Ransomware postings, exploited CVEs, and breach reporting — tracked from the primary sources, daily.
Threat-intel analysts and security leaders need the leak-site postings, the actively-exploited vulnerabilities, and the advisories before they surface on a tech blog — synthesized, timestamped, and cited back to the source.
Each line links to the primary source. Read the original yourself.
We never label a claim true or false. We show what the sources reported.
When an outlet corrects its own story, we catch it — and show you, without spin.
The primary sources you already check — in one place
- Underground
Leak-site postings and victim claims from tracked ransomware groups, with first-seen timestamps.
- CISA Known Exploited Vulnerabilities
The KEV catalog — vulnerabilities confirmed exploited in the wild, with due-date context.
- NVD CVEs & CISA advisories
National Vulnerability Database CVEs and CISA advisories, synthesized alongside the reporting.
- China Watch
PRC-linked cyber, espionage, and tech-transfer activity across 13 tracked categories.
- DOJ actions & OFAC designations
Cyber indictments and sanctions against threat actors — the enforcement side of the threat picture.
- CVE-2026-58644 — Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
- CVE-2026-25089 — Fortinet FortiSandbox OS Command Injection Vulnerability
- CVE-2026-39808 — Fortinet FortiSandbox OS Command Injection Vulnerability
- CVE-2026-46817 — Oracle E-Business Suite Improper Privilege Management Vulnerability
- CVE-2023-4346 — KNX Association KNX Protocol Connection Authorization Option 1 Overly Restrictive Account Lockout Mechanism Vulnerability
- CVE-2026-56155 — Microsoft Active Directory Federation Services Insufficient Granularity of Access Control Vulnerability
- CISA Urges SharePoint Hardening After New Exploitations
- Improve Router Hygiene to Protect Against Russian State-Sponsored Targeting
- CISA Adds Four Known Exploited Vulnerabilities to Catalog
- CISA Urges Hardening Fortinet Devices After Reports of Credential Exposure
- Supply Chain Compromises Impact Nx Console and GitHub Repositories
What CISA is warning about
The current threat landscape reflects persistent, multi-front pressure on critical infrastructure and enterprise networks from state-sponsored and state-affiliated actors. China-nexus actors are leveraging covert networks of compromised devices for global espionage [AA26-113A, AA25-239A], while Iranian-affiliated actors are actively exploiting programmable logic controllers across U.S. critical infrastructure [AA26-097A] and Russian GRU is targeting Western logistics entities and technology companies [AA25-141A]. Ransomware operations remain a sustained disruptive threat, with Interlock actors and campaigns exploiting unpatched SimpleHelp RMM tooling to compromise downstream providers [AA25-203A, AA25-163A], and LummaC2 infostealer deployments are enabling broad data exfiltration across sectors [AA25-141A]. Pro-Russia hacktivists continue opportunistic attacks against U.S. and global critical infrastructure [AA25-343A], underscoring that both sophisticated nation-state intrusions and lower-sophistication hacktivist activity are simultaneously targeting the same high-value environments.
- Defending Against China-Nexus Covert Networks of Compromised Devices
- Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure
- Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure
- CISA Shares Lessons Learned from an Incident Response Engagement
- Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System
- CISA and USCG Identify Areas for Cyber Hygiene Improvement After Conducting Proactive Threat Hunt at US Critical Infrastructure Organization
- #StopRansomware: Interlock
- Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider
- Threat Actors Deploy LummaC2 Malware to Exfiltrate Sensitive Data from Organizations
- Russian GRU Targeting Western Logistics Entities and Technology Companies
Each advisory links to the CISA original. The agency’s own findings, distilled. No verdicts.
How a workflow runs
Track an actor or campaign
Watchlist a ransomware group, threat actor, CVE, or your own vendors. Get alerted when a new leak-site posting, advisory, or piece of reporting lands — without refreshing five dashboards.
Prioritize what's real
See which vulnerabilities are confirmed exploited (CISA KEV) alongside the reporting, so you can separate the genuinely urgent from the noise.
Synthesize the picture
Pull a cited briefing across leak sites, advisories, enforcement, and news for an actor or sector — every claim links to where it came from.
Cross-source, timestamped, and cited — The Nexus shows you what the sources reported and links you straight to them. No hype, no verdicts: you assess the threat.