in the wild research

What's happening now

Coverage of the active threat landscape — CVEs under live exploitation, threat-actor campaigns, emerging exposure patterns, and the indicators that surface from real-world incident response. The hub is the live feed; this page explains what we cover and how.

Active CVEs

Vulnerabilities under live exploitation — what dropped this week, who's exposed, what to do before Monday. Same shape as the analyses in the hub.

Threat actors

Group profiles, capability shifts, infrastructure overlaps. Written with attribution discipline — we name what's known, hold what isn't.

Campaign tracking

Multi-incident operations linked by shared TTPs, victimology, or infrastructure. Long-running coverage where one CVE doesn't tell the whole story.

Emerging threats

Pre-CVE exposure patterns we see surfacing — misconfiguration trends, scanner blind spots, attacker primitives that haven't yet earned a CVE.

IOC reporting

Published indicators (hashes, IPs, JA3s, JARM) when artifacts merit standalone publication. IOCs are facts, not copyrightable, free to consume.

Attribution discipline

How we handle uncertainty. What we publish, what we hold, when we say "unknown." Independent research means being honest about source posture.

Methodology

How we cover the live landscape

We publish when there's something a defender can act on Monday morning — a new exploit primitive, a campaign with a clear telemetry signature, an emerging exposure with a concrete remediation. We don't publish to be first; we publish to be useful. Where attribution is uncertain we say so. Where we've held detail at a vendor's request, we say that too. The hub is where the analyses land — weekly, plainly explained, no paywall.

Three post types

What you'll find in the feed

CVE analyses

Critical CVEs under active exploitation. Sidebar with CVE / CVSS / Product / Type / Disclosure. Read recent CVEs in the hub.
Threat-intel writeups

Actor profiles, campaign tracking, emerging-threat reports. Sidebar with actor / campaign / sectors / regions.
Emerging analyses

Pre-CVE pattern coverage and methodology pieces. Long-form, no sidebar — full-width reading for the longer arguments.

Application security research.

ops@keepsecure.io

Quick Links
About ResearchHub Contact
Elsewhere
GitHubLinkedInX / Twitter
RSS

© 2026 keepsecure labs