Criminal IP Threat Intelligence Reports

Generative AI-powered web development tools are rapidly changing how web services are built. The ability to create web pages and UI components through natural language prompts significantly improves development productivity. At the same time, however, it also provides attackers with a new way to quickly create sophisticated phishing pages. Recent reports in the security industry […] The post The Rise of AI-Generated Phishing Sites: Analyzing Phishing Infrastructure with Criminal IP appeared first on CIP Blog.

In May 2026, ransomware-linked attacks associated with CVE-2024-12802 targeting SonicWall Gen6 SSL-VPN devices regained attention. The vulnerability stems from a structural flaw in how SSL-VPN authentication handles UPN (User Principal Name) and SAM (Security Account Manager) account formats separately. In certain environments, attackers can exploit alternative login formats to bypass MFA even when MFA appears to be enabled. What makes this […] The post SonicWall SSL-VPN MFA Bypass Vulnerability: The Attack Surface Between “Patched” and “Protected” appeared first on CIP Blog.

In late April 2026, the critical authentication bypass vulnerability CVE-2026-41940 affecting cPanel & WHM was publicly disclosed. The vulnerability was rated CVSS 9.8 (Critical) and involves a structural flaw that allows unauthenticated remote attackers to gain unauthorized access to cPanel and WHM management interfaces. Shortly after disclosure, the vulnerability moved beyond theoretical risk and began to be actively exploited in real-world […] The post CVE-2026-41940: Analysis of the cPanel Authentication Bypass Vulnerability appeared first on CIP Blog.

A critical command injection vulnerability, CVE-2026-6644, was recently disclosed in ADM (ASUSTOR Data Master), the NAS operating system used by ASUSTOR devices. The vulnerability was found in the PPTP VPN Client feature of ADM and allows an attacker with administrator privileges to break out of the restricted web management environment and execute arbitrary commands on […] The post CVE-2026-6644 Analysis: Command Injection Vulnerability in ASUSTOR ADM PPTP VPN Client appeared first on CIP Blog.

On March 4, 2026, a critical remote code execution (RCE) vulnerability, CVE-2026-3854, affecting both GitHub Enterprise Server and GitHub.com was reported through GitHub’s bug bounty program. Upon receiving the report, GitHub deployed a fix for GitHub.com within two hours and later released patches for all supported versions of GitHub Enterprise Server. Rated CVSS v3.1 8.7 (High), the […] The post CVE-2026-3854: GitHub RCE Vulnerability Triggered by a Single git push appeared first on CIP Blog.

On April 24, 2026, the critical SQL injection vulnerability CVE-2026-42208 affecting the open-source AI gateway LiteLLM was disclosed in the GitHub Advisory Database. Just 36 hours and 7 minutes after disclosure, real-world exploitation was already observed. Rated CVSS 9.3 (Critical), this vulnerability requires no authentication. By sending a specially crafted Authorization: Bearer header to common API endpoints […] The post CVE-2026-42208: LiteLLM SQL Injection Vulnerability Targeting AI Gateways appeared first on CIP Blog.

In April 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the UK’s National Cyber Security Centre (NCSC) released a joint advisory on a newly identified backdoor named “FIRESTARTER,” deployed by the state-linked APT group UAT-4356 targeting Cisco Firepower devices. This malware was initially discovered in September 2025 on Cisco Firepower appliances within a […] The post Persistent Threats Beyond Patching: Analysis of the FIRESTARTER Backdoor Targeting Cisco ASA appeared first on CIP Blog.

Criminal IP, a cyber threat intelligence platform, has been integrated with Securonix’s threat intelligence operations platform, ThreatQ. ThreatQ is a Threat Intelligence Platform (TIP) that centralizes, aggregates, and prioritizes threat data from multiple sources, serving as a core system for managing investigation and response workflows within security operations.With this integration, organizations can directly leverage Criminal IP’s external […] The post Criminal IP Integration with Securonix ThreatQ Platform appeared first on CIP Blog.

June 2-4, 2026 Stand F45, ExCeL London 1780394400  일  시간  분  초종료: Criminal IP to Participate in Infosecurity Europe 2026 (Stand F45) 1780394400  일  시간  분  초종료: Criminal IP will be participating for the second time in Infosecurity Europe 2026, one of the largest cybersecurity conferences in Europe. Criminal IP is a cyber threat intelligence solution […] The post Criminal IP at Infosecurity Europe 2026 | June 2 – 4 appeared first on CIP Blog.

In March 2026, a critical authentication bypass vulnerability, CVE-2026-33032, was disclosed in the open-source Nginx management tool nginx-ui. Nicknamed “MCPwn,” this vulnerability received a CVSS v3.1 score of 9.8 (Critical) and has been confirmed to be actively exploited in the wild. What makes this issue particularly notable is that it is not just a simple authentication flaw, but a structural security […] The post nginx-ui MCPwn (CVE-2026-33032) Analysis: Nginx Server Compromise via Missing MCP Authentication appeared first on CIP Blog.