#000315 days ago105 min◉Engagement
Within five days of exposing an Ivanti Sentry management surface to the internet, a controlled sensor recorded ten distinct operators attempting to exploit CVE-2026-10520, the CVSS 10.0 pre-authentication command-injection flaw that CISA had added to its Known Exploited Vulnerab…
#000226 days ago46 min◉Engagement
A single source IP, 45.92.1[.]231 (AS210558 - 1337 Services GmbH, Lelystad, NL), spent four days working an internet-facing Docker Engine API on TCP/2375. The actor moved from version probing on 2026-05-24 to interactive container-escape attempts on 2026-05-25, then came back on…
#0001about 2 months ago19 min◉Engagement
A single IP harvested strings from an LLM emulator's responses (`.env`, model list, MCP manifest) and replayed them as Proxmox credentials, chat-completions parameters, and MCP tool-call names against the same host — a token-reuse feedback loop, not blind brute-force. 22 of 24 credential pairs are byte-for-byte traceable to served response bodies.