Threat Landscape

Real-time data from CISA and NIST demonstrates why continuous information security is not optional — it is a necessity.

Global threat activity

Real-time data from multiple open threat databases shows where cyber attacks originate and how they target European countries.

Attack traffic (SANS)
Malware C2 (ThreatFox)
Blocklist (Blocklist.de)
Malware distribution (URLhaus)
Compromised (ET)
Known threats (CI Army)
European targets

Threat source summary

Aggregated statistics from the six threat databases visualised on the map.

Threat sources – geographic spread

Attack traffic (SANS)
827,032,005 indicators · 30 countries
Blocklist (Blocklist.de)
98 indicators · 25 countries
Known threats (CI Army)
99 indicators · 25 countries
Compromised (ET)
100 indicators · 22 countries
Malware C2 (ThreatFox)
100 indicators · 19 countries
Malware distribution (URLhaus)
100 indicators · 13 countries

Top 5 source countries

1United States
252,335,523
2Netherlands
79,547,688
3Bulgaria
78,619,295
4Turkey
53,352,675
5France
41,334,573

Total indicator count aggregated across all sources.

1,612

Actively exploited vulnerabilities

25

New in the last 30 days

1,640

New CVEs in the last 7 days

1

Critical (CVSS 9.0+)

51

High (CVSS 7.0–8.9)

Vendors with active remediation deadlines

SolarWinds 1 active vulnerabilities
Mirasvit 1 active vulnerabilities
Linux 1 active vulnerabilities
Android 1 active vulnerabilities
Nx 1 active vulnerabilities

Ransomware share

20%
Ransomware-linked
Unknown link

325 / 1,612

Critical CVEs in the last 7 days

The five most severe new vulnerabilities with a CVSS score of 9.0 or higher.

9.3
CVE-2018-25412

30 May 2026

Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs_upload.php with crafted multipart fo...

Critical

Latest exploited vulnerabilities

CVE-2026-28318 Unknown

SolarWinds

Serv-U

5 Jun 2026

CVE-2026-45247 Unknown

Mirasvit

Mirasvit Full Page Cache Warmer

3 Jun 2026

CVE-2022-0492 Unknown

Linux

Kernel

2 Jun 2026

CVE-2025-48595 Unknown

Android

Framework

2 Jun 2026

CVE-2024-21182 Unknown

Oracle

WebLogic Server

1 Jun 2026

CVE-2026-0257 Unknown

Palo Alto Networks

PAN-OS

29 May 2026

CVE-2026-48027 Known

Nx

Nx Console

27 May 2026

CVE-2026-45321 Known

TanStack

TanStack

27 May 2026

CVE-2026-8398 Unknown

Daemon

Daemon Tools Lite

27 May 2026

CVE-2026-48172 Unknown

LiteSpeed

cPanel Plugin

26 May 2026

Why it matters

The threat landscape changes daily

The data above comes directly from the US agencies CISA and NIST. It clearly shows that new threats and vulnerabilities are discovered continuously — and that attackers are actively exploiting them.

New vulnerabilities every day

Hundreds of new CVEs are published every week. Without systematic monitoring, you risk missing critical updates.

Ransomware-linked threats are growing

A significant share of actively exploited vulnerabilities have known links to ransomware campaigns.

Regulatory requirements are tightening

NIS2 and the Cybersecurity Act require organisations to work continuously on risk management and incident preparedness.

Source: CISA Known Exploited Vulnerabilities Source: NIST National Vulnerability Database Source: SANS ISC Source: ThreatFox (abuse.ch) Source: Blocklist.de Source: URLhaus (abuse.ch) Source: Emerging Threats Source: CI Army
Last updated: 5 Jun 2026

Ready to strengthen your cybersecurity?

Book a free meeting and we will discuss how we can help your organisation meet the new requirements.

Book a meeting