N-central Zero-Day Attack — How Safe Is Your Server? | CIP Blog
This article reviews the vulnerabilities and current threat landscape while demonstrating how Criminal IP can be used to detect and respond to| CIP Blog
In South Korea, illegal webtoon platforms like Blacktoon have become notorious for causing both copyright infringement and financial harm.Whenever authorities block access to these sites, operators immediately register new domains—often by simply changing a number in the domain name—to keep the service alive. This is a classic evasion tactic designed to bypass enforcement efforts. Screenshot of an illegal webtoon site — pirated [...] The post Illegal Webtoon Sites Evading Blocks ...| CIP Blog
Telegram QR code phishing has recently been spreading rapidly, emerging as a significant cybersecurity threat. While Telegram is recognized for its strong security and privacy features, attackers are now exploiting its QR login functionality to compromise user accounts. With just a single scan, attackers can gain full access to an account, leading to far more sophisticated and [...] The post Telegram QR Phishing Threat – Account Takeover with a Single Scan appeared first on CIP Blog.| CIP Blog
On August 14, 2025, Lotte Card’s online payment server in South Korea was compromised, leading to large-scale data exfiltration attempts. The attack persisted for two days, with signs that at least 1.7GB of internal data was about to be extracted. The critical issue was delayed detection. Malicious code and a web shell were only discovered [...] The post CVE-2017-10271: Oracle WebLogic Server Vulnerability appeared first on CIP Blog.| CIP Blog
The Criminal IP search engine, used in over 180 countries worldwide, collects a vast amount of search data every day.What are the most common keywords entered by security professionals? In this post, we highlight four of the Top 10 Criminal IP keywords as of August 2025, explaining the threats each represents and how Criminal IP [...] The post Exploring Threat Infrastructures Detected by Security Professionals Through Criminal IP’s Top 10 Keywords appeared first on CIP Blog.| CIP Blog
This article reviews the vulnerabilities and current threat landscape while demonstrating how Criminal IP can be used to detect and respond to| CIP Blog
Exploitation of CVE-2025-32433 in Erlang/OTP is active. Multiple campaigns and varied payloads highlight need for urgent patching.| TXOne Networks
In this post, we review the security breaches experienced by these companies and assess how an Attack Surface Management (ASM) solution...| CIP Blog
We introduce hands-on examples of how to use Criminal IP's Tag and Filter functions to uncover real-world attack infrastructure.| CIP Blog
이 글에서는 CVE-2025-49113의 주요 내용과 위협, CTI 기반으로 외부에 노출된 Roundcube 서버 탐지 방법을 소개하고자 한다. Criminal IP에서 검색된 Roundcube 인스턴스는 56,225건에 달한다.| CIP Blog
We’ll introduce practical search queries using Criminal IP’s Tag and Filter system to explore real-world malicious infrastructure.| CIP Blog
It provides the threat of cryptocurrency mining malware that exploits exposed Docker API port 2375, along with CTI-based response strategies.| CIP Blog
SAP NetWeaver vulnerability CVE-2025-31324 is a vulnerability that may lead to server hijacking and RCE via unrestricted file uploads.| CIP Blog
This article reviews the Erlang/OTP SSH vulnerability (CVE-2025-32433) and explains how to detect exposed servers via Criminal IP Asset Search, offering actionable response strategies.| CIP Blog
A brief overview of the Next.js middleware authentication bypass vulnerability (CVE-2025-29927), threat hunting insights using Shodan and Criminal IP, and practical security countermeasures.| CIP Blog
This article explores Chimmed and Rusmedtorg’s operations and details how Criminal IP Asset Search and Criminal IP Domain Search...| CIP Blog
Cases of malware distribution through phishing websites exploiting DeepSeek's popularity, leading to increased use of...| CIP Blog
This article explores the exploitation of the CVE-2023-30799 vulnerability, the botnet formation process, and the importance of...| CIP Blog
이번 글에서는 보안을 위해 설치한 스팸 방지 플러그인 CleanTalk이 오히려 사이트의 보안을 위협하게 된 두 가지 취약점의 악용 가능 여부 및 영향과, 실제로 취약한 워드프레스 플러그인 영향을 받는 사이트를 위협 헌팅 도구로 찾는 방법을 알아보도록 한다.| CIP Blog
Oracle WebLogic vulnerability CVE-2020-2883, demonstrates its potential dangers through a proof of concept (PoC), and emphasizes...| CIP Blog
Changes to Credit Allocations by Criminal IP Plan On April 1, 2025, we will change the number of credits available for each plan across four categories.| CIP Blog
Prometheus, an open-source monitoring and alerting toolkit, is widely used by organizations for its robust functionalities. However...| CIP Blog
This article explores how to identify devices vulnerable to these PAN-OS exploits using the attack surface-based threat intelligence (TI)...| CIP Blog
[ Criminal IP vs. Shodan : A Comparative Analysis of CVE Data] This article compares and analyzes the CVE data from Criminal IP and Shodan.| CIP Blog
In this article, we discuss the malware distribution of TAG-112 via Cobalt Strike, analysis of domains used in the attack and response plans.| CIP Blog
This article explores how to check for IP camera hacking threats linked to your IP address. Internet-connected IP cameras are widely...| CIP Blog
A newly discovered vulnerability, CVE-2024-10443, has been found in Synology’s NAS (Network Attached Storage) systems. This zero-click...| CIP Blog
A critical security vulnerability (CVE-2024-37383) has been identified in the Roundcube webmail platform, allowing attackers to steal user...| CIP Blog
It has been a month since vulnerabilities were discovered in DrayTek routers. Initially, 700,000 DrayTek routers were confirmed to be...| CIP Blog
In support of Cybersecurity Awareness Month 2024, Criminal IP provides cybersecurity tips and resources to enhance your digital security.| CIP Blog
Exploring how CVE-2024-43044 can be exploited, the devices affected, and how to identify exposed Jenkins devices using threat-hunting tools.| CIP Blog
We will analyze a recent trend in financial software attacks where Quasar RAT is distributed using Home Trading System...| CIP Blog
We searched for devices affected by the Fortinet RCE bug vulnerability, CVE-2024-21762, using Criminal IP. Over 340,000 servers are exposed.| CIP Blog
In the future, we plan to elevate the usage of certain features within Criminal IP by enhancing our paid plan policy. features.| CIP Blog
