Threat/Vulnerability News

All Product Updates Technical Articles Threat/Vulnerability News

Line chart showing SSH brute force attack trends from Jan 12 - Feb 11, 2026, tracking unique attacking IPs per credential for usernames "root" (blue), "admin" (yellow), and "n8n" (red). Shows "n8n" surpassing "admin" as second most targeted.

Threat/Vulnerability News_February 11, 2026_2 min

"n8n" is the new "admin."

On February 10, 2026, our deception network recorded "n8n" overtaking "admin" as the #2 most brute-forced SSH username. The campaign scaled from a handful of probing IPs to hundreds of unique sources in under a week, with attackers rapidly iterating through password variants.

Vlad Iliushin

CVE

Threat/Vulnerability News_December 5, 2025_5 min

React2Shell in the Wild: Payload Analysis, Active Campaigns, and IoCs

The ELLIO sensor network has been tracking active exploitation of CVE-2025-55182 (React2Shell) in the wild. Here’s what we’re seeing.

ELLIO Team

CVE

Threat/Vulnerability News_November 26, 2025_4 min

From Scan to Exploit: Inside the Latest Cisco ASA/FTD Campaign

From reconnaissance to exploitation in just 48 hours. See how 75 IPs executed surgical, one-hit attacks on Cisco ASA/FTD devices - and how to disappear from target lists.

ELLIO Team