We are excited to share the result of a fruitful collaboration with The Shadowserver Foundation: a new Known Exploited Vulnerabilities (KEV) Catalog (BCP-07 compliant) built directly from their global honeypot telemetry.

Most KEV catalogs tell you what is being exploited. This one is grounded in observed exploitation attempts captured across Shadowserver’s worldwide honeypot sensor network. When a vulnerability is exploited against one of their honeypots, it becomes an attributable, structured GCVE-EU BCP-07 KEV assertion, complete with evidence typing (honeypot), exploitation signals (in_the_wild_attempts), and timestamps indicating when exploitation was first and last observed.

A huge thank-you to the Shadowserver team, and especially to Piotr Kijewski, for their support and collaboration.