Ron Bowes
@iagox86.bsky.social
Principal Security Researcher at GreyNoise. https://skullsecurity.org
Mostly post about work stuff, maybe some improv stuff and maybe even magic some day. Seattle-based (originally Canadian), queer, cybersecurity nerd.
(He/him)
Mostly post about work stuff, maybe some improv stuff and maybe even magic some day. Seattle-based (originally Canadian), queer, cybersecurity nerd.
(He/him)
Reposted by Ron Bowes
London, we are headed your way THIS week! See you there!
Headed to BlackHat EU? 🇬🇧
Swing by the @corelight-inc.bsky.social + GreyNoise booth for a chat and then grab drinks with the team after the con on Wednesday, Dec 10th. Sign up today to reserve your spot!
Swing by the @corelight-inc.bsky.social + GreyNoise booth for a chat and then grab drinks with the team after the con on Wednesday, Dec 10th. Sign up today to reserve your spot!
GreyNoise - Happy Hour at BlackHat Europe
Had a full day at BlackHat? Come put your feet up with GreyNoise and Corelight for a laid-back evening with complimentary drinks, nibbles, and great conversations.
info.greynoise.io
December 8, 2025 at 4:14 PM
London, we are headed your way THIS week! See you there!
Reposted by Ron Bowes
Glad to see people talking about Penn Jillette. The 2024 interview was done by me. I found him to be a refreshingly reflective, self-critical individual who has remained curious and willing to evolve.
December 8, 2025 at 5:03 AM
Glad to see people talking about Penn Jillette. The 2024 interview was done by me. I found him to be a refreshingly reflective, self-critical individual who has remained curious and willing to evolve.
I've spent years building a habit of using Duolingo nightly, but I can't stand their attempts at making their app addictive.. I just want to skip this sorta thing and do my lessons
December 6, 2025 at 6:42 AM
I've spent years building a habit of using Duolingo nightly, but I can't stand their attempts at making their app addictive.. I just want to skip this sorta thing and do my lessons
It feels like all of the "year in review" things are LLM-generated this year and I hate it so much. Just text like "let's hit play on the story of your year!". Do others not notice how cheap it sounds?
December 6, 2025 at 2:10 AM
It feels like all of the "year in review" things are LLM-generated this year and I hate it so much. Just text like "let's hit play on the story of your year!". Do others not notice how cheap it sounds?
My advice to people in this situation is to be friendly and helpful, and at worst they'll ignore you (if they do and it's important, escalate through your/their manager if you're an employee)
In all the time I've been doing this, nobody had reacted poorly. Worst case is polite disinterest
In all the time I've been doing this, nobody had reacted poorly. Worst case is polite disinterest
first time having to notify admin abt a vulnerability kinda nervous 👉👈 i dont get paid enough for this our webservers still on php 7
December 5, 2025 at 4:49 PM
My advice to people in this situation is to be friendly and helpful, and at worst they'll ignore you (if they do and it's important, escalate through your/their manager if you're an employee)
In all the time I've been doing this, nobody had reacted poorly. Worst case is polite disinterest
In all the time I've been doing this, nobody had reacted poorly. Worst case is polite disinterest
Reposted by Ron Bowes
CVE-2025-55182 (React2Shell) attacks have begun.
We are seeing broad automated exploitation, PoE math probes, encoded PS stagers, and AMSI bypass attempts, with botnets already adding the vuln.
Patch fast. Watch your logs.
We are seeing broad automated exploitation, PoE math probes, encoded PS stagers, and AMSI bypass attempts, with botnets already adding the vuln.
Patch fast. Watch your logs.
CVE-2025-55182 (React2Shell) Opportunistic Exploitation In The Wild: What The GreyNoise Observation Grid Is Seeing So Far
GreyNoise is already seeing opportunistic, largely automated exploitation attempts consistent with the newly disclosed React Server Components (RSC) “Flight” protocol RCE—often referred to publicly as...
www.greynoise.io
December 5, 2025 at 3:09 PM
CVE-2025-55182 (React2Shell) attacks have begun.
We are seeing broad automated exploitation, PoE math probes, encoded PS stagers, and AMSI bypass attempts, with botnets already adding the vuln.
Patch fast. Watch your logs.
We are seeing broad automated exploitation, PoE math probes, encoded PS stagers, and AMSI bypass attempts, with botnets already adding the vuln.
Patch fast. Watch your logs.
Reposted by Ron Bowes
Palo + SonicWall campaign uncovered. We dug into a spike of GlobalProtect login attempts earlier this week and found something unexpected.
Full analysis: www.greynoise.io/blog/hidden-...
#Palo #SonicWall #Cybersecurity
Full analysis: www.greynoise.io/blog/hidden-...
#Palo #SonicWall #Cybersecurity
www.greynoise.io
December 4, 2025 at 10:31 PM
Palo + SonicWall campaign uncovered. We dug into a spike of GlobalProtect login attempts earlier this week and found something unexpected.
Full analysis: www.greynoise.io/blog/hidden-...
#Palo #SonicWall #Cybersecurity
Full analysis: www.greynoise.io/blog/hidden-...
#Palo #SonicWall #Cybersecurity
Reposted by Ron Bowes
Developer attempts to replicate "Liquid Glass" in CSS, and once finished realizes what she'd actually created is an exploit for a fundamental, previously unknown, and rather serious browser vulnerability
lyra.horse/blog/2025/12...
"CSS hack accidentally becomes regular hack"
lyra.horse/blog/2025/12...
"CSS hack accidentally becomes regular hack"
SVG Filters - Clickjacking 2.0
A novel and powerful twist on an old classic.
lyra.horse
December 5, 2025 at 2:03 AM
Developer attempts to replicate "Liquid Glass" in CSS, and once finished realizes what she'd actually created is an exploit for a fundamental, previously unknown, and rather serious browser vulnerability
lyra.horse/blog/2025/12...
"CSS hack accidentally becomes regular hack"
lyra.horse/blog/2025/12...
"CSS hack accidentally becomes regular hack"
Reposted by Ron Bowes
Ohhh! Look what just arrived in Seattle. 👀 The new Amtrak Cascades Playing Cards are here and are being stocked for sale on the trains right now! So exciting! Go get yours onboard. Then let me know when you find Bigfoot! #trains #playingcards #fun #bigfoot #pnw
December 3, 2025 at 9:51 PM
Ohhh! Look what just arrived in Seattle. 👀 The new Amtrak Cascades Playing Cards are here and are being stocked for sale on the trains right now! So exciting! Go get yours onboard. Then let me know when you find Bigfoot! #trains #playingcards #fun #bigfoot #pnw
Reposted by Ron Bowes
FUD sucks. The warnings around this React vuln are not FUD. Get those patch plans in motion cyberscoop.com/react-server...
Developers scramble as critical React flaw threatens major apps
The open-source code library is one of the most extensively used application frameworks. Wiz found vulnerable versions in around 39% of cloud environments.
cyberscoop.com
December 3, 2025 at 7:27 PM
FUD sucks. The warnings around this React vuln are not FUD. Get those patch plans in motion cyberscoop.com/react-server...
Does *anybody* want "most relevant" results first when searching small datasets (like emails)? It drives me crazy when things aren't in chronological order
December 3, 2025 at 6:15 PM
Does *anybody* want "most relevant" results first when searching small datasets (like emails)? It drives me crazy when things aren't in chronological order
Reposted by Ron Bowes
The holiday season brings travel, warm drinks, and... serving as the family IT help desk. Check it all out in November's NoiseLetter ❄️
NoiseLetter November 2025
Get GreyNoise updates! Read the November 2025 NoiseLetter for product news, key resources, the latest tags and vulnerabilities, and more.
www.greynoise.io
December 2, 2025 at 6:51 PM
The holiday season brings travel, warm drinks, and... serving as the family IT help desk. Check it all out in November's NoiseLetter ❄️
Reposted by Ron Bowes
December 1, 2025 at 7:42 PM
Reposted by Ron Bowes
Check out @hrbrmstr.dev's convo with @npr.org about the spike in inventive holiday cyber scams, from fake shipping alerts to bogus charity requests. ’Tis the season for scammers, so slow down, double-check links, + stay safe out there. 🎁🔒
Holiday cyber scams are getting more inventive
Hackers are hoping to take advantage of the holiday season, and they're not just stealing money or data.
www.npr.org
December 1, 2025 at 7:34 PM
Check out @hrbrmstr.dev's convo with @npr.org about the spike in inventive holiday cyber scams, from fake shipping alerts to bogus charity requests. ’Tis the season for scammers, so slow down, double-check links, + stay safe out there. 🎁🔒
Reposted by Ron Bowes
Today! Yes, on a Monday! The official release of SNAKE-EATER! www.amazon.com/dp/B0DW4KNLR...
Snake-Eater
Amazon.com: Snake-Eater eBook : Kingfisher, T.: Kindle Store
www.amazon.com
December 1, 2025 at 7:22 PM
Today! Yes, on a Monday! The official release of SNAKE-EATER! www.amazon.com/dp/B0DW4KNLR...
Reposted by Ron Bowes
This holiday season, run our IP Check at your family’s house, a free tool that answers a question we hear constantly: "How do I know if my home network has been compromised?"
www.greynoise.io/blog/your-ip...
www.greynoise.io/blog/your-ip...
Your IP Address Might Be Someone Else's Problem (And Here's How to Find Out)
Your home network might be part of someone else’s attack. GreyNoise IP Check shows if your IP’s been caught scanning the internet—free and private.
www.greynoise.io
November 25, 2025 at 8:25 PM
This holiday season, run our IP Check at your family’s house, a free tool that answers a question we hear constantly: "How do I know if my home network has been compromised?"
www.greynoise.io/blog/your-ip...
www.greynoise.io/blog/your-ip...
Reposted by Ron Bowes
We're going to be performing at the IMPROV BLOCK PARTY in Seattle! Come see us live on December 10!
www.eventbrite.com/e/improv-blo...
www.eventbrite.com/e/improv-blo...
Improv Block Party
Improv Block Party at Karoo Café Hosted by Janelle Bentley Get ready for a brand-new comedy event in the heart of downtown Seattle
www.eventbrite.com
November 24, 2025 at 11:39 PM
We're going to be performing at the IMPROV BLOCK PARTY in Seattle! Come see us live on December 10!
www.eventbrite.com/e/improv-blo...
www.eventbrite.com/e/improv-blo...
Reposted by Ron Bowes
CISA warns Oracle Identity Manager RCE flaw is being actively exploited #cybersecurity #hacking #news #infosec #security #technology #privacy
CISA warns Oracle Identity Manager RCE flaw is being actively exploited
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning government agencies to patch an Oracle Identity Manager tracked as CVE-2025-61757 that has been exploited in attacks, potentially as a zero-day.
www.bleepingcomputer.com
November 23, 2025 at 6:40 AM
CISA warns Oracle Identity Manager RCE flaw is being actively exploited #cybersecurity #hacking #news #infosec #security #technology #privacy
Reposted by Ron Bowes
Not sure who made this, but probably the most accurate representation of the current state of tech to date
November 20, 2025 at 10:59 PM
Not sure who made this, but probably the most accurate representation of the current state of tech to date
Reposted by Ron Bowes
We now have a (draft) @metasploit-r7.bsky.social exploit module for the recent Fortinet FortiWeb vulns, chaining CVE-2025-64446 (auth bypass) + CVE-2025-58034 (command injection) to achieve unauthenticated RCE with root privileges: github.com/rapid7/metas...
November 21, 2025 at 1:29 PM
We now have a (draft) @metasploit-r7.bsky.social exploit module for the recent Fortinet FortiWeb vulns, chaining CVE-2025-64446 (auth bypass) + CVE-2025-58034 (command injection) to achieve unauthenticated RCE with root privileges: github.com/rapid7/metas...
Reposted by Ron Bowes
Grok has been reprogrammed to say Musk is better than everyone at everything, including blowjobs, piss drinking, playing quarterback, conquering Europe, etc.
Elon Musk Could 'Drink Piss Better Than Any Human in History,' Grok Says
Grok has been reprogrammed to say Musk is better than everyone at everything, including blowjobs, piss drinking, playing quarterback, conquering Europe, etc.
www.404media.co
November 20, 2025 at 10:15 PM
Grok has been reprogrammed to say Musk is better than everyone at everything, including blowjobs, piss drinking, playing quarterback, conquering Europe, etc.
Who's in Montreal for #Suricon? I'm there speaking and representing @greynoise.io! Come say hi!
We also have a very limited special giveaway. Pro tip: if people ask me for it then I don't have to work to give them away, so if you want a cool prototype thing then just ask!
We also have a very limited special giveaway. Pro tip: if people ask me for it then I don't have to work to give them away, so if you want a cool prototype thing then just ask!
November 18, 2025 at 6:39 PM
Who's in Montreal for #Suricon? I'm there speaking and representing @greynoise.io! Come say hi!
We also have a very limited special giveaway. Pro tip: if people ask me for it then I don't have to work to give them away, so if you want a cool prototype thing then just ask!
We also have a very limited special giveaway. Pro tip: if people ask me for it then I don't have to work to give them away, so if you want a cool prototype thing then just ask!
Reposted by Ron Bowes
EU sanctioned Stark Industries in May. Leaked docs gave them 12 days warning.
Result: ASN shuffle, rebrand to THE.Hosting. Corporate shells changed, network behavior didn't.
We tracked it: AS44477→AS209847. Packets don't lie.
Result: ASN shuffle, rebrand to THE.Hosting. Corporate shells changed, network behavior didn't.
We tracked it: AS44477→AS209847. Packets don't lie.
The Stark Industries Shell Game - When Bulletproof Hosting Proves Bulletproof
EU sanctions hit Stark Industries in May 2025. GreyNoise data shows how the group quietly rebranded to THE.Hosting and kept its malicious infrastructure running.
www.greynoise.io
November 17, 2025 at 8:56 PM
EU sanctioned Stark Industries in May. Leaked docs gave them 12 days warning.
Result: ASN shuffle, rebrand to THE.Hosting. Corporate shells changed, network behavior didn't.
We tracked it: AS44477→AS209847. Packets don't lie.
Result: ASN shuffle, rebrand to THE.Hosting. Corporate shells changed, network behavior didn't.
We tracked it: AS44477→AS209847. Packets don't lie.
Reposted by Ron Bowes
Hey Canada, we're packed up + headed to #SuriCon25! 🇨🇦 Check out our booth and don't miss @ntkramer.bsky.social + @iagox86.bsky.social talk ...and if you happen to run into them or @hrbrmstr.dev around the con, they might have something special for you 🥧...
November 17, 2025 at 6:23 PM
Hey Canada, we're packed up + headed to #SuriCon25! 🇨🇦 Check out our booth and don't miss @ntkramer.bsky.social + @iagox86.bsky.social talk ...and if you happen to run into them or @hrbrmstr.dev around the con, they might have something special for you 🥧...