Real-time global intelligence

© 2026 OpenWatch. All rights reserved.

For informational and entertainment purposes only. Not investment advice.

Platform

Brief
Signals
Cascade
Trajectories
Wagers
Track Record
Countries
Companies
Industries
Themes
Rankings

Tools

Globe
Analytics
Crises
Clusters
Supply Chain
Alliances
Screener
Watchlist
Portfolio

Developer

Status

Sources

View all sources →

1,000+ tracked sources

Signals updated every 15 minutes

Not investment advice. OpenWatch is provided for informational and entertainment purposes only. While we strive for accuracy, precision, and source attribution in all intelligence assessments, geopolitical analysis involves inherent uncertainty and our conclusions may be incomplete, delayed, or incorrect. Nothing on this platform constitutes financial, investment, legal, or professional advice of any kind. Forward-looking scenarios and probability estimates are analytical hypotheses — not independently validated forecasts. Any actions taken based on information found here are solely your responsibility. Always consult a qualified financial advisor before making investment decisions. Past signal patterns do not guarantee future outcomes.

Methodology
Privacy Policy
Terms of Use

openwatch.io

v·b5fbd6e

Search

Congressional trades, bills, prediction markets, hearings, and intelligence signals. Signal search supports: AND OR "exact phrase" -exclude

Keywords

Threat Layer

Military Cyber Economic Disaster Political Criminal Health Supply Chain

Signal Type

Any Crisis Update Resolution

Region

Country

Min. Severity

Any ≥ 3 ≥ 5 ≥ 7 ≥ 9

Date Range

Clear all filters

Sort by

Severity Newest

↓Export CSV (requires API key)

Themes:🧠AI Chip Bottleneck 🛡US Defense Surge ⚓Shipping Lane Fragmentation 🔌Taiwan Semiconductor Risk

150 signals for Supply Chain+Criminal+Cyber · Mali

Page 4 of 6

CyberCrisis🇺🇸United States 🇲🇱Mali78d ago

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical deserialization vulnerability in Cisco Secure Firewall Management Center and Security Cloud Control to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation. Federal agencies are required to remediate the flaw by a mandated deadline under Binding Operational Directive 22-01, and CISA is urging all organizations to prioritize patching to prevent cyberattacks.

5.5/10·CISA Current Activity·Mali

Primary Source ↗Details →

CyberCrisis🇺🇸United States 🇲🇱Mali79d ago

The U.S. Cybersecurity and Infrastructure Security Agency has flagged a critical Microsoft SharePoint vulnerability (CVE-2026-20963) as actively exploited in the wild, adding it to its official catalog of known vulnerabilities that require urgent patching by federal agencies. The deserialization flaw is a common attack vector used by malicious actors and poses substantial risk to federal networks and broader organizational infrastructure.

5.5/10·CISA Current Activity·Mali

Primary Source ↗Details →

CyberCrisis🇺🇸United States 🇲🇱Mali79d ago

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has listed CVE-2025-66376, a cross-site scripting vulnerability in Zimbra Collaboration Suite, as actively exploited in the wild. Federal agencies must remediate the flaw by a legally mandated deadline, and CISA is urging all organizations to prioritize patching as part of vulnerability management.

5.5/10·CISA Current Activity·Mali

Primary Source ↗Details →

CyberCrisis🇺🇸United States 🇲🇱Mali81d ago

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-47813, a Wing FTP Server information disclosure vulnerability, to its Known Exploited Vulnerabilities catalog after confirming active exploitation in the wild. Federal civilian agencies must remediate the flaw under Binding Operational Directive 22-01, with CISA urging all organizations to prioritize patching as part of vulnerability management.

5.5/10·CISA Current Activity·Mali

Primary Source ↗Details →

CyberCrisis🇺🇸United States 🇲🇱Mali84d ago

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two Google vulnerabilities to its Known Exploited Vulnerabilities Catalog following evidence of active exploitation in the wild: CVE-2026-3909 (Google Skia out-of-bounds write) and CVE-2026-3910 (Google Chromium V8 flaw). Federal agencies are required to patch these vulnerabilities by a mandatory deadline under Binding Operational Directive 22-01, and CISA urges all organizations to prioritize remediation as part of standard vulnerability management.

5.5/10·CISA Current Activity·Mali

Primary Source ↗Details →

CyberCrisis🇺🇸United States 🇲🇱Mali86d ago

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a new vulnerability to its Known Exploited Vulnerabilities catalog: CVE-2025-68613 affecting n8n, a workflow automation platform. The vulnerability involves improper control of dynamically-managed code resources and has evidence of active exploitation in the wild. Federal agencies are required to remediate the flaw by a mandated deadline under CISA's Binding Operational Directive 22-01.

5.5/10·CISA Current Activity·Mali

Primary Source ↗Details →

CyberCrisis🇨🇦Canada 🇨🇳China 🇭🇰Hong Kong+3127d ago

Introduction This week Google and partners took action to disrupt what we believe is one of the largest residential proxy networks in the world, the IPIDEA proxy network. IPIDEA’s proxy infrastructure is a little-known component of the digital ecosystem leveraged by a wide array of bad actors. This disruption, led by Google Threat Intelligence Group (GTIG) in partnership with other teams, included three main actions: Took legal action to take down domains used to control devices and proxy traffic through them.

5.5/10·Mandiant Threat Intelligence·Hong Kong, Central and Western

Primary Source ↗Details →

Supply ChainCrisis🇸🇴Somalia 🇲🇱Mali25d ago

As shipping companies reroute vessels around Africa to avoid Middle East conflict zones, piracy off Somalia has resurfaced, pushing up insurance premiums, transit times, and security expenses and putting renewed strain on global supply chains.

5.2/10·Deutsche Welle (DW) English·Horn Of Africa

Primary Source ↗Details →

CyberUpdate🇲🇱Mali8d ago

CISA is prioritizing the response to multiple emerging software supply chain intrusion campaigns targeting developer ecosystems Continuous Integration/Continuous Development (CI/CD) pipelines. These recent incidents, including the GitHub compromise via a malicious Nx Console Visual Studio Code (VS Code) extension and the “Megalodon” supply chain intrusion campaign, demonstrate how cyber threat actors are abusing tools and processes that support enterprise, cloud, and DevOps environments—specifically CI/CD pipelines, code extensions and workflows.  Threat actors leveraged a prior compromise of Nx developer systems to compromise a GitHub employee’s device through a poisoned third-party VS Code extension, resulting in unauthorized access and exfiltration of internal GitHub repositories. The malicious extension version (18.95.0) was distributed through VS Code’s automatic update mechanism, meaning systems with Nx Console previously installed may have received the malicious build without developers taking any manual installation action.

5.1/10·CISA Current Activity

Primary Source ↗Details →

CyberUpdate🇺🇸United States 🇲🇱Mali14d ago

The US Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-9082, a SQL injection flaw in Drupal Core, to its catalog of known exploited vulnerabilities, indicating active real-world attacks are already underway. Federal agencies are required to patch the vulnerability under Binding Operational Directive 22-01, and CISA is urging all organizations to prioritize remediation.

5.0/10·CISA Current Activity

Primary Source ↗Details →

CyberUpdate🇺🇸United States 🇲🇱Mali21d ago

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Microsoft Exchange Server cross-site scripting vulnerability (CVE-2026-42897) to its Known Exploited Vulnerabilities Catalog after confirming active exploitation. Federal agencies are required to remediate the flaw under existing binding directive 22-01, and CISA urges all organizations to prioritize patching as part of standard vulnerability management.

5.0/10·CISA Current Activity·Washington, District of Columbia

Primary Source ↗Details →

CyberUpdate🇺🇸United States 🇲🇱Mali22d ago

The US Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco Catalyst SD-WAN Controller authentication bypass vulnerability (CVE-2026-20182) to its Known Exploited Vulnerabilities catalog, citing evidence of active attacks in the wild. Federal agencies must remediate the flaw under binding operational directive BOD 22-01, and CISA recommends all organizations prioritize patching to prevent exploitation of this frequently-used network infrastructure.

5.0/10·CISA Current Activity

Primary Source ↗Details →

CyberUpdate🇺🇸United States 🇲🇱Mali28d ago

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a SQL injection vulnerability in BerriAI's LiteLLM software to its catalog of known exploited vulnerabilities, signaling active-use attacks in the wild. Federal civilian agencies are required to patch the flaw by a set deadline; CISA is urging all organizations to prioritize remediation as part of routine vulnerability management.

5.0/10·CISA Current Activity·Mali

Primary Source ↗Details →

CyberCrisis🇺🇸United States 🇲🇱Mali58d ago

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has cataloged a newly exploited vulnerability in Ivanti's Endpoint Manager Mobile platform as a known active threat, requiring federal agencies to patch systems by a specified deadline to defend against ongoing attacks.

5.0/10·CISA Current Activity·Mali

Primary Source ↗Details →

CyberCrisis🇺🇸United States 🇲🇱Mali64d ago

The U.S. Cybersecurity and Infrastructure Security Agency has added a TrueConf Client vulnerability to its catalog of known exploited vulnerabilities, following evidence of active attacks in the wild. The flaw allows unauthenticated download of code without integrity verification, creating a high-risk vector for malicious actors targeting federal networks and other organizations.

5.0/10·CISA Current Activity·Mali

Primary Source ↗Details →

CriminalCrisis🇪🇸Spain 🇮🇹Italy 🇲🇱Mali7d ago

# Translation The "wave of repression" that the UN warns about reaches Spanish courts where prosecutors request prison sentences for acts of protest such as throwing paint. Rich countries silence their climate activists while preaching about the right to protest in the rest of the world. The UN rapporteur for Human Rights defenders, Mary Lawlor, wrote in her latest report to the General Assembly: "There is a wave of repression against legitimate climate activism in Europe and the rest of the world.

4.9/10·eldiario.es·Madrid, Madrid

Primary Source ↗Details →

CyberCrisis🇲🇱Mali17d ago

In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code that harvests sensitive credentials and exfiltrates them to an attacker-controlled server. "Every existing tag in the repository has been moved to point to an imposter commit that does not appear in the action's normal commit history,

4.9/10·The Hacker News·Mali

Primary Source ↗Details →

CyberCrisis🇰🇵North Korea 🇲🇱Mali115d ago

Written by: Ross Inman, Adrian Hernandez Introduction North Korean threat actors continue to evolve their tradecraft to target the cryptocurrency and decentralized finance (DeFi) verticals. Mandiant recently investigated an intrusion targeting a FinTech entity within this sector, attributed to UNC1069 , a financially motivated threat actor active since at least 2018. This investigation revealed a tailored intrusion resulting in the deployment of seven unique malware families, including a new set of tooling designed to capture host and victim data: SILENCELIFT, DEEPBREATH and CHROMEPUSH.

4.9/10·Mandiant Threat Intelligence·Mali

Primary Source ↗Details →

CriminalCrisis🇮🇳India 🇲🇱Mali9h ago

RK News Service Srinagar, Jun 04: Continuing its sustained and uncompromising crackdown against drug trafficking under the ongoing Nasha Mukt Jammu & Kashmir Abhiyaan, police in Srinagar, in coordination with the Revenue Department, demolished an illegally constructed three-storeyed residential structure worth approximately ₹2 crore. The property belonged to notorious drug peddler Sheikh Tasaduq, son of Gh Mohammad Sheikh, a resident of Mumkhan Mohalla, Rainawari, Srinagar, a police spokesperson said. He said the accused is involved in multiple NDPS cases, including FIR No.

4.7/10·Rising Kashmir·Srinagar, Jammu and Kashmir

Primary Source ↗Details →

CyberUpdate🇺🇸United States 🇲🇱Mali4d ago

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2024-21182, an Oracle WebLogic Server vulnerability, to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation. Federal agencies are required to remediate the vulnerability by established deadlines, and CISA recommends all organizations prioritize patching as part of routine vulnerability management.

4.5/10·CISA Current Activity

Primary Source ↗Details →

CyberUpdate🇲🇱Mali6d ago

Microsoft Security researchers discovered a dependency confusion campaign that deployed 33 malicious npm packages to collect reconnaissance data from developer and build environments, exploiting a well-known supply-chain vulnerability in package management systems.

4.5/10·Microsoft Security Blog

Primary Source ↗Details →

CyberUpdate🇺🇸United States 🇲🇱Mali9d ago

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three newly exploited vulnerabilities to its Known Exploited Vulnerabilities Catalog: flaws in Daemon Tools Lite, TanStack, and Nx Console. Federal agencies are required to patch these vulnerabilities under Binding Operational Directive 22-01, and CISA recommends all organizations prioritize remediation as part of their vulnerability management.

4.5/10·CISA Current Activity

Primary Source ↗Details →

CyberUpdate🇲🇱Mali11d ago

Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks. According to QiAnXin XLab, the activity involves the exploitation of CVE-2026-26980 (CVSS score: 9.4), an SQL injection vulnerability in Ghost's Content API that could allow an unauthenticated attacker to read arbitrary data from the

4.5/10·The Hacker News

Primary Source ↗Details →

CyberCrisis🇲🇱Mali11d ago

A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware. The campaign, codenamed TrapDoor, spans more than 34 malicious packages across over 384 versions. The earliest activity was recorded on May 22, 2026, at 8:20 p.m.

4.5/10·The Hacker News

Primary Source ↗Details →

Supply ChainCrisis🇵🇰Pakistan 🇲🇱Mali13d ago

LAHORE: Pakistan may spend over $1 billion on cotton imports this year as domestic production has plunged to a four-decade low, prompting federal Minister for National Food Security and Research Rana Tanveer Hussain to assure full government support for the revival of the cotton sector during budget consultations with the Pakistan Business Forum (PBF). A PBF delegation led by Chief Organiser Ahmad Jawad met the minister to discuss budgetary proposals aimed at providing a level playing field for Pakistan’s cotton and agriculture sectors. The minister was quoted as saying that the government considered agriculture and cotton as key pillars of the national economy and was fully aware of the challenges confronting growers and ginners.

4.5/10·DAWN Business

Primary Source ↗Details →