Prediction Markets All Markets Congress Trades Trade Leaderboard Watchlist Dashboard

Real-time global intelligence

© 2026 OpenWatch. All rights reserved.

For informational and entertainment purposes only. Not investment advice.

Platform

Brief
Signals
Cascade
Trajectories
Wagers
Track Record
Countries
Companies
Industries
Themes
Rankings

Tools

Globe
Analytics
Crises
Clusters
Supply Chain
Alliances
Screener
Watchlist
Portfolio

Developer

Status

Sources

View all sources →

1,000+ tracked sources

Signals updated every 15 minutes

Not investment advice. OpenWatch is provided for informational and entertainment purposes only. While we strive for accuracy, precision, and source attribution in all intelligence assessments, geopolitical analysis involves inherent uncertainty and our conclusions may be incomplete, delayed, or incorrect. Nothing on this platform constitutes financial, investment, legal, or professional advice of any kind. Forward-looking scenarios and probability estimates are analytical hypotheses — not independently validated forecasts. Any actions taken based on information found here are solely your responsibility. Always consult a qualified financial advisor before making investment decisions. Past signal patterns do not guarantee future outcomes.

Methodology
Privacy Policy
Terms of Use

openwatch.io

v·5eb0bd0

Prediction Markets All Markets Congress Trades Trade Leaderboard Watchlist Dashboard

Search

Congressional trades, bills, prediction markets, hearings, and intelligence signals. Signal search supports: AND OR "exact phrase" -exclude

Keywords

Threat Layer

Military Cyber Economic Disaster Political Criminal Health Supply Chain

Signal Type

Any Crisis Update Resolution

Region

Country

Min. Severity

Any ≥ 3 ≥ 5 ≥ 7 ≥ 9

Date Range

Clear all filters

Sort by

Severity Newest

↓Export CSV (requires API key)

Themes:🧠AI Chip Bottleneck 🛡US Defense Surge 🔌Taiwan Semiconductor Risk 💊Pharma Supply Chain Reshoring

146 signals for Criminal+Cyber+Health · Mali

Page 4 of 6

CyberCrisis🇺🇸United States 🇲🇱Mali71d ago

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Langflow code injection vulnerability (CVE-2026-33017) to its Known Exploited Vulnerabilities catalog after confirming active exploitation by malicious actors. Federal agencies are required to remediate the flaw by CISA's deadline, while CISA urges all organizations to prioritize patching to defend against ongoing attacks.

5.5/10·CISA Current Activity·Mali

Primary Source ↗Details →

CyberCrisis🇺🇸United States 🇲🇱Mali76d ago

The US Cybersecurity and Infrastructure Security Agency has added five actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog, including multiple flaws in Apple products and critical code injection vulnerabilities in Craft CMS and Laravel Livewire. Federal agencies are required to patch these by specified deadlines, and CISA is urging all organizations to prioritize remediation as part of vulnerability management practice.

5.5/10·CISA Current Activity·Mali

Primary Source ↗Details →

CyberCrisis🇺🇸United States 🇲🇱Mali77d ago

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical deserialization vulnerability in Cisco Secure Firewall Management Center and Security Cloud Control to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation. Federal agencies are required to remediate the flaw by a mandated deadline under Binding Operational Directive 22-01, and CISA is urging all organizations to prioritize patching to prevent cyberattacks.

5.5/10·CISA Current Activity·Mali

Primary Source ↗Details →

CyberCrisis🇺🇸United States 🇲🇱Mali78d ago

The U.S. Cybersecurity and Infrastructure Security Agency has flagged a critical Microsoft SharePoint vulnerability (CVE-2026-20963) as actively exploited in the wild, adding it to its official catalog of known vulnerabilities that require urgent patching by federal agencies. The deserialization flaw is a common attack vector used by malicious actors and poses substantial risk to federal networks and broader organizational infrastructure.

5.5/10·CISA Current Activity·Mali

Primary Source ↗Details →

CyberCrisis🇺🇸United States 🇲🇱Mali78d ago

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has listed CVE-2025-66376, a cross-site scripting vulnerability in Zimbra Collaboration Suite, as actively exploited in the wild. Federal agencies must remediate the flaw by a legally mandated deadline, and CISA is urging all organizations to prioritize patching as part of vulnerability management.

5.5/10·CISA Current Activity·Mali

Primary Source ↗Details →

CyberCrisis🇺🇸United States 🇲🇱Mali80d ago

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-47813, a Wing FTP Server information disclosure vulnerability, to its Known Exploited Vulnerabilities catalog after confirming active exploitation in the wild. Federal civilian agencies must remediate the flaw under Binding Operational Directive 22-01, with CISA urging all organizations to prioritize patching as part of vulnerability management.

5.5/10·CISA Current Activity·Mali

Primary Source ↗Details →

CyberCrisis🇺🇸United States 🇲🇱Mali83d ago

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two Google vulnerabilities to its Known Exploited Vulnerabilities Catalog following evidence of active exploitation in the wild: CVE-2026-3909 (Google Skia out-of-bounds write) and CVE-2026-3910 (Google Chromium V8 flaw). Federal agencies are required to patch these vulnerabilities by a mandatory deadline under Binding Operational Directive 22-01, and CISA urges all organizations to prioritize remediation as part of standard vulnerability management.

5.5/10·CISA Current Activity·Mali

Primary Source ↗Details →

CyberCrisis🇺🇸United States 🇲🇱Mali85d ago

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a new vulnerability to its Known Exploited Vulnerabilities catalog: CVE-2025-68613 affecting n8n, a workflow automation platform. The vulnerability involves improper control of dynamically-managed code resources and has evidence of active exploitation in the wild. Federal agencies are required to remediate the flaw by a mandated deadline under CISA's Binding Operational Directive 22-01.

5.5/10·CISA Current Activity·Mali

Primary Source ↗Details →

CyberCrisis🇨🇦Canada 🇨🇳China 🇭🇰Hong Kong+3127d ago

Introduction This week Google and partners took action to disrupt what we believe is one of the largest residential proxy networks in the world, the IPIDEA proxy network. IPIDEA’s proxy infrastructure is a little-known component of the digital ecosystem leveraged by a wide array of bad actors. This disruption, led by Google Threat Intelligence Group (GTIG) in partnership with other teams, included three main actions: Took legal action to take down domains used to control devices and proxy traffic through them.

5.5/10·Mandiant Threat Intelligence·Hong Kong, Central and Western

Primary Source ↗Details →

CyberUpdate🇲🇱Mali7d ago

CISA is prioritizing the response to multiple emerging software supply chain intrusion campaigns targeting developer ecosystems Continuous Integration/Continuous Development (CI/CD) pipelines. These recent incidents, including the GitHub compromise via a malicious Nx Console Visual Studio Code (VS Code) extension and the “Megalodon” supply chain intrusion campaign, demonstrate how cyber threat actors are abusing tools and processes that support enterprise, cloud, and DevOps environments—specifically CI/CD pipelines, code extensions and workflows.  Threat actors leveraged a prior compromise of Nx developer systems to compromise a GitHub employee’s device through a poisoned third-party VS Code extension, resulting in unauthorized access and exfiltration of internal GitHub repositories. The malicious extension version (18.95.0) was distributed through VS Code’s automatic update mechanism, meaning systems with Nx Console previously installed may have received the malicious build without developers taking any manual installation action.

5.1/10·CISA Current Activity

Primary Source ↗Details →

CyberUpdate🇺🇸United States 🇲🇱Mali13d ago

The US Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-9082, a SQL injection flaw in Drupal Core, to its catalog of known exploited vulnerabilities, indicating active real-world attacks are already underway. Federal agencies are required to patch the vulnerability under Binding Operational Directive 22-01, and CISA is urging all organizations to prioritize remediation.

5.0/10·CISA Current Activity

Primary Source ↗Details →

CyberUpdate🇺🇸United States 🇲🇱Mali20d ago

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Microsoft Exchange Server cross-site scripting vulnerability (CVE-2026-42897) to its Known Exploited Vulnerabilities Catalog after confirming active exploitation. Federal agencies are required to remediate the flaw under existing binding directive 22-01, and CISA urges all organizations to prioritize patching as part of standard vulnerability management.

5.0/10·CISA Current Activity·Washington, District of Columbia

Primary Source ↗Details →

CyberUpdate🇺🇸United States 🇲🇱Mali21d ago

The US Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco Catalyst SD-WAN Controller authentication bypass vulnerability (CVE-2026-20182) to its Known Exploited Vulnerabilities catalog, citing evidence of active attacks in the wild. Federal agencies must remediate the flaw under binding operational directive BOD 22-01, and CISA recommends all organizations prioritize patching to prevent exploitation of this frequently-used network infrastructure.

5.0/10·CISA Current Activity

Primary Source ↗Details →

CyberUpdate🇺🇸United States 🇲🇱Mali27d ago

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a SQL injection vulnerability in BerriAI's LiteLLM software to its catalog of known exploited vulnerabilities, signaling active-use attacks in the wild. Federal civilian agencies are required to patch the flaw by a set deadline; CISA is urging all organizations to prioritize remediation as part of routine vulnerability management.

5.0/10·CISA Current Activity·Mali

Primary Source ↗Details →

CyberCrisis🇺🇸United States 🇲🇱Mali57d ago

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has cataloged a newly exploited vulnerability in Ivanti's Endpoint Manager Mobile platform as a known active threat, requiring federal agencies to patch systems by a specified deadline to defend against ongoing attacks.

5.0/10·CISA Current Activity·Mali

Primary Source ↗Details →

CyberCrisis🇺🇸United States 🇲🇱Mali63d ago

The U.S. Cybersecurity and Infrastructure Security Agency has added a TrueConf Client vulnerability to its catalog of known exploited vulnerabilities, following evidence of active attacks in the wild. The flaw allows unauthenticated download of code without integrity verification, creating a high-risk vector for malicious actors targeting federal networks and other organizations.

5.0/10·CISA Current Activity·Mali

Primary Source ↗Details →

CriminalCrisis🇪🇸Spain 🇮🇹Italy 🇲🇱Mali7d ago

# Translation The "wave of repression" that the UN warns about reaches Spanish courts where prosecutors request prison sentences for acts of protest such as throwing paint. Rich countries silence their climate activists while preaching about the right to protest in the rest of the world. The UN rapporteur for Human Rights defenders, Mary Lawlor, wrote in her latest report to the General Assembly: "There is a wave of repression against legitimate climate activism in Europe and the rest of the world.

4.9/10·eldiario.es·Madrid, Madrid

Primary Source ↗Details →

CyberCrisis🇲🇱Mali16d ago

In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code that harvests sensitive credentials and exfiltrates them to an attacker-controlled server. "Every existing tag in the repository has been moved to point to an imposter commit that does not appear in the action's normal commit history,

4.9/10·The Hacker News·Mali

Primary Source ↗Details →

CyberCrisis🇰🇵North Korea 🇲🇱Mali115d ago

Written by: Ross Inman, Adrian Hernandez Introduction North Korean threat actors continue to evolve their tradecraft to target the cryptocurrency and decentralized finance (DeFi) verticals. Mandiant recently investigated an intrusion targeting a FinTech entity within this sector, attributed to UNC1069 , a financially motivated threat actor active since at least 2018. This investigation revealed a tailored intrusion resulting in the deployment of seven unique malware families, including a new set of tooling designed to capture host and victim data: SILENCELIFT, DEEPBREATH and CHROMEPUSH.

4.9/10·Mandiant Threat Intelligence·Mali

Primary Source ↗Details →

HealthCrisis🇨🇴Colombia 🇲🇱Mali 🇴🇲Oman8d ago

A six-month-old baby who was in intensive care in the department of Tolima died after allegedly being sexually abused. "She could not bear the pain and cruelty of an act that should never have occurred," declared Governor Adriana Magali Matiz this Wednesday. The official recalled that the case became known on Tuesday of this week, when the girl was admitted at 4:00 p.m.

4.5/10·El Colombiano (Medellín)

Primary Source ↗Details →

CyberUpdate🇺🇸United States 🇲🇱Mali8d ago

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three newly exploited vulnerabilities to its Known Exploited Vulnerabilities Catalog: flaws in Daemon Tools Lite, TanStack, and Nx Console. Federal agencies are required to patch these vulnerabilities under Binding Operational Directive 22-01, and CISA recommends all organizations prioritize remediation as part of their vulnerability management.

4.5/10·CISA Current Activity

Primary Source ↗Details →

HealthUpdate🇺🇸United States 🇪🇸Spain 🇲🇱Mali8d ago

The theme park located in Toledo publishes this job offer one week after firing three department heads as a consequence of these events. Puy du Fou acknowledges that animals were buried within the park and fires three managers. Puy du Fou wants to hire a person who is "passionate about animal welfare" to fill the position of head of the animal team.

4.5/10·eldiario.es·Toledo, Ohio

Primary Source ↗Details →

CyberUpdate🇲🇱Mali10d ago

Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks. According to QiAnXin XLab, the activity involves the exploitation of CVE-2026-26980 (CVSS score: 9.4), an SQL injection vulnerability in Ghost's Content API that could allow an unauthenticated attacker to read arbitrary data from the

4.5/10·The Hacker News

Primary Source ↗Details →

CyberCrisis🇲🇱Mali10d ago

A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware. The campaign, codenamed TrapDoor, spans more than 34 malicious packages across over 384 versions. The earliest activity was recorded on May 22, 2026, at 8:20 p.m.

4.5/10·The Hacker News

Primary Source ↗Details →

CriminalUpdate🇨🇴Colombia 🇲🇱Mali14d ago

A Colombian criminal court in Medellín has allowed the current municipal administration to participate as a victim in the corruption trial of former mayor Daniel Quintero and thirteen others accused of irregularities in the Aguas Vivas real estate deal, which allegedly cost the city over 40 billion pesos. The court rejected arguments by Quintero's defense that the District's participation constituted a conflict of interest, clearing the way for the administration to present evidence and challenge testimony as the case moves forward through July.

4.5/10·El Colombiano (Medellín)·Medellin, Antioquia

Primary Source ↗Details →