![FalconFeedsio's tweet photo. 🚨 CRITICAL STEALER ALERT - Last 12 Hours
4 active stealer families detected:
Lumma: Mimicking RuStore (rustore[.]iosif-brodskiy[.]su)
Stealc: German C2s (89[.]191[.]234[.]128)
ACR: Finnish infrastructure
Rhadamanthys: US-based (port 11453)
8 C2 servers actively exfiltrating credentials, crypto wallets & 2FA tokens. Peak activity: 06:00-08:00 UTC targeting banking/corporate data.](https://pbs.twimg.com/media/G1TecOVbQAQX6C7.jpg)
![FalconFeedsio's tweet photo. 🚨 CRITICAL STEALER ALERT - Last 12 Hours
4 active stealer families detected:
Lumma: Mimicking RuStore (rustore[.]iosif-brodskiy[.]su)
Stealc: German C2s (89[.]191[.]234[.]128)
ACR: Finnish infrastructure
Rhadamanthys: US-based (port 11453)
8 C2 servers actively exfiltrating credentials, crypto wallets & 2FA tokens. Peak activity: 06:00-08:00 UTC targeting banking/corporate data.](https://pbs.twimg.com/media/G1TecOPbQAAtVlu.jpg)
Olivia
Online
Jan Pagon
@JanPagon
Lost in space,...
Kranj
Joined November 2009
569 Following
119 Followers
983 Posts
Howdy folks! Taking a break from my twitter break to let yall know that we released a new @GreyNoiseIO product yesterday. It's called Project Swarm. We've been quietly not-so-quietly working on it for a few years. You can buy it now. It costs $1.
There are lots of vulnerabilities on edge-facing apps. To catch in-the-wild exploitation of them, we @ GreyNoise run sensors on the internet. New AI models means more vulnerabilities being identified and exploited, and FASTER. Long term, software and hardware will probably get better, but in the meantime we're gonna have to deal with A LOT of vulnerabilities.
At GreyNoise, the sensors we run are basically honeypots- we bait attackers to scan and exploit them which enables us to learn where the attackers are, which vulnerabilities they are exploiting, what it drops, and what it looks like on the wire. From ~2020-now it took us years to build up our fleet. Now anyone can use our new product to deploy their own sensors on their own networks, or an entire fleet of any size, in a day. You can rip back the data and do whatever you want with it. You can resell it, put it into your product, or just stare at it- whatever you want! On our side, we aggregate the data and pour it into a community dataset that everyone shares. As more people join, the data gets bigger and better.
Couple neat features:
- Sensor deployment is a single bash command on any modern linux distro that supports iptables and wireguard.
- Sensors and vulnerable software (profiles) are abstracted into different logical concepts, which means the "what" and "where" are different things, and the sensor is not constrained by the compute required to run the vulnerable software. Also, no matter how hacked the profile (honeypot) gets, it can't touch your host sensor or the rest of your network.
- Sensors can run fake honeypots, real software, or even real hardware (bridged with a raspberry pi) like old crappy routers and modems (or expensive firewalls and VPN gateways 👀)
- You can create dynamic blocklists that block IPs sourced from your own sensors in real time, so if a remote IP address *looks at your network* the wrong way, you block them instantly.
- All the PCAP data is available to you in a gorgeous and intuitive interface at near real time and fully enriched against all of our (thousands of) rules. We're working on the host metadata (malware, syscalls, host behaviors) as well, but this will come later.
- If we don't tag a CVE that's interesting to you, you can write a Suricata rule to tag it yourself once and your data gets tagged with it in real time forever.
- You can instantly download PCAPs of any exploits that hit your sensors.
- If you don't want your data shared with the community dataset, you can talk to our team and we'll work out rights to make it private.
Check it out! There's a lot of moving pieces to make this work and we expect bugs, but it's available right now. Join the fight!
https://t.co/erAWtX1l7B
I wrote a short post on AI and offensive security. I looked at how AI is starting to impact pentesting, red teaming, and offensive tooling. What’s real today and what might be coming next.
👉 https://t.co/KMQkaNYo3R
#AI #Cybersecurity #OffensiveSecurity #Infosec
@DarkWebInformer Can you please dm me, thanks
There is critical vulnerability in React Server Components disclosed as CVE-2025-55182 that impacts React 19 and frameworks that use it.
A fix has been published in React versions 19.0.1, 19.1.2, and 19.2.1. We recommend upgrading immediately.
https://t.co/kue7kd0XEX
Microsoft is adding Sysmon directly into Windows. The Sysinternals utility will make it easier for security teams to detect and respond to threats https://t.co/xWdoMJiocn
Hey #infosec community - #BSidesLjubljana is back on track, planning for the 13th of March 2026! Save the date, share the news, participate!
CFP is open - https://t.co/cgJn3sS6qh
#CallForPresentations #CFP #CyberSecurity #SecurityBSides @SecurityBSides
DM me for ....
new Lumma config extractor 🤭
Opozarjamo na širjenje zlonamerne kode v imenu FURS🚩 Sporočilo nagovaja k zagonu zlonamerne priponke pod pretvezo ogleda davčnega dokumenta. Priponka ZIP arhiva nosi škodljivo VBS datoteko za zagon prenašalnika Guloader, ki naloži orodje za oddaljen dostop Remcos RAT
Cherry popped: https://t.co/8lSHrIuA6v. #ntk30
🚨 CRITICAL STEALER ALERT - Last 12 Hours
4 active stealer families detected:
Lumma: Mimicking RuStore (rustore[.]iosif-brodskiy[.]su)
Stealc: German C2s (89[.]191[.]234[.]128)
ACR: Finnish infrastructure
Rhadamanthys: US-based (port 11453)
8 C2 servers actively exfiltrating credentials, crypto wallets & 2FA tokens. Peak activity: 06:00-08:00 UTC targeting banking/corporate data.
![FalconFeedsio's tweet photo. 🚨 CRITICAL STEALER ALERT - Last 12 Hours
4 active stealer families detected:
Lumma: Mimicking RuStore (rustore[.]iosif-brodskiy[.]su)
Stealc: German C2s (89[.]191[.]234[.]128)
ACR: Finnish infrastructure
Rhadamanthys: US-based (port 11453)
8 C2 servers actively exfiltrating credentials, crypto wallets & 2FA tokens. Peak activity: 06:00-08:00 UTC targeting banking/corporate data.](https://pbs.twimg.com/media/G1TecPMbQAk9EeP.jpg)
Recommandations from the “inventor” of Kerberoasting.
Also check out FAST / kerberos armoring. Article from @SteveSyfuhs :
https://t.co/6iGgakWgrs
And if you are using g/dMSA (managed service accounts) it will automatically set and rotate a long password.
⚠️ A single click on a fake site can hijack your password manager.
Researchers found 11 popular extensions (1Password, LastPass, iCloud & more) vulnerable—putting logins, 2FA codes, and credit cards at risk.
6 vendors still haven’t patched.
Protect your PASSWORDS ↓ https://t.co/C7GrZY7K2f
🛡️ AI-Powered SQL Injection Just Got Real - 𝗦𝗤𝗟𝗠𝗮𝗽 𝗔𝗜 𝗔𝘀𝘀𝗶𝘀𝘁𝗮𝗻𝘁
An SQL Injection testing assistant powered by AI.
Came across a powerful tool blending LLMs with offensive security.
🔗 https://t.co/ljN4zKO4Ea
#CyberSecurity
🚨 You won’t believe how much I made off this Microsoft bounty…
Full story and POC here 👉 https://t.co/iNrGgX1saa
This bug exposed:
📧 Email addresses of package owners
🌐 Out-of-band callbacks for data exfil
💥 IP, personal names and addresses, internal system info
Fact #Fortinet
@NahamSec Do it
BT13 (Slovenia, Italy, CO National Guard) took 3rd place at #LockedShields2025 in Tallinn—NATO CCDCOE’s top cyber defense exercise.
Honored to be part of this incredible team for the 4th year in a row!
#Cybersecurity #CCDCOE #BlueTeam
STARTEX
#LockedShields2025 has officially begun — the world’s most complex live-fire cyber defence exercise.
At its core: 8,000+ virtual systems under attack, defended by 17 multinational teams. But it’s not just technical. Teams also face legal dilemmas, AI-driven disinformation, high-stakes decision-making and much more.
This is where nations train for tomorrow’s crises.
Last Seen Users on Sotwe
Me-retweet
Seen from Singapore
Myzukki 2
Seen from Japan
امك مناير
Seen from Netherlands
LORENX 0.1%
Seen from Israel
Suka Kontol Bapak Wito
Seen from Singapore
brut
Seen from Saudi Arabia
wnwnwnwn
Seen from Canada
Penikmat Lendir +62
Seen from Singapore
ชอบชุดชั้นใน
Seen from Thailand
น้าชอบเย็ด
Seen from Thailand
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers