cR0w
cR0w@hal_pomeranz@infosec.exchange @catsalad@infosec.exchange Broken link. :-(
cR0w@hal_pomeranz@infosec.exchange @catsalad@infosec.exchange Ah, it's the wwe instead of www.
That's a good one too.
cR0wSince for some reason I can't get this song out of my head this morning, I might as well get it stuck in some of your heads as well. Not that it's a bad one, mind you. But sharing is caring.
https://www.youtube.com/watch?v=CDl9ZMfj6aE
cR0wOut: Toothbrush botnet
In: Dildo botnet
Call it a vibe booter.
cR0wGreynoise reports that there was a major spike in Fortinet SSL VPN brute force attackers earlier this month. Their analysis of short-lived spikes in specific attack signatures ( or tags ) has previously preceded new major attacks, including 0days.
https://www.greynoise.io/blog/vulnerability-fortinet-vpn-bruteforce-spike
#threatIntel
cR0wPicus Security has a write-up on UNC3886. This one is definitely more ATT&CK and TTP focused than others I've read and is only based on their attacks against Linux endpoints.
https://www.picussecurity.com/resource/blog/unc3886-tactics-techniques-and-procedures-ttps-full-technical-breakdown
#threatIntel
cR0wTrendMicro has a nice analysis of Charon, a newer ransomware family. It's very similar to Earth Baxia.
https://www.trendmicro.com/en_us/research/25/h/new-ransomware-charon.html
IOCs here:
https://documents.trendmicro.com/assets/txt/Charon-IOCskZECmvu.txt
#threatIntel #ransomware
cR0wAxis published three sev:MED advisories.
https://www.axis.com/dam/public/ae/19/16/cve-2025-3892pdf-en-US-492760.pdf
https://www.axis.com/dam/public/ab/9a/a5/cve-2025-30027pdf-en-US-492762.pdf
https://www.axis.com/dam/public/c5/9a/3c/cve-2025-7622pdf-en-US-492761.pdf
#patchTuesday
cR0wSolarWinds published a CVE that's not listed in the advisories on their site yet. Normally IDGAF about their stuff but hardcoded creds and keys are a big no-no and so easily avoided. This one is in Database Performance Analyzer.
https://www.cve.org/CVERecord?id=CVE-2025-26398
#patchTuesday
cR0wSiemens posted their advisories for today and, as always, there are a lot of them. Share them with your asset owners and don't forget to check the updated advisories. Siemens likes to hide new vulns in old advisories.
https://www.siemens.com/global/en/products/services/cert.html#SiemensSecurityAdvisories
#patchTuesday
cR0wHappy Patch Tuesday. Here's your emoji of the day.