Olivia
Online
🚨 The Most Exploited *Alerts*🚨
@MostExploited
🔍| Unveiling PoC exploits, zero-days & CVE insights | Shedding light on ransomware groups, cyber news & The Most Exploited CVEs
Joined October 2023
384 Following
76 Followers
350 Posts
Pinned Tweet
1/3 Fortinet warns of a critical zero-day (#CVE202455591) in FortiOS & FortiProxy, exploited to hijack firewalls and gain super-admin access. Affected versions: 7.0.0-7.0.16, 7.0.0-7.0.19, 7.2.0-7.2.12. #Fortinet #ZeroDay #CyberSecurity
https://t.co/xNYh2SbBgt
🚨🚨🚨BREAKING - New data leak site by Scattered LAPSUS$ Hunters exposes Salesforce customers. Dozens of global companies involved in a large-scale extortion campaign.
Scattered LAPSUS$ Hunters claims to have breached Salesforce, exfiltrating ~1B records.
They accuse Salesforce of lacking 2FA and OAuth protections, say over 100 instances were compromised, and threaten data leaks, lawsuits, and technical disclosures.
Complete list of affected companies and reported exfiltration:
FedEx - 1.1TB
Aeroméxico - 172.95GB
Qantas Airways - 153GB
UPS - 91.34GB
HMH - 88GB
Vietnam Airlines - 63.62GB
Toyota Motor Corporation - 64GB
Stellantis - 59GB
Air France & KLM - 51GB
Republic Services - 42GB
Adidas - 37GB
Disney/Hulu - 36GB
Canvas by Instructure - 35GB
Instacart - 32GB
McDonald's - 28GB
TripleA - 23GB
TransUnion - 22GB
Home Depot - 19.43GB
Google AdSense - 19GB
1-800Accountant - 18GB
Cisco - 5.6GB
Marriott - 7GB
Walgreens - 11GB
Kering (Gucci, Balenciaga, etc.) - 10GB
Petco - 9.9GB
ASICS - 9GB
Pandora - 8.3GB
KFC - 1.3GB
Saks Fifth - 1.1GB
GAP Inc. - 1GB
CarMax - 1.7GB
Cartier - 1.4GB
Chanel - 2GB
Albertsons (Jewel Osco, etc.) - 2GB
Engie Resources (Plymouth) - 3GB
Puma - 3.1GB
HBO Max - 3.2GB
Fujifilm - 155MB
IKEA - 13GB
Note: All victims are listed with ransom deadlines set for 10 October 2025.
Discover more at https://t.co/yiQ1nOhPjb
3/3 Mitigation: Fortinet urges patching systems or disabling HTTP/HTTPS admin interfaces, limiting access via local-in policies, and disabling public management access. #CyberDefense #SecurityPatch #FortinetSecurity
1/3 Fortinet warns of a critical zero-day (#CVE202455591) in FortiOS & FortiProxy, exploited to hijack firewalls and gain super-admin access. Affected versions: 7.0.0-7.0.16, 7.0.0-7.0.19, 7.2.0-7.2.12. #Fortinet #ZeroDay #CyberSecurity
https://t.co/xNYh2SbBgt
2/3 Attackers exploit the zero-day to create rogue admin users, modify firewall policies, and access internal networks via SSL VPN. Arctic Wolf traces the exploitation timeline from Nov 2024 to Dec 2024, with a probable zero-day as the access vector. #FortiOS #FortiProxy #SSLVPN
🚨 CISA adds Qlik Sense HTTP tunneling vulnerability #CVE202348365 to #KEV catalog. This flaw lets attackers escalate privileges and execute HTTP requests on backend servers hosting Qlik Sense. #Cybersecurity #Infosec
🚨 CISA adds critical #BeyondTrust vulnerability #CVE202412686 to #KEV catalog, warning of potential exploitation. This flaw allows admins to upload malicious files, enabling OS command execution as the site user #Cybersecurity
🚨 #CISA released advisory on 2023 #Top #Routinely #Exploited Vulnerabilities.
These are frequently targeted by attackers, leading to critical #breaches. Here are the top 15 vulnerabilities to secure against:
https://t.co/WsXQVEukKM
#Vulnerabilities
🚨Microsoft’s #Nov 2024 #PatchTuesday addresses 87 CVEs, with 4 critical and 4 zero-day vulnerabilities, including 2 exploited in the wild:
#CVE202443451 (NTLM Hash Disclosure) exploited for NTLM spoofing
#CVE202449039 (Task Scheduler EoP) allows RCE on vulnerable systems.
#Patch
3/3 Fog/Akira accessed compromised systems via VPN/VPS to obscure IPs, accelerating their intrusions. All affected endpoints were running unpatched SonicWall software, underscoring the urgency of timely updates. #datasecurity #patch
1/3 🚨 #Fog and #Akira #ransomware gangs are increasingly exploiting #SonicWall VPN accounts, likely using #CVE202440766, a critical access control flaw in SSL #VPN. SonicWall patched it in late August, but active exploits surfaced within a week. #cybersec https://t.co/lM7yLPckaL
2/3 Arctic Wolf reports 30+ intrusions by Fog/Akira ransomware, with most breaches tied to unpatched SonicWall VPNs. Time from access to data encryption has been as short as 2 hours, showing rapid attack capabilities. #ransomware #SonicWall #threatintel
🚨 Attackers are actively exploiting a critical FortiOS RCE vulnerability #CVE202423113, which could allow unauthenticated code execution on unpatched devices. Update ASAP! #cybersecurity #infosecurity
https://t.co/3nA6e39zOl
The Internet Archive was breached again, this time on their Zendesk email support platform after repeated warnings that threat actors stole exposed GitLab authentication tokens.
https://t.co/IT8kH1CdEh
Security chips produced by Infineon Technologies have been found vulnerable to side-channel attacks.
#Crypto #CyberSecurity #infosec #yubikey
https://t.co/AVQ3B6He0l
VMware Fusion contains a high-severity code execution vulnerability, as disclosed by Broadcom.
#MacOS #Apple #BigTech #CyberSecurity #infosec
https://t.co/sjlc93e5ep
3/3 #CVE20247262: #Kingsoft #WPS #Office Path Traversal in promecefpluginhost.exe on Windows. Could allow attackers to load arbitrary Windows libraries. #CVE20247262 #WPSOffice #CyberThreat #CISA #KEV #CISA_Alert
🚨 #CISA has added 3 new vulnerabilities to #KEV catalog:
1/3 #CVE202120123: #Draytek #VigorConnect Path Traversal flaw in the DownloadFileServlet endpoint. Unauthenticated attackers could exploit it to download arbitrary files with root privileges
2/3 #CVE202120124: #Draytek #VigorConnect Path Traversal vulnerability in WebServlet file download. Attackers could gain root access to download arbitrary files. #Infosec #Exploit #CISA #KEV
This video👇is of Tigran Gambaryan, the former US federal agent who led many of the biggest crypto crime cases in history. He's being charged in Nigeria with money laundering and tax evasion, entirely for the actions of his employer, Binance. He's now been jailed and denied medical care for a herniated disc in his back that requires surgery.
Here you can see that Nigerian officials have even denied him the use of a wheelchair or any help walking into the courtroom in an attempt to avoid embarrassing photos/videos of his condition.
Where is the the US @StateDept? Where is @SecBlinken? Where is @StateSPEHA Roger D. Carstens, for whom this case should have met the criteria to be treated as a hostage situation months ago?
Why isn't the US doing more to help this American citizen and former civil servant?
It's long past time to bring Tigran home.
Last Seen Users on Sotwe
少女洛 
Seen from Japan
นัดเยส...แอบเยส...สาวอ้วน...สาวอวบ ..สาวใหญ่
Seen from Thailand
อาร์ทตี้_K56
Seen from Thailand
คุยด้วยแล้วจะสบายใจ
Seen from Thailand
haya😍
Seen from Turkey
بـَاجِـⷩــⷱــͥــᷞــⷽــⷽـی عَالِيͫــͣــᷝہ( ͜.人 ͜.)
Seen from United Arab Emirates
Türk Paylaşım sohbet
Seen from Turkey
AMATÖR VİDEO MEKANI
Seen from Turkey
ڛـ,ـمـْـْْـْڛـ,ــم~♡`~
Seen from Germany
Dâu Tây 1997 🍓
Seen from Vietnam
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers