Defused

754 posts

Defused banner
Defused

Defused

@DefusedCyber

Managed Honeypots for Early-warning Threat Intelligence 🍯 Access free honeypot intel: https://t.co/TTnxgiafkD

Katılım Ağustos 2023
1 Takip Edilen7.4K Takipçiler
Sabitlenmiş Tweet
Defused
Defused@DefusedCyber·
🚨 New Fortinet vulnerability being exploited as an 0-day CVE-2026-35616 - FortiClient EMS pre-authentication API access bypass - CVSS 9.1 Critical After observing in-the-wild exploitation of this vulnerability earlier this week, Defused reported it to Fortinet under responsible disclosure. Fortinet has released an emergency hotfix - plus a scheduled patch - for FortiClient EMS 7.4.5 and 7.4.6. The vulnerability allows an unauthenticated attacker to bypass API authentication and authorization entirely, unauthorized code or commands via crafted requests. This discovery was made through our upcoming Radar feature launching next week 😇 Advisory: fortiguard.com/psirt/FG-IR-26… Track exploitation of this and other Fortinet vulns in real time and get updates on the new Defused Radar 👉 console.defusedcyber.com/signup Credit also to @heckintosh_ for independently discovering this vulnerability 💪
Defused tweet media
English
11
110
350
78.1K
Defused
Defused@DefusedCyber·
⚠️ Elevated SonicWall SMA 100 recon across the Defused sensor fleet over the last 24h 9 distinct IPs probing pre-auth fingerprinting endpoints on SMA appliances, plus session handling endpoints Sources include AS11878 (Tzulo), the provider named as VPN infrastructure in the recent Scattered Spider federal complaint SMA 100 is EoL and remains a favorite of financially motivated actors (UNC6148/OVERSTEP) View SonicWall exploit activity on Defused 👉 console.defusedcyber.com
Defused tweet media
English
0
4
7
2.2K
Nora Bytes
Nora Bytes@BytesNora·
@DefusedCyber Lines up with what we're tracking — CVE-2026-46817 is a clean unauth HTTP takeover (CVSS 9.8), and "no public PoC yet" won't slow Cl0p-style actors down. Full write-up + patch guidance: secboard.org/insights/oracl…
English
1
0
1
43
Defused
Defused@DefusedCyber·
🚨 CVE-2026-46817 (CVSS 9.8 unauth HTTP takeover in Oracle E-Business) is being exploited Over the weekend, we observed an actor exploiting the vulnerability on our Oracle E-Business honeypots This vulnerability has no known previous exploitation and no public POC code exists. Oracle E-Business is part of our free feeds - track exploitation now 👉 console.defusedcyber.com/signup
Defused tweet media
English
4
39
127
18.5K
Defused retweetledi
The Shadowserver Foundation
The Shadowserver Foundation@Shadowserver·
We have improved our Oracle E-Business Suite fingerprinting by adding domain based scans in collaboration with @ValidinLLC. Around 950 exposed instances now seen globally (no vulnerability assessment). CVE-2026-46817 attempts have been observed in the wild by @DefusedCyber
The Shadowserver Foundation tweet media
English
2
10
22
4.9K
YogSotho
YogSotho@YogSoth0·
@DefusedCyber Fuck I missed this 🤬 Will make my own version of this CVE
English
2
0
4
884
Defused retweetledi
Simo
Simo@SimoKohonen·
Major performance upgrades rolled into @DefusedCyber again 💪some basic views were starting to take way too long, everything now returned to sub-second range.. should improve usability by quite a bit 😅
English
1
2
11
3.6K
Defused retweetledi
Defused
Defused@DefusedCyber·
🚨 Yesterday we observed CVE-2026-28496 (FOSSBilling Template Injection vulnerability CVSS 9.4) being exploited We do not operate a FOSSBilling honeypot - however, this actor does not appear on other major honeypot platforms making it a potentially targeted campaign. Additionally, CVE-2026-28496 is not known to be exploited, nor to have a public POC exploit. The vulnerability details were published June 23nd and the exploit activity was recorded early on the next day. If you operate a FOSSBilling instance, patch immediately and search logs for activity from 160.30.209[.]77 (AS137552 Terabix 🇲🇾)
Defused tweet media
English
0
8
23
6.6K
Defused
Defused@DefusedCyber·
🚨 Over the weekend we observed exploitation of CVE-2026-20230 - Cisco Unified CM (CUCM) WebDialer SSRF → root file-write (CVSS 8.6) No previously recorded exploitation, and not yet listed in CISA KEV. This is currently being exploited from a single source using an unvetted PoC, with genuinely-formatted file:// file-write payloads landing on our decoys. Track Cisco CUCM exploitation 👉 console.defusedcyber.com/signup
Defused tweet media
English
1
21
56
18.8K
Defused retweetledi
mRr3b00t
mRr3b00t@UK_Daniel_Card·
~1200 auth requests per day from the TA IP, in the @DefusedCyber honeypot we analyzed. what's cool here is, we have used @DefusedCyber and @Huntio together to get visibility from two data positions.
mRr3b00t tweet media
English
1
7
25
5.7K
Defused
Defused@DefusedCyber·
🚨We are observing exploitation of multiple Fortinet FortiSandbox vulnerabilities during the past 24 hours, including: CVE-2026-39813 (no previous recorded exploitation) CVE-2026-39808 CVE-2026-25089 (vibecoded, likely faulty exploit) Per our research a working exploit for CVE-2026-25089 has not yet been publicly disclosed. Track FortiSandbox exploitation 👉 console.defusedcyber.com/signup
Defused tweet media
English
2
17
54
6.7K