Tom Sellers

@[email protected]
647 Followers
124 Following
57 Posts

Security geek, packet abuser
Research Eng at
@runZeroInc

http://LinkedIn.com/in/tomsellers
http://fadedlab.wordpress.com he/him/they/goofball

GitHubhttps://github.com/TomSellers
Bloghttps://fadedcode.net/
Tom Sellers7h ago
GreyNoise7h ago

NEW: GreyNoise At The Edge Intel Brief (March 23-30)

187,998,900 sessions from 100 top source IPs observed by GreyNoise sensors between March 23-30, 2026. Daily volumes surged 4x mid-week — from 8.5M to 36.6M in 72 hours.

1. VPSVAULT IoT botnet recruitment across 22 CVEs — 3,347,443 sessions from 4 Brazilian IPs targeting Hikvision, MikroTik, TP-Link, D-Link devices. Includes CVE-2026-24061, now on CISA KEV.

2. VisionHeight fleet of 6 AWS IPs generated 5,892,055 sessions mapping enterprise perimeters across Palo Alto, Sophos, Ivanti, Citrix, F5, and ConnectWise — probing CVE-2024-1709 (CVSS 10.0).

3. React/Next.js exploit chaining (CVE-2025-55182 + CVE-2025-29927) produced 1,338,336 sessions, with attackers spoofing GoogleBot user-agents to bypass detection.

4. At least 4 new scanning operations activated simultaneously mid-week, driving the sharp volume surge across the observation period.

Here's what we found: 🔗 https://www.greynoise.io/resources/at-the-edge-clear-033026

#ThreatIntel #CyberSecurity #InfoSec #GreyNoise

Tom Sellers7h ago
BleepingComputer8h ago

Cisco has suffered a cyberattack after threat actors used stolen credentials from the recent Trivy supply chain attack to breach its internal development environment and steal source code belonging to the company and its customers.

https://www.bleepingcomputer.com/news/security/cisco-source-code-stolen-in-trivy-linked-dev-environment-breach/

Cisco source code stolen in Trivy-linked dev environment breach

Cisco has suffered a cyberattack after threat actors used stolen credentials from the recent Trivy supply chain attack to breach its internal development environment and steal source code belonging to the company and its customers.

BleepingComputer
Tom Sellers8h ago
Kevin Beaumont10h ago

Oracle have laid off 30k employees today. They did it to personal email accounts at 6am 🫡 saying they needed the money to spend on GenAI instead. https://thenextweb.com/news/oracle-layoffs-march-2026

Oracle’s share price since they went GenAI nuts:

Tom Sellers1d ago

Defender 1: This appliance is running an ancient AF version, how is it not a smoking ruin at this point?

Defender 2: Well, it turns out that all of the attacker scanning tools use libraries that have disabled TLS before 1.0 and this appliance only supports SSL v3 sooo....

  • OpenSSL 1.1.1 sets the default min to TLS 1.0
  • Python 2.7 / 3.6 set the default min to TLS 1.0 but depend on the underlying crypto lib.
  • Go default min prior to 1.18 was TLS 1.0
  • curl default min was TLS 1.0 from curl 7.39.0 to 8.15.x
  • wget uses underlying lib

#Security #TLS

Tom Sellers4d ago
Micro SF/F by O. Westin4d ago

"Help me," the duke said. "My physicians can't say what ails me, but I've lost all pleasure in what I used to enjoy."

The witch examined him, and paused over his hand.

"Nice ring. It is new?"

"A recent gift from the king. Why? Is it cursed?"

It was made to dampen cruelty.

"No," said the witch.

#MicroFiction #TootFic #SmallStories

Tom Sellers5d ago
Ars Technica5d ago
Elon Musk loses big in court; X boycott perfectly legal
X admonished for "fishing expedition" as judge dismisses ad boycott lawsuit.
https://arstechnica.com/tech-policy/2026/03/elon-musk-loses-big-in-court-x-boycott-perfectly-legal/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social
Tom Sellers5d ago
Micro SF/F by O. Westin5d ago

"I grant you one wish," the magic fish said.

"To eat my mother's pancakes again, just like when I was a child."

"Are you sure?"

"You think it frivolous?"

"No. But to grant it I must send you back to the child you were, with no adult memories."

"Would my life change?"

"You ask that every time."

#TootFic #MicroFiction #SmallStories

Tom Sellers6d ago
GreyNoise6d ago

Last week, half of all new scanning IPs observed by GreyNoise geolocated to Hong Kong.

A quarter-million of them never completed a TCP handshake.

The ones that did were scanning MySQL, SSH, SMB, and RDP across 20+ countries.

One of these is the signal. The other is noise.
🔗 https://www.greynoise.io/blog/ghost-fleet-half-new-scanning-ips-geolocated-to-hong-kong

Tom Sellers6d ago
runZero, Inc6d ago

We’re kicking off #runZero Day at 9:45 AM PT!

We’ll be live in San Francisco, next door to #RSAC, with our hosts Tod Beardsley and Rob King.

The schedule includes expert insights from leading voices across the industry.

Don’t miss a minute as we discuss the shifting cybersecurity landscape and the trends defining our industry!

Watch it live: https://www.runzero.com/rsac-live-2026/

Tom Sellers6d ago

US Administration: We're having great and productive talks with the Iranian leadership.

Iranian leadership: lol, wut?

The common response to this is that one or both parties are lying.

My personal headcannon is that the US Admin got taken in by a 419 (Nigerian prince) scam.

"Hello Glorious President,

I a diplomat of the current Iranian regime. We would like to bow to your magnificence, surrender completely, and provide you with complete control of the Iran and billions of US dollers. Unfortunately to do this we will have to file a small "surrender" fee of 100 million US dollars. ....."

#snark