Dark | Light
[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.]

# ![@DefusedCyber Avatar](https://lunarcrush.com/gi/w:26/cr:twitter::1686989812702617600.png) @DefusedCyber Defused

Defused posts on X about china, command, injection, stream the most. They currently have XXXXX followers and XXX posts still getting attention that total XXXXX engagements in the last XX hours.

### Engagements: XXXXX [#](/creator/twitter::1686989812702617600/interactions)
![Engagements Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::1686989812702617600/c:line/m:interactions.svg)

- X Week XXXXXX +246%
- X Month XXXXXXX -XXXX%
- X Months XXXXXXX +415,201%

### Mentions: XX [#](/creator/twitter::1686989812702617600/posts_active)
![Mentions Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::1686989812702617600/c:line/m:posts_active.svg)

- X Week XX -XX%
- X Month XX -XX%
- X Months XXX +7,700%

### Followers: XXXXX [#](/creator/twitter::1686989812702617600/followers)
![Followers Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::1686989812702617600/c:line/m:followers.svg)

- X Week XXXXX +3.30%
- X Month XXXXX +38%
- X Months XXXXX +13,229%

### CreatorRank: XXXXXXXXX [#](/creator/twitter::1686989812702617600/influencer_rank)
![CreatorRank Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::1686989812702617600/c:line/m:influencer_rank.svg)

### Social Influence

**Social category influence**
[technology brands](/list/technology-brands)  [stocks](/list/stocks)  [countries](/list/countries)  [finance](/list/finance) 

**Social topic influence**
[china](/topic/china), [command](/topic/command), [injection](/topic/injection), [stream](/topic/stream), [web3](/topic/web3), [target](/topic/target)

**Top accounts mentioned or mentioned by**
[@octolusnet](/creator/undefined) [@karanjagtiani04](/creator/undefined) [@emenalf](/creator/undefined) [@ryelosa](/creator/undefined) [@hackerfantastic](/creator/undefined) [@cybernsharma](/creator/undefined) [@bleepincomputer](/creator/undefined) [@lawrenceabrams](/creator/undefined) [@proofpoint](/creator/undefined) [@serghei](/creator/undefined) [@0xshaq](/creator/undefined) [@simokohonen](/creator/undefined)
### Top Social Posts
Top posts by engagements in the last XX hours

"🚨 Fortinet has just released details on another exploited-in-the-wild FortiWeb vulnerability (CVE-2025-58034) This vulnerability is a "OS Command Injection vulnerability that may allow an authenticated attacker to execute unauthorized code" Track live exploits against FortiWeb honeypots"  
[X Link](https://x.com/DefusedCyber/status/1990868393805693389)  2025-11-18T19:43Z 4647 followers, 21.8K engagements


"Actor exploiting CVE-2025-55182 (React Remote Code Execution) from AS 32798 ( HIGHLINE-AS ) VirusTotal Detections 0/95 🟢 Link to event with payload 👇"  
[X Link](https://x.com/DefusedCyber/status/1996515797423055105)  2025-12-04T09:43Z 4658 followers, 13.1K engagements


"@OctolusNET We are of course interested in the real exploits - but also in actors trying to exploit specific systems (even if the exploit is malformed) so decided to report on it"  
[X Link](https://x.com/DefusedCyber/status/1996540222189048081)  2025-12-04T11:20Z 4641 followers, XXX engagements


"@OctolusNET exploit code comes from here"  
[X Link](https://x.com/DefusedCyber/status/1996541636055388412)  2025-12-04T11:26Z 4658 followers, XXX engagements


"Actor Exploiting ToolShell Vulnerability (SharePoint CVE-2025-53770) AS 213799 ( Conhost Bilgi Teknolojileri Veri Merkezi Hizmetleri Ve Danismanlik Limited Sirketi ) 0/95 Detections on VT 🟢 Link"  
[X Link](https://x.com/DefusedCyber/status/1996635280548548680)  2025-12-04T17:38Z 4656 followers, 2382 engagements


"⚠Unknown Fortinet exploit (possibly a CVE-2022-40684 variant) from 64.95.13.8 ( BLNWX ) VirusTotal Detections: 0/95 🟢 JWT payload translates into: "username": "admin" "profname": "prof_admin" "vdom": "root" "loginname": "admin""  
[X Link](https://x.com/DefusedCyber/status/1975242250373517373)  2025-10-06T16:50Z 4664 followers, 99.3K engagements


"🚨 Heavy exploitation of CVE-2025-55182 / React2Shell ongoing Example post-exploit payload / activity 👇 attacker copies and posts .env file contents into a server they control The .env file can often contain some of the most sensitive access credentials"  
[X Link](https://x.com/DefusedCyber/status/1996903024040857870)  2025-12-05T11:22Z 4667 followers, 5461 engagements


"Ransomware vulns with highest exploit likelihood (past 30d): - CVE-2024-40766 (SonicOS SSL-VPN.) +64.88% - CVE-2022-27510 (NetScaler ADC.) +21.33% - CVE-2022-27510 (Gateway.) +21.33% - CVE-2021-27877 (Veritas Veritas.) +15.37% - CVE-2021-27876 (Veritas Veritas.) +14.32%"  
[X Link](https://x.com/DefusedCyber/status/1995451557081456676)  2025-12-01T11:14Z 4667 followers, 9512 engagements


"Actor exploiting CVE-2025-64446 (FortiWeb path traversal vulnerability) from AS 4847 ( China Networks Inter-Exchange ) 0/95 Detections on VT 🟢 Link to event 👇"  
[X Link](https://x.com/DefusedCyber/status/1995792759756665106)  2025-12-02T09:50Z 4667 followers, 2604 engagements


"🚨A critical CVE scoe XXXX vuln in React Server (CVE-2025-55182) has just dropped Some reports of ongoing in-the-wild exploitation but no public POC is available Defused TF subscribers can now access the React Server honeypot stream"  
[X Link](https://x.com/DefusedCyber/status/1996293580734763204)  2025-12-03T19:00Z 4667 followers, 18.7K engagements


"We have added detection for the exploit POC released for CVE-2025-55182 into our React Server honeypot 🍯 Our stream alerting logic has been updated and no action is needed from the users"  
[X Link](https://x.com/DefusedCyber/status/1996374125108191659)  2025-12-04T00:20Z 4667 followers, 8187 engagements


"Actor exploiting CVE-2025-55182 (React Remote Code Execution) from AS 56040 (China Mobile communications corporation) This actor is likely part of the China-nexus cyber threat groups as reported by AWS Event with payload Defused TF sub required 👇"  
[X Link](https://x.com/DefusedCyber/status/1996970968661594119)  2025-12-05T15:52Z 4667 followers, 5139 engagements


"Actor exploiting CVE-2025-55182 (React Remote Code Execution) from AS 62160 ( WEB3 Leaders INC ) This actor drops a Mirai DDOS agent onto the target Event with payload Defused TF sub required 👇"  
[X Link](https://x.com/DefusedCyber/status/1997740843210514514)  2025-12-07T18:51Z 4667 followers, XXX engagements

[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.]

@DefusedCyber Avatar @DefusedCyber Defused

Defused posts on X about china, command, injection, stream the most. They currently have XXXXX followers and XXX posts still getting attention that total XXXXX engagements in the last XX hours.

Engagements: XXXXX #

Engagements Line Chart

  • X Week XXXXXX +246%
  • X Month XXXXXXX -XXXX%
  • X Months XXXXXXX +415,201%

Mentions: XX #

Mentions Line Chart

  • X Week XX -XX%
  • X Month XX -XX%
  • X Months XXX +7,700%

Followers: XXXXX #

Followers Line Chart

  • X Week XXXXX +3.30%
  • X Month XXXXX +38%
  • X Months XXXXX +13,229%

CreatorRank: XXXXXXXXX #

CreatorRank Line Chart

Social Influence

Social category influence technology brands stocks countries finance

Social topic influence china, command, injection, stream, web3, target

Top accounts mentioned or mentioned by @octolusnet @karanjagtiani04 @emenalf @ryelosa @hackerfantastic @cybernsharma @bleepincomputer @lawrenceabrams @proofpoint @serghei @0xshaq @simokohonen

Top Social Posts

Top posts by engagements in the last XX hours

"🚨 Fortinet has just released details on another exploited-in-the-wild FortiWeb vulnerability (CVE-2025-58034) This vulnerability is a "OS Command Injection vulnerability that may allow an authenticated attacker to execute unauthorized code" Track live exploits against FortiWeb honeypots"
X Link 2025-11-18T19:43Z 4647 followers, 21.8K engagements

"Actor exploiting CVE-2025-55182 (React Remote Code Execution) from AS 32798 ( HIGHLINE-AS ) VirusTotal Detections 0/95 🟢 Link to event with payload 👇"
X Link 2025-12-04T09:43Z 4658 followers, 13.1K engagements

"@OctolusNET We are of course interested in the real exploits - but also in actors trying to exploit specific systems (even if the exploit is malformed) so decided to report on it"
X Link 2025-12-04T11:20Z 4641 followers, XXX engagements

"@OctolusNET exploit code comes from here"
X Link 2025-12-04T11:26Z 4658 followers, XXX engagements

"Actor Exploiting ToolShell Vulnerability (SharePoint CVE-2025-53770) AS 213799 ( Conhost Bilgi Teknolojileri Veri Merkezi Hizmetleri Ve Danismanlik Limited Sirketi ) 0/95 Detections on VT 🟢 Link"
X Link 2025-12-04T17:38Z 4656 followers, 2382 engagements

"⚠Unknown Fortinet exploit (possibly a CVE-2022-40684 variant) from 64.95.13.8 ( BLNWX ) VirusTotal Detections: 0/95 🟢 JWT payload translates into: "username": "admin" "profname": "prof_admin" "vdom": "root" "loginname": "admin""
X Link 2025-10-06T16:50Z 4664 followers, 99.3K engagements

"🚨 Heavy exploitation of CVE-2025-55182 / React2Shell ongoing Example post-exploit payload / activity 👇 attacker copies and posts .env file contents into a server they control The .env file can often contain some of the most sensitive access credentials"
X Link 2025-12-05T11:22Z 4667 followers, 5461 engagements

"Ransomware vulns with highest exploit likelihood (past 30d): - CVE-2024-40766 (SonicOS SSL-VPN.) +64.88% - CVE-2022-27510 (NetScaler ADC.) +21.33% - CVE-2022-27510 (Gateway.) +21.33% - CVE-2021-27877 (Veritas Veritas.) +15.37% - CVE-2021-27876 (Veritas Veritas.) +14.32%"
X Link 2025-12-01T11:14Z 4667 followers, 9512 engagements

"Actor exploiting CVE-2025-64446 (FortiWeb path traversal vulnerability) from AS 4847 ( China Networks Inter-Exchange ) 0/95 Detections on VT 🟢 Link to event 👇"
X Link 2025-12-02T09:50Z 4667 followers, 2604 engagements

"🚨A critical CVE scoe XXXX vuln in React Server (CVE-2025-55182) has just dropped Some reports of ongoing in-the-wild exploitation but no public POC is available Defused TF subscribers can now access the React Server honeypot stream"
X Link 2025-12-03T19:00Z 4667 followers, 18.7K engagements

"We have added detection for the exploit POC released for CVE-2025-55182 into our React Server honeypot 🍯 Our stream alerting logic has been updated and no action is needed from the users"
X Link 2025-12-04T00:20Z 4667 followers, 8187 engagements

"Actor exploiting CVE-2025-55182 (React Remote Code Execution) from AS 56040 (China Mobile communications corporation) This actor is likely part of the China-nexus cyber threat groups as reported by AWS Event with payload Defused TF sub required 👇"
X Link 2025-12-05T15:52Z 4667 followers, 5139 engagements

"Actor exploiting CVE-2025-55182 (React Remote Code Execution) from AS 62160 ( WEB3 Leaders INC ) This actor drops a Mirai DDOS agent onto the target Event with payload Defused TF sub required 👇"
X Link 2025-12-07T18:51Z 4667 followers, XXX engagements

@DefusedCyber
/creator/twitter::DefusedCyber