IP data for your network/constituency shared in Vulnerable HTTP reporting, tagged 'cve-2026-30893: shadowserver.org/what-we-do/… Public Dashboard tree map view: dashboard.shadowserver.org/s… NVD entry: nvd.nist.gov/vuln/detail/CVE… #CyberCivilDefense
1
943
Load more