2026-06-06T17:27:03Z https://yabu.me Glenn 📎 https://yabu.me/npub1p03fezkj06uy70fp8d4vvmlcgl47grjl8rxk4hs5vkn2l0zuu3jsczq09v https://media.infosec.exchange/infosec.exchange/accounts/avatars/109/320/853/553/361/576/original/039cf3e58191829a.jpeg https://media.infosec.exchange/infosec.exchange/accounts/avatars/109/320/853/553/361/576/original/039cf3e58191829a.jpeg https://yabu.me/nevent1qqs0lj3d2hcqusuu34460kyzema0eq3sm8uvl8x807cuz6nyvqxhxmgzyq9798y26fltsneayyak43n0lpr7heqwtuuv66k7z3j6dtautnjx258t0ur In reply to <a href='/nevent1qqsy5dnxaewwcvpxs6l2rry40a9epuj96lhw95pj4f78ur05hhf8x9gen3fn9'>nevent1q…3fn9</a><br/>_________________________<br/><br/><video controls width="100%" class="max-h-[90vh] bg-neutral-300 dark:bg-zinc-700"><source src="https://media.infosec.exchange/infosec.exchange/media_attachments/files/116/516/434/862/139/408/original/1ab6fb4de2aefb9f.mp4"></video><br/> 2026-05-04T13:01:46Z https://yabu.me/nevent1qqsp9fkndmc2xe3zd8kxvhaj3fcadqmxs3567zd72k3d884a430dedszyq9798y26fltsneayyak43n0lpr7heqwtuuv66k7z3j6dtautnjx2njgc8v Bittersweet yet exciting transition ahead. This week marks my last at GreyNoise.<br/><br/>Lately I&#39;ve spent a lot of time thinking about what I value most in this field: research and findings grounded in clarity, integrity, actionability, and truth that drives outcomes.<br/><br/>#TheSignalShift 2026-04-27T16:27:09Z https://yabu.me/nevent1qqsy9k0kntxstlw9yynxzva2xnfdvwxgkd4t2cgugeu8svsu7ud56lgzyq9798y26fltsneayyak43n0lpr7heqwtuuv66k7z3j6dtautnjx2rqclce RE: <a href="https://infosec.exchange/@kev_Stalker/116020576227249969">https://infosec.exchange/@kev_Stalker/116020576227249969</a><br/><br/>So, based on my work of digging into the KEV Ransomware flips, the RSS feed will now auto-toot here, if interested. There was a flip Tuesday (before the bot) and another just now.<br/><br/>#threatintel<blockquote class="border-l-05rem border-l-strongpink border-solid"><div class="-ml-4 bg-gradient-to-r from-gray-100 dark:from-zinc-800 to-transparent mr-0 mt-0 mb-4 pl-4 pr-2 py-2">quoting <br/><span itemprop="mentions" itemscope itemtype="https://schema.org/Article"><a itemprop="url" href="/note1gla06g93cv06xudmxzsyydyqtg5rt3nktnc8q299d8np2v3zp0psyswvqr" class="bg-lavender dark:prose:text-neutral-50 dark:text-neutral-50 dark:bg-garnet px-1">note1gla…wvqr</a></span><br/> </div> CVE-2026-24423 - Changed to Known Ransomware Status<br/><br/>SmarterTools SmarterMail Missing Authentication for Critical Function VulnerabilityVendor: SmarterToolsProduct: SmarterMailSmarterTools SmarterMail contains a missing authentication for critical function vulnerability in the ConnectToHub API method. This could allow the attacker to point the SmarterMail instance to a malicious HTTP server which serves the malicious OS command and could lead <a href="https://nvd.nist.gov/vuln/detail/CVE-2026-24423">https://nvd.nist.gov/vuln/detail/CVE-2026-24423</a> </blockquote> 2026-02-05T23:33:49Z https://yabu.me/nevent1qqsxw322xfjzysgkaqhy4fy4svan3t0jkun9y3q7k6w7hr3h3p98srgzyq9798y26fltsneayyak43n0lpr7heqwtuuv66k7z3j6dtautnjx2vvddta ☕ &amp; #threatintel: CISA has moved the due date for mitigating CVE-2025-55182 (Meta React Server Components Remote Code Execution Vulnerability) up two weeks. It was initially set for December 26, but it is now due on December 12. IIRC, this is the first time the due date has been modified. <br/><br/>In all honesty, if you haven&#39;t already patched this vulnerability, it&#39;s likely too late. As a reminder, patching does not boot attackers, so you should check for indicators of compromise.<br/> <img src="https://media.infosec.exchange/infosec.exchange/media_attachments/files/115/695/646/728/738/384/original/751749d4c9f0a9ac.png"> <br/> 2025-12-10T14:04:29Z https://yabu.me/nevent1qqsdss3n8wmlekt734dwcsqzrfy6uny07gvpyyn60w0lm06m6mptzdszyq9798y26fltsneayyak43n0lpr7heqwtuuv66k7z3j6dtautnjx2pece7k In reply to <a href='/nevent1qqst57gekudylp6r67emqaze76dewc90zkfpy6w72qjpeddryd8fhzgj2rpe0'>nevent1q…rpe0</a><br/>_________________________<br/><br/>soon :tm: 2025-07-16T20:17:29Z https://yabu.me/nevent1qqsqpslveh7tudjnak4d69hp68ecggl30ecs78yhkw3jeztlc8hvvuczyq9798y26fltsneayyak43n0lpr7heqwtuuv66k7z3j6dtautnjx28gjyft In reply to <a href='/nevent1qqsd3wmtmkrqk0xyxwguvdj9ddgmwm8m9hhxqt3qy3t900tq6723skqn0thpn'>nevent1q…thpn</a><br/>_________________________<br/><br/>🧐 are you referring to CVE-2025-5777 or did I miss yet another? We hadn’t planned on it but what are you thinking? 2025-07-16T01:34:04Z https://yabu.me/nevent1qqsp70yf78u757mdzrqk8a64c7k2zapgy0ce88fraqm08vx06cn5jqgzyq9798y26fltsneayyak43n0lpr7heqwtuuv66k7z3j6dtautnjx20v64uq 🥜 &amp; #threatintel - Thanks to Horizon3, we pushed a tag out today for CitrixBleed 2 CVE-2025-5777 and are backfilling. Currently, we see 233 hits starting on July 1 from:<br/>64.176.50[.]109<br/>38.154.237[.]100<br/>102.129.235[.]108<br/>121.237.80[.]241<br/>45.135.232[.]2<br/><br/>Follow along here: <a href="https://viz.greynoise.io/tags/citrixbleed-2-cve-2025-5777-attempt?days=10">https://viz.greynoise.io/tags/citrixbleed-2-cve-2025-5777-attempt?days=10</a> 2025-07-07T21:56:30Z https://yabu.me/nevent1qqsv4q95xmlgsmwn6qze0hq642qqyflqnfx5w7h5qmqnsalyk6tdvvqzyq9798y26fltsneayyak43n0lpr7heqwtuuv66k7z3j6dtautnjx2yzzxg8 If you attend this at RSA (by choice; excluding journalists) -- don&#39;t ever talk to me again.<br/> <img src="https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/417/840/628/115/785/original/79ff5ff2302c4a50.png"> <br/> 2025-04-28T22:01:38Z https://yabu.me/nevent1qqsrl893xxaph2mjhwv3fmx5em86r4l3rqruwltg035u3dnll2hq84qzyq9798y26fltsneayyak43n0lpr7heqwtuuv66k7z3j6dtautnjx2y9q2mw Hi yes. Help your local cybersecurity researchers. If you blog a thing, please date the blog. kthx. 2025-04-07T15:26:10Z https://yabu.me/nevent1qqsy0rhx3lz3cuvw0wr3xxmc74j82sxefs7fwwlx5yhfwxdqp4vh2rszyq9798y26fltsneayyak43n0lpr7heqwtuuv66k7z3j6dtautnjx25x42rs Words have meanings. Words have consequences. <br/><a href="https://apple.news/AcP5I9x7QQ1iUHU_1zTJzOw">https://apple.news/AcP5I9x7QQ1iUHU_1zTJzOw</a> 2025-02-22T15:59:50Z https://yabu.me/nevent1qqsxvn6f9v54px0mgdy9utxxcpswxq4pws68dfayz7ratdspwz2s0dgzyq9798y26fltsneayyak43n0lpr7heqwtuuv66k7z3j6dtautnjx2aghhtn We, <span itemprop="mentions" itemscope itemtype="https://schema.org/Person"><a itemprop="url" href="/npub1lmdgglk68ys6e75ycxxrv2rufxs49hm5rxh23473f5rrgeucvm9qaum9t8" class="bg-lavender dark:prose:text-neutral-50 dark:text-neutral-50 dark:bg-garnet px-1"><span>GreyNoise</span> (<span class="italic">npub1lmd…m9t8</span>)</a></span>, are seeing a massive uptick in IPs attempting to authenticate via telnet using one of several known backdoor accounts in FiberHome routers.<br/><br/><a href="https://viz.greynoise.io/tags/fiberhome-telnet-backdoor-attempt?days=30">https://viz.greynoise.io/tags/fiberhome-telnet-backdoor-attempt?days=30</a><br/><br/>1/2<br/> <img src="https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/398/027/632/927/559/original/8b99f6d9cd0e7869.png"> <br/> 2024-10-30T19:29:44Z https://yabu.me/nevent1qqsrly7hpgkc254wykmlfkh74z5tqeapfdjqmy2urw80ugxqfsw4ykczyq9798y26fltsneayyak43n0lpr7heqwtuuv66k7z3j6dtautnjx235mhl9 🎃 &amp; #threatintel: We/GreyNoise have observed a significant increase in Fortinet SSL brute force attempts recently. This is the highest level in the past two months and the third highest of 2024.<br/><br/><a href="https://viz.greynoise.io/tags/fortinet-ssl-vpn-bruteforcer?days=10">https://viz.greynoise.io/tags/fortinet-ssl-vpn-bruteforcer?days=10</a><br/> <img src="https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/330/483/046/725/506/original/809a4977dafe180a.png"> <br/> 2024-10-18T21:12:16Z