Security Podcasts
Browse by Tag
Digest Archive
Security Events
Conferences, trainings, and CTFsMITRE ATT&CK® Matrix
Enterprise tactics and techniques observed in articles
Pulse
What's happening now in cybersecuritySecurity Tools
CVE lookup, threat feeds & intelligence statsMy Systems — CVE Watch
CVEs matching your configured vendorsExploits & KEV
Recent exploits & CISA KEVRansomware Tracker
Active groups (30d)CVE Lookup
IoC Search
Search threat feedsThreat Feeds
IoC Block ListsIceland Security Dashboard
Patch Lag (daily, Shodan-confirmed) + Attack Surface (monthly, 25 categories × 71 ASNs). Aggregate only — no individual hosts named.
Data sources & methodology
- Patch Lag (confirmed-vulnerable hosts) — Shodan vulnerability database matches each tracked host's banner version against known-vulnerable releases. Polled daily. A count of 0 means either patched or banner-version hidden — both can be true. 'Nordic avg' is the mean across DK / NO / SE / FI.
- Iceland IoCs (operator panel + per-IP feed) — public threat-intel feeds (ThreatFox, URLhaus, blocklist.de, bitwire-it/ipblocklist) collected ~twice/hour. Enriched with ipinfo.io ASN, reverse-DNS PTR, GreyNoise classification, the live Tor exit list (check.torproject.org), and RIPE-block organisation via RIPEstat. Sub-tenant brand = eTLD+1 of PTR hostname when it differs from the ASN owner.
- Active incident strip — ransomware.live API (aggregates ransomware-group leak-site postings). IS-tagged victims surfaced separately; leak-deadline countdowns parsed per group. A nightly tripwire scans for likely-IS victims whose country tag is missing and alerts them in for manual review.
- Exposed-services census — monthly Shodan scan across 71 tracked IS ASNs and 25 service categories (often called 'attack surface' in security jargon). By-sector chart and the collapsed full-breakdown below are derived from the same snapshot.
- ↑ What changed in the last 7 days — delta on iocs.created_at (when our pipeline learned about each IoC, not the upstream first-seen date) and ransomware_incidents.discovered_at.
- ↳ 'What to do' hints under each CVE — generated by Qwen3.6-35B-A3B (DeepInfra), grounded on the NVD CVE description and the CISA KEV catalog; daily cron-cached. NOT an authoritative source — always read the vendor advisory before acting on it.
- Sub-tenant attribution — for shared hosting (Advania, 1984, FlokiNET, …) the ASN owner is the host, not the customer. PTR-hostname domain and RIPE-block organisation are used to surface the actual organisation behind an IP when known.
Aggregate-only — no individual hosts are named. All numbers are observations from public infrastructure, not penetration tests. Verify before action: signals can be honeypots, sinkholes, or feed false positives.
Iceland IoCs — by tenant (7d + 30d aggregate + this week's HIGH IPs)
Real orgs / brands behind each flagged IP, where known (PTR-hostname domain or RIPE-block organisation). Hosting LIRs (1984, Advania, FlokiNET, …) appear as fallback rows labelled with the LIR name in italic / secondary colour when we can't identify a specific tenant. Each tenant row shows its tier reason (🔴 HIGH = ≥2 multi-source confirmed-C2 IPs · 🟡 MIXED = 1 · 🟠 Unconfirmed = ≥2 single-source HIGH-class · ⚪ Neutral = 0) plus a 'recent this week' strip listing its last-7d HIGH IPs. Routine blocklist hits (all 7d IoCs incl. brute-force / scanning) collapsed at the bottom.
▶ Recent blocklist hits — all IoCs from the last 7 days (verify before action)
IPs from Icelandic networks in threat-intel feeds. HIGH-priority IPs also appear inline under their tenant above — this list is the unfiltered weekly feed (brute-force / scanning / blocklist hits + the same HIGH IPs). ⚠ Verify before action — could be honeypots, sinkholes, or feed false positives. Click 🔎 to cross-check.
Context — exposure by sector
Total exposed services per sector (sum across all 25 categories). Click a bar to filter the breakdown below.