Threat Landscape

Real-time data from CISA and NIST demonstrates why continuous information security is not optional — it is a necessity.

Global threat activity

Real-time data from multiple open threat databases shows where cyber attacks originate and how they target European countries.

Attack traffic (SANS)

Malware C2 (ThreatFox)

Blocklist (Blocklist.de)

Malware distribution (URLhaus)

Compromised (ET)

Known threats (CI Army)

European targets

Threat source summary

Aggregated statistics from the six threat databases visualised on the map.

Threat sources – geographic spread

Attack traffic (SANS)

818,559,046 indicators · 30 countries

Blocklist (Blocklist.de)

93 indicators · 25 countries

Known threats (CI Army)

99 indicators · 25 countries

Compromised (ET)

100 indicators · 22 countries

Malware C2 (ThreatFox)

100 indicators · 19 countries

Malware distribution (URLhaus)

100 indicators · 15 countries

Top 5 source countries

1United States

256,426,924

2Netherlands

75,751,651

3Turkey

61,995,411

4Bulgaria

50,011,009

5Ukraine

46,075,535

Total indicator count aggregated across all sources.

1,602

Actively exploited vulnerabilities

New in the last 30 days

965

New CVEs in the last 7 days

Critical (CVSS 9.0+)

High (CVSS 7.0–8.9)

Vendors with active remediation deadlines

Microsoft 7 active vulnerabilities

Drupal 1 active vulnerabilities

Langflow 1 active vulnerabilities

Trend Micro 1 active vulnerabilities

Adobe 1 active vulnerabilities

Ransomware share

20%

Ransomware-linked

Unknown link

323 / 1,602

Critical CVEs in the last 7 days

The five most severe new vulnerabilities with a CVSS score of 9.0 or higher.

9.3

CVE-2026-4320

18 May 2026

Authorization Bypass vulnerability in Creartia's ICMS software could allow an attacker to gain unauthorized access to protected features by manipulating the HTTP redirect headers of the login proce...

Critical

9.8

CVE-2026-7301

18 May 2026

SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads() on incoming messages, enabling RCE when exposed to the inte...

Critical

9.1

CVE-2026-7302

18 May 2026

SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, b...

Critical

9.8

CVE-2026-7304

18 May 2026

SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads() wi...

Critical

9.1

CVE-2026-41947

18 May 2026

Dify version 1.14.1 and prior contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant o...

Critical

Latest exploited vulnerabilities

CVE ID	Vendor	Product	Date added	Ransomware
CVE-2026-9082	Drupal	Core	22 May 2026	Unknown
CVE-2025-34291	Langflow	Langflow	21 May 2026	Unknown
CVE-2026-34926	Trend Micro	Apex One	21 May 2026	Unknown
CVE-2008-4250	Microsoft	Windows	20 May 2026	Unknown
CVE-2009-1537	Microsoft	DirectX	20 May 2026	Unknown
CVE-2009-3459	Adobe	Acrobat and Reader	20 May 2026	Unknown
CVE-2010-0249	Microsoft	Internet Explorer	20 May 2026	Unknown
CVE-2010-0806	Microsoft	Internet Explorer	20 May 2026	Unknown
CVE-2026-41091	Microsoft	Defender	20 May 2026	Unknown
CVE-2026-45498	Microsoft	Defender	20 May 2026	Unknown

CVE-2026-9082 Unknown

Drupal

Core

22 May 2026

CVE-2025-34291 Unknown

Langflow

21 May 2026

CVE-2026-34926 Unknown

Trend Micro

Apex One

21 May 2026

CVE-2008-4250 Unknown

Microsoft

Windows

20 May 2026

CVE-2009-1537 Unknown

Microsoft

DirectX

20 May 2026

CVE-2009-3459 Unknown

Adobe

Acrobat and Reader

20 May 2026

CVE-2010-0249 Unknown

Microsoft

Internet Explorer

20 May 2026

CVE-2010-0806 Unknown

Microsoft

Internet Explorer

20 May 2026

CVE-2026-41091 Unknown

Microsoft

Defender

20 May 2026

CVE-2026-45498 Unknown

Microsoft

Defender

20 May 2026

Why it matters

The threat landscape changes daily

The data above comes directly from the US agencies CISA and NIST. It clearly shows that new threats and vulnerabilities are discovered continuously — and that attackers are actively exploiting them.

New vulnerabilities every day

Hundreds of new CVEs are published every week. Without systematic monitoring, you risk missing critical updates.

Ransomware-linked threats are growing

A significant share of actively exploited vulnerabilities have known links to ransomware campaigns.

Regulatory requirements are tightening

NIS2 and the Cybersecurity Act require organisations to work continuously on risk management and incident preparedness.

Source: CISA Known Exploited Vulnerabilities Source: NIST National Vulnerability Database Source: SANS ISC Source: ThreatFox (abuse.ch) Source: Blocklist.de Source: URLhaus (abuse.ch) Source: Emerging Threats Source: CI Army

Last updated: 25 May 2026

Ready to strengthen your cybersecurity?

Book a free meeting and we will discuss how we can help your organisation meet the new requirements.

Book a meeting