Ron Bowes
@iagox86.bsky.social
Principal Security Researcher at GreyNoise. https://skullsecurity.org
Mostly post about work stuff, maybe some improv stuff and maybe even magic some day. Seattle-based (originally Canadian), queer, cybersecurity nerd.
(He/him)
Mostly post about work stuff, maybe some improv stuff and maybe even magic some day. Seattle-based (originally Canadian), queer, cybersecurity nerd.
(He/him)
Reposted by Ron Bowes
December 1, 2025 at 7:42 PM
Reposted by Ron Bowes
Check out @hrbrmstr.dev's convo with @npr.org about the spike in inventive holiday cyber scams, from fake shipping alerts to bogus charity requests. ’Tis the season for scammers, so slow down, double-check links, + stay safe out there. 🎁🔒
Holiday cyber scams are getting more inventive
Hackers are hoping to take advantage of the holiday season, and they're not just stealing money or data.
www.npr.org
December 1, 2025 at 7:34 PM
Check out @hrbrmstr.dev's convo with @npr.org about the spike in inventive holiday cyber scams, from fake shipping alerts to bogus charity requests. ’Tis the season for scammers, so slow down, double-check links, + stay safe out there. 🎁🔒
Reposted by Ron Bowes
Today! Yes, on a Monday! The official release of SNAKE-EATER! www.amazon.com/dp/B0DW4KNLR...
Snake-Eater
Amazon.com: Snake-Eater eBook : Kingfisher, T.: Kindle Store
www.amazon.com
December 1, 2025 at 7:22 PM
Today! Yes, on a Monday! The official release of SNAKE-EATER! www.amazon.com/dp/B0DW4KNLR...
Reposted by Ron Bowes
This holiday season, run our IP Check at your family’s house, a free tool that answers a question we hear constantly: "How do I know if my home network has been compromised?"
www.greynoise.io/blog/your-ip...
www.greynoise.io/blog/your-ip...
Your IP Address Might Be Someone Else's Problem (And Here's How to Find Out)
Your home network might be part of someone else’s attack. GreyNoise IP Check shows if your IP’s been caught scanning the internet—free and private.
www.greynoise.io
November 25, 2025 at 8:25 PM
This holiday season, run our IP Check at your family’s house, a free tool that answers a question we hear constantly: "How do I know if my home network has been compromised?"
www.greynoise.io/blog/your-ip...
www.greynoise.io/blog/your-ip...
Reposted by Ron Bowes
We're going to be performing at the IMPROV BLOCK PARTY in Seattle! Come see us live on December 10!
www.eventbrite.com/e/improv-blo...
www.eventbrite.com/e/improv-blo...
Improv Block Party
Improv Block Party at Karoo Café Hosted by Janelle Bentley Get ready for a brand-new comedy event in the heart of downtown Seattle
www.eventbrite.com
November 24, 2025 at 11:39 PM
We're going to be performing at the IMPROV BLOCK PARTY in Seattle! Come see us live on December 10!
www.eventbrite.com/e/improv-blo...
www.eventbrite.com/e/improv-blo...
Reposted by Ron Bowes
CISA warns Oracle Identity Manager RCE flaw is being actively exploited #cybersecurity #hacking #news #infosec #security #technology #privacy
CISA warns Oracle Identity Manager RCE flaw is being actively exploited
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning government agencies to patch an Oracle Identity Manager tracked as CVE-2025-61757 that has been exploited in attacks, potentially as a zero-day.
www.bleepingcomputer.com
November 23, 2025 at 6:40 AM
CISA warns Oracle Identity Manager RCE flaw is being actively exploited #cybersecurity #hacking #news #infosec #security #technology #privacy
Reposted by Ron Bowes
Not sure who made this, but probably the most accurate representation of the current state of tech to date
November 20, 2025 at 10:59 PM
Not sure who made this, but probably the most accurate representation of the current state of tech to date
Reposted by Ron Bowes
We now have a (draft) @metasploit-r7.bsky.social exploit module for the recent Fortinet FortiWeb vulns, chaining CVE-2025-64446 (auth bypass) + CVE-2025-58034 (command injection) to achieve unauthenticated RCE with root privileges: github.com/rapid7/metas...
November 21, 2025 at 1:29 PM
We now have a (draft) @metasploit-r7.bsky.social exploit module for the recent Fortinet FortiWeb vulns, chaining CVE-2025-64446 (auth bypass) + CVE-2025-58034 (command injection) to achieve unauthenticated RCE with root privileges: github.com/rapid7/metas...
Reposted by Ron Bowes
Grok has been reprogrammed to say Musk is better than everyone at everything, including blowjobs, piss drinking, playing quarterback, conquering Europe, etc.
Elon Musk Could 'Drink Piss Better Than Any Human in History,' Grok Says
Grok has been reprogrammed to say Musk is better than everyone at everything, including blowjobs, piss drinking, playing quarterback, conquering Europe, etc.
www.404media.co
November 20, 2025 at 10:15 PM
Grok has been reprogrammed to say Musk is better than everyone at everything, including blowjobs, piss drinking, playing quarterback, conquering Europe, etc.
Who's in Montreal for #Suricon? I'm there speaking and representing @greynoise.io! Come say hi!
We also have a very limited special giveaway. Pro tip: if people ask me for it then I don't have to work to give them away, so if you want a cool prototype thing then just ask!
We also have a very limited special giveaway. Pro tip: if people ask me for it then I don't have to work to give them away, so if you want a cool prototype thing then just ask!
November 18, 2025 at 6:39 PM
Who's in Montreal for #Suricon? I'm there speaking and representing @greynoise.io! Come say hi!
We also have a very limited special giveaway. Pro tip: if people ask me for it then I don't have to work to give them away, so if you want a cool prototype thing then just ask!
We also have a very limited special giveaway. Pro tip: if people ask me for it then I don't have to work to give them away, so if you want a cool prototype thing then just ask!
Reposted by Ron Bowes
EU sanctioned Stark Industries in May. Leaked docs gave them 12 days warning.
Result: ASN shuffle, rebrand to THE.Hosting. Corporate shells changed, network behavior didn't.
We tracked it: AS44477→AS209847. Packets don't lie.
Result: ASN shuffle, rebrand to THE.Hosting. Corporate shells changed, network behavior didn't.
We tracked it: AS44477→AS209847. Packets don't lie.
The Stark Industries Shell Game - When Bulletproof Hosting Proves Bulletproof
EU sanctions hit Stark Industries in May 2025. GreyNoise data shows how the group quietly rebranded to THE.Hosting and kept its malicious infrastructure running.
www.greynoise.io
November 17, 2025 at 8:56 PM
EU sanctioned Stark Industries in May. Leaked docs gave them 12 days warning.
Result: ASN shuffle, rebrand to THE.Hosting. Corporate shells changed, network behavior didn't.
We tracked it: AS44477→AS209847. Packets don't lie.
Result: ASN shuffle, rebrand to THE.Hosting. Corporate shells changed, network behavior didn't.
We tracked it: AS44477→AS209847. Packets don't lie.
Reposted by Ron Bowes
Hey Canada, we're packed up + headed to #SuriCon25! 🇨🇦 Check out our booth and don't miss @ntkramer.bsky.social + @iagox86.bsky.social talk ...and if you happen to run into them or @hrbrmstr.dev around the con, they might have something special for you 🥧...
November 17, 2025 at 6:23 PM
Hey Canada, we're packed up + headed to #SuriCon25! 🇨🇦 Check out our booth and don't miss @ntkramer.bsky.social + @iagox86.bsky.social talk ...and if you happen to run into them or @hrbrmstr.dev around the con, they might have something special for you 🥧...
Reposted by Ron Bowes
The emus are performing arcane summoning rituals in the backyard again.
(This seems particularly appropriate to share today, in response to @tkingfisher.com's recent D&D emu adventures)
(This seems particularly appropriate to share today, in response to @tkingfisher.com's recent D&D emu adventures)
May 6, 2025 at 4:46 PM
The emus are performing arcane summoning rituals in the backyard again.
(This seems particularly appropriate to share today, in response to @tkingfisher.com's recent D&D emu adventures)
(This seems particularly appropriate to share today, in response to @tkingfisher.com's recent D&D emu adventures)
Every week or so, the preview that is didn't ask for, don't use, and don't want expires.
After nearly 10 years, all I can think of is how much I miss the old Duolingo
After nearly 10 years, all I can think of is how much I miss the old Duolingo
November 14, 2025 at 5:25 AM
Every week or so, the preview that is didn't ask for, don't use, and don't want expires.
After nearly 10 years, all I can think of is how much I miss the old Duolingo
After nearly 10 years, all I can think of is how much I miss the old Duolingo
Reposted by Ron Bowes
🚨 GreyNoise for @microsoft.com Sentinel is here!
Filter out internet background noise automatically. Focus on real threats.
#MicrosoftSentinel #AppAssure
🔗 techcommunity.microsoft.com/blog/Microso...
Filter out internet background noise automatically. Focus on real threats.
#MicrosoftSentinel #AppAssure
🔗 techcommunity.microsoft.com/blog/Microso...
November 13, 2025 at 4:02 PM
🚨 GreyNoise for @microsoft.com Sentinel is here!
Filter out internet background noise automatically. Focus on real threats.
#MicrosoftSentinel #AppAssure
🔗 techcommunity.microsoft.com/blog/Microso...
Filter out internet background noise automatically. Focus on real threats.
#MicrosoftSentinel #AppAssure
🔗 techcommunity.microsoft.com/blog/Microso...
Reposted by Ron Bowes
For folks (and journalists) who want to search the Oversight Committee email texts, I made a database for searching the 20k text files:
splendorous-chaja-f79791.netlify.app
splendorous-chaja-f79791.netlify.app
Epstein Document Search
splendorous-chaja-f79791.netlify.app
November 13, 2025 at 1:12 AM
For folks (and journalists) who want to search the Oversight Committee email texts, I made a database for searching the 20k text files:
splendorous-chaja-f79791.netlify.app
splendorous-chaja-f79791.netlify.app
Reposted by Ron Bowes
The Jokers of Magic return in 2026 with dates in January and March! See tour dates and ticket links at…
The Jokers of Magic
Experience The Jokers of Magic live! Comedy magicians from America's Got Talent, Penn & Teller's Fool Us & SNL. Tour dates across the US in 2026.
www.jokersofmagic.com
November 12, 2025 at 10:54 AM
The Jokers of Magic return in 2026 with dates in January and March! See tour dates and ticket links at…
Marriott cancelled my Sonder booking (due to bankruptcy or something) and I'm having to jump through loops for a refund.. pretty sure this is what Chargebacks are for but that feels like the nuclear option
Also this means I have less than a week to re-book my stay in Montreal...
Also this means I have less than a week to re-book my stay in Montreal...
November 10, 2025 at 5:41 PM
Marriott cancelled my Sonder booking (due to bankruptcy or something) and I'm having to jump through loops for a refund.. pretty sure this is what Chargebacks are for but that feels like the nuclear option
Also this means I have less than a week to re-book my stay in Montreal...
Also this means I have less than a week to re-book my stay in Montreal...
Reposted by Ron Bowes
Reposted by Ron Bowes
@aminal_crossing on ig was banned for posting this
November 6, 2025 at 9:15 PM
@aminal_crossing on ig was banned for posting this
Reposted by Ron Bowes
We’ve launched At The Edge, a weekly brief for GreyNoise customers highlighting shifts in attacker behavior seen across the Global Observation Grid (GOG).
Human-led analysis that turns internet noise into insight defenders can act on.
#ThreatIntel #GreyNoise
Human-led analysis that turns internet noise into insight defenders can act on.
#ThreatIntel #GreyNoise
November 6, 2025 at 3:00 PM
We’ve launched At The Edge, a weekly brief for GreyNoise customers highlighting shifts in attacker behavior seen across the Global Observation Grid (GOG).
Human-led analysis that turns internet noise into insight defenders can act on.
#ThreatIntel #GreyNoise
Human-led analysis that turns internet noise into insight defenders can act on.
#ThreatIntel #GreyNoise
Reposted by Ron Bowes
We deployed MCP honeypots to understand how threat actors engage with AI middleware exposed to the internet. What we observed was unexpected. Full analysis ⬇️
#GreyNoise #AI #AISecurity #MCP #MCPSecurity #Cybersecurity #ThreatIntel
#GreyNoise #AI #AISecurity #MCP #MCPSecurity #Cybersecurity #ThreatIntel
What GreyNoise Learned from Deploying MCP Honeypots
GreyNoise deployed MCP honeypots to see what happens when AI middleware meets the open internet — revealing how attackers interact with this new layer of AI infrastructure.
www.greynoise.io
November 5, 2025 at 7:15 PM
We deployed MCP honeypots to understand how threat actors engage with AI middleware exposed to the internet. What we observed was unexpected. Full analysis ⬇️
#GreyNoise #AI #AISecurity #MCP #MCPSecurity #Cybersecurity #ThreatIntel
#GreyNoise #AI #AISecurity #MCP #MCPSecurity #Cybersecurity #ThreatIntel
Reposted by Ron Bowes
GreyNoise has observed a surge in PHP exploitation activity since late summer — now peaking as attackers deploy cryptominers at scale. Full analysis ⬇️ #GreyNoise #PHP #ThreatIntel
PHP Cryptomining Campaign: October/November 2025
From Aug–Oct 2025, GreyNoise observed a surge in exploitation attempts against PHP and PHP-based frameworks as attackers deployed cryptominers—driven by rising Bitcoin prices and higher mining payoffs...
www.greynoise.io
November 4, 2025 at 4:36 PM
GreyNoise has observed a surge in PHP exploitation activity since late summer — now peaking as attackers deploy cryptominers at scale. Full analysis ⬇️ #GreyNoise #PHP #ThreatIntel
Reposted by Ron Bowes
Headed to #FalConEurope2025 this week? Come by booth 45 and chat with the team. On Wednesday, continue the conversation at our joint happy hour with Cribl + NetBuilder from 7-?? at Nobu Barcelona, sign up today! ⬇️
GreyNoise - Dinner and Drinks at Fal.Con
Join GreyNoise, Cribl, and Netbuilder on Wednesday, 5 November, for dinner and drinks after a long day at Fal.Con Europe.
info.greynoise.io
November 3, 2025 at 6:40 PM
Headed to #FalConEurope2025 this week? Come by booth 45 and chat with the team. On Wednesday, continue the conversation at our joint happy hour with Cribl + NetBuilder from 7-?? at Nobu Barcelona, sign up today! ⬇️
Reposted by Ron Bowes
turned this on to highlight spam accounts and I’m learning a lot about who has insomnia and/or posts when they get up to pee in the middle of the night
bsky.app
November 2, 2025 at 7:18 PM
turned this on to highlight spam accounts and I’m learning a lot about who has insomnia and/or posts when they get up to pee in the middle of the night