Pinned Tweet
CoreRecon - Cyber Security and IT Services
6.6K posts

CoreRecon - Cyber Security and IT Services
@CoreRecon
Texas businesses get hacked every 39 seconds. We stop it. 24/7 Cybersecurity & IT | Cyber Command See live threats hitting your city → https://t.co/PiBjSTNgg4
Corpus Christi, TX Joined Temmuz 2015
717 Following568 Followers

Most breaches aren't sophisticated. A missed alert, an unpatched box, a login nobody questioned at 2am.
Attackers aren't smarter than your team. They're counting on you not watching.
Visibility is the whole game.
@TexasDIR @rapid7 @IslandCampus @PottCoSheriff @Fortinet @LifePointHealth @LockheedMartin
#cybersecurity #infosec #texas #corerecon

English

@cyb3rshi3ld Love this. Best advice we give newcomers: learn to read logs before you learn to run tools. The flashy offensive stuff gets attention, but the people who can spot the one weird line in 10,000 never run out of work. Happy to answer questions anytime.
English

@the_yellow_fall SYSTEM via NTLM reflection on Server 2025 with public PoC is a fire drill. Short term: enforce SMB signing and EPA, disable NTLM where you can. This is exactly the priv-esc chain that turns a foothold into domain-wide in an afternoon.
English

Researcher publicly disclosed an NTLM reflection bypass, CVE-2026-24294, with PoC exploit code. It gives SYSTEM on Windows Server 2025. Patch now.
#NTLM #NTLMReflection #CVE202624294 #Windows #PrivEsc #Cybersecurity #Infosec
securityonline.info/ntlm-reflectio…

English

@nypost The capability race cuts both ways: the same models that help defenders triage faster also lower the barrier for attackers. Net effect is speed — incidents will move faster in both directions. Detection and response times matter more than ever.
English


@TheChartReport @nullcharts Makes sense from the trenches — security spend is one of the last line items to get cut, because the cost of NOT spending it keeps making headlines. Demand isn't cyclical when the threat isn't.
English

Cybersecurity stocks are making new decade highs relative to Software while remaining near decade lows relative to the broader Technology sector.
@nullcharts

English

@fofabot Pre-auth + guest viewing enabled = internet-wide spray within hours. Anyone running Cacti <=1.2.30: restrict guest graph access and patch today, don't wait for the maintenance window. Unauthenticated 9.8s don't give you the luxury of time.
English

⚠️⚠️ CVE-2026-39893 (CVSS 9.8) + CVE-2026-39948 (CVSS 9.8) + CVE-2026-39955 (CVSS 9.8) + CVE-2026-39938 (CVSS 9.8): Pre-auth SQLi and LFI in Cacti <=1.2.30 via graph_view.php; guest graph viewing can expose unauthenticated paths.
🔗FOFA Link: en.fofa.info/result?qbase64…
🎯16.8K+ Results are found on en.fofa.info in the past year.
FOFA Query: app="Cacti-Monitoring"
🔖Refer: securityonline.info/cacti-vulnerab…
#OSINT #FOFA #CyberSecurity #Vulnerability

English

@ericgeller This is the trend that keeps us up at night: the perimeter is now your own people. $500 and a USB stick beats most firewalls. Insider-assisted intrusion is exactly why we push behavioral detection over pure prevention — you can't patch motivation.
English

"In a private Telegram channel, the group is offering $500 to people to visit law firms and plug in USB sticks, one cybersecurity professional familiar with the incidents told CNN." cnn.com/2026/06/27/pol…

English

@CAgovernor @AnthropicAI @claudeai Encouraging to see public-sector security investment. The hard part is always the last mile: local governments often have the tools but lack the visibility to know if they're actually working. Hope the rollout includes detection maturity, not just deployment.
English

California 🤝 @AnthropicAI
We're entering a partnership to strengthen cybersecurity and provide @ClaudeAI to state agencies — and California local governments — at a 50% discount.
The Golden State helped build Silicon Valley — and every Californian should benefit from the responsible use of their latest innovations.
English

@Cointelegraph Decoupling security patches from feature releases is overdue and the right call. Patch latency is where most real-world compromise happens — every day a fix waits on a feature train is a day attackers get for free. More vendors should follow.
English

@BleepinComputer @flaresystems Great breakdown. The part defenders underestimate is the cash-out network — by the time money moves, the compromise is days old. BEC is rarely a malware problem; it's a visibility and verification problem. Out-of-band payment confirmation stops more of these than any filter.
English

📧 Business Email Compromise is more than an email scam.
🛡️ @flaresystems explores how attackers plan BEC campaigns using compromised mailboxes, AI, call centers, and cash-out networks.
➡️ bleepingcomputer.com/news/security/…
#cybersecurity #sponsored

English

@CISAgov Couldn't agree more — the talent gap is the real frontline. We see it on the private side too: the orgs that stay resilient treat detection and response as a discipline, not a product. Glad to see the mission getting the people it deserves.
English

We need you! We’re hiring for a variety of mission critical positions across cyber, infrastructure protection, and mission support on the front lines of national defense. Explore opportunities and apply now: usajobs.gov/Search/Results…

English

AI accelerated vuln discovery but exposed a painful truth: most orgs can't remediate fast enough. The bottleneck isn't finding vulnerabilities — it's prioritization, ownership, and patch velocity. Continuous Exposure Management is the right framework. Know your crown jewels and protect them first. 🌟 @corerecon #CISO #VulnManagement #cybersecurity
English

AI didn’t break vulnerability management — it exposed its limits, says @XMCyber_'s Ryan Blanchard in this op-ed. As #AI speeds vulnerability discovery, security teams need continuous exposure management to keep pace. #cybersecurity #CISO #infosec bit.ly/4v2TFFz
English

Excellent resource! Nessus for enterprise, OpenVAS for budget-conscious orgs, Burp Suite for web apps. But tools are only as good as the analyst wielding them. At CoreRecon, we pair automated scanning with manual exploitation to find what scanners miss — business logic flaws, chained vulns, privilege escalation paths. 🔍 #VulnerabilityScanning #PenTesting #corerecon
English

☣️Vulnerability Scanners Cheat Sheet
📷Full HD Image: github.com/Ignitetechnolo…
🔖#infosec #cybersecurity #hacking #pentesting #security

English

Exactly right. Cyber resilience is a board-level conversation, not just a CIO/CISO issue. When a breach happens, it hits revenue, brand trust, and operations simultaneously. Leaders who invest proactively in red teaming and threat modeling save 10x the cost of reactive incident response. Time to act is NOW. 🎯 @corerecon #CyberResilience #Leadership
English

Cyber resilience is not just an IT issue. AI is increasing the speed and sophistication of cyber threats, with impacts that extend beyond systems to operations, trust and financial risks. Leaders should act now.
cyber.gc.ca/en/news-events…
#CyberSecurity #Leadership

English

Social engineering is still the #1 initial access vector in 2025. 94% of cyberattacks start with a phishing email. The scariest ones aren't obvious — they mimic internal comms, HR updates, or vendor invoices perfectly. Security awareness training + endpoint protection = your first real line of defense. 🛡️ #Phishing #corerecon #cybersecurity
English

We've all been there. 👀
That email looked SO legit.
That's exactly the moment ASUSExpert P Series is built for. Enterprise-grade security working quietly in the background, protecting company data every single day. us.asus.click/asusbiz26x
#ASUS #ASUSBusiness #Cybersecurity
English

OS choice is critical and often underestimated. Kali for active recon and pentesting, Qubes for compartmentalization, Tails when anonymity is paramount. In our red team ops at CoreRecon, we match the OS to the mission. One-size-fits-all doesn't work in offensive security. What's your daily driver? 🔫 #KaliLinux #RedTeam #EthicalHacking
English

💻 The OS You Choose Can Change Everything.
From Kali Linux to Qubes OS, each security-focused operating system has a different purpose. Which one fits your workflow? 🔥
💬 Comment “OS” for the full list.
#CyberSecurity #Linux #KaliLinux #InfoSec #Privacy

English







