Threat Landscape

Real-time data from CISA and NIST demonstrates why continuous information security is not optional — it is a necessity.

Global threat activity

Real-time data from multiple open threat databases shows where cyber attacks originate and how they target European countries.

Attack traffic (SANS)
Malware C2 (ThreatFox)
Blocklist (Blocklist.de)
Malware distribution (URLhaus)
Compromised (ET)
Known threats (CI Army)
European targets

Threat source summary

Aggregated statistics from the six threat databases visualised on the map.

Reports by source

Attack traffic (SANS)
660,096,525reports · 30countries
Malware distribution (URLhaus)
100reports · 17countries
Compromised (ET)
100reports · 20countries
Known threats (CI Army)
98reports · 25countries
Blocklist (Blocklist.de)
94reports · 25countries
Malware C2 (ThreatFox)
91reports · 25countries

Top 5 source countries

1United States
200,318,561
2Netherlands
61,504,999
3Bulgaria
54,582,095
4Germany
49,187,879
5Brazil
36,804,826

Total report count aggregated across all sources.

0

Actively exploited vulnerabilities

0

New in the last 30 days

1,367

New CVEs in the last 7 days

6

Critical (CVSS 9.0+)

27

High (CVSS 7.0–8.9)

Most affected vendors

Ransomware share

0%
Ransomware-linked
Unknown link

0 / 0

Critical CVEs in the last 7 days

The five most severe new vulnerabilities with a CVSS score of 9.0 or higher.

9.3
CVE-2026-26220

17 Feb 2026

LightLLM version 1.1.0 and prior contain an unauthenticated remote code execution vulnerability in PD (prefill-decode) disaggregation mode. The PD master node exposes WebSocket endpoints that recei...

Critical
9.4
CVE-2026-22208

17 Feb 2026

OpenS100 (the reference implementation S-100 viewer) prior to commit 753cf29 contain a remote code execution vulnerability via an unrestricted Lua interpreter. The Portrayal Engine initializes Lua ...

Critical
9.9
CVE-2025-70830

17 Feb 2026

A Server-Side Template Injection (SSTI) vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemark...

Critical
9.3
CVE-2026-23647

17 Feb 2026

Glory RBG-100 recycler systems using the ISPK-08 software component contain hard-coded operating system credentials that allow remote authentication to the underlying Linux system. Multiple local u...

Critical
10.0
CVE-2026-22769

17 Feb 2026

Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge...

Critical

Latest exploited vulnerabilities

Why it matters

The threat landscape changes daily

The data above comes directly from the US agencies CISA and NIST. It clearly shows that new threats and vulnerabilities are discovered continuously — and that attackers are actively exploiting them.

New vulnerabilities every day

Hundreds of new CVEs are published every week. Without systematic monitoring, you risk missing critical updates.

Ransomware-linked threats are growing

A significant share of actively exploited vulnerabilities have known links to ransomware campaigns.

Regulatory requirements are tightening

NIS2 and the Cybersecurity Act require organisations to work continuously on risk management and incident preparedness.

Source: CISA Known Exploited Vulnerabilities Source: NIST National Vulnerability Database Source: SANS ISC Source: ThreatFox (abuse.ch) Source: Blocklist.de Source: URLhaus (abuse.ch) Source: Emerging Threats Source: CI Army
Last updated: 24 Feb 2026

Ready to strengthen your cybersecurity?

Book a free meeting and we will discuss how we can help your organisation meet the new requirements.

Book a meeting