π| Unveiling PoC exploits, zero-days & CVE insights | Shedding light on ransomware groups, cyber news & The Most Exploited CVEs
Joined October 2023
- Tweets 350
- Following 384
- Followers 76
- Likes 84
19 Photos and videos
Pinned Tweet
1/3 Fortinet warns of a critical zero-day (#CVE202455591) in FortiOS & FortiProxy, exploited to hijack firewalls and gain super-admin access. Affected versions: 7.0.0-7.0.16, 7.0.0-7.0.19, 7.2.0-7.2.12. #Fortinet #ZeroDay #CyberSecurity
bleepingcomputer.com/news/seβ¦
1
1
122
π¨ The Most Exploited *Alerts*π¨ retweeted
3 Oct 2025
π¨π¨π¨BREAKING - New data leak site by Scattered LAPSUS$ Hunters exposes Salesforce customers. Dozens of global companies involved in a large-scale extortion campaign.
Scattered LAPSUS$ Hunters claims to have breached Salesforce, exfiltrating ~1B records.
They accuse Salesforce of lacking 2FA and OAuth protections, say over 100 instances were compromised, and threaten data leaks, lawsuits, and technical disclosures.
Complete list of affected companies and reported exfiltration:
FedEx - 1.1TB
AeromΓ©xico - 172.95GB
Qantas Airways - 153GB
UPS - 91.34GB
HMH - 88GB
Vietnam Airlines - 63.62GB
Toyota Motor Corporation - 64GB
Stellantis - 59GB
Air France & KLM - 51GB
Republic Services - 42GB
Adidas - 37GB
Disney/Hulu - 36GB
Canvas by Instructure - 35GB
Instacart - 32GB
McDonald's - 28GB
TripleA - 23GB
TransUnion - 22GB
Home Depot - 19.43GB
Google AdSense - 19GB
1-800Accountant - 18GB
Cisco - 5.6GB
Marriott - 7GB
Walgreens - 11GB
Kering (Gucci, Balenciaga, etc.) - 10GB
Petco - 9.9GB
ASICS - 9GB
Pandora - 8.3GB
KFC - 1.3GB
Saks Fifth - 1.1GB
GAP Inc. - 1GB
CarMax - 1.7GB
Cartier - 1.4GB
Chanel - 2GB
Albertsons (Jewel Osco, etc.) - 2GB
Engie Resources (Plymouth) - 3GB
Puma - 3.1GB
HBO Max - 3.2GB
Fujifilm - 155MB
IKEA - 13GB
Note: All victims are listed with ransom deadlines set for 10 October 2025.
Discover more at hackrisk.io
24
182
581
257,255
1/3 Fortinet warns of a critical zero-day (#CVE202455591) in FortiOS & FortiProxy, exploited to hijack firewalls and gain super-admin access. Affected versions: 7.0.0-7.0.16, 7.0.0-7.0.19, 7.2.0-7.2.12. #Fortinet #ZeroDay #CyberSecurity
bleepingcomputer.com/news/seβ¦
1
1
122
2/3 Attackers exploit the zero-day to create rogue admin users, modify firewall policies, and access internal networks via SSL VPN. Arctic Wolf traces the exploitation timeline from Nov 2024 to Dec 2024, with a probable zero-day as the access vector. #FortiOS #FortiProxy #SSLVPN
1
27
3/3 Mitigation: Fortinet urges patching systems or disabling HTTP/HTTPS admin interfaces, limiting access via local-in policies, and disabling public management access. #CyberDefense #SecurityPatch #FortinetSecurity
22
π¨ CISA adds Qlik Sense HTTP tunneling vulnerability #CVE202348365 to #KEV catalog. This flaw lets attackers escalate privileges and execute HTTP requests on backend servers hosting Qlik Sense. #Cybersecurity #Infosec
19
π¨ CISA adds critical #BeyondTrust vulnerability #CVE202412686 to #KEV catalog, warning of potential exploitation. This flaw allows admins to upload malicious files, enabling OS command execution as the site user #Cybersecurity
17
π¨ #CISA released advisory on 2023 #Top #Routinely #Exploited Vulnerabilities.
These are frequently targeted by attackers, leading to critical #breaches. Here are the top 15 vulnerabilities to secure against:
cisa.gov/news-events/cyberseβ¦
#Vulnerabilities
1
31
π¨Microsoftβs #Nov 2024 #PatchTuesday addresses 87 CVEs, with 4 critical and 4 zero-day vulnerabilities, including 2 exploited in the wild:
#CVE202443451 (NTLM Hash Disclosure) exploited for NTLM spoofing
#CVE202449039 (Task Scheduler EoP) allows RCE on vulnerable systems.
#Patch
92
1/3 π¨ #Fog and #Akira #ransomware gangs are increasingly exploiting #SonicWall VPN accounts, likely using #CVE202440766, a critical access control flaw in SSL #VPN. SonicWall patched it in late August, but active exploits surfaced within a week. #cybersec bleepingcomputer.com/news/seβ¦
1
141
2/3 Arctic Wolf reports 30 intrusions by Fog/Akira ransomware, with most breaches tied to unpatched SonicWall VPNs. Time from access to data encryption has been as short as 2 hours, showing rapid attack capabilities. #ransomware #SonicWall #threatintel
1
82
3/3 Fog/Akira accessed compromised systems via VPN/VPS to obscure IPs, accelerating their intrusions. All affected endpoints were running unpatched SonicWall software, underscoring the urgency of timely updates. #datasecurity #patch
38
π¨ Attackers are actively exploiting a critical FortiOS RCE vulnerability #CVE202423113, which could allow unauthenticated code execution on unpatched devices. Update ASAP! #cybersecurity #infosecurity
labs.watchtowr.com/fortinet-β¦
73
π¨ The Most Exploited *Alerts*π¨ retweeted
20 Oct 2024
The Internet Archive was breached again, this time on their Zendesk email support platform after repeated warnings that threat actors stole exposed GitLab authentication tokens.
bleepingcomputer.com/news/seβ¦
23
261
610
85,259
π¨ The Most Exploited *Alerts*π¨ retweeted
4 Sep 2024
Security chips produced by Infineon Technologies have been found vulnerable to side-channel attacks.
#Crypto #CyberSecurity #infosec #yubikey
cnews.link/researchers-cloneβ¦
3
2
635
π¨ The Most Exploited *Alerts*π¨ retweeted
4 Sep 2024
VMware Fusion contains a high-severity code execution vulnerability, as disclosed by Broadcom.
#MacOS #Apple #BigTech #CyberSecurity #infosec
cnews.link/vmware-on-macos-aβ¦
1
531
π¨ #CISA has added 3 new vulnerabilities to #KEV catalog:
1/3 #CVE202120123: #Draytek #VigorConnect Path Traversal flaw in the DownloadFileServlet endpoint. Unauthenticated attackers could exploit it to download arbitrary files with root privileges
1
48
2/3 #CVE202120124: #Draytek #VigorConnect Path Traversal vulnerability in WebServlet file download. Attackers could gain root access to download arbitrary files. #Infosec #Exploit #CISA #KEV
1
42
3/3 #CVE20247262: #Kingsoft #WPS #Office Path Traversal in promecefpluginhost.exe on Windows. Could allow attackers to load arbitrary Windows libraries. #CVE20247262 #WPSOffice #CyberThreat #CISA #KEV #CISA_Alert
65
π¨ The Most Exploited *Alerts*π¨ retweeted
This videoπis of Tigran Gambaryan, the former US federal agent who led many of the biggest crypto crime cases in history. He's being charged in Nigeria with money laundering and tax evasion, entirely for the actions of his employer, Binance. He's now been jailed and denied medical care for a herniated disc in his back that requires surgery.
Here you can see that Nigerian officials have even denied him the use of a wheelchair or any help walking into the courtroom in an attempt to avoid embarrassing photos/videos of his condition.
Where is the the US @StateDept? Where is @SecBlinken? Where is @StateSPEHA Roger D. Carstens, for whom this case should have met the criteria to be treated as a hostage situation months ago?
Why isn't the US doing more to help this American citizen and former civil servant?
It's long past time to bring Tigran home.
βThis is fvcked upppβ
Binance executive cries out in Nigerian court.
60
163
832
363,571
1/3 π¨ A new ransomware-as-a-service (RaaS) operation, #Cicada3301, is impersonating the legitimate Cicada 3301 organization. They've already listed 19 victims on their extortion portal, rapidly attacking companies worldwide. #Ransomware #CyberSec #Infosec
bleepingcomputer.com/news/seβ¦
1
48
2/3 The #Cicada3301 #RaaS exploits a zero-day flaw in Versa Director to upload a custom #webshell, allowing them to steal credentials and breach networks. The operation shows significant overlaps with #ALPHV/#BlackCat, hinting at a possible rebrand. #CyberThreat #CVE202439717
1
71
3/3 To mitigate risks, organizations advised to upgrade Versa Director to version 22.1.4 and review their system hardening practices. Cicada3301's focus on VMware ESXi environments highlights the need for robust security measures in enterprise infrastructures. #Ransomware #VMware
47