Veganism Social

CrowdSec🚀 At CrowdSec, we rely on <a href="https://bird.makeup/users/mongodb" class="u-url mention" rel="nofollow noopener" target="_blank">@mongodb</a> to power our solution. Its speed, flexibility, and reliability help us deliver real-time protection at scale, keeping our community safe from evolving cyber threats.Learn more 👉 <a href="https://www.mongodb.com/solutions/customer-case-studies/crowdsec" rel="nofollow noopener" translate="no" target="_blank">https://www.mongodb.com/solutions/customer-case-studies/crowdsec</a><a href="https://infosec.exchange/tags/CrowdSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#CrowdSec</a> <a href="https://infosec.exchange/tags/MongoDB" class="mention hashtag" rel="nofollow noopener" target="_blank">#MongoDB</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSource</a> <a href="https://infosec.exchange/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatIntelligence</a>

CrowdSecSharing insights and taking swift action can collectively reduce the impact of these threats. This is your call to action for real-time threat intelligence and collaborative cybersecurity. For more information, visit <a href="http://crowdsec.net" rel="nofollow noopener" translate="no" target="_blank">http://crowdsec.net</a> Want to stay ahead of the latest cyber threats? Get our weekly Threat Alert delivered straight to your inbox, along with critical threat updates and trending cybersecurity insights. 📩 Sign up now for exclusive access: <a href="https://contact.crowdsec.net/threat-alert" rel="nofollow noopener" translate="no" target="_blank">https://contact.crowdsec.net/threat-alert</a>🧵6/6<a href="https://infosec.exchange/tags/CVE202525257" class="mention hashtag" rel="nofollow noopener" target="_blank">#CVE202525257</a> <a href="https://infosec.exchange/tags/Fortinet" class="mention hashtag" rel="nofollow noopener" target="_blank">#Fortinet</a> <a href="https://infosec.exchange/tags/FortiWeb" class="mention hashtag" rel="nofollow noopener" target="_blank">#FortiWeb</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatIntel</a> <a href="https://infosec.exchange/tags/CrowdSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#CrowdSec</a>

CrowdSec🛡️ How to protect your systems: 🔹 Patch: Patch your FortiWeb instance if it is publicly exposed; otherwise, remove outside access to the affected admin panel. 🔹 Preemptive blocking: Use Crowdsec CTI to block IPs exploiting CVE-2025-25257 👉 <a href="https://app.crowdsec.net/cti?q=cves%3A%22CVE-2025-25257%22&page=1" rel="nofollow noopener" translate="no" target="_blank">https://app.crowdsec.net/cti?q=cves%3A%22CVE-2025-25257%22&page=1</a> 🔹 Stay proactive: Install the Crowdsec Web Application Firewall to stay ahead of exploit attempts, with 100+ virtual patching rules available. 👉 <a href="https://doc.crowdsec.net/docs/next/appsec/intro" rel="nofollow noopener" translate="no" target="_blank">https://doc.crowdsec.net/docs/next/appsec/intro</a>🧵5/6<a href="https://infosec.exchange/tags/CVE202525257" class="mention hashtag" rel="nofollow noopener" target="_blank">#CVE202525257</a> <a href="https://infosec.exchange/tags/Fortinet" class="mention hashtag" rel="nofollow noopener" target="_blank">#Fortinet</a> <a href="https://infosec.exchange/tags/FortiWeb" class="mention hashtag" rel="nofollow noopener" target="_blank">#FortiWeb</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatIntel</a> <a href="https://infosec.exchange/tags/CrowdSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#CrowdSec</a>

CrowdSec📈 Trend analysis: 🔹 CrowdSec detected the first in-the-wild exploitation of this vulnerability on July 11th, shortly after we rolled out detection rules. Using our wayback tools, we were able to establish that there were no exploitation attempts before July 11th, confirming once again that public exploits are a key driver of vulnerability weaponization. 🔹 For CVE-2025-25257, CrowdSec has observed about 40 distinct IPs producing about 500 attack events in total. Most of these attacks occurred on Friday, July 11th, the day the exploit was publicized. The attacks on Friday were mainly due to a presumably coordinated attacker spinning up a bunch of machines on Scaleway cloud to use in a broad scanning campaign. Over the weekend, the exploit quickly lost popularity. This might be due to the fact that the exploit requires the Fabric Connector administrative interface to be publicly accessible, which is somewhat unlikely. While we cannot make predictions, CrowdSec expects exploitation signals to pick up slightly this week as vulnerability scanners start looking for vulnerable devices. However, we don’t expect the attacker volume for this vulnerability to reach that of other Fortinet-related CVEs.🧵4/6<a href="https://infosec.exchange/tags/CVE202525257" class="mention hashtag" rel="nofollow noopener" target="_blank">#CVE202525257</a> <a href="https://infosec.exchange/tags/Fortinet" class="mention hashtag" rel="nofollow noopener" target="_blank">#Fortinet</a> <a href="https://infosec.exchange/tags/FortiWeb" class="mention hashtag" rel="nofollow noopener" target="_blank">#FortiWeb</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatIntel</a> <a href="https://infosec.exchange/tags/CrowdSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#CrowdSec</a>

CrowdSec🛠️ About the exploit: 🔹 The Fortinet FortiWeb Fabric Connector is an integration component designed to enhance application security by linking FortiWeb web application firewalls (WAFs) with other elements of the Fortinet Security Stack. It enables policy enforcement and automated threat response by leveraging intelligence gathered from FortiGate firewalls, FortiSandbox, FortiAnalyzer, and other “Fabric-enabled” devices. It is in some sense a glue product that holds an array of different Fortinet products together. 🔹 The vulnerability allows unauthenticated attackers to execute arbitrary SQL statements against the MySQL database connected to Fabric Connector. As this database runs as root per default, this attack can be chained to run arbitrary Python code on the affected machine, allowing attackers to further compromise the system. The vulnerability affects various FortiWeb versions from 7.0 to 7.6. As a workaround, the vendor recommends disabling the administrative interface to external visitors.🧵3/6<a href="https://infosec.exchange/tags/CVE202525257" class="mention hashtag" rel="nofollow noopener" target="_blank">#CVE202525257</a> <a href="https://infosec.exchange/tags/Fortinet" class="mention hashtag" rel="nofollow noopener" target="_blank">#Fortinet</a> <a href="https://infosec.exchange/tags/FortiWeb" class="mention hashtag" rel="nofollow noopener" target="_blank">#FortiWeb</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatIntel</a> <a href="https://infosec.exchange/tags/CrowdSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#CrowdSec</a>

CrowdSec⚠️ Key findings: 🔹 A new SQL injection vulnerability in a FortiWeb component allows attackers to execute arbitrary code on the affected machine. 🔹 CrowdSec has been tracking exploitation since the 11th of July 2025. 🔹 Data from the CrowdSec network indicates that attacker interest in the vulnerability remains very limited.🧵2/6<a href="https://infosec.exchange/tags/CVE202525257" class="mention hashtag" rel="nofollow noopener" target="_blank">#CVE202525257</a> <a href="https://infosec.exchange/tags/Fortinet" class="mention hashtag" rel="nofollow noopener" target="_blank">#Fortinet</a> <a href="https://infosec.exchange/tags/FortiWeb" class="mention hashtag" rel="nofollow noopener" target="_blank">#FortiWeb</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatIntel</a> <a href="https://infosec.exchange/tags/CrowdSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#CrowdSec</a>

CrowdSec🚨 In this week’s Threat Alert Newsletter: exploitation of CVE-2025-25257 in Fortinet’s FortiWeb Fabric Connector.We break down how the exploit works, what CrowdSec sees on the network, and steps to stay protected.Read more 👇🧵1/6<a href="https://infosec.exchange/tags/CVE202525257" class="mention hashtag" rel="nofollow noopener" target="_blank">#CVE202525257</a> <a href="https://infosec.exchange/tags/Fortinet" class="mention hashtag" rel="nofollow noopener" target="_blank">#Fortinet</a> <a href="https://infosec.exchange/tags/FortiWeb" class="mention hashtag" rel="nofollow noopener" target="_blank">#FortiWeb</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatIntel</a> <a href="https://infosec.exchange/tags/CrowdSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#CrowdSec</a>

R. Kirchner 🇩🇪NGINX Proxy Manager mit CrowdSec absichern - Docker-Setup unter Ubuntu schützen<a href="https://www.ksite.de/blog/nginx-proxy-manager-mit-crowdsec-absichern-docker-setup-unter-ubuntu-schuetzen/" rel="nofollow noopener" translate="no" target="_blank">https://www.ksite.de/blog/nginx-proxy-manager-mit-crowdsec-absichern-docker-setup-unter-ubuntu-schuetzen/</a><a href="https://social.ksite.de/tags/ubuntu" class="mention hashtag" rel="nofollow noopener" target="_blank">#ubuntu</a> <a href="https://social.ksite.de/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://social.ksite.de/tags/nginxproxymanager" class="mention hashtag" rel="nofollow noopener" target="_blank">#nginxproxymanager</a> <a href="https://social.ksite.de/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#linux</a> <a href="https://social.ksite.de/tags/docker" class="mention hashtag" rel="nofollow noopener" target="_blank">#docker</a> <a href="https://social.ksite.de/tags/crowdsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#crowdsec</a>

LinuxNews.deWenn /dev/null eine Größenbeschränkung hätte, würde morgen auch die Welt stillstehen… <a href="https://social.anoxinon.de/tags/devnull" class="mention hashtag" rel="nofollow noopener" target="_blank">#devnull</a> <a href="https://social.anoxinon.de/tags/Crowdsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Crowdsec</a>

Gabriel H. NunesWow! <a href="https://infosec.exchange/@CrowdSec" class="u-url mention" rel="nofollow noopener" target="_blank">@CrowdSec</a> "Community" offering only gets worse and worse!First, they had raised a paywall around querying details on IP addresses that triggered Alerts. Only 30 queries per week for the "Community".Now, they have extended that paywall to cover the whole Alerts feature! Only 500 alerts per month for the "Community"!Where are my logs, <a href="https://infosec.exchange/@CrowdSec" class="u-url mention" rel="nofollow noopener" target="_blank">@CrowdSec</a>?Enshitification meets cybersecurity!<a href="https://mastodon.social/tags/CrowdSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#CrowdSec</a> <a href="https://mastodon.social/tags/Enshitification" class="mention hashtag" rel="nofollow noopener" target="_blank">#Enshitification</a> <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a>

Jan Wildeboer 😷:krulorange:Currently blocking 18687 IPv4 and 890 IPv6 IP addresses that are trying to brute force their way in to my mailserver. Thanks, <a href="https://social.wildeboer.net/tags/nftables" class="mention hashtag" rel="nofollow noopener" target="_blank">#nftables</a>, thanks, <a href="https://social.wildeboer.net/tags/crowdsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#crowdsec</a> :) (This is on a single core VPS with 2GB of RAM, no measurable performance impact, since quite some years now)

LinuxNews.de<a href="https://imker.social/@dirk" class="u-url mention" rel="nofollow noopener" target="_blank">@dirk</a> und im Gegensatz zu <a href="https://social.anoxinon.de/tags/crowdsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#crowdsec</a> läuft das Datenschutzkonform auf dem Server, ohne nach Hause zu telefonieren!

alephHier unsere Anleitung fürs <a href="https://afterspace.rocks/tags/Upgrade" class="mention hashtag" rel="nofollow noopener" target="_blank">#Upgrade</a> von <a href="https://afterspace.rocks/tags/Mastodon" class="mention hashtag" rel="nofollow noopener" target="_blank">#Mastodon</a> auf die <a href="https://afterspace.rocks/tags/Beta" class="mention hashtag" rel="nofollow noopener" target="_blank">#Beta</a> 4.3.0Unsere Instanz lief auf Version 4.2.12 in einem Docker Container. Geschützt von <a href="https://afterspace.rocks/tags/Crowdsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Crowdsec</a> und in Verbindung mit <a href="https://afterspace.rocks/tags/Traefik" class="mention hashtag" rel="nofollow noopener" target="_blank">#Traefik</a> und <a href="https://afterspace.rocks/tags/Elasticsearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#Elasticsearch</a>Unsere Anleitung basiert auf der im Github angegebenen Schritte. <a href="https://github.com/mastodon/mastodon/releases/tag/v4.3.0-beta.2" rel="nofollow noopener" translate="no" target="_blank">https://github.com/mastodon/mastodon/releases/tag/v4.3.0-beta.2</a>Leider hat das bei uns nicht auf Anhieb funktioniert. Daher schreiben wir unsere Schritte. Bitte nicht vergessen vorher Backup anlegen! 🧵 1/4 <a href="https://afterspace.rocks/tags/MastoAdmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#MastoAdmin</a>

Recent searches

Search options

Administered by:

Server stats:

#crowdsec