Threat Intelligence Report – February 2026

30 days of threat data. 9 critical CVEs. 821,000+ threat events from 95 countries. This is what our sensors picked up across enterprise infrastructure worldwide.

What we observed

Exploitation of Fortinet FortiGate, Ivanti Connect Secure, Citrix NetScaler, and React/Next.js platforms
Targeted CVEs: CVE-2025-64446, CVE-2024-55591, CVE-2024-21762, CVE-2025-22457, CVE-2025-0282, CVE-2023-3519, CVE-2025-5777, CVE-2025-7775, CVE-2025-55182
High-confidence TTPs: Iranian Go Bot credential stuffing and login brute force, path traversal attacks, unauthorized user creation attempts
3 botnets identified including two Iranian State-Sponsored campaigns (suspected APT35/Charming Kitten)
Significant geographic concentration: Slovenia accounts for 27% of all attack traffic, with Netiface LLC as top threat source
918 adversary IPs targeted multiple vulnerability classes (cross-platform threat activity)
100 ransomware victims across 20 groups, with Qilin leading (20 victims)
TLS fingerprint intelligence: Monitoring 97 known malware signatures including Tofsee (45 variants)