Looking to enhance your self-hosted setup with @traefik v3 and CrowdSec for automated threat blocking? 🛡️

Check out this step-by-step guide by community member Jonny5 covering:

✅ Traefik File Provider (Services/Routers/Middleware)
✅ CrowdSec Remediation Component (for automatic IP blocking)
✅ Parser Agent Config (to detect malicious traffic)
✅ Example Configs for Plex & Web Servers

Full guide 👉 https://nova-labs.net/setting-up-traefik-v3-with-file-provider-crowdsec-on-your-homelab/

#cybersecurity #selfhosted #Homelab #Traefik #CrowdSec

✨ Community spotlight time: @wazuh and #CrowdSec integration!

We recently shared an Ambassador’s deep dive into the Wazuh-CrowdSec integration and now we’re thrilled to highlight another awesome contributor: Zafer Balkan, who developed the file plugin and helped make this integration a reality. 💪

A huge shoutout to our incredible community members and Ambassadors for making CrowdSec stronger, smarter, and more resilient through their expertise. 💜

🛠️ Check out Zafer’s tutorial: https://www.crowdsec.net/blog/improving-observability-crowdsec-and-wazuh-integration

#Wazuh #opensource #cybersecurity #infosec

🎉 Join us for the CrowdSec June Community Office Hours!

🔎 This month’s focus: The CrowdSec WAF
📅 June 26th at 6 PM CEST

Come chat about CrowdSec, learn about the latest updates, or just hang out with the community. Everyone’s welcome!

📌 Register: https://app.livestorm.co/crowdsec/crowdsec-community-office-hours-june-session

#webinar #community #WAF #cybersecurity

Get 7 to 60 days ahead of #attacks. ⚡

⏳ When malicious IPs hit the internet, every second counts. 

#CrowdSec gives you the upper hand by identifying and blocking malicious IPs days to even weeks before any other vendor on the market. 

How? Our real-time #collaborative network of thousands of contributors feeds into our blocklists, resulting in early, accurate, and actionable #IP intelligence.

Learn more 👉 https://www.crowdsec.net/blocklists

🚨 SAP NetWeaver: Details on a Common Weaponization Timeline

As mentioned in the May CrowdSec VulnTracking report, #SAPNetWeaver (CVE-2025-31324) was a very interesting case study that highlighted the fact that mainstream malicious actors and legitimate security scanners depend on the same PoCs/write-ups to act. Let’s dive into the timeline and key findings.

🔑 Key findings
🔹 Early reports suggest that a select group of highly skilled attackers weaponized the vulnerability before its public disclosure, but mass exploitation began immediately after the exploit details surfaced.
🔹 Common scanning companies were flagged looking for this vulnerability. The first to take action by order of appearance were cert.pl, hadrian.io, and stretchoid, the latter one being still active today and accountable for most of the volume

ℹ️ About the exploit
A critical zero-day vulnerability (CVSS 10.0) was identified in SAP NetWeaver's Visual Composer component. This flaw allows unauthenticated attackers to upload arbitrary files via the /developmentserver/metadatauploader endpoint, leading to remote code execution with high privileges.

🔎 Trend analysis
🔹 First Publish Date (April 24, 2025): Vulnerability disclosed; no public exploits available.
🔹 CrowdSec Network Monitoring Begins (April 26, 2025): No public exploits exist yet, but we deployed a detection rule. Early probes came from advanced actors, 37% used new, disposable infrastructure, while 63% linked to known threats. Alert volume remains very low.
🔹 First Public Exploit (April 29, 2025): Scanning activity skyrockets, nearly 50x the original volume, as public exploits emerge. Both botnets and internet-wide scanners (“the usual suspects” and industry surface management providers) started intensive scanning. At this time, benign actors account for over 50% of scanning activity.
🔹 Following weeks: Slowly, malicious actors decrease in volume of exploitation as they move to other vulnerabilities. Only benign actors remain and account for 90% of the traffic volume.

✅ How to protect your systems
🔹 Patch: Apply SAP Security Note immediately.
🔹 Preemptive blocking: Stay protected in real-time with top-tier blocklists that you can plug in minutes into the most popular security solutions, such as Fortinet.
Sharing insights and taking swift action can collectively reduce the impact of these threats. This is your call to action for real-time threat intelligence and collaborative cybersecurity: https://www.crowdsec.net/integrations

For more information, visit crowdsec.net

Want to stay ahead of the latest cyber threats? Get our weekly Threat Alert Newsletter delivered straight to your inbox, along with critical threat updates and trending cybersecurity insights.

📩 Sign up now for exclusive access: https://contact.crowdsec.net/threat-alert

🔎 In May’s VulnTracking report, we take a deep dive into SAP NetWeaver (CVE-2025-31324).

What we discovered: When public exploits were released, bad actors (such as botnets) and legitimate security scanners surged simultaneously, proving both sides depend on the same PoCs/write-ups to act.

Currently, CrowdSec identifies more than 1,400 IPs exploiting this vulnerability. Read the report for the full analysis 👉 https://www.crowdsec.net/vulntracking-report/vulntracking-report-may-2025

Join us today at 4:30 PM CEST for a webinar on integrating @suricata and CrowdSec hosted by #CrowdSec Ambassador Flaviu Vlaicu! 🎉

In the meantime, you can read up and follow Flaviu’s written guide to help prepare for the live walkthrough this afternoon 👉 https://www.crowdsec.net/blog/crowdsec-and-suricata-integration

You haven’t registered for the webinar yet? You can sign up here: https://app.livestorm.co/crowdsec/proactive-defense-crowdsec-suricata

See you there 👋

Build a homelab that’s responsive and secure — with open source tools like @CrowdSec 🛡️😉

Check out this great talk by community member Jonny5, recorded at @_bsideskc last month 🎤
📺 https://youtube.com/watch?v=TZFNesWJbTc

#OpenSourceSecurity #CyberSecurity #InfoSec #BSidesKC2025 #Homelab #Community

Set up CrowdSec IPDEX on OPNsense to enhance threat detection, response, and intelligence gathering.

Follow this guide by CrowdSec Ambassador Flaviu to start running CrowdSec IPDEX, a simple CLI tool that gathers insights on IP addresses, on @opnsense, the open source FreeBSD-based firewall.

Get started 👉 https://vlaicu.io/posts/crowdsec-ipdex/

#opensource #opensourcesecurity #threatintelligence #firewall #cybersecurity

🚨 CVE-2025-3248: Renewed Interest in Langflow Remote Code Execution

ℹ️ About the exploit:
#Langflow is a widely used #opensource library for building AI agents, backed by corporate support from #Datastax (now #IBM). The tool provides a web-based, drag-and-drop interface for creating agentic workflows, making it particularly attractive to businesses, but also a high-value target for exploits. Given that such workflows often integrate with critical business databases and tools, security vulnerabilities in Langflow could have severe consequences.

This risk is not hypothetical. Langchain, another leading AI framework, has already been associated with over 30 CVEs, underscoring the security challenges in the fast-moving LLM development ecosystem.

The vulnerability in Langflow allowed unauthenticated attackers to execute arbitrary code on the host machine. Discovered and disclosed by Horizon3 in late February, the issue was patched in version 1.3, released at the end of March. Below is a detailed timeline of the discovery and remediation process.

🔎 Trend analysis:
🔹 Feb 25, 2025: The vulnerability is disclosed to DataStax by Horizon3.
🔹 Mar 5, 2025: DataStax fixes the vulnerability in the development branch.
🔹 Mar 31, 2025: Langflow 1.3.0 releases, containing a fix for CVE-2025-3248.
🔹 April 7, 2025: CVE-2025-3248 is published to the NVD.
🔹 April 9, 2025: The exploit is leaked to the public, and the CrowdSec Network starts tracking the exploit.
🔹 April 11-12, 2025: The CrowdSec Network observes a first wave of exploitation attempts by approximately 200 machines.
🔹 April 12 - May 14, 2025: Attackers disappear, with barely any attacks registered in the CrowdSec Network.
🔹 May 14 - 23, 2025: The CrowdSec Network observes a renewed, smaller wave of attacks, peaking out at around 100 involved machines.

✅ How to protect your systems:
🔹Patch: If you haven’t already, ensure your publicly exposed Langflow instance is updated with the latest patch.
🔹Preemptive blocking: Use Crowdsec CTI to block IPs exploiting CVE-2025-3248 👉 https://app.crowdsec.net/cti?q=cves%3ACVE-2025-3248
🔹Stay proactive: Install the Crowdsec Web Application Firewall to stay ahead of exploit attempts with 100+ virtual patching rules available 👉 https://app.crowdsec.net/cti?q=cves%3ACVE-2025-3248

Sharing insights and taking swift action can collectively reduce the impact of these threats. This is your call to action for real-time threat intelligence and #collaborative #cybersecurity 👉 http://crowdsec.net/