A-S-C @AppSecCon - Twitter Profile

about 10 hours ago

🚨 Reports of activity referred to as FortiBleed indicate malicious cyber activity targeting Fortinet FortiGate devices across government & private sector organizations. Review our Alert and take immediate action to protect your organization’s systems. 👉 https://t.co/VhDx0zq2o1

10

222

94

49

27K

A-S-C

@AppSecCon

9 days ago

Coming soon...

0

1

0

4

AppSecCon retweeted

Chris W

@EMTFireman

13 days ago

New USCG Guidance Just Dropped: Cybersecurity Assessment (CSA) is Far More Than Paperwork 🚢🔒 https://t.co/81KZrM51fv via @LinkedIn

0

1

0

15

AppSecCon retweeted

NSA Cyber

@NSACyber

22 days ago

NSA’s ZIG webpage is now live! We are providing accessible resources for enhancing enterprise cybersecurity with Zero Trust. To learn more, visit the ZIG webpage. https://t.co/MiIGiLhQAJ

41

461

132

293

112K

A-S-C

@AppSecCon

24 days ago

Check out my latest article: Legal Risks of Checkbox Compliance of 33 CFR 101 Subpart F https://t.co/0yKhUEOryz via @LinkedIn

0

1

0

5

AppSecCon retweeted

The Hacker News @TheHackersNews

about 1 month ago

🚨 WARNING: The self-spreading “Mini Shai-Hulud” worm compromised npm & PyPI packages tied to TanStack, Mistral AI, Guardrails AI, OpenSearch & more. The attack used GitHub OIDC token hijacking and cache poisoning to spread credential-stealing malware across 42 TanStack packages and 84 versions. Check your dependencies immediately → https://t.co/33fxlrOPzz

TheHackersNews's tweet photo. 🚨 WARNING: The self-spreading “Mini Shai-Hulud” worm compromised npm & PyPI packages tied to TanStack, Mistral AI, Guardrails AI, OpenSearch & more.

The attack used GitHub OIDC token hijacking and cache poisoning to spread credential-stealing malware across 42 TanStack packages and 84 versions.

Check your dependencies immediately → https://t.co/33fxlrOPzz

28

614

207

224

97K

AppSecCon retweeted

International Cyber Digest

@IntCyberDigest

3 months ago

🚨‼️ CRITICAL: Ubiquiti UniFi Network Application vulnerabilities were just disclosed CVE-2026-22557 CVSS 10.0 Remote path traversal vulnerability allowing an attacker to access and manipulate files, leading to account takeover. No authentication required. CVE-2026-22558 — CVSS 7.7 Authenticated NoSQL Injection allowing privilege escalation.

IntCyberDigest's tweet photo. 🚨‼️ CRITICAL: Ubiquiti UniFi Network Application vulnerabilities were just disclosed

CVE-2026-22557 CVSS 10.0
Remote path traversal vulnerability allowing an attacker to access and manipulate files, leading to account takeover. No authentication required.

CVE-2026-22558 — CVSS 7.7
Authenticated NoSQL Injection allowing privilege escalation.

42

2K

325

812

314K

A-S-C

@AppSecCon

4 months ago

North Korean hackers are deploying newly uncovered tools to move data between internet-connected and air-gapped systems, spread via removable drives, and conduct covert surveillance. https://t.co/hcypFoixIe

1

2

0

18

AppSecCon retweeted

CISA Cyber @CISACyber

4 months ago

🚨 Just Released: Emergency Directive 26-03 focuses on mitigating vulnerabilities in Cisco SD-WAN systems. We urge all orgs to review and implement the recommended actions immediately to protect your network. 👉 https://t.co/wj8WbwNEBx

1

48

31

7

6K

AppSecCon retweeted

NSA Cyber

@NSACyber

4 months ago

Malicious actors are exploiting Cisco Catalyst SD-WAN technology to access global networks. Review our new joint Hunt Guide for details on detections and mitigation techniques and take immediate action to reduce risks to your networks. https://t.co/t4awBuiAkn

104

254

103

46

26K

AppSecCon retweeted

CISA Cyber @CISACyber

4 months ago

🚨 Cyber threat actors are exploiting multiple Cisco vulnerabilities, including CVE-2026-20127 and CVE-2022-20775, to ultimately establish long-term persistence in SD-WAN systems across multinational organizations. Review our Alert & act immediately. 👉 https://t.co/d9aYL6Ipfq

6

160

68

45

21K

A-S-C

@AppSecCon

4 months ago

This is related to the BeyondTrust remote access platform formerly known as Bomgar. This is a high priority fix.

Rapid7 @rapid7

4 months ago

🚨 On 2/6/26, #BeyondTrust disclosed a critical RCE vulnerability affecting its Remote Support (RS) and Privileged Remote Access (PRA) products. The flaw has been assigned CVE-2026-1731 and a near-maximum CVSSv4 score of 9.9. More in the Rapid7 blog: https://t.co/2JDdnujQFd

9

66

27

18

10K

0

1

0

97

AppSecCon retweeted

Marco (Marc) Ayala

@ICS_SCADA

5 months ago

Check out my latest article: From Haven to Hell: How an Insider USB Turned Rotterdam's Safe Harbor into a Cocaine Gateway https://t.co/lbry6Xi6YT

0

2

1

0

124

AppSecCon retweeted

CISA Cyber @CISACyber

5 months ago

🛡️ We added Cisco Unified Communications products code injection vulnerability CVE-2026-20045 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec

CISACyber's tweet photo. 🛡️ We added Cisco Unified Communications products code injection vulnerability CVE-2026-20045 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/OMCR0X9NF2

1

62

28

9

9K

AppSecCon retweeted

BleepingComputer

@BleepinComputer

5 months ago

Fortinet admins are seeing attackers exploiting a patch bypass for a previously fixed FortiGate authentication bypass (CVE-2025-59718) to hack patched firewalls. https://t.co/CbX91QZWT5

11

361

112

132

57K

AppSecCon retweeted

Who said what?

@g0njxa

5 months ago

These fake Fortinet websites, still present on top browser search engines results, are now delivering a fake FortiClient app, signed "Taiyuan Lihua Near Information Technology Co., Ltd. (Certum-given)" Its a phishing app, that will send credentials to vpn-connection[.]pro Based on other signed files with same EV cert, recently the TA were also spreading applications impersonating Sophos, WatchGuard and Ivanti. Analysis: https://t.co/CKyprHs5US