FACTUALRISK Cyber Intelligence
Mise à jour : 15 Jul 2026 · 00:03
← Accueil
🗞 Briefing
💥 Menaces
🛡 Vulnérabilités
📋 Conformité
📚 Guides
← Retour FactualRisk
Pays attaquants
5
Threat Actors connus
13
Acteurs observés
13
CVEs attribués
77
🌍 Pays d'origine identifiés
🇷🇺 RU26 CVE(s)
🌐 ??19 CVE(s)
🇨🇳 CN19 CVE(s)
🇰🇵 KP9 CVE(s)
🇮🇷 IR4 CVE(s)
🕵️ Threat Actors (base + observés)
🇷🇺 APT29observé11 CVE(s)
🇷🇺 APT28observé9 CVE(s)
🇰🇵 Lazarusobservé9 CVE(s)
🇨🇳 Volt Typhoonobservé9 CVE(s)
🌐 Cl0pobservé7 CVE(s)
🇨🇳 APT41observé6 CVE(s)
🇷🇺 Sandwormobservé6 CVE(s)
🌐 RansomHubobservé5 CVE(s)
🇨🇳 Salt Typhoonobservé4 CVE(s)
🇮🇷 MuddyWaterobservé4 CVE(s)
🌐 Akiraobservé3 CVE(s)
🌐 LockBitobservé2 CVE(s)
🌐 BlackCatobservé2 CVE(s)
CVEs avec attribution géopolitique
🕵️ Sandworm🇷🇺 RUScore: 235
HTTP/2 Rapid Reset Attack Vulnerability
🕵️ Lazarus🇰🇵 KPScore: 235
Apache Log4j2 Remote Code Execution Vulnerability
🕵️ APT41🇨🇳 CNScore: 235
Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection Vulnerability
🕵️ RansomHub🌐 ??Score: 235
Apache ActiveMQ Deserialization of Untrusted Data Vulnerability
🕵️ Volt Typhoon🇨🇳 CNScore: 225
Ivanti Connect Secure and Policy Secure Command Injection Vulnerability
🕵️ LockBit🌐 ??Score: 225
Atlassian Confluence Data Center and Server Improper Authorization Vulnerability
🕵️ Akira🌐 ??Score: 225
Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability
🕵️ Cl0p🌐 ??Score: 225
Fortra GoAnywhere MFT Remote Code Execution Vulnerability
🕵️ APT29🇷🇺 RUScore: 225
Citrix ADC, Gateway, and SD-WAN WANOP Appliance Code Execution Vulnerability
🕵️ MuddyWater🇮🇷 IRScore: 225
Microsoft Exchange Server Remote Code Execution Vulnerability
🕵️ Volt Typhoon🇨🇳 CNScore: 225
Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability
🕵️ Volt Typhoon🇨🇳 CNScore: 225
Fortinet Multiple Products Authentication Bypass Vulnerability
🕵️ MuddyWater🇮🇷 IRScore: 225
Microsoft Exchange Server Privilege Escalation Vulnerability
🕵️ APT29🇷🇺 RUScore: 225
JetBrains TeamCity Authentication Bypass Vulnerability
🕵️ Cl0p🌐 ??Score: 225
Progress MOVEit Transfer SQL Injection Vulnerability
🕵️ BlackCat🌐 ??Score: 225
Microsoft Exchange Server Security Feature Bypass Vulnerability
🕵️ APT28🇷🇺 RUScore: 225
Microsoft Windows Print Spooler Remote Code Execution Vulnerability
🕵️ APT29🇷🇺 RUScore: 225
Microsoft SharePoint Server Privilege Escalation Vulnerability
🕵️ MuddyWater🇮🇷 IRScore: 224
Microsoft Netlogon Privilege Escalation Vulnerability
🕵️ RansomHub🌐 ??Score: 224
Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability
🕵️ RansomHub🌐 ??Score: 224
Atlassian Confluence Data Center and Server Broken Access Control Vulnerability
🕵️ APT28🇷🇺 RUScore: 222
RARLAB WinRAR Code Execution Vulnerability
🕵️ Lazarus🇰🇵 KPScore: 220
Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability
🕵️ Sandworm🇷🇺 RUScore: 219
Progress Kemp LoadMaster OS Command Injection Vulnerability
🕵️ APT29🇷🇺 RUScore: 219
Microsoft Outlook Improper Input Validation Vulnerability
🕵️ Volt Typhoon🇨🇳 CNScore: 208
Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability
🕵️ Sandworm🇷🇺 RUScore: 198
Veeam Backup & Replication Cloud Connect Missing Authentication for Critical Function Vulnerability
🕵️ RansomHub🌐 ??Score: 190
Palo Alto Networks PAN-OS Command Injection Vulnerability
🕵️ MuddyWater🇮🇷 IRScore: 190
WSO2 Multiple Products Unrestrictive Upload of File Vulnerability
🕵️ APT29🇷🇺 RUScore: 190
Microsoft Exchange Server Remote Code Execution Vulnerability
🎯 Attaques APT / espionnage (flux RSS)
US, Allies Warn of Russian Cyberattacks Targeting Critical Infrastructure Routers
📅 14 July 2026📰 SecurityWeek
Multiple state-sponsored APTs are compromising poorly secured devices across critical infrastructure sector networks. The post US, Allies Warn of Russian Cyberattacks Targeting Critical Infrastruct
Grok Build Uploaded Entire Git Repositories to xAI Storage, Not Just Files It Read
📅 14 July 2026📰 TheHackerNews
xAI's Grok Build coding CLI was uploading entire Git repositories, full commit history and all, to a Google Cloud Storage bucket run by xAI, not just the files a coding task needed. A researcher publ

L'écosystème

Digimoove ESN Paris — Cyber · Cloud · Automatisation IA · Observabilité NAIvigate Veille & formation IA FactualRisk est une marque de l'écosystème Digimoove