SophiaX

🔍

LIVE

· New victim: ************* — insomnia· New victim: sansilvestre.edu.pe — krybit· New victim: JMS Southeast — akira· New victim: Padget Technologies — akira· New victim: Delegal Poindexter & Underkofler, P.A. — morpheus· New KEV: CVE-2025-67038 · Lantronix· New KEV: CVE-2026-34908 · Ubiquiti· New KEV: CVE-2026-34910 · Ubiquiti· New KEV: CVE-2026-34909 · Ubiquiti· New KEV: CVE-2026-20253 · Splunk· New victim: 2,775 new IOCs ingested in last 24h ************* — insomnia· New victim: sansilvestre.edu.pe — krybit· New victim: JMS Southeast — akira· New victim: Padget Technologies — akira· New victim: Delegal Poindexter & Underkofler, P.A. — morpheus· New KEV: CVE-2025-67038 · Lantronix· New KEV: CVE-2026-34908 · Ubiquiti· New KEV: CVE-2026-34910 · Ubiquiti· New KEV: CVE-2026-34909 · Ubiquiti· New KEV: CVE-2026-20253 · Splunk· 2,775 new IOCs ingested in last 24h

◈

Indicators of Compromise

Aggregated IOC feed from 20+ open-source threat intelligence sources including ThreatFox, URLhaus, MalwareBazaar, and Feodo Tracker. Search, filter, and export IPs, domains, URLs, and hashes linked to active malware campaigns.

Unique IOCs

104,248

deduplicated across all sources

Multi-Source

311

confirmed by 2+ feeds

Enriched

3,092

VT / AbuseIPDB / GreyNoise

By Type

url

62k

tls_sha1

10k

domain

9k

sha256

6k

md5

6k

◈ IOC Browser14 results

Deduplicated · cross-source confirmed

🔍

14 IOCs

Type	Value	Sources	Threat / Family	Confidence	Enrichment	Last Seen
sha256	f32b209d33…f40b2e	2×malwarebazaarthreatfox	malware_sample Kinsing	85	not yet enrichedCheck on VirusTotal	2026-06-12 recent
sha256	e9c924c170…211fb7	2×malwarebazaarthreatfox	malware_sample Tsunami	85	not yet enrichedCheck on VirusTotal	2026-06-12 recent
sha256	ef9a91a7f3…576ac5	2×malwarebazaarthreatfox	malware_sample Tsunami	85	not yet enrichedCheck on VirusTotal	2026-06-12 recent
md5	7822cdf1cf…897f33	1×malwarebazaar	malware_sample Tsunami	80	not yet enrichedCheck on VirusTotal	2026-06-02 recent
sha1	0f97481dd0…c66921	1×malwarebazaar	malware_sample Tsunami	80	not yet enrichedCheck on VirusTotal	2026-06-02 recent
sha256	9e28f94226…416572	1×malwarebazaar	malware_sample Tsunami	80	not yet enrichedCheck on VirusTotal	2026-06-02 recent
ip	62.238.37.207	1×threatfox	payload_delivery Tsunami	80	not yet enrichedCheck on VirusTotal Check on AbuseIPDB	— —
domain	irc.shadow-mods.net	1×threatfox	botnet_cc Tsunami	100	not yet enrichedCheck on VirusTotal Check on AbuseIPDB	— —
ip	94.140.120.193	1×threatfox	botnet_cc Tsunami	75	not yet enrichedCheck on VirusTotal Check on AbuseIPDB	— —
domain	rc.de-zahlung.eu	1×threatfox	botnet_cc Tsunami	100	not yet enrichedCheck on VirusTotal Check on AbuseIPDB	— —
domain	rnd.exposedbotnets.ru	1×threatfox	botnet_cc Tsunami	100	not yet enrichedCheck on VirusTotal Check on AbuseIPDB	— —
ip	144.31.151.138	1×threatfox	botnet_cc Tsunami	80	not yet enrichedCheck on VirusTotal Check on AbuseIPDB	— —
ip	188.245.99.156	1×threatfox	botnet_cc Tsunami	80	not yet enrichedCheck on VirusTotal Check on AbuseIPDB	— —
ip	43.133.157.218	1×threatfox	payload_delivery Tsunami	85	not yet enrichedCheck on VirusTotal Check on AbuseIPDB	— —

Recent Victims14 today

*************

United States

insomnia

sansilvestre.edu.pe

PE

krybit

JMS Southeast

akira

Padget Technologies

akira

Delegal Poindexter & Underkofler, P.A.

morpheus

ISOPLUS

Greece

qilin

Quest Health Solutions

anubis

mlit.com.my UPDATE-FULL DATA DUMP NEW LINK 10GB

MY

stormous

jaggroup.com UPDATE-FULL DATA DUMP NEW LINK

stormous

maglificioliliana.com

stormous

lorenzoni-store.com

Italy

stormous

montechiaro-store.com

Italy

stormous

impulso-store.com

Mexico

stormous

Adapt******

shinyhunters

lpgroup

nova

alejandria

nova

transvill

nova

Jit Ex

akira

transvill.com.pe

PE

nova

Miami Machine

United States

akira

New KEV Entries4 this week

CVE-2025-67038LOW

Lantronix EDS5000 contains a code injection vulnerability that could allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges.

CVE-2026-34908CRITICAL

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.

CVE-2026-34910CRITICAL

A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.

CVE-2026-34909CRITICAL

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an unde

CVE-2026-20253CRITICAL

In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulner

CVE-2026-48907LOW

A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution.

CVE-2026-54420HIGH

LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running Clou

CVE-2026-20262LOW

Cisco Catalyst SD-WAN Manager contains a directory or path traversal vulnerability that could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an aff

CVE-2026-35273CRITICAL

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploita

CVE-2026-10520CRITICAL

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution