Olivia
Online
Simo
@SimoKohonen
chief honeypot @defusedcyber
β π» π π‘ cyberspace
Joined February 2016
317 Following
3.1K Followers
5.2K Posts
Β Pinned Tweet
Easter holidays and a Fortinet 0-day - a match made in heaven π°
(also my first credited CVE π)
π¨ New Fortinet vulnerability being exploited as an 0-day
CVE-2026-35616 - FortiClient EMS pre-authentication API access bypass - CVSS 9.1 Critical
After observing in-the-wild exploitation of this vulnerability earlier this week, Defused reported it to Fortinet under responsible disclosure.
Fortinet has released an emergency hotfix - plus a scheduled patch - for FortiClient EMS 7.4.5 and 7.4.6.
The vulnerability allows an unauthenticated attacker to bypass API authentication and authorization entirely, unauthorized code or commands via crafted requests.
This discovery was made through our upcoming Radar feature launching next week π
Advisory: https://t.co/Jr2fUbq8JV
Track exploitation of this and other Fortinet vulns in real time and get updates on the new Defused Radar π https://t.co/iRDhHlDkep
Credit also to @heckintosh_ for independently discovering this vulnerability πͺ
@techspence ππππ
π―π―π―π―
Past few weeks I have been posting less @DefusedCyber updates, but only because it's reached enough users that have needed to rework some scaling aspects.
That said, new stuff coming soon again π
@WahlenPMattias @xofreyr as usual, the internet communists have absolutely zero factual backing to their ideologies: https://t.co/jCkMv5wap1
@ZackKorman Secure my agent
Shame we didn't pick up on this sooner despite the data being in the platform, but showcases exactly why I'm launching @DefusedCyber Builder - you can pick up different things & sometimes get earlier signals from running honeypots on your own infra π―
π¨ Based on @rapid7 observations of exploitation of PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257), we can also confirm first signs of exploitation around the same time (May 18th on the Defused TF feeds, and a customer hit on May 17th)
The exploit payload differs slightly from Rapid 7's POC with the user-agent PAN GlobalProtect/6.0.0
Attacker IP: 104.207.144[.]154 πΊπΈ AS20473 The Constant Company
Rapid7 write-up: https://t.co/n9QiTULwHA
![DefusedCyber's tweet photo. π¨ Based on @rapid7 observations of exploitation of PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257), we can also confirm first signs of exploitation around the same time (May 18th on the Defused TF feeds, and a customer hit on May 17th)
The exploit payload differs slightly from Rapid 7's POC with the user-agent PAN GlobalProtect/6.0.0
Attacker IP: 104.207.144[.]154 πΊπΈ AS20473 The Constant Company
Rapid7 write-up: https://t.co/n9QiTULwHA](https://pbs.twimg.com/media/HJj8iswWEAIp4Hi.jpg)
@syntaxish @UK_Daniel_Card Thats a fake photo cos im a drone expert and know you cant fly drones at Hoover Dam π
@adversarialy @techspence Yeah i looked at it at some point. Its a good idea in principle but has some pitfalls (at least for Defused specifically) and i have gone a different route IRT ai assisted honeypotting
@ZackKorman they took zero trust so far they hit minus one, and everything was permitted
@techspence @_JohnHammond @IceSolst @ZackKorman @AnthonyBendas @_ContinuumCon_ Thats me in winter π
@_JohnHammond @IceSolst @ZackKorman @techspence @AnthonyBendas @_ContinuumCon_ Ill come if I can free myself in time
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.3M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers