We added scanning of Automatic Tank Gauge (ATG) systems to our Accessible ICS reporting with 1061 IPs seen on 2026-06-05 (on port 10001/tcp).
This is after weeding out vast majority which appear to be honeypots (including ports 8001/9001). Vast majority exposed are in the US.
We are observing a large amount of Ivanti Sentry CVE-2026-10520 exploitation attempts based on the public PoC today. We see 19 vulnerable instances in our own scans, with at least 2 backdoored (thanks to Saudi NCA for the tip!). However, all remaining likely compromised too.
Map has a typo in the date, should of course be 2026-06-10
Compromised IP data shared in our Compromised Website reporting tagged as 'ivanti-sentry,injected-code,backdoor'. See: www.shadowserver.org/what-we-do/n...
Advisory/patch: hub.ivanti.com/s/article/Se...
While our detection is on the lowish side due to multiple Ivanti Sentry instances not reachable in our scans (blocklisted?), if you have not patched now you are most likely compromised.
Vuln IP data shared in Vulnerable HTTP reporting tagged 'cve-2026-10520' www.shadowserver.org/what-we-do/n...
The Shadowserver Foundation
The Shadowserver Foundation
The Shadowserver Foundation
This report is a list of all the websites we (or our collaborative partners) have been able to identify and verify to be compromised.
DESCRIPTION LAST UPDATED: 2026-06-10 DEFAULT SEVERITY LEVEL: CRITICAL This report identifies hosts that have the Hypertext Transfer Protocol (HTTP) service running on some port that may have a vulnera...
Shadowserver is excited to share its cybersecurity insights and actionable recommendations in a report aimed at helping ECOWAS stakeholders make West Africa more secure!
Read the report & accompanying fact sheets in English, French & Portuguese at www.shadowserver.org/news/shadows...
P data in www.shadowserver.org/what-we-do/n... (tagged 'atg’)
Dashboard World Map view: dashboard.shadowserver.org/statistics/c...
These should not be publicly exposed - read why at www.cisa.gov/resources-to... from US CISA
#CyberCivilDefense
Recent investigation by Bitsight TRACE has discovered multiple critical 0-day vulnerabilities across six ATG systems from five different vendors.
www.bitsight.com
DESCRIPTION LAST UPDATED: 2026-06-05 DEFAULT SEVERITY LEVEL: HIGH We scan the entire IPv4 space daily to map out and report on the ICS/OT exposed attack surface on the Internet. We do this by running ...
