wolf-tools — Threat Intel Detection Rules Pack 🐺⚡ • Vulnerability Scanners Log4Shell Deep Scan (CVE-2021-44228, 45046) Spring4Shell Deep Scan (CVE-2022-22965) • Threat Intelligence YARA, Sigma, Suricata rules IOCs • Ransomware Coverage Lorenz ransomware artifacts detection rules • Exploitation Detection CVE-2023-22527 (Confluence → C3RB3R ransomware) • Defense Controls WDAC policy for blocking dual-use app abuse Focused on real detection hunting, not theory. 🔗 github.com/rtkwlf/wolf-tools #ThreatIntel #SOC #BlueTeam #CyberSecurity #DetectionEngineering

【脆弱性管理】10億件のCISA KEV修復データが示す「人間スケール」セキュリティの限界 Qualys脅威研究ユニットは、4年間にわたる1万以上の組織から収集した10億件超のCISA KEV（既知悪用脆弱性）修復記録を分析し、企業セキュリティの運用モデルが破綻していることを定量的に証明した。 数字は厳しい現実を突きつける。Google M-Trends 2026によれば、平均悪用開始時間は「マイナス7日」——つまり攻撃者はパッチが存在する前に脆弱性を武器化している。7日時点で未修復の重大脆弱性の割合は56%から63%に悪化した。驚くべきことに、組織は年間4億件多くの脆弱性を修復しているにもかかわらず、成果は悪化している。 追跡対象の武器化された52件の脆弱性のうち88%は、悪用されるよりも遅く修復された。例えばSpring4Shellは公開2日前に悪用されたが、平均修復には266日を要した。攻撃者の優位性は「日」単位、防御者の対応は「季節」単位である。これはインテリジェンスの失敗ではなく運用モデルの失敗であり、人間プロセスでは到達できない「ロングテール資産」が露出期間を数週間から数カ月に引き延ばす「Manual Tax」が存在する。対策として、AIと自動化による自律的クローズドループ型リスク運用への移行が不可欠である。 bleepingcomputer.com/news/se…

100 % agree. I’ve lived through three Log4j-style fires. The difference between a 30-minute panic and a 4-day all-hands meltdown? Having (or not having) an SBOM that’s actually wired into CI. My current rule on every new platform team I join: - Every container image must ship an SBOM (Syft / Grype or Trivy) - SBOM gets attached as an artifact stored in ECR image labels - Dependabot Grype scan every push → auto-PR if CVE ≥ High - On-call runbook step #1: “grep <CVE> *.sbom.json” → done in 45 seconds Result: Last time a critical vulnerability dropped (Spring4Shell, Kubernetes CVE, etc.), we knew we were clean in <5 minutes while the rest of the industry was still writing bash scripts. SBOMs aren’t a compliance checkbox. They’re the fastest way to turn a 3 AM page into “yawn, not us”. Do it once properly, sleep forever after. Great take, OP.

🧵 #Spring4Shell Vulnerability Explained Learn how a Java 9 architectural change led to a critical RCE vulnerability affecting millions of Spring applications. Includes technical deep dive, impact analysis, and actionable mitigation strategies. bit.ly/4olMqq6

🧵 #Spring4Shell Vulnerability Explained Learn how a Java 9 architectural change led to a critical RCE vulnerability affecting millions of Spring applications. Includes technical deep dive, impact analysis, and actionable mitigation strategies. bit.ly/4m0d7z5

New Beta: open-appsec WAF for Kong Gateway is here – featuring native Kong Lua-plugin! 🔐 🛡️ Get machine learning-powered, signature-free protection against zero-days & OWASP Top 10 — directly at your #Kong gateway. ✅ Kong Gateway OSS & Kong Enterprise ✅ Linux, Docker, and Kubernetes ✅ Declarative configs (GitOps-CD-ready) and central WebUI ✅ Prevents zero-day attacks and known threats like OWASP Top 10 ✅ Preemptively prevented: Log4Shell, Spring4Shell, Text4Shell, MoveIt, … ✅ Lua-based, native Kong plugin ✅ Compatible with Kong Konnect 📘 Read the full blog openappsec.io/post/introduci… #openappsec #kong #waf #lua #apisecurity #cloudsecurity #cybersecurity #devsecops #nginx #kubernetes #docker #luaplugin #gatewaysecurity #apisix #zeroday #AI #ML #websecurity #owasp #konggateway #kongkonnect #opensource #api #infosec #machinelearning #envoy #itsecurity #checkpoint

Spring4Shell RCE vulnerability... this was identified as a bypass of the patch for "CVE-2010-1622" the vulnerability allows attackers to upload a "webshell" to the vulnerable server, achieving remote command execution. "Where there's a patch, there's a bypass"

UCSD subdomain compromised by #Androxgh0st #botnet, active since 2023. This cyber threat exploits vulnerabilities in Apache Shiro, Spring4Shell, WordPress, and IoT devices for remote code execution and cryptomining. #ThreatIntelligence #onpatrol4malware cloudsek.com/blog/androxgh0s…

Java Crack of the Week episode #2 is out now! 💻 👉 youtube.com/watch?v=nAPmYHyV… Discover what Spring4Shell (CVE-2022-22965) does and how it works, as well as how to protect Spring apps against this code vulnerability. Subscribe to our channel and discover more Java ins and outs with @LukaszRola, celebrating Java's 30th anniversary! 🎉 #Java #Java30 #Java30withSoftwareMill #JavaCrackOfTheWeek #Cybersecurity

Reading CVE bulletins won’t stop an attack. Practicing them might. Skill Dive gives security teams real hands-on drills with actively exploited CVEs—like Log4Shell, Spring4Shell & more—so they’re ready when it counts. 🔗 bit.ly/4diD75f

Reading CVE bulletins won’t stop an attack. Practicing them might. Skill Dive gives security teams real hands-on drills with actively exploited CVEs—like Log4Shell, Spring4Shell & more—so they’re ready when it counts. 🔗 bit.ly/432nSKk

Attacks that start at the application layer, then move down into the workload and cloud layers: MoveIt XZ Utils Polykill CUPS Log4j Spring4Shell Confluence RCE Apache Struts tj-actions ingress-nginx Attack pattern: - Initial Compromise at the Application Layer Attackers exploit a bug in application code or a core library to execute malicious code or commands. - Pivot to the Workload Layer Once they have code execution, adversaries drop webshells, escalate privileges, or access environment variables, effectively “owning” the container or VM. - Spread to the Cloud Layer Armed with service account credentials, API keys, or privileged roles, attackers interact directly with cloud services—reading data, spinning up crypto miners, or exfiltrating sensitive information pulse.latio.tech/p/runtime-c… #TrustEverybodyButCutTheCards

Alert 🚨Spring Vulnerability Exploitation Attempts CVE-2022-22965 Sans started seeing some exploit attempts that match the general "Spring4Shell" pattern early on Wednesday. #exploits #CVE #vulnerability #CyberSecurity Attack Pattern:

🧵 New Blog: Spring4Shell Vulnerability Explained Learn how a Java 9 architectural change led to a critical RCE vulnerability affecting millions of Spring applications. Must-read for #Java devs & #AppSec teams bit.ly/3Cr020l #Spring4Shell #InfoSec

🧵 New Blog: Spring4Shell Vulnerability Explained Learn how a Java 9 architectural change led to a critical RCE vulnerability affecting millions of Spring applications. Must-read for #Java devs & #AppSec teams bit.ly/412naeQ #Spring4Shell #InfoSec

🧵 New Blog: Spring4Shell Vulnerability Explained Learn how a Java 9 architectural change led to a critical RCE vulnerability affecting millions of Spring applications. Must-read for #Java devs & #AppSec teams bit.ly/3Q1B5vx #Spring4Shell #InfoSec

The persistent threat: Why major vulnerabilities like Log4Shell and Spring4Shell remain significant TL;DR too many folks still did not update from these vulnerable versions which is kinda shocking. buff.ly/3yWfVtQ

发现国内安全圈的人就是喜欢给漏洞命名，说黑话。 譬如什么spring4shell、AJP走私、cc攻击、regreSSHion、ghostcat .... 一篇文章能给你蹦出30多个新名词来，都是英文没有对应描述方式的，仿佛很酷炫，很牛X... 还是得靠perplexity，才知道这哥们说的到底是啥... 不想人家老外，直接说cve末尾数字，有英国特工007的感觉. 007自己都没名字呢，没名字只有数字（工号），也挺酷的.

The persistent threat -- why major vulnerabilities like #Log4Shell and #Spring4Shell remain significant and super dangerous, by @brianverm @snyksec, #Java and beyond: foojay.io/today/the-persiste… #foojaytip

bit.ly/3LTtT0n - Scan for Spring4Shell (CVE-2022-22965) using Sn1per Professional ✅ Automatically scan all HTTP/HTTPS ports ✅ Scan multiple hosts in workspace easily ✅ Detect Apache Tomcat version ✅ Detect Spring4Shell vulnerability ✅ Detect Spring4Shell compromise