Threat Landscape

Real-time data from CISA and NIST demonstrates why continuous information security is not optional — it is a necessity.

Global threat activity

Real-time data from multiple open threat databases shows where cyber attacks originate and how they target European countries.

Attack traffic (SANS)
Malware C2 (ThreatFox)
Blocklist (Blocklist.de)
Malware distribution (URLhaus)
Compromised (ET)
Known threats (CI Army)
European targets

Threat source summary

Aggregated statistics from the six threat databases visualised on the map.

Threat sources – geographic spread

Attack traffic (SANS)
822,194,239 indicators · 30 countries
Blocklist (Blocklist.de)
86 indicators · 25 countries
Known threats (CI Army)
100 indicators · 24 countries
Malware distribution (URLhaus)
100 indicators · 19 countries
Malware C2 (ThreatFox)
100 indicators · 18 countries
Compromised (ET)
100 indicators · 13 countries

Top 5 source countries

1United States
258,480,806
2Netherlands
92,224,977
3Bulgaria
87,598,773
4France
46,523,838
5Canada
39,119,710

Total indicator count aggregated across all sources.

1,635

Actively exploited vulnerabilities

21

New in the last 30 days

1,311

New CVEs in the last 7 days

9

Critical (CVSS 9.0+)

56

High (CVSS 7.0–8.9)

Vendors with active remediation deadlines

JoomShaper 1 active vulnerabilities
Langflow 1 active vulnerabilities
Joomlack 1 active vulnerabilities
Adobe 1 active vulnerabilities

Ransomware share

20%
Ransomware-linked
Unknown link

329 / 1,635

Critical CVEs in the last 7 days

The five most severe new vulnerabilities with a CVSS score of 9.0 or higher.

9.9
CVE-2026-27419

2 Jul 2026

Subscriber Arbitrary File Upload in Zegen <= 1.1.9 versions.

Critical
9.1
CVE-2026-27436

2 Jul 2026

Editor Arbitrary Code Execution in Five Star Business Profile and Schema <= 2.3.19 versions.

Critical
9.8
CVE-2026-57621

2 Jul 2026

Unauthenticated PHP Object Injection in Booktics <= 1.0.21 versions.

Critical
9.0
CVE-2026-57623

2 Jul 2026

Unauthenticated Arbitrary Code Execution in W3 Total Cache <= 2.9.4 versions.

Critical
10.0
CVE-2026-57624

2 Jul 2026

Unauthenticated Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.46 versions.

Critical

Latest exploited vulnerabilities

CVE-2026-48908 Unknown

JoomShaper

SP Page Builder

7 Jul 2026

CVE-2026-55255 Unknown

Langflow

Langflow

7 Jul 2026

CVE-2026-56290 Unknown

Joomlack

Page Builder

7 Jul 2026

CVE-2026-48282 Unknown

Adobe

ColdFusion

7 Jul 2026

CVE-2026-45659 Unknown

Microsoft

SharePoint Server

1 Jul 2026

CVE-2026-48558 Unknown

SimpleHelp

SimpleHelp

29 Jun 2026

CVE-2026-12569 Unknown

PTC

Windchill and FlexPLM

25 Jun 2026

CVE-2026-20230 Unknown

Cisco

Unified Communications Manager

25 Jun 2026

CVE-2025-67038 Unknown

Lantronix

EDS5000

23 Jun 2026

CVE-2026-34910 Unknown

Ubiquiti

UniFi OS

23 Jun 2026

Why it matters

The threat landscape changes daily

The data above comes directly from the US agencies CISA and NIST. It clearly shows that new threats and vulnerabilities are discovered continuously — and that attackers are actively exploiting them.

New vulnerabilities every day

Hundreds of new CVEs are published every week. Without systematic monitoring, you risk missing critical updates.

Ransomware-linked threats are growing

A significant share of actively exploited vulnerabilities have known links to ransomware campaigns.

Regulatory requirements are tightening

NIS2 and the Cybersecurity Act require organisations to work continuously on risk management and incident preparedness.

Source: CISA Known Exploited Vulnerabilities Source: NIST National Vulnerability Database Source: SANS ISC Source: ThreatFox (abuse.ch) Source: Blocklist.de Source: URLhaus (abuse.ch) Source: Emerging Threats Source: CI Army
Last updated: 9 Jul 2026

Ready to strengthen your cybersecurity?

Book a free meeting and we will discuss how we can help your organisation meet the new requirements.

Book a meeting