Real-time global intelligence

© 2026 OpenWatch. All rights reserved.

For informational and entertainment purposes only. Not investment advice.

Platform

Brief
Signals
Cascade
Trajectories
Wagers
Track Record
Countries
Companies
Industries
Themes
Rankings

Tools

Globe
Analytics
Crises
Clusters
Supply Chain
Alliances
Screener
Watchlist
Portfolio

Developer

Status

Sources

View all sources →

1,000+ tracked sources

Signals updated every 15 minutes

Not investment advice. OpenWatch is provided for informational and entertainment purposes only. While we strive for accuracy, precision, and source attribution in all intelligence assessments, geopolitical analysis involves inherent uncertainty and our conclusions may be incomplete, delayed, or incorrect. Nothing on this platform constitutes financial, investment, legal, or professional advice of any kind. Forward-looking scenarios and probability estimates are analytical hypotheses — not independently validated forecasts. Any actions taken based on information found here are solely your responsibility. Always consult a qualified financial advisor before making investment decisions. Past signal patterns do not guarantee future outcomes.

Methodology
Privacy Policy
Terms of Use

openwatch.io

v·0126a1d

Search

Congressional trades, bills, prediction markets, hearings, and intelligence signals. Signal search supports: AND OR "exact phrase" -exclude

Keywords

Threat Layer

Military Cyber Economic Disaster Political Criminal Health Supply Chain

Signal Type

Any Crisis Update Resolution

Region

Country

Min. Severity

Any ≥ 3 ≥ 5 ≥ 7 ≥ 9

Date Range

Clear all filters

Sort by

Severity Newest

↓Export CSV (requires API key)

Themes:🧠AI Chip Bottleneck 🛡US Defense Surge ⚓Shipping Lane Fragmentation 🔌Taiwan Semiconductor Risk

291 signals for Criminal+Health+Cyber+Military · Mali

Page 6 of 12

CyberCrisis🇲🇱Mali 🇺🇸United States125d ago

Introduction Mandiant has identified an expansion in threat activity that uses tactics, techniques, and procedures (TTPs) consistent with prior ShinyHunters-branded extortion operations. These operations primarily leverage sophisticated voice phishing (vishing) and victim-branded credential harvesting sites to gain initial access to corporate environments by obtaining single sign-on (SSO) credentials and multi-factor authentication (MFA) codes. Once inside, the threat actors target cloud-based software-as-a-service (SaaS) applications to exfiltrate sensitive data and internal communications for use in subsequent extortion demands.

6.1/10·Mandiant Threat Intelligence·Mali

Primary Source ↗Details →

CyberCrisis🇲🇱Mali125d ago

Introduction Mandiant is tracking a significant expansion and escalation in the operations of threat clusters associated with ShinyHunters-branded extortion. As detailed in our companion report, 'Vishing for Access: Tracking the Expansion of ShinyHunters-Branded SaaS Data Theft' , these campaigns leverage evolved voice phishing (vishing) and victim-branded credential harvesting to successfully compromise single sign-on (SSO) credentials and enroll unauthorized devices into victim multi-factor authentication (MFA) solutions. This activity is not the result of a security vulnerability in vendors' products or infrastructure.

6.1/10·Mandiant Threat Intelligence·Mali

Primary Source ↗Details →

CyberCrisis🇦🇼AW 🇮🇹Italy 🇯🇵Japan+3135d ago

High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source Info Patch Info 10-Strike--Strike Network Inventory Explorer Pro 10-Strike Network Inventory Explorer Pro 9.31 contains a buffer overflow vulnerability in the text file import functionality that allows remote code execution. Attackers can craft a malicious text file with carefully constructed payload to trigger a reverse shell and execute arbitrary code on the target system. 2026-01-15 9.8 CVE-2021-47772 ExploitDB-50472 Vendor Homepage   10-Strike--Strike Network Inventory Explorer Pro 10-Strike Network Inventory Explorer Pro 9.31 contains an unquoted service path vulnerability in the srvInventoryWebServer service running with LocalSystem privileges.

6.1/10·US-CERT Bulletins·Mali

Primary Source ↗Details →

CyberCrisis🇦🇷Argentina 🇦🇼AW 🇯🇵Japan+2143d ago

High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source Info Patch Info AA-Team--Amazon Native Shopping Recommendations Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Amazon Native Shopping Recommendations allows SQL Injection.This issue affects Amazon Native Shopping Recommendations: from n/a through 1.3. 2026-01-05 9.3 CVE-2025-30633 https://vdp.patchstack.com/database/wordpress/plugin/woozone-contextual/vulnerability/wordpress-amazon-native-shopping-recommendations-plugin-1-3-sql-injection-vulnerability?_s_id=cve   AA-Team--Premium Age Verification / Restriction for WordPress Incorrect Privilege Assignment vulnerability in AA-Team Premium Age Verification / Restriction for WordPress, AA-Team Responsive Coming Soon Landing Page / Holding Page for WordPress allows Privilege Escalation.This issue affects Premium Age Verification / Restriction for WordPress: from n/a through 3.0.2; Responsive Coming Soon Landing Page / Holding Page for WordPress: from n/a through 3.0. 2026-01-06 8.8 CVE-2025-29004 https://patchstack.com/database/wordpress/plugin/age-restriction/vulnerability/wordpress-premium-age-verification-restriction-for-wordpress-plugin-3-0-2-privilege-escalation-vulnerability?_s_id=cve https://patchstack.com/database/wordpress/plugin/wordpress-flat-countdown/vulnerability/wordpress-responsive-coming-soon-landing-page-holding-page-for-wordpress-3-0-privilege-escalation-vulnerability?_s_id=cve   AA-Team--Premium SEO Pack Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Premium SEO Pack allows SQL Injection.This issue affects Premium SEO Pack: from n/a through 3.3.2.

6.1/10·US-CERT Bulletins·Mali

Primary Source ↗Details →

CyberCrisis🇨🇳China 🇮🇹Italy 🇲🇰North Macedonia+2150d ago

High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source Info Patch Info SmarterTools--SmarterMail Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution. 2025-12-29 10 CVE-2025-52691 https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-124/   MiniDVBLinux--MiniDVBLinux MiniDVBLinux 5.4 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands as root through the 'command' GET parameter. Attackers can exploit the /tpl/commands.sh endpoint by sending malicious command values to gain root-level system access.

6.1/10·US-CERT Bulletins·Mali

Primary Source ↗Details →

HealthCrisis🇩🇿Algeria 🇹🇩Chad 🇬🇳Guinea+2195d ago

Situation at a glance From 1 January to 2 November 2025, a total of 20 412 suspected diphtheria cases, including 1 252 deaths (an average case fatality ratio [CFR] - 6 %) have been reported across eight Member States in the WHO African Region (Algeria, Chad, Guinea, Mali, Mauritania, Niger, Nigeria, and South Africa). Several of these countries have been experiencing ongoing outbreaks since 2023. Children and young adults represent the majority of the cases, with females accounting for a slightly greater proportion.

6.1/10·WHO Disease Outbreak News

Primary Source ↗Details →

HealthCrisis🇮🇳India 🇫🇷France 🇪🇬Egypt+1388d ago

Situation at a glance Since August 2024, widespread transmission of chikungunya virus disease has been documented in La Réunion as well as increasing locally transmitted cases in Mayotte. Although chikungunya outbreaks and endemic transmission occur annually in several countries and territories around the world, the Indian Ocean islands have not experienced major outbreaks for nearly two decades. In La Réunion, over 47 500 cases and twelve associated deaths have been reported as of 4 May 2025, with sustained high transmission across the island.

6.1/10·WHO Disease Outbreak News·Indian Ocean

Primary Source ↗Details →

HealthCrisis🇲🇽Mexico 🇨🇦Canada 🇲🇱Mali413d ago

See all DONs related to this event Situation at a glance On 2 April 2025, the International Health Regulations (IHR) National Focal Point (NFP) for Mexico notified the World Health Organization (WHO) of the country’s first laboratory-confirmed human infection with an avian influenza A(H5N1) virus in the state of Durango. In response, local and national health authorities have implemented a range of measures to monitor, prevent, and control the situation. There have been reports of A(H5N1) outbreaks in birds in Durango, although the exact source of infection in this case remains under investigation.

6.1/10·WHO Disease Outbreak News

Primary Source ↗Details →

CyberCrisis🇲🇱Mali35d ago

Attackers compromised the popular Python Lightning package and published two trojanized versions capable of stealing credentials, with four cybersecurity firms confirming the supply chain intrusion affected versions 2.6.2 and 2.6.3 released on April 30, 2026.

6.0/10·The Hacker News·Mali

Primary Source ↗Details →

CyberCrisis🇺🇸United States 🇲🇱Mali78d ago

CISA issued an alert following a March 11, 2026 cyberattack on medical technology giant Stryker Corporation that compromised its Microsoft environment, warning that threat actors are broadly targeting endpoint management systems and urging organizations to harden Microsoft Intune configurations using least-privilege, phishing-resistant MFA, and multi-admin approval policies.

6.0/10·CISA Current Activity·Mali, Michigan

Primary Source ↗Details →

CriminalCrisis🇨🇴Colombia 🇲🇱Mali8d ago

# Translation The Inter-American Commission on Human Rights (IACHR) accepted to study the case of the murder of social and mining leader Jaime Alonso Gallego Gómez, known as 'Mongo', to determine possible responsibility of the Colombian State for alleged omissions in the protection measures it should have guaranteed him. The body will analyze whether the authorities failed in their duty to protect, despite the fact that the leader had precautionary measures since 2016 due to threats against him. The crime occurred in March 2025 in northeastern Antioquia and shocked the country due to the circumstances surrounding it: on March 3, 2025, 'Mongo' disappeared with his escort from the National Protection Unit (UNP), Didier Berrío, while they allegedly were heading to a meeting in Vegachí.

5.7/10·El Colombiano (Medellín)

Primary Source ↗Details →

CriminalCrisis🇨🇱Chile 🇨🇴Colombia 🇲🇱Mali8d ago

# Translation Chilean authorities captured former Colombian footballer Abel Stiven Carabalí, accused of participating in an atrocious crime against his friend in the Metropolitan Region of Santiago, Chile. The 30-year-old from Cali was detained along with another Colombian, 51 years old, following a murder that occurred on April 12 in a building in the municipality of Estación Central. The victim's lifeless body was found that same day on Zapata Hill, in the municipality of Curacaví, located on the outskirts of Santiago.

5.7/10·El Colombiano (Medellín)·Cali, Valle del Cauca Department

Primary Source ↗Details →

MilitaryCrisis🇧🇷Brazil 🇲🇱Mali20d ago

The Federal Public Prosecutor's Office (MPF) requested the Federal Court to anticipate the trial of the public civil action filed against the Federal Government for repeated attacks by the Brazilian Navy on the memory of João Cândido Felisberto . At the beginning of the 20th century, the sailor led the so-called Revolt of the Lash against physical punishments on board the ships of the military force. In a new application filed, the MPF argues that collective moral damages are “demonstrated by the facts themselves recognized in the action”.

5.7/10·Agência Brasil·Mali

Primary Source ↗Details →

MilitaryCrisis🇷🇺Russia 🇲🇱Mali7d ago

Following a new Moscow attack on Kyiv, Andrés Repetto explained on LN+ the reach of the Oreshnik missile and warned about the growing normalization of atomic threats amid the conflict

5.5/10·La Nación (Argentina — Spanish, expanded)·Moscow, Moscow

Primary Source ↗Details →

MilitaryCrisis🇲🇱Mali 🇷🇺Russia8d ago

The Malian military and Russian Africa Corps intensified airstrikes on Kidal during the night of May 27–28, causing significant destruction. Separatist and jihadist forces captured the city on April 25 and have also taken control of Tessalit; both sides are reported to be preparing for renewed ground operations, though neither has advanced since early May.

5.5/10·RFI Français·Kidal, Kidal

Primary Source ↗Details →

MilitaryCrisis🇲🇱Mali 🇷🇺Russia8d ago

Following coordinated attacks by armed groups in northern Mali and near the capital Bamako on April 26, the Malian military supported by Russian forces has launched ongoing operations in the central Koulikoro region. Russian Africa Corps has publicized the campaign on social media, including contested imagery of airstrikes.

5.5/10·RFI Français·Bamako, Bamako

Primary Source ↗Details →

CyberUpdate🇺🇸United States 🇲🇱Mali9d ago

CISA added CVE-2026-48172, a privilege escalation flaw in the LiteSpeed cPanel plugin, to its Known Exploited Vulnerabilities catalog after detecting active exploitation. Federal agencies are required to patch the vulnerability under Binding Operational Directive 22-01; CISA recommends all organizations prioritize remediation as part of their vulnerability management.

5.5/10·CISA Current Activity

Primary Source ↗Details →

MilitaryUpdate🇨🇳China 🇷🇺Russia 🇦🇺Australia+210d ago

While Russian-speaking threat actors have historically dominated the phishing-as-a-service (PhaaS) landscape, a rival ecosystem is rapidly growing within the Chinese-language underground. Google Threat Intelligence Group (GTIG) analyzed a dozen current PhaaS offerings in the Chinese underground, all of them mature services and many likely tied intricately to the broader criminal ecosystem in that region. These services not only lower the barrier to entry for Chinese cyber criminals, but reveal broader patterns on the evolution of social engineering and credential theft.

5.5/10·Mandiant Threat Intelligence

Primary Source ↗Details →

MilitaryCrisis🇲🇱Mali14d ago

Jihadist militants have set dozens of vehicles ablaze near Bamako, including fuel tankers and transport trucks, as part of an intensifying blockade of Mali's capital city.

5.5/10·Joy FM Online (Ghana)·Bamako, Bamako

Primary Source ↗Details →

MilitaryCrisis🇨🇴Colombia 🇹🇷Turkey 🇬🇺GU+116d ago

A Colombian Army soldier, Ever Nardo Pazu Pena, was killed by an ELN sniper while on patrol in the La Campiña neighborhood of Fortul, Arauca department. The attack is part of an escalating pattern of targeted sniper assassinations by the National Liberation Army against military and police personnel across Arauca and Norte de Santander since August 2025, reflecting persistent insurgent activity in Colombia's northeastern border region.

5.5/10·El Colombiano (Medellín)·Medellin, Arauca

Primary Source ↗Details →

CyberCrisis🇲🇱Mali28d ago

Researchers have found that malicious code repositories can silently execute commands through AI coding assistants including Claude Code, Cursor, Gemini CLI, and GitHub Copilot CLI, with inadequate warning prompts doing little to stop the attack.

5.5/10·Dark Reading·Mali

Primary Source ↗Details →

CyberCrisis🇺🇸United States 🇲🇱Mali28d ago

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability in Ivanti Endpoint Manager Mobile to its catalog of known exploited vulnerabilities, citing active exploitation in the wild. The flaw allows improper input validation and poses significant risk to federal networks and critical infrastructure; federal agencies are required to remediate by specified deadlines.

5.5/10·CISA Current Activity·Mali

Primary Source ↗Details →

CyberCrisis🇲🇱Mali28d ago

Cybersecurity researchers at Kaspersky have identified three malicious packages hosted on the Python Package Index (PyPI) that disguise themselves as legitimate libraries while covertly delivering a previously unknown malware family called ZiChatBot to Windows and Linux systems. The packages implement their advertised features to avoid detection, but their primary purpose is to deliver malicious payloads.

5.5/10·The Hacker News·Mali

Primary Source ↗Details →

CyberCrisis🇲🇱Mali29d ago

Threat actors are running a malware campaign targeting macOS users by impersonating legitimate utility software and tricking them into executing malicious Terminal commands. The campaign, dubbed ClickFix, successfully evades traditional security defenses to steal credentials, cryptocurrency wallets, and other sensitive information from infected systems.

5.5/10·Microsoft Security Blog·Mali

Primary Source ↗Details →

CyberCrisis🇺🇸United States 🇲🇱Mali29d ago

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a Palo Alto Networks PAN-OS vulnerability (CVE-2026-0300) to its Known Exploited Vulnerabilities Catalog, indicating the flaw is being actively exploited by malicious actors. Federal agencies must remediate the vulnerability under Binding Operational Directive 22-01, and CISA urges all organizations to prioritize patching as part of their vulnerability management.

5.5/10·CISA Current Activity·Mali

Primary Source ↗Details →