Threat Intelligence Report – January 2026

30 days of threat data. 9 critical CVEs. 163,000+ threat events from 63 countries. This is what our sensors picked up across enterprise infrastructure worldwide.

What we observed

Exploitation of Fortinet FortiGate, Ivanti Connect Secure, Citrix NetScaler, and React/Next.js platforms
Targeted CVEs: CVE-2025-64446, CVE-2024-55591, CVE-2024-21762, CVE-2025-22457, CVE-2025-0282, CVE-2023-3519, CVE-2025-5777, CVE-2025-7775, CVE-2025-55182
High-confidence TTPs: Iranian Go Bot credential stuffing and login brute force, path traversal attacks, unauthorized user creation attempts
3 botnets identified including two Iranian State-Sponsored campaigns (suspected APT35/Charming Kitten)
Significant geographic concentration: The Netherlands accounts for 52% of all attack traffic
364 adversary IPs targeted multiple vulnerability classes (cross-platform threat activity)
100 ransomware victims across 23 groups, with Qilin leading (23 victims)
TLS fingerprint intelligence: Monitoring 97 known malware signatures including Tofsee (45 variants)