Threat Intelligence Feed — Tag: CREDENTIAL

Malicious activity detected from 45.142.193.233 (, ASNone). 1187050 events observed across EtherNet/IP, TCP, TCP/SYN, TLS, TLS/1.0. AI verdict: HIGH.

IP address 173.239.240.145 conducted a sustained credential attack campaign against SSL VPN infrastructure over 21 days (March 4-25, 2026), generating 3,555 authentication attempts targeting HTTPS services. This represents a MEDIUM threat with potential for unauthorized network access if weak creden…

High-confidence credential stuffing attacks targeting Cisco ASA SSL VPN login interfaces have been observed from US-based infrastructure (AS396356 Latitude.sh) between March 17-23, 2026. The threat actor demonstrates specific knowledge of Cisco WebVPN authentication mechanisms and poses significant …

Orange Polska-sourced IP address 46.134.26.213 conducted reconnaissance and credential harvesting attempts targeting FortiGate login interfaces on March 12, 2026. Threat level assessed as LOW with medium confidence due to limited attack volume and reconnaissance-phase activity. Network defenders sh…

A medium-severity credential stuffing attack was observed from IP 64.89.161.182 (Luxembourg) targeting authentication services with weak credentials over a brief timeframe on March 9, 2026. The attacker conducted 214 events within one minute using HTTP Basic Authentication, specifically targeting p…

A medium-severity credential stuffing attack originating from IP 94.26.106.200 (Germany, AS48452) conducted 204 authentication attempts over 37 hours targeting HTTP proxy services with weak credentials. The attacker employed MITRE technique T1110.004 (Credential Stuffing) using predictable username…

Source IP 193.142.146.230 (Netherlands/ColocaTel Datacenter) conducted low-severity reconnaissance activities against authentication endpoints over a 16-day period from February 26 to March 14, 2026. The activity involved automated scanning using Go HTTP clients with limited credential testing atte…

IP address 173.239.240.234 conducted a sustained credential attack campaign against Cisco ASA SSL VPN infrastructure from March 10-14, 2026, generating 2,738 authentication attempts using the credentials "clientes/Winter2026!". This represents a HIGH threat level with 85% confidence due to the targ…

IP address 27.123.241.43 (India-based) conducted credential brute force attacks against BoaForm admin interfaces on embedded devices and routers, exploiting CVE-2021-46422. This represents a MEDIUM severity threat with potential for device compromise and lateral network movement. Organizations shou…

A sophisticated threat actor operating from Netherlands-based infrastructure (45.142.193.232) conducted a sustained credential harvesting and authentication attack campaign over 48 hours, generating 981 security events with a 100/100 AbuseIPDB reputation score. The actor demonstrated advanced capab…