Criminal IP Threat Intelligence Reports

On September 25, 2025, Cisco warned that it had discovered two zero-day vulnerabilities in Cisco ASA (Adaptive Security Appliance) that are being exploited in the wild. In this post, we examine the threats and impacts of CVE-2025-20333 and CVE-2025-20362, and discuss recommended security mitigations. CVE-2025-20333 · CVE-2025-20362: Cisco ASA Zero-Day Vulnerabilities One of the Cisco […] The post Cisco ASA Zero-Day: 90,000 FTD Devices Exposed, Threat Hunting Guide (CVE-2025-20333 · CVE-2025-20362) appeared first on CIP Blog.

In South Korea, illegal webtoon platforms like Blacktoon have become notorious for causing both copyright infringement and financial harm.Whenever authorities block access to these sites, operators immediately register new domains—often by simply changing a number in the domain name—to keep the service alive. This is a classic evasion tactic designed to bypass enforcement efforts. Screenshot of an illegal webtoon site — pirated […] The post Illegal Webtoon Sites Evading Blocks with Domain Swaps — How to Detect Fraudulent Sites appeared first on CIP Blog.

October 21 – 23, 2025 Booth J30, Sands Expo Singapore 1761004800  일  시간  분  초종료: Criminal IP is joining GovWare 2025, one of Asia’s largest cybersecurity conferences! 1761004800  일  시간  분  초종료: Powered by AI-driven detection technology and OSINT-based data collection capabilities, Criminal IP is a security platform serving more than 150 countries worldwide, leading […] The post Criminal IP at GovWare 2025 | October 21 – 23 appeared first on CIP Blog.

In today’s fast-moving cyber threat landscape, traditional defenses are no longer enough.AI SPERA’s Criminal IP, developed out of Korea University’s Hacking Response Research Center, provides a new approach—rooted in the attacker’s perspective.By combining automation, anomaly detection, and real-time visibility, Criminal IP enables organizations not just to respond to threats, but to anticipate and prevent them before […] The post How Criminal IP is Securing the Expanding Attack Surface — Before It’s Too Late  appeared first on CIP Blog.

Telegram QR code phishing has recently been spreading rapidly, emerging as a significant cybersecurity threat. While Telegram is recognized for its strong security and privacy features, attackers are now exploiting its QR login functionality to compromise user accounts. With just a single scan, attackers can gain full access to an account, leading to far more sophisticated and […] The post  Telegram QR Phishing Threat – Account Takeover with a Single Scan appeared first on CIP Blog.

On August 14, 2025, Lotte Card’s online payment server in South Korea was compromised, leading to large-scale data exfiltration attempts. The attack persisted for two days, with signs that at least 1.7GB of internal data was about to be extracted. The critical issue was delayed detection. Malicious code and a web shell were only discovered […] The post CVE-2017-10271: Oracle WebLogic Server Vulnerability appeared first on CIP Blog.

The Criminal IP search engine, used in over 180 countries worldwide, collects a vast amount of search data every day.What are the most common keywords entered by security professionals? In this post, we highlight four of the Top 10 Criminal IP keywords as of August 2025, explaining the threats each represents and how Criminal IP […] The post Exploring Threat Infrastructures Detected by Security Professionals Through Criminal IP’s Top 10 Keywords appeared first on CIP Blog.

An update and maintenance to Criminal IP v1.87.0 has been released. [Criminal IP v1.87.0] Regular Maintenance and Update Release Note Maintenance and Update Period: 2025.09.04 05:00~10:00 AM (UTC) [New Changes] Criminal IP Pricing Plan Restructuring As previously announced, the Criminal IP paid plans have been restructured. The existing Lite, Medium, and Pro subscription plans have […] The post [Criminal IP v1.87.0] 2025-09-04 Release Note appeared first on CIP Blog.

Two critical security vulnerabilities (CVE-2025-8875, CVE-2025-8876) recently discovered in N-able’s N-central platform are being actively exploited, posing severe risks to Managed Service Providers (MSPs) and IT departments worldwide. N-central is a Remote Monitoring and Management (RMM) platform that enables MSPs and IT teams to centrally monitor and manage networks and endpoints. The U.S. Cybersecurity and […] The post N-central Zero-Day Attack — How Safe Is Your Server? appeared first on CIP Blog.

An update and maintenance to Criminal IP v1.86.0 has been released. [Criminal IP v1.86.0] Regular Maintenance and Update Release Note Maintenance and Update Period: 2025.08.21 05:00~10:00 AM (UTC) [New Changes] Previous Notice of Criminal IP Pricing Plan Update (Effective September 4, 2025) The current Lite, Medium, and Pro Plans will be consolidated into a Starter plan With […] The post [Criminal IP v1.86.0] 2025-08-21 Release Note appeared first on CIP Blog.