[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.] [@cyb3rops](/creator/twitter/cyb3rops) "@artem_i_baranov CrowdStrike doesnt call it security issue. They use issue" [X Link](https://x.com/cyb3rops/status/1976275137956806666) [@cyb3rops](/creator/x/cyb3rops) 2025-10-09T13:14Z 208.3K followers, XXX engagements "#Malware #Blockchain" [X Link](https://x.com/cyb3rops/status/1979472495271911711) [@cyb3rops](/creator/x/cyb3rops) 2025-10-18T08:59Z 208.3K followers, 30.7K engagements "fully agree with Kevin" [X Link](https://x.com/cyb3rops/status/1976067291885470033) [@cyb3rops](/creator/x/cyb3rops) 2025-10-08T23:28Z 208.3K followers, 123.8K engagements "@0xBurgerFlipper @VarrockBank Be careful with these trades. The Swiss central bank sometimes devaluates the Frank to support the export industry and tourism. I still remember a call option that got wiped out in a minute when they did that in 2011" [X Link](https://x.com/cyb3rops/status/1979459232291250179) [@cyb3rops](/creator/x/cyb3rops) 2025-10-18T08:07Z 208.3K followers, 1019 engagements "@Arrogance_0024 Oh yea just reduce it to cheap gas. If cheap energy was the only reason why arent Russia Venezuela Angola Algeria Iran Nigeria a super rich countries with strong export and manufacturing" [X Link](https://x.com/cyb3rops/status/1979531325636743185) [@cyb3rops](/creator/x/cyb3rops) 2025-10-18T12:53Z 208.3K followers, 11.5K engagements "I commented on this meme years ago If UNIX/Linux developers had any sense of usability they would have switched the parameter order from grep what where to grep where what because its much more often the what that changes in every consecutive command The flags for find and tar are also a complete mess" [X Link](https://x.com/cyb3rops/status/1979540799806197924) [@cyb3rops](/creator/x/cyb3rops) 2025-10-18T13:31Z 208.3K followers, 57.5K engagements "Cisco just confirmed that multiple zero-days against ASA/FTD VPN web services were exploited in the wild. CISA followed up with an Emergency Directive ordering federal agencies to inventory patch or disconnect affected devices. The last X Cisco advisories are directly tied to this campaign: - CVE-2025-20333 - RCE (CVSS 9.9) - CVE-2025-20363 - RCE (CVSS 9.0) - CVE-2025-20362 - Unauthorized access (CVSS 6.5) Ciscos own report details persistence in ROMMON on legacy ASA 5500-X devices without Secure Boot. Attacker activity includes malware implantation command execution log tampering and even" [X Link](https://x.com/cyb3rops/status/1971524546210508887) [@cyb3rops](/creator/x/cyb3rops) 2025-09-26T10:37Z 208.2K followers, 172.3K engagements "Nice - CrowdStrikes blog contains some logs and IOCs CrowdStrike Identifies Campaign Targeting Oracle E-Business Suite via Zero-Day Vulnerability (now tracked as CVE-2025-61882)" [X Link](https://x.com/cyb3rops/status/1975300386149048789) [@cyb3rops](/creator/x/cyb3rops) 2025-10-06T20:41Z 208.2K followers, 24.4K engagements "Linux keeps getting more attractive not because its devs suddenly mastered UX but because Apple and Microsoft keep alienating their users. Apple hasnt shipped anything useful in a decade apart from Memoji and Microsofts busy forcing everyone into its Copilot-powered cloud. If someone really manages to make Linux easy to use hassle-free aesthetically pleasing and simple to install and set up it could become the best alternative for desktop users. Im actually using the Arch-based Omarchy right now and I like where its going - it already ticks a lot of those boxes. Microsoft on the other hand is" [X Link](https://x.com/cyb3rops/status/1975621966297002345) [@cyb3rops](/creator/x/cyb3rops) 2025-10-07T17:59Z 208.2K followers, 103K engagements "Extradite him to the US and put him in prison for life. Industrial espionage like this doesnt just steal data or disrupt operations. It wipes out decades of research and development that others have paid for. It gives them a shortcut through time and money skipping the hard work in engineering chemistry and healthcare. It undermines the technological lead of entire industries and drags down the living standards of millions of people - and generations - in the affected countries. Shorter life expectancy weaker healthcare higher costs of living more poverty more crime more cold-related deaths." [X Link](https://x.com/cyb3rops/status/1978410915331441082) [@cyb3rops](/creator/x/cyb3rops) 2025-10-15T10:41Z 208.3K followers, 36.8K engagements "Guys Im done correcting crappy YARA rules in public repos. Let them use that junk to train their LLMs - itll keep us detection engineers relevant for a while longer" [X Link](https://x.com/cyb3rops/status/1978418102762189108) [@cyb3rops](/creator/x/cyb3rops) 2025-10-15T11:10Z 208.3K followers, 31.8K engagements "What really bothers me is that neither F5s statement nor the attestation letters from NCC Group or IOActive mention when the breach actually happened. They only say that F5 learned about it in August 2025. Thats not when it started. There must be forensic evidence pointing to the first signs of compromise - timestamps login traces file access logs anything. Was it weeks before they noticed Months Maybe even years They dont say. Not even approximately. When companies omit that detail its usually one of two things: - They genuinely have no clue when the attackers got in (which would be" [X Link](https://x.com/cyb3rops/status/1978543001417736448) [@cyb3rops](/creator/x/cyb3rops) 2025-10-15T19:26Z 208.3K followers, 80.6K engagements "Many commented that determining when a breach began depends on how long the victim retains its logs. Thats simply not true. Log data is just one piece of forensic evidence and often not even the most reliable. Analysts can build timelines from dozens of other artifacts file system timestamps registry entries MFT records shim cache user account creation events leftover temporary files scheduled tasks jump lists browser traces and more. Even with minimal log retention theres usually enough forensic residue to approximate when the first malicious activity occurred. So no it doesnt all depend on" [X Link](https://x.com/cyb3rops/status/1978960478391976197) [@cyb3rops](/creator/x/cyb3rops) 2025-10-16T23:05Z 208.3K followers, 25.2K engagements "I dont get it. Its sitting in plain sight. Known covered by signatures. If your defense strategy relies on blocking IPs and domains youve already lost. (*coughs* CDNs)" [X Link](https://x.com/cyb3rops/status/1979467213963690138) [@cyb3rops](/creator/x/cyb3rops) 2025-10-18T08:38Z 208.3K followers, 62.9K engagements "Maybe Im missing something but I dont get why this malware on the blockchain thing is such a big deal. Its just malicious code stored in an immutable place that cant be blocked by IP or domain lists. Thats only a problem for defense models stuck in the last decade still relying on blacklists and firewall rules" [X Link](https://x.com/cyb3rops/status/1979469786468823356) [@cyb3rops](/creator/x/cyb3rops) 2025-10-18T08:49Z 208.3K followers, 4482 engagements "China accuses US of cyber breaches at national time centre Somewhere in Fort Meade theres a guy bragging he just pwned UTC+8" [X Link](https://x.com/cyb3rops/status/1979857174097789209) [@cyb3rops](/creator/x/cyb3rops) 2025-10-19T10:28Z 208.3K followers, 14.3K engagements "Everyones busy testing their Oracle E-Business servers for the SSRF to see if theyre vulnerable. Thats fine its part of the hygiene check. But the bigger question isnt am I vulnerable Its was I already compromised Zero-days like this were actively exploited before the patch existed. Whether its still vulnerable is the minor problem. Whether someone already walked through that door is the major one. Nuclei templates wont answer that - logs artifacts and traces will" [X Link](https://x.com/cyb3rops/status/1975470457483563500) [@cyb3rops](/creator/x/cyb3rops) 2025-10-07T07:57Z 208.2K followers, 25.4K engagements "Interesting" [X Link](https://x.com/cyb3rops/status/1976536982743363682) [@cyb3rops](/creator/x/cyb3rops) 2025-10-10T06:35Z 208.2K followers, 28.4K engagements
[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.]
@cyb3rops
"@artem_i_baranov CrowdStrike doesnt call it security issue. They use issue"
X Link @cyb3rops 2025-10-09T13:14Z 208.3K followers, XXX engagements
"#Malware #Blockchain"
X Link @cyb3rops 2025-10-18T08:59Z 208.3K followers, 30.7K engagements
"fully agree with Kevin"
X Link @cyb3rops 2025-10-08T23:28Z 208.3K followers, 123.8K engagements
"@0xBurgerFlipper @VarrockBank Be careful with these trades. The Swiss central bank sometimes devaluates the Frank to support the export industry and tourism. I still remember a call option that got wiped out in a minute when they did that in 2011"
X Link @cyb3rops 2025-10-18T08:07Z 208.3K followers, 1019 engagements
"@Arrogance_0024 Oh yea just reduce it to cheap gas. If cheap energy was the only reason why arent Russia Venezuela Angola Algeria Iran Nigeria a super rich countries with strong export and manufacturing"
X Link @cyb3rops 2025-10-18T12:53Z 208.3K followers, 11.5K engagements
"I commented on this meme years ago If UNIX/Linux developers had any sense of usability they would have switched the parameter order from grep what where to grep where what because its much more often the what that changes in every consecutive command The flags for find and tar are also a complete mess"
X Link @cyb3rops 2025-10-18T13:31Z 208.3K followers, 57.5K engagements
"Cisco just confirmed that multiple zero-days against ASA/FTD VPN web services were exploited in the wild. CISA followed up with an Emergency Directive ordering federal agencies to inventory patch or disconnect affected devices. The last X Cisco advisories are directly tied to this campaign: - CVE-2025-20333 - RCE (CVSS 9.9) - CVE-2025-20363 - RCE (CVSS 9.0) - CVE-2025-20362 - Unauthorized access (CVSS 6.5) Ciscos own report details persistence in ROMMON on legacy ASA 5500-X devices without Secure Boot. Attacker activity includes malware implantation command execution log tampering and even"
X Link @cyb3rops 2025-09-26T10:37Z 208.2K followers, 172.3K engagements
"Nice - CrowdStrikes blog contains some logs and IOCs CrowdStrike Identifies Campaign Targeting Oracle E-Business Suite via Zero-Day Vulnerability (now tracked as CVE-2025-61882)"
X Link @cyb3rops 2025-10-06T20:41Z 208.2K followers, 24.4K engagements
"Linux keeps getting more attractive not because its devs suddenly mastered UX but because Apple and Microsoft keep alienating their users. Apple hasnt shipped anything useful in a decade apart from Memoji and Microsofts busy forcing everyone into its Copilot-powered cloud. If someone really manages to make Linux easy to use hassle-free aesthetically pleasing and simple to install and set up it could become the best alternative for desktop users. Im actually using the Arch-based Omarchy right now and I like where its going - it already ticks a lot of those boxes. Microsoft on the other hand is"
X Link @cyb3rops 2025-10-07T17:59Z 208.2K followers, 103K engagements
"Extradite him to the US and put him in prison for life. Industrial espionage like this doesnt just steal data or disrupt operations. It wipes out decades of research and development that others have paid for. It gives them a shortcut through time and money skipping the hard work in engineering chemistry and healthcare. It undermines the technological lead of entire industries and drags down the living standards of millions of people - and generations - in the affected countries. Shorter life expectancy weaker healthcare higher costs of living more poverty more crime more cold-related deaths."
X Link @cyb3rops 2025-10-15T10:41Z 208.3K followers, 36.8K engagements
"Guys Im done correcting crappy YARA rules in public repos. Let them use that junk to train their LLMs - itll keep us detection engineers relevant for a while longer"
X Link @cyb3rops 2025-10-15T11:10Z 208.3K followers, 31.8K engagements
"What really bothers me is that neither F5s statement nor the attestation letters from NCC Group or IOActive mention when the breach actually happened. They only say that F5 learned about it in August 2025. Thats not when it started. There must be forensic evidence pointing to the first signs of compromise - timestamps login traces file access logs anything. Was it weeks before they noticed Months Maybe even years They dont say. Not even approximately. When companies omit that detail its usually one of two things: - They genuinely have no clue when the attackers got in (which would be"
X Link @cyb3rops 2025-10-15T19:26Z 208.3K followers, 80.6K engagements
"Many commented that determining when a breach began depends on how long the victim retains its logs. Thats simply not true. Log data is just one piece of forensic evidence and often not even the most reliable. Analysts can build timelines from dozens of other artifacts file system timestamps registry entries MFT records shim cache user account creation events leftover temporary files scheduled tasks jump lists browser traces and more. Even with minimal log retention theres usually enough forensic residue to approximate when the first malicious activity occurred. So no it doesnt all depend on"
X Link @cyb3rops 2025-10-16T23:05Z 208.3K followers, 25.2K engagements
"I dont get it. Its sitting in plain sight. Known covered by signatures. If your defense strategy relies on blocking IPs and domains youve already lost. (coughs CDNs)"
X Link @cyb3rops 2025-10-18T08:38Z 208.3K followers, 62.9K engagements
"Maybe Im missing something but I dont get why this malware on the blockchain thing is such a big deal. Its just malicious code stored in an immutable place that cant be blocked by IP or domain lists. Thats only a problem for defense models stuck in the last decade still relying on blacklists and firewall rules"
X Link @cyb3rops 2025-10-18T08:49Z 208.3K followers, 4482 engagements
"China accuses US of cyber breaches at national time centre Somewhere in Fort Meade theres a guy bragging he just pwned UTC+8"
X Link @cyb3rops 2025-10-19T10:28Z 208.3K followers, 14.3K engagements
"Everyones busy testing their Oracle E-Business servers for the SSRF to see if theyre vulnerable. Thats fine its part of the hygiene check. But the bigger question isnt am I vulnerable Its was I already compromised Zero-days like this were actively exploited before the patch existed. Whether its still vulnerable is the minor problem. Whether someone already walked through that door is the major one. Nuclei templates wont answer that - logs artifacts and traces will"
X Link @cyb3rops 2025-10-07T07:57Z 208.2K followers, 25.4K engagements
"Interesting"
X Link @cyb3rops 2025-10-10T06:35Z 208.2K followers, 28.4K engagements
/creator/twitter::1538299243/posts