The Return of the Kinsing | Blog | VulnCheck

Canary Intelligence linked exploitation of CVE-2023-46604, CVE-2023-38646, and CVE-2025-55182 to the same Kinsing infrastructure, including a shared staging host and attacker IP first seen in the canary network on March 12, 2026. The research shows how an older malware family is still adapting by adding new exploit paths while continuing to rely on established infrastructure.