#ssh — Public Fediverse posts

Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years

In late April 2026, a client reached out to us for incident response support after discovering a miner running on users’ computers. We later discovered that the malware was being distributed via illegal movie and TV show streaming sites. The infection chain leveraged a fake update for a video player plugin. When the user attempted to watch a video, the player displayed a message saying the plugin version was outdated and asking to install an update to continue.

Pulse ID: 6a1857cf8a8447bb024b8f88
Pulse Link: https://otx.alienvault.com/pulse/6a1857cf8a8447bb024b8f88
Pulse Author: CyberHunter_NL
Created: 2026-05-28 14:57:19

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberCrime #CyberSecurity #InfoSec #Malware #OTX #OpenThreatExchange #RAT #SSH #bot #CyberHunter_NL

Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years

In late April 2026, a client reached out to us for incident response support after discovering a miner running on users’ computers. We later discovered that the malware was being distributed via illegal movie and TV show streaming sites. The infection chain leveraged a fake update for a video player plugin. When the user attempted to watch a video, the player displayed a message saying the plugin version was outdated and asking to install an update to continue.

Pulse ID: 6a18578b6109b8e143e92f9d
Pulse Link: https://otx.alienvault.com/pulse/6a18578b6109b8e143e92f9d
Pulse Author: CyberHunter_NL
Created: 2026-05-28 14:56:11

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberCrime #CyberSecurity #InfoSec #Malware #OTX #OpenThreatExchange #RAT #SSH #bot #CyberHunter_NL

Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years

In late April 2026, a client reached out to us for incident response support after discovering a miner running on users’ computers. We later discovered that the malware was being distributed via illegal movie and TV show streaming sites. The infection chain leveraged a fake update for a video player plugin. When the user attempted to watch a video, the player displayed a message saying the plugin version was outdated and asking to install an update to continue.

Pulse ID: 6a18578b75d8ad71151b060a
Pulse Link: https://otx.alienvault.com/pulse/6a18578b75d8ad71151b060a
Pulse Author: CyberHunter_NL
Created: 2026-05-28 14:56:11

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberCrime #CyberSecurity #InfoSec #Malware #OTX #OpenThreatExchange #RAT #SSH #bot #CyberHunter_NL

Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years

In late April 2026, a client reached out to us for incident response support after discovering a miner running on users’ computers. We later discovered that the malware was being distributed via illegal movie and TV show streaming sites. The infection chain leveraged a fake update for a video player plugin. When the user attempted to watch a video, the player displayed a message saying the plugin version was outdated and asking to install an update to continue.

Pulse ID: 6a18578bbf7da0aae660f8bf
Pulse Link: https://otx.alienvault.com/pulse/6a18578bbf7da0aae660f8bf
Pulse Author: CyberHunter_NL
Created: 2026-05-28 14:56:11

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberCrime #CyberSecurity #InfoSec #Malware #OTX #OpenThreatExchange #RAT #SSH #bot #CyberHunter_NL

Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years

In late April 2026, a client reached out to us for incident response support after discovering a miner running on users’ computers. We later discovered that the malware was being distributed via illegal movie and TV show streaming sites. The infection chain leveraged a fake update for a video player plugin. When the user attempted to watch a video, the player displayed a message saying the plugin version was outdated and asking to install an update to continue.

Pulse ID: 6a18578fc37223594de644c8
Pulse Link: https://otx.alienvault.com/pulse/6a18578fc37223594de644c8
Pulse Author: CyberHunter_NL
Created: 2026-05-28 14:56:14

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberCrime #CyberSecurity #InfoSec #Malware #OTX #OpenThreatExchange #RAT #SSH #bot #CyberHunter_NL

XPipe 23.0: Mehr Sicherheit für Remote-Zugänge

XPipe 23.0 erweitert die Verwaltung von Remote-Zugängen: Neu sind SSH-Zertifikate, Proxy-Support und ein Tab-System für RDP- und VNC-Sitzungen.

https://www.heise.de/news/XPipe-23-0-Mehr-Sicherheit-fuer-Remote-Zugaenge-11310015.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Systemverwaltung #Containerisierung #IT #OpenSource #RemoteAccess #Security #SSH #news

XPipe 23.0: Mehr Sicherheit für Remote-Zugänge

XPipe 23.0 erweitert die Verwaltung von Remote-Zugängen: Neu sind SSH-Zertifikate, Proxy-Support und ein Tab-System für RDP- und VNC-Sitzungen.

https://www.heise.de/news/XPipe-23-0-Mehr-Sicherheit-fuer-Remote-Zugaenge-11310015.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Systemverwaltung #Containerisierung #IT #OpenSource #RemoteAccess #Security #SSH #news

XPipe 23.0: Mehr Sicherheit für Remote-Zugänge

XPipe 23.0 erweitert die Verwaltung von Remote-Zugängen: Neu sind SSH-Zertifikate, Proxy-Support und ein Tab-System für RDP- und VNC-Sitzungen.

https://www.heise.de/news/XPipe-23-0-Mehr-Sicherheit-fuer-Remote-Zugaenge-11310015.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Systemverwaltung #Containerisierung #IT #OpenSource #RemoteAccess #Security #SSH #news

XPipe 23.0: Mehr Sicherheit für Remote-Zugänge

XPipe 23.0 erweitert die Verwaltung von Remote-Zugängen: Neu sind SSH-Zertifikate, Proxy-Support und ein Tab-System für RDP- und VNC-Sitzungen.

https://www.heise.de/news/XPipe-23-0-Mehr-Sicherheit-fuer-Remote-Zugaenge-11310015.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Systemverwaltung #Containerisierung #IT #OpenSource #RemoteAccess #Security #SSH #news

XPipe 23.0: Mehr Sicherheit für Remote-Zugänge

XPipe 23.0 erweitert die Verwaltung von Remote-Zugängen: Neu sind SSH-Zertifikate, Proxy-Support und ein Tab-System für RDP- und VNC-Sitzungen.

https://www.heise.de/news/XPipe-23-0-Mehr-Sicherheit-fuer-Remote-Zugaenge-11310015.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Systemverwaltung #Containerisierung #IT #OpenSource #RemoteAccess #Security #SSH #news

I have secured my home access a bit more.

I now run a Wireguard VPN-server inside an Incus container.

The container has two interfaces.
One on my LAN and one only shared with the host via Incus.

The host runs a ssh-server that only binds to the interface shared with the container.

So the only access to my ssh-server is through the VPN.

The VPN is configured with a PSK to be more resistant against post quantum encryption.

My ssh-server only accepts key-authentication and post quantum KEX.

#Linux #SSH #VPN #Wireguard #Security #SelfHosting #Incus

I have secured my home access a bit more.

I now run a Wireguard VPN-server inside an Incus container.

The container has two interfaces.
One on my LAN and one only shared with the host via Incus.

The host runs a ssh-server that only binds to the interface shared with the container.

So the only access to my ssh-server is through the VPN.

The VPN is configured with a PSK to be more resistant against post quantum encryption.

My ssh-server only accepts key-authentication and post quantum KEX.

#Linux #SSH #VPN #Wireguard #Security #SelfHosting #Incus

I have secured my home access a bit more.

I now run a Wireguard VPN-server inside an Incus container.

The container has two interfaces.
One on my LAN and one only shared with the host via Incus.

The host runs a ssh-server that only binds to the interface shared with the container.

So the only access to my ssh-server is through the VPN.

The VPN is configured with a PSK to be more resistant against post quantum encryption.

My ssh-server only accepts key-authentication and post quantum KEX.

#Linux #SSH #VPN #Wireguard #Security #SelfHosting #Incus

I have secured my home access a bit more.

I now run a Wireguard VPN-server inside an Incus container.

The container has two interfaces.
One on my LAN and one only shared with the host via Incus.

The host runs a ssh-server that only binds to the interface shared with the container.

So the only access to my ssh-server is through the VPN.

The VPN is configured with a PSK to be more resistant against post quantum encryption.

My ssh-server only accepts key-authentication and post quantum KEX.

#Linux #SSH #VPN #Wireguard #Security #SelfHosting #Incus

I have secured my home access a bit more.

I now run a Wireguard VPN-server inside an Incus container.

The container has two interfaces.
One on my LAN and one only shared with the host via Incus.

The host runs a ssh-server that only binds to the interface shared with the container.

So the only access to my ssh-server is through the VPN.

The VPN is configured with a PSK to be more resistant against post quantum encryption.

My ssh-server only accepts key-authentication and post quantum KEX.

#Linux #SSH #VPN #Wireguard #Security #SelfHosting #Incus

I created a presentation and a Docker-based hands-on lab in which you can learn how SSH works, how it can be attacked and how to protect it: https://sshlabs.compass-security.training/ #security #infosec #network #ssh #openssh #pentest

I created a presentation and a Docker-based hands-on lab in which you can learn how SSH works, how it can be attacked and how to protect it: https://sshlabs.compass-security.training/ #security #infosec #network #ssh #openssh #pentest

I created a presentation and a Docker-based hands-on lab in which you can learn how SSH works, how it can be attacked and how to protect it: https://sshlabs.compass-security.training/ #security #infosec #network #ssh #openssh #pentest

I created a presentation and a Docker-based hands-on lab in which you can learn how SSH works, how it can be attacked and how to protect it: https://sshlabs.compass-security.training/ #security #infosec #network #ssh #openssh #pentest

I created a presentation and a Docker-based hands-on lab in which you can learn how SSH works, how it can be attacked and how to protect it: https://sshlabs.compass-security.training/ #security #infosec #network #ssh #openssh #pentest

Почему порты стали «дверями» в сервер, и кто решил, что SSH будет 22

В 1995 году Тату Илонен написал письмо длиной с пост на Хабре и бесплатно получил номер ssh -p 22 user@host, который теперь знает каждый сисадмин. Но до этого порты были однонаправленными, чётные номера считались ненужными, а половина слотов вообще пустовала. О том, как порты стали «дверями» в сервер и что останется от них через десять лет, рассказал в статье. Читать

https://habr.com/ru/companies/ruvds/articles/1038826/

#SSH #Linux_kernel #NAT #Nmap #BSD #RFC #DevOps #сетевые_технологии #tcp #ruvds_статьи

Почему порты стали «дверями» в сервер, и кто решил, что SSH будет 22

В 1995 году Тату Илонен написал письмо длиной с пост на Хабре и бесплатно получил номер ssh -p 22 user@host, который теперь знает каждый сисадмин. Но до этого порты были однонаправленными, чётные номера считались ненужными, а половина слотов вообще пустовала. О том, как порты стали «дверями» в сервер и что останется от них через десять лет, рассказал в статье. Читать

https://habr.com/ru/companies/ruvds/articles/1038826/

#SSH #Linux_kernel #NAT #Nmap #BSD #RFC #DevOps #сетевые_технологии #tcp #ruvds_статьи

Почему порты стали «дверями» в сервер, и кто решил, что SSH будет 22

В 1995 году Тату Илонен написал письмо длиной с пост на Хабре и бесплатно получил номер ssh -p 22 user@host, который теперь знает каждый сисадмин. Но до этого порты были однонаправленными, чётные номера считались ненужными, а половина слотов вообще пустовала. О том, как порты стали «дверями» в сервер и что останется от них через десять лет, рассказал в статье. Читать

https://habr.com/ru/companies/ruvds/articles/1038826/

#SSH #Linux_kernel #NAT #Nmap #BSD #RFC #DevOps #сетевые_технологии #tcp #ruvds_статьи

Почему порты стали «дверями» в сервер, и кто решил, что SSH будет 22

В 1995 году Тату Илонен написал письмо длиной с пост на Хабре и бесплатно получил номер ssh -p 22 user@host, который теперь знает каждый сисадмин. Но до этого порты были однонаправленными, чётные номера считались ненужными, а половина слотов вообще пустовала. О том, как порты стали «дверями» в сервер и что останется от них через десять лет, рассказал в статье. Читать

https://habr.com/ru/companies/ruvds/articles/1038826/

#SSH #Linux_kernel #NAT #Nmap #BSD #RFC #DevOps #сетевые_технологии #tcp #ruvds_статьи

iPad как инструмент разработчика в эпоху агентного программирования

Ещё несколько лет назад разговоры об iPad как полноценном инструменте разработчика воспринимались скептически. Машинка для Netflix, блокнот для набросков, планшет для презентаций — но только не рабочая среда для написания и деплоя кода. У этого скептицизма были основания: iPadOS долго не имела нормальной многозадачности, инструментов для работы с серверами почти не существовало, а необходимость постоянно переключаться между приложениями делала любой серьёзный рабочий процесс мучительным. Сегодня картина изменилась кардинально, и сразу по двум причинам, которые усиливают друг друга.

https://habr.com/ru/articles/1039526/

#iPad #iPadOS #SSH #Git #DevOps #iOS_разработка #агентный_ИИ #Claude_Code #мобильная_разработка #Stage_Manager

iPad как инструмент разработчика в эпоху агентного программирования

Ещё несколько лет назад разговоры об iPad как полноценном инструменте разработчика воспринимались скептически. Машинка для Netflix, блокнот для набросков, планшет для презентаций — но только не рабочая среда для написания и деплоя кода. У этого скептицизма были основания: iPadOS долго не имела нормальной многозадачности, инструментов для работы с серверами почти не существовало, а необходимость постоянно переключаться между приложениями делала любой серьёзный рабочий процесс мучительным. Сегодня картина изменилась кардинально, и сразу по двум причинам, которые усиливают друг друга.

https://habr.com/ru/articles/1039526/

#iPad #iPadOS #SSH #Git #DevOps #iOS_разработка #агентный_ИИ #Claude_Code #мобильная_разработка #Stage_Manager

iPad как инструмент разработчика в эпоху агентного программирования

Ещё несколько лет назад разговоры об iPad как полноценном инструменте разработчика воспринимались скептически. Машинка для Netflix, блокнот для набросков, планшет для презентаций — но только не рабочая среда для написания и деплоя кода. У этого скептицизма были основания: iPadOS долго не имела нормальной многозадачности, инструментов для работы с серверами почти не существовало, а необходимость постоянно переключаться между приложениями делала любой серьёзный рабочий процесс мучительным. Сегодня картина изменилась кардинально, и сразу по двум причинам, которые усиливают друг друга.

https://habr.com/ru/articles/1039526/

#iPad #iPadOS #SSH #Git #DevOps #iOS_разработка #агентный_ИИ #Claude_Code #мобильная_разработка #Stage_Manager

iPad как инструмент разработчика в эпоху агентного программирования

Ещё несколько лет назад разговоры об iPad как полноценном инструменте разработчика воспринимались скептически. Машинка для Netflix, блокнот для набросков, планшет для презентаций — но только не рабочая среда для написания и деплоя кода. У этого скептицизма были основания: iPadOS долго не имела нормальной многозадачности, инструментов для работы с серверами почти не существовало, а необходимость постоянно переключаться между приложениями делала любой серьёзный рабочий процесс мучительным. Сегодня картина изменилась кардинально, и сразу по двум причинам, которые усиливают друг друга.

https://habr.com/ru/articles/1039526/

#iPad #iPadOS #SSH #Git #DevOps #iOS_разработка #агентный_ИИ #Claude_Code #мобильная_разработка #Stage_Manager

Copying Remote Command Output to Your macOS Clipboard

A small trick to copy command output from a remote ssh session directly into the local macOS clipboard, using OSC 52 and a tiny shell script.

https://it-notes.dragas.net/2026/05/26/copying-remote-command-output-to-your-macos-clipboard/

#ITNotes #macOS #Mac #Apple #shell #ssh #Linux #FreeBSD #NetBSD #OpenBSD #illumos #Terminal #Clipboard

Copying Remote Command Output to Your macOS Clipboard

A small trick to copy command output from a remote ssh session directly into the local macOS clipboard, using OSC 52 and a tiny shell script.

https://it-notes.dragas.net/2026/05/26/copying-remote-command-output-to-your-macos-clipboard/

#ITNotes #macOS #Mac #Apple #shell #ssh #Linux #FreeBSD #NetBSD #OpenBSD #illumos #Terminal #Clipboard

Copying Remote Command Output to Your macOS Clipboard

A small trick to copy command output from a remote ssh session directly into the local macOS clipboard, using OSC 52 and a tiny shell script.

https://it-notes.dragas.net/2026/05/26/copying-remote-command-output-to-your-macos-clipboard/

#ITNotes #macOS #Mac #Apple #shell #ssh #Linux #FreeBSD #NetBSD #OpenBSD #illumos #Terminal #Clipboard

Copying Remote Command Output to Your macOS Clipboard

A small trick to copy command output from a remote ssh session directly into the local macOS clipboard, using OSC 52 and a tiny shell script.

https://it-notes.dragas.net/2026/05/26/copying-remote-command-output-to-your-macos-clipboard/

#ITNotes #macOS #Mac #Apple #shell #ssh #Linux #FreeBSD #NetBSD #OpenBSD #illumos #Terminal #Clipboard

Copying Remote Command Output to Your macOS Clipboard

A small trick to copy command output from a remote ssh session directly into the local macOS clipboard, using OSC 52 and a tiny shell script.

https://it-notes.dragas.net/2026/05/26/copying-remote-command-output-to-your-macos-clipboard/

#ITNotes #macOS #Mac #Apple #shell #ssh #Linux #FreeBSD #NetBSD #OpenBSD #illumos #Terminal #Clipboard

https://www.europesays.com/at/179243/ Android 17 und iOS 26.5: KI-Phishing, Trojaner und Quishing – Hersteller kontern #AI #Android #ARTIFICIALINTELLIGENCE #AT #Austria #Cyberkriminalität #identität #iOS #KI #kryptografie #KünstlicheIntelligenz #Österreich #Passkeys #Phishing #QrCode #Science #Science&Technology #Sicherheit #Smartphone #SSH #Technik #Technology #Tls #Trojaner #VPN #Wissenschaft #Wissenschaft&Technik

#PuTTY 0.84 has been released ( #SSH / #SerialPort / #RS232 / #Telnet ) https://chiark.greenend.org.uk/~sgtatham/putty

#PuTTY 0.84 has been released ( #SSH / #SerialPort / #RS232 / #Telnet ) https://chiark.greenend.org.uk/~sgtatham/putty

#PuTTY 0.84 has been released ( #SSH / #SerialPort / #RS232 / #Telnet ) https://chiark.greenend.org.uk/~sgtatham/putty

#PuTTY 0.84 has been released ( #SSH / #SerialPort / #RS232 / #Telnet ) https://chiark.greenend.org.uk/~sgtatham/putty

I always remap my sshd daemon to listen to a non-standard port, to reduce a lot of noise. Which has worked fine for years. But every now and then there are attempts. All the #Linux kernel flaws found lately has made remote login attempts more interesting for attackers. And they scan much more broadly now than just port 22.

And that's why my second line of defence is to disallow remote root login - and also make use of the AllowGroups feature in sshd_config. Users granted remote access must be member of a specific group. And root is also excluded from this group.

That pays off these days. And this is a nice filter match for #fail2ban and similar tools

https://termbin.com/0cf6

I have 293 login attempts on "random users" since May 21. And 259 attempts as root.

#infosec #ssh #sshd #systemhardening #kernel

I always remap my sshd daemon to listen to a non-standard port, to reduce a lot of noise. Which has worked fine for years. But every now and then there are attempts. All the #Linux kernel flaws found lately has made remote login attempts more interesting for attackers. And they scan much more broadly now than just port 22.

And that's why my second line of defence is to disallow remote root login - and also make use of the AllowGroups feature in sshd_config. Users granted remote access must be member of a specific group. And root is also excluded from this group.

That pays off these days. And this is a nice filter match for #fail2ban and similar tools

https://termbin.com/0cf6

I have 293 login attempts on "random users" since May 21. And 259 attempts as root.

#infosec #ssh #sshd #systemhardening #kernel

I always remap my sshd daemon to listen to a non-standard port, to reduce a lot of noise. Which has worked fine for years. But every now and then there are attempts. All the #Linux kernel flaws found lately has made remote login attempts more interesting for attackers. And they scan much more broadly now than just port 22.

And that's why my second line of defence is to disallow remote root login - and also make use of the AllowGroups feature in sshd_config. Users granted remote access must be member of a specific group. And root is also excluded from this group.

That pays off these days. And this is a nice filter match for #fail2ban and similar tools

https://termbin.com/0cf6

I have 293 login attempts on "random users" since May 21. And 259 attempts as root.

#infosec #ssh #sshd #systemhardening #kernel

I always remap my sshd daemon to listen to a non-standard port, to reduce a lot of noise. Which has worked fine for years. But every now and then there are attempts. All the #Linux kernel flaws found lately has made remote login attempts more interesting for attackers. And they scan much more broadly now than just port 22.

And that's why my second line of defence is to disallow remote root login - and also make use of the AllowGroups feature in sshd_config. Users granted remote access must be member of a specific group. And root is also excluded from this group.

That pays off these days. And this is a nice filter match for #fail2ban and similar tools

https://termbin.com/0cf6

I have 293 login attempts on "random users" since May 21. And 259 attempts as root.

#infosec #ssh #sshd #systemhardening #kernel

I always remap my sshd daemon to listen to a non-standard port, to reduce a lot of noise. Which has worked fine for years. But every now and then there are attempts. All the #Linux kernel flaws found lately has made remote login attempts more interesting for attackers. And they scan much more broadly now than just port 22.

And that's why my second line of defence is to disallow remote root login - and also make use of the AllowGroups feature in sshd_config. Users granted remote access must be member of a specific group. And root is also excluded from this group.

That pays off these days. And this is a nice filter match for #fail2ban and similar tools

https://termbin.com/0cf6

I have 293 login attempts on "random users" since May 21. And 259 attempts as root.

#infosec #ssh #sshd #systemhardening #kernel

oh, somebot is in trouble:

May 25 13:26:54 skapet sshd-session[30936]: Failed password for invalid user Can't open exe from 2a02:4780:10:8ba4::1 port 34842 ssh2
May 25 13:26:56 skapet sshd-session[92221]: Failed password for invalid user Can't open exe from 2a02:4780:10:8ba4::1 port 34856 ssh2

#ssh #sshgropers #passwordgroping #passwordguessing #bots #botnets #cybercrime

oh, somebot is in trouble:

May 25 13:26:54 skapet sshd-session[30936]: Failed password for invalid user Can't open exe from 2a02:4780:10:8ba4::1 port 34842 ssh2
May 25 13:26:56 skapet sshd-session[92221]: Failed password for invalid user Can't open exe from 2a02:4780:10:8ba4::1 port 34856 ssh2

#ssh #sshgropers #passwordgroping #passwordguessing #bots #botnets #cybercrime

oh, somebot is in trouble:

May 25 13:26:54 skapet sshd-session[30936]: Failed password for invalid user Can't open exe from 2a02:4780:10:8ba4::1 port 34842 ssh2
May 25 13:26:56 skapet sshd-session[92221]: Failed password for invalid user Can't open exe from 2a02:4780:10:8ba4::1 port 34856 ssh2

#ssh #sshgropers #passwordgroping #passwordguessing #bots #botnets #cybercrime

oh, somebot is in trouble:

May 25 13:26:54 skapet sshd-session[30936]: Failed password for invalid user Can't open exe from 2a02:4780:10:8ba4::1 port 34842 ssh2
May 25 13:26:56 skapet sshd-session[92221]: Failed password for invalid user Can't open exe from 2a02:4780:10:8ba4::1 port 34856 ssh2

#ssh #sshgropers #passwordgroping #passwordguessing #bots #botnets #cybercrime

oh, somebot is in trouble:

May 25 13:26:54 skapet sshd-session[30936]: Failed password for invalid user Can't open exe from 2a02:4780:10:8ba4::1 port 34842 ssh2
May 25 13:26:56 skapet sshd-session[92221]: Failed password for invalid user Can't open exe from 2a02:4780:10:8ba4::1 port 34856 ssh2

#ssh #sshgropers #passwordgroping #passwordguessing #bots #botnets #cybercrime

From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence

A sophisticated multi-stage intrusion began with the compromise of an internet-facing F5 BIG-IP load balancer running an end-of-life version. The threat actor established SSH access to a Linux server using privileged credentials, then conducted extensive reconnaissance including network scanning with Nmap and service enumeration with gowitness. Following horizontal and vertical scanning operations, the actor identified and compromised an unpatched internal Atlassian Confluence server via remote code execution. Credentials extracted from Confluence configuration files were subsequently used to attempt Kerberos relay attacks against Active Directory infrastructure and exploit CVE-2025-33073. The incident demonstrates how edge device compromises enable lateral movement across hybrid environments, bypassing traditional security controls through trusted relationships and exploiting insufficient monitoring of non-Windows systems and internal applications.

Pulse ID: 6a10949191ce7d3c3f2f8105
Pulse Link: https://otx.alienvault.com/pulse/6a10949191ce7d3c3f2f8105
Pulse Author: AlienVault
Created: 2026-05-22 17:38:25

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Atlassian #Confluence #CyberSecurity #Edge #InfoSec #Linux #OTX #OpenThreatExchange #RAT #RemoteCodeExecution #Rust #SSH #Windows #bot #AlienVault

From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence

A sophisticated multi-stage intrusion began with the compromise of an internet-facing F5 BIG-IP load balancer running an end-of-life version. The threat actor established SSH access to a Linux server using privileged credentials, then conducted extensive reconnaissance including network scanning with Nmap and service enumeration with gowitness. Following horizontal and vertical scanning operations, the actor identified and compromised an unpatched internal Atlassian Confluence server via remote code execution. Credentials extracted from Confluence configuration files were subsequently used to attempt Kerberos relay attacks against Active Directory infrastructure and exploit CVE-2025-33073. The incident demonstrates how edge device compromises enable lateral movement across hybrid environments, bypassing traditional security controls through trusted relationships and exploiting insufficient monitoring of non-Windows systems and internal applications.

Pulse ID: 6a10949191ce7d3c3f2f8105
Pulse Link: https://otx.alienvault.com/pulse/6a10949191ce7d3c3f2f8105
Pulse Author: AlienVault
Created: 2026-05-22 17:38:25

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Atlassian #Confluence #CyberSecurity #Edge #InfoSec #Linux #OTX #OpenThreatExchange #RAT #RemoteCodeExecution #Rust #SSH #Windows #bot #AlienVault