CoreRecon - Cyber Security and IT Services

6.6K posts

CoreRecon - Cyber Security and IT Services banner
CoreRecon - Cyber Security and IT Services

CoreRecon - Cyber Security and IT Services

@CoreRecon

Texas businesses get hacked every 39 seconds. We stop it. 24/7 Cybersecurity & IT | Cyber Command See live threats hitting your city → https://t.co/PiBjSTNgg4

Corpus Christi, TX Sumali Temmuz 2015
717 Sinusundan568 Mga Tagasunod
Naka-pin na Tweet
CoreRecon - Cyber Security and IT Services
After running offensive security engagements across dozens of orgs, the same gaps show up again and again. Here are 7 things we find in ~90% of pentests — and how to fix them before an attacker finds them first. 🧵
English
1
1
2
60
CoreRecon - Cyber Security and IT Services
Free 5-minute security win for any team: 1. Search breach data for your own domain 2. Find which employee passwords leaked 3. Force-reset those accounts 4. Turn on phishing-resistant MFA Attackers are already doing step 1. The only question is whether you did it first.
CoreRecon - Cyber Security and IT Services tweet media
English
0
0
1
12
CoreRecon - Cyber Security and IT Services
@cyb3rshi3ld Love this. Best advice we give newcomers: learn to read logs before you learn to run tools. The flashy offensive stuff gets attention, but the people who can spot the one weird line in 10,000 never run out of work. Happy to answer questions anytime.
English
1
1
3
98
CoreRecon - Cyber Security and IT Services
@the_yellow_fall SYSTEM via NTLM reflection on Server 2025 with public PoC is a fire drill. Short term: enforce SMB signing and EPA, disable NTLM where you can. This is exactly the priv-esc chain that turns a foothold into domain-wide in an afternoon.
English
0
0
0
253
CoreRecon - Cyber Security and IT Services
@nypost The capability race cuts both ways: the same models that help defenders triage faster also lower the barrier for attackers. Net effect is speed — incidents will move faster in both directions. Detection and response times matter more than ever.
English
0
0
0
2
The Chart Report
The Chart Report@TheChartReport·
Cybersecurity stocks are making new decade highs relative to Software while remaining near decade lows relative to the broader Technology sector. @nullcharts
The Chart Report tweet media
English
4
7
42
5.3K
CoreRecon - Cyber Security and IT Services
@fofabot Pre-auth + guest viewing enabled = internet-wide spray within hours. Anyone running Cacti <=1.2.30: restrict guest graph access and patch today, don't wait for the maintenance window. Unauthenticated 9.8s don't give you the luxury of time.
English
0
0
0
154
FOFA
FOFA@fofabot·
⚠️⚠️ CVE-2026-39893 (CVSS 9.8) + CVE-2026-39948 (CVSS 9.8) + CVE-2026-39955 (CVSS 9.8) + CVE-2026-39938 (CVSS 9.8): Pre-auth SQLi and LFI in Cacti <=1.2.30 via graph_view.php; guest graph viewing can expose unauthenticated paths. 🔗FOFA Link: en.fofa.info/result?qbase64… 🎯16.8K+ Results are found on en.fofa.info in the past year. FOFA Query: app="Cacti-Monitoring" 🔖Refer: securityonline.info/cacti-vulnerab… #OSINT #FOFA #CyberSecurity #Vulnerability
FOFA tweet media
English
2
24
91
11.2K
CoreRecon - Cyber Security and IT Services
@ericgeller This is the trend that keeps us up at night: the perimeter is now your own people. $500 and a USB stick beats most firewalls. Insider-assisted intrusion is exactly why we push behavioral detection over pure prevention — you can't patch motivation.
English
0
0
0
43
Eric Geller
Eric Geller@ericgeller·
"In a private Telegram channel, the group is offering $500 to people to visit law firms and plug in USB sticks, one cybersecurity professional familiar with the incidents told CNN." cnn.com/2026/06/27/pol…
Eric Geller tweet media
English
3
55
124
24.1K
Governor Gavin Newsom
Governor Gavin Newsom@CAgovernor·
California 🤝 @AnthropicAI We're entering a partnership to strengthen cybersecurity and provide @ClaudeAI to state agencies — and California local governments — at a 50% discount. The Golden State helped build Silicon Valley — and every Californian should benefit from the responsible use of their latest innovations.
English
428
240
4.3K
692.2K
CoreRecon - Cyber Security and IT Services
@Cointelegraph Decoupling security patches from feature releases is overdue and the right call. Patch latency is where most real-world compromise happens — every day a fix waits on a feature train is a day attackers get for free. More vendors should follow.
English
0
0
0
15
Cointelegraph
Cointelegraph@Cointelegraph·
🚨 NOW: Apple says it is releasing security updates early, breaking from its practice of bundling them with iOS releases, over AI cybersecurity concerns.
Cointelegraph tweet media
English
27
28
185
54.5K
CoreRecon - Cyber Security and IT Services
@BleepinComputer @flaresystems Great breakdown. The part defenders underestimate is the cash-out network — by the time money moves, the compromise is days old. BEC is rarely a malware problem; it's a visibility and verification problem. Out-of-band payment confirmation stops more of these than any filter.
English
0
0
0
9
CoreRecon - Cyber Security and IT Services
@CISAgov Couldn't agree more — the talent gap is the real frontline. We see it on the private side too: the orgs that stay resilient treat detection and response as a discipline, not a product. Glad to see the mission getting the people it deserves.
English
0
0
0
11
CoreRecon - Cyber Security and IT Services
Unpopular opinion: most companies don't have a hacking problem. They have an asset-inventory problem. You can't defend what you don't know you own. Half the breaches we see start on a box nobody remembered was online. Agree or disagree?
CoreRecon - Cyber Security and IT Services tweet media
English
0
0
1
10
CoreRecon - Cyber Security and IT Services
A quick gut-check before the week starts: If your most senior employee clicked a malicious link tonight, would you know by morning? If the answer is "probably not," that's not a tooling problem — it's a visibility problem. And it's the most common gap we find. Fixable, but only if you look.
CoreRecon - Cyber Security and IT Services tweet media
English
0
0
1
11
CoreRecon - Cyber Security and IT Services
Excellent resource! Nessus for enterprise, OpenVAS for budget-conscious orgs, Burp Suite for web apps. But tools are only as good as the analyst wielding them. At CoreRecon, we pair automated scanning with manual exploitation to find what scanners miss — business logic flaws, chained vulns, privilege escalation paths. 🔍 #VulnerabilityScanning #PenTesting #corerecon
English
0
0
0
20
CoreRecon - Cyber Security and IT Services
Exactly right. Cyber resilience is a board-level conversation, not just a CIO/CISO issue. When a breach happens, it hits revenue, brand trust, and operations simultaneously. Leaders who invest proactively in red teaming and threat modeling save 10x the cost of reactive incident response. Time to act is NOW. 🎯 @corerecon #CyberResilience #Leadership
English
0
0
0
5
CoreRecon - Cyber Security and IT Services
Social engineering is still the #1 initial access vector in 2025. 94% of cyberattacks start with a phishing email. The scariest ones aren't obvious — they mimic internal comms, HR updates, or vendor invoices perfectly. Security awareness training + endpoint protection = your first real line of defense. 🛡️ #Phishing #corerecon #cybersecurity
English
0
0
0
19
CoreRecon - Cyber Security and IT Services
OS choice is critical and often underestimated. Kali for active recon and pentesting, Qubes for compartmentalization, Tails when anonymity is paramount. In our red team ops at CoreRecon, we match the OS to the mission. One-size-fits-all doesn't work in offensive security. What's your daily driver? 🔫 #KaliLinux #RedTeam #EthicalHacking
English
0
0
0
10