

Defused
754 posts

@DefusedCyber
Managed Honeypots for Early-warning Threat Intelligence 🍯 Access free honeypot intel: https://t.co/TTnxgiafkD














🚨 Yesterday we observed CVE-2026-28496 (FOSSBilling Template Injection vulnerability CVSS 9.4) being exploited We do not operate a FOSSBilling honeypot - however, this actor does not appear on other major honeypot platforms making it a potentially targeted campaign. Additionally, CVE-2026-28496 is not known to be exploited, nor to have a public POC exploit. The vulnerability details were published June 23nd and the exploit activity was recorded early on the next day. If you operate a FOSSBilling instance, patch immediately and search logs for activity from 160.30.209[.]77 (AS137552 Terabix 🇲🇾)






🚨 Over the weekend we observed exploitation of CVE-2026-20230 - Cisco Unified CM (CUCM) WebDialer SSRF → root file-write (CVSS 8.6) No previously recorded exploitation, and not yet listed in CISA KEV. This is currently being exploited from a single source using an unvetted PoC, with genuinely-formatted file:// file-write payloads landing on our decoys. Track Cisco CUCM exploitation 👉 console.defusedcyber.com/signup










