Open on infosec.exchange

The Shadowserver Foundation

@shadowserver@infosec.exchange

mastodon 4.6.0-alpha.7+glitch

Our mission is to make the Internet more secure by bringing to light vulnerabilities, malicious activity and emerging threats. Join our Alliance!

0 Followers

0 Following

Joined November 17, 2022

Web:

https://shadowserver.org

Dashboard:

https://dashboard.shadowserver.org

Reports:

https://www.shadowserver.org/what-we-do/network-reporting/get-reports/

Github:

https://github.com/The-Shadowserver-Foundation

Alliance:

https://www.shadowserver.org/partner/

Posts

Open post

The Shadowserver Foundation

@shadowserver@infosec.exchange

Our mission is to make the Internet more secure by bringing to light vulnerabilities, malicious activity and emerging threats. Join our Alliance!

infosec.exchange

The Shadowserver Foundation

@shadowserver@infosec.exchange

Our mission is to make the Internet more secure by bringing to light vulnerabilities, malicious activity and emerging threats. Join our Alliance!

infosec.exchange

@shadowserver@infosec.exchange · Mar 20, 2026

We added Microsoft SharePoint CVE-2026-20963 (post-auth deserialization RCE) to our scanning & daily feeds. 1109 IPs found running vulnerable instances worldwide (close to 1900 FQDNs) on 2026-03-19, with 510 IPs in the US.

Dashboard World Map: https://dashboard.shadowserver.org/statistics/combined/map/?date_range=1&map_type=std&source=http_vulnerable&source=http_vulnerable6&tag=cve-2026-20963%2B&data_set=count&scale=log&auto_update=on

Vulnerable IPs (tagged 'cve-2026-20963') shared daily in our Vulnerable HTTP reporting: https://www.shadowserver.org/what-we-do/network-reporting/vulnerable-http-report/

CVE-2026-20963 is known exploited in the wild and on US CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-20963

Check for compromise.

Microsoft Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20963

CVE-2026-20963 Dashboard Tracker: https://dashboard.shadowserver.org/statistics/combined/time-series/?date_range=7&source=http_vulnerable&source=http_vulnerable6&tag=cve-2026-20963%2B&dataset=unique_ips&limit=100&group_by=geo&stacking=stacked&auto_update=on

Dashboard Tree Map view: https://dashboard.shadowserver.org/statistics/combined/tree/?date_range=1&source=http_vulnerable&source=http_vulnerable6&tag=cve-2026-20963%2B&data_set=count&scale=log&auto_update=on

#CyberCivilDefense

View on infosec.exchange

dashboard.shadowserver.org

World map · General statistics · The Shadowserver Foundation

Open post

The Shadowserver Foundation

@shadowserver@infosec.exchange

Our mission is to make the Internet more secure by bringing to light vulnerabilities, malicious activity and emerging threats. Join our Alliance!

infosec.exchange

The Shadowserver Foundation

@shadowserver@infosec.exchange

Our mission is to make the Internet more secure by bringing to light vulnerabilities, malicious activity and emerging threats. Join our Alliance!

infosec.exchange

@shadowserver@infosec.exchange · Mar 04, 2025

We started scanning for IoT devices compromised by the Eleven11bot DDoS botnet, with ~86.4K discovered on 2025-03-03. IP data is shared daily in our Compromised IoT report https://www.shadowserver.org/what-we-do/network-reporting/compromised-iot-report/

Top affected: US (24.7K), UK (10.8K).

Dashboard map view: https://dashboard.shadowserver.org/statistics/combined/map/?map_type=std&day=2025-03-03&source=compromised_iot&tag=eleven11bot%2B&geo=all&data_set=count&scale=log

For background, please see Nokia Deepfield Emergency Response Team (ERT) @deepfield@infosec.exchange announcement: @deepfield@infosec.exchange

Dashboard breakdown by US state:

https://dashboard.shadowserver.org/statistics/combined/map/region/?map_type=std&day=2025-03-03&source=compromised_iot&geo=US&scale=log

View on infosec.exchange

www.shadowserver.org

CRITICAL: Compromised IoT Report | The Shadowserver Foundation

DESCRIPTION LAST UPDATED: 2025-03-11 DEFAULT SEVERITY LEVEL: CRITICAL This report aggregates information about compromised IoT devices detected through other means than HTTP-based scan detection. It c

The Shadowserver Foundation

Posts

World map · General statistics · The Shadowserver Foundation

CRITICAL: Compromised IoT Report | The Shadowserver Foundation

Media