Intel Reports

Activity Summary - Week Ending on 19 December 2025 

• Red Sky identified 10,237 connections from ‘new’ and unique, compromised IP addresses
• Microsoft in S. Korea hit 665x
• CISA – BOD & Sierra Wireless AirLink ALEOS
• CVE-2025-14174
• React2Shell   
• CVE-20

Activity Summary - Week Ending on 12 December 2025 

• Red Sky identified 10,237 connections from ‘new’ and unique, compromised IP addresses
• Microsoft in Japan hit 1,170x
• CISA – BrickStorm Malware
• Space Bears
• Quasar Inc.   
• Phishing Attack Surge @ 4,1

Activity Summary - Week Ending on 5 December 2025 

• Red Sky identified 6,881 connections from ‘new’ and unique, compromised IP addresses
• Microsoft in the US hit 548x
• CISA – Mobile Comms Best Practices
• CVE-2021-26829
• More AI Woes   
• "useful-lib": "1.

Activity Summary - Week Ending on 28 November 2025 

• Red Sky identified 6,881 connections from ‘new’ and unique, compromised IP addresses
• Microsoft in the US hit 341x
• CTAC - 90 days Keylogger Data
• CISA – Spyware on Messaging
• Lighthouse Phishing-as-a

Activity Summary - Week Ending on 21 November 2025 

• Red Sky identified 6,881 connections from ‘new’ and unique, compromised IP addresses
• HostGlobalPlus in the UK hit 801x
• CISA – Akira Ransomware Up-Date
• Citrix zero-days
• CVE-2025-5777
• Cisco Identity

Activity Summary - Week Ending on 14 November 2025 

• Red Sky identified 9,810 connections from ‘new’ and unique, compromised IP addresses
• PFCloud in the Netherlands hit 1,716x 2^nd Week
• Dell’s Display and Peripherals Manager Vulnerabilities
• CVE-2025-4

Activity Summary - Week Ending on 7 November 2025 

• Red Sky identified 6,625 connections from ‘new’ and unique, compromised IP addresses
• PFCloud in the Netherlands hit 1,529x
• CISA Alert – Out-of-Band Security Update
• CVE-2025-59287
• “Confucius Says”
• Wo

Activity Summary - Week Ending on 31 October 2025 

• Red Sky identified 12,140 connections from ‘new’ and unique, compromised IP addresses
• Microsoft LTD, US hit 289x 2^nd week
• CISA Alert – Delta Electronics ASDA-Soft
• CTAC – 7 Days – Keylogger Data
• AI S

Activity Summary - Week Ending on 24 October 2025 

• Red Sky identified 9,681 connections from ‘new’ and unique, compromised IP addresses
• Microsoft LTD, US hit 281x
• CISA Alert – OCT is Cybersecurity Awareness Month
• CTAC – 90 Days – Sinkhole Traffic
• D

Activity Summary - Week Ending on 17 October 2025 

• Red Sky identified 5,541 connections from ‘new’ and unique, compromised IP addresses
• VMHeaven in the Germany hit 386x
• CISA Alert – Lessons Learned from an Incident Response Engagement
• CVE-2024-3640

Activity Summary - Week Ending on 10 October 2025 

• Red Sky identified 10,557 connections from ‘new’ and unique, compromised IP addresses
• HostPlus LTD in the UK hit 11,780x
• CISA Alert – Definitive View of Your OT Architecture
• CVE-2025-20333 and CVE-

Activity Summary - Week Ending on 3 October 2025 

• Red Sky identified 7,783 connections from ‘new’ and unique, compromised IP addresses
• Flokinet[.]is in Iceland hit 20x 2^nd week
• CISA Alert – OT Protection
• Creating & Maintaining a Definitive View of Y

     Telegram is a popular, cross-platform cloud messaging service supporting text, file transfer, voice, video, and bot automation. While Telegram provides legitimate privacy and developer features, threat actors exploit the platform’s ecosystem f

Activity Summary - Week Ending on 26 September 2025 

• Red Sky identified 7,212 connections from ‘new’ and unique, compromised IP addresses
• Flokinet[.]is in Iceland hit 114x
• CISA Alert - Dover Fueling Solutions
• CVE-2025-55065
• CTAC – 90 Days Dark Web R

Activity Summary - Week Ending on 19 September 2025 

• Red Sky identified 9,431 connections from ‘new’ and unique, compromised IP addresses
• Hydra Communications in the UK hit 140x
• CISA Alert - Schneider Electric Exploitation
• CVE-2025-5056
• ICS-TIP-12-1

Activity Summary - Week Ending on 12 September 2025 

• Red Sky identified 7,666 connections from ‘new’ and unique, compromised IP addresses
• M247 LTD in Singapore hit 827x
• CISA Alert - Honeywell OneWireless Wireless Device Manager (WDM)
• CVE-2025-2521
• C

Activity Summary - Week Ending on 29 August 2025 

• Red Sky identified 10,327 connections from ‘new’ and unique, compromised IP addresses
• OVH Hosting, Inc. in Canada hit 55x
• RedSkyAlliance CTAC – Dark Web Forums/Marketplaces: 90-days
• CISA Alert - Appl

Activity Summary - Week Ending on 22 August 2025 

• Red Sky identified 9,503 connections from ‘new’ and unique, compromised IP addresses
• Contabo[.]com in Germany hit 44x (previously observed)
• RedSkyAlliance CTAC – Dark Web Forums/Marketplaces: 90-days

Activity Summary - Week Ending on 15 August 2025 

• Red Sky identified 9,503 connections from ‘new’ and unique, compromised IP addresses
• Cheapy-Host in the Netherlands hit 114x
• CISA Alert - Dreame Technology iOS and Android Mobile Applications      

Activity Summary - Week Ending on 8 August 2025 

• Red Sky identified 8,344 connections from ‘new’ and unique, compromised IP addresses
• FBW NETWORKS SAS in France hit 1,915x
• CISA Alert - Proactive Threat Hunt at US Critical Infrastructure Organizatio