Ron Bowes

@iagox86@infosec.exchange
1.6K Followers
376 Following
1.6K Posts
Lead Security Researcher @ GreyNoise
Bloghttps://www.skullsecurity.org
GitHubhttps://github.com/iagox86
Twitterhttps://twitter.com/iagox86
Blueskyhttps://bsky.app/profile/iagox86.bsky.social
Ron Bowes1d ago
GreyNoise1d ago

VEGAS, WE ARE SO BACK! 🤘

https://info.greynoise.io/events/noisefest-blackhat-2025

GreyNoise - NoiseFest at BlackHat 2025

Join us for NoiseFest at BlackHat/DEFCON on Thursday, August 7th. Enjoy drinks, snacks, and engaging conversations with your peers. RSVP now!

Ron Bowes2d ago
Show threadcR0w 2d ago

More on the Langflow vuln ( CVE-2025-3248 ). In case you haven't followed it, it's hilarious. Literally rawdogging input to exec(). LMAO. People are going to keep trusting this shit.

Go hack more AI shit.

https://www.offsec.com/blog/cve-2025-3248/

#threatIntel

CVE-2025-3248 – Unauthenticated Remote Code Execution in Langflow via Insecure Python exec Usage

CVE-2025-3248 is a critical RCE vulnerability in Langflow that allows unauthenticated attackers to execute arbitrary Python code via unsanitized input to exec(). Learn how it works and how to protect your system.

OffSec
Show threadRon Bowes2d ago
@Viss @hrbrmstr neat!
Show threadRon Bowes2d ago
@Viss Y'know, we track so, so much abuse activity at GreyNoise. Funny that the attempts to fix it are so bad
Show threadRon Bowes2d ago
Sorry, I looked it up and Flame is 13 years old, not 20!
Ron Bowes2d ago
Of all things for Akamai to flag, it's hilarious that they're mad about a .sys file associated with 20yr old malware
Ron Bowes2d ago
GreyNoise2d ago

New GreyNoise Labs research: CVE-2025-4748

Our team demonstrates how path traversal via zip archives can be used to achieve file write and code execution against Erlang OTP environments, exploiting CVE-2025-4748. This technique leverages the zip:unzip function when untrusted zip files are extracted.

Read the full technical breakdown here: https://www.labs.greynoise.io/grimoire/2025-06-17-erlang-zip/

#Cybersecurity #ThreatIntel #GreyNoise #Erlang

Exploiting Erlang OTP with Zip files: CVE-2025-4748 – GreyNoise Labs

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation

GreyNoise Labs
Ron Bowes3d ago
Show threadcR0w 3d ago

The CVE lists the CVSS assessment as a sev:MED here.

sev:MED 5.3 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

A path traversal vulnerability exists in the file dropoff functionality of ZendTo versions 6.15-7 and prior. This could allow a remote, authenticated attacker to retrieve the files of other ZendTo users, retrieve files on the host system, or cause a denial of service.

Retrieving the files of other users does not seem like VC:L. And a DoS does not seem like VA:L. But IDK, I'm just a random crow on the Internet.

https://nvd.nist.gov/vuln/detail/CVE-2025-34508

NVD - CVE-2025-34508

Ron Bowes3d ago
GreyNoise3d ago

GreyNoise has observed exploit attempts targeting CVE-2023-28771 — an RCE vuln affecting Zyxel devices. Full analysis + malicious IPs

🔗https://www.greynoise.io/blog/exploit-attempts-targeting-zyxel-cve-2023-28771

#Cybersecurity #ThreatIntel #Vulnerabilities #GreyNoise

GreyNoise Observes Exploit Attempts Targeting Zyxel CVE-2023-28771

‍On June 16, GreyNoise observed exploit attempts targeting CVE-2023-28771 — a remote code execution vulnerability affecting Zyxel Internet Key Exchange (IKE) packet decoders over UDP port 500.

Ron Bowes4d ago
Suricata4d ago

Have interesting insights on Suricata?
Share them at #SuriCon2025! Join industry, open-source, academia, and research professionals passionate about Suricata and network threat hunting, apply today to talk at #SuriCon2025.

📣 There's still time! Submit your fabulous proposal today!

#Suricata #CallForTalks