DEFUSED TF [”ThreatFlix”] Available 10th Nov 12pm EST Sign up now: console.defusedcyber.com/sig…

DEFUSED TF [”ThreatFlix”] is LIVE! 🥳🥳 Pricing details: defusedcyber.com/pricing Subscribe: console.defusedcyber.com/che… Plans starting at $29 USD / month!

Seriously awesome stuff from @SimoKohonen!!! Why manage your own honeypots anymore?! 🙌🤘💪🐝🍯 Highly recommend checking this out if you’re in threat intel/security research.

Aéza International (#AS210644 ) via, you guessed it.... @aurologiccom (#AS30823) 🇩🇪

⚠ Exploitation of the unknown Fortinet exploit (FortiWeb path traversal / API exploit) continues from 89.169.55.168 🇩🇪 (unbiaseddeer.ptr . network) 0/95 on VirusTotal - but IP has been observed exploiting an Oracle vulnerability and domain widely used in exploit activity

it's coming from inside the HOUSE!

⚠ Multiple IPs mass exploiting unknown Fortinet exploit (FortiWeb path traversal / API exploitation) The exploit aims at creating a user with the user-password combination Testpoint:AFT3$tH4ckmet0d4yaga!n 🔐 IPs involved in this exploit: 185.192.70.39 185.192.70.55 185.192.70.54 185.192.70.41 185.192.70.57 185.192.70.50 185.192.70.25

Some heightened activity on WSUS / CVE-2025-59287 during the last few days, put one of the payloads into a gist if someone is interested: gist.github.com/simokohonen/…

⚠️Actor mass exploiting unknown Fortinet exploit (FortiWeb path traversal / API exploitation) from 107.152.41.19 🇺🇸 ( TZULO ) VirusTotal Detections 0/95 🟢 After the exploit, the actor attempted to login using the newly created username-credential pair 🔐

Patching Motivation of the Day 👇 Actor repeatedly hammering the CVE-2025-25257 exploit onto our Fortiweb honeypots with a DROP TABLE payload 213.209.143.41 just wants to watch the world burn! 🔥

Check the full ransomware vulnerabilities list 👉 ransomvulns.defusedcyber.com

Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2025-61882 (Oracle E-Busine..) +186086.05% - CVE-2021-27877 (Veritas Veritas..) +879.54% - CVE-2023-20269 (ASA..) +302.13% - CVE-2023-20269 (FTD..) +302.13% - CVE-2025-29824 (CLFS..) +289.16%

Weekend of the F5 exploits... seeing like a 5-10x rate of exploitation to normal in the past 24 hrs Some actor is spraying known exploits like crazy (even old ones like CVE-2020-5902) @GreyNoiseIO has an interesting wpaper about how exploit spikes can predict new CVEs 👇

Cybercrime identified by @DefusedCyber

🚨Major exploit sweep targetting F5 BIG-IP ongoing A set of 10 IP addresses exploited CVE-2022-1388 on multiple of our F5 honeypots within the span of an hour F5 was recently breached, with breached data including previously unknown software vulnerabilities. Large-scale exploitation like this may act as reconnaissance exploitation for an upcoming 0day vulnerability ⚠️ IP addresses involved (Most at 0/95 detections on VirusTotal 🟢) 173.232.206.37 158.180.92.88 173.232.73.194 173.232.206.29 129.154.62.198 107.158.12.187 87.236.146.227 31.129.47.28 170.130.18.130 50.2.250.188

Actor exploiting CVE-2023-27997 (Fortinet buffer overflow) from 170.247.220.25 🇺🇸 ( My Tech ) VirusTotal Detections: 0/95 🟢 This actor was recently mass probing Palo Alto devices for authentication pathways 🍯

🎃 Going live in 30 minutes! Atomics on a Friday: Night of the Living Indicators - join us for live emulations, haunted artifacts, and MCP mayhem. See you there… or on the recording. 👻⚛️ Twitch: twitch.tv/atomicsonafriday X Linkedin YT: piped.video/watch?v=nSuCkEFH…

A couple more days to deploy a FortiWeb decoy / honeypot for FREE 👉 console.defusedcyber.com/sig… New tiers launching next week 🍯

Actor exploiting CVE-2025-25257 (FortiWeb SQLi) from 172.96.141.66 🇺🇸 (RELIABLESITE) VT Detections: 0/95 🟢 Payload in Authorization: Bearer header 📸 select/**/a/**/from/**/fabric_user.a/**/into/**/outfile/**/var/log/lib/python3.10/pylab.py'/**/FIELDS/**/ESCAPED/**/BY/**/

Baddies using infra hosted in the USA to attack CISCO ASAs! (thanks @DefusedCyber and @ipinfo )