CrowdSec
@crowdsec.bsky.social
Account run by Alpacas
CrowdSec is a CTI tool leveraging crowdsourced data to identify and block malevolent IPs in real time, worldwide.
Join our Discord: http://discord.gg/crowdsec
CrowdSec is a CTI tool leveraging crowdsourced data to identify and block malevolent IPs in real time, worldwide.
Join our Discord: http://discord.gg/crowdsec
🗓️ Save the date for this month’s Community Office Hours: Feb 26 at 5 PM CET
Join us for a focused session on CrowdSec Stack Health.
👉 Get all the details here: www.youtube.com/watch?v=oedE...
Join us for a focused session on CrowdSec Stack Health.
👉 Get all the details here: www.youtube.com/watch?v=oedE...
February 17, 2026 at 1:44 PM
🗓️ Save the date for this month’s Community Office Hours: Feb 26 at 5 PM CET
Join us for a focused session on CrowdSec Stack Health.
👉 Get all the details here: www.youtube.com/watch?v=oedE...
Join us for a focused session on CrowdSec Stack Health.
👉 Get all the details here: www.youtube.com/watch?v=oedE...
🚨 This week’s CrowdSec Threat Alert: CVE-2025-56520, an actively exploited SSRF vulnerability in Dify, is enabling reconnaissance and internal network probing across exposed AI platforms.
Learn more 👉 www.crowdsec.net/vulntracking...
Learn more 👉 www.crowdsec.net/vulntracking...
Dify Under Attack: Unfixed CVE-2025-56520 Exploited in the Wild
CVE-2025-56520 is actively exploited in Dify, exposing AI platforms to SSRF-driven reconnaissance, internal scanning, and potential credential theft.
www.crowdsec.net
February 16, 2026 at 2:17 PM
🚨 This week’s CrowdSec Threat Alert: CVE-2025-56520, an actively exploited SSRF vulnerability in Dify, is enabling reconnaissance and internal network probing across exposed AI platforms.
Learn more 👉 www.crowdsec.net/vulntracking...
Learn more 👉 www.crowdsec.net/vulntracking...
🎥 Missed our webinar with #Suricata? The replay is live!
CrowdSec CTO Thibault Koechlin breaks down the CrowdSec + Suricata integration, from parsing logs to blocking malicious IPs, with a live demo to show it in action.
👉 Watch now: www.youtube.com/watch?v=af_K...
CrowdSec CTO Thibault Koechlin breaks down the CrowdSec + Suricata integration, from parsing logs to blocking malicious IPs, with a live demo to show it in action.
👉 Watch now: www.youtube.com/watch?v=af_K...
CrowdSec Suricata Integration with Thibault Koechlin
YouTube video by OISF-Suricata
www.youtube.com
February 13, 2026 at 9:42 AM
🎥 Missed our webinar with #Suricata? The replay is live!
CrowdSec CTO Thibault Koechlin breaks down the CrowdSec + Suricata integration, from parsing logs to blocking malicious IPs, with a live demo to show it in action.
👉 Watch now: www.youtube.com/watch?v=af_K...
CrowdSec CTO Thibault Koechlin breaks down the CrowdSec + Suricata integration, from parsing logs to blocking malicious IPs, with a live demo to show it in action.
👉 Watch now: www.youtube.com/watch?v=af_K...
Web applications are a prime target for attackers, and the threat is only growing.
But what if you could block over 75% of malicious traffic before it even reaches your server, with just a few commands?
Learn more 👉 www.crowdsec.net/blog/strengt...
But what if you could block over 75% of malicious traffic before it even reaches your server, with just a few commands?
Learn more 👉 www.crowdsec.net/blog/strengt...
February 12, 2026 at 7:40 AM
Web applications are a prime target for attackers, and the threat is only growing.
But what if you could block over 75% of malicious traffic before it even reaches your server, with just a few commands?
Learn more 👉 www.crowdsec.net/blog/strengt...
But what if you could block over 75% of malicious traffic before it even reaches your server, with just a few commands?
Learn more 👉 www.crowdsec.net/blog/strengt...
Europe gets a boost in vulnerability intelligence! 🚀
db.gcve.eu is now live, an open, European-operated advisory database. CrowdSec complements it with real-world exploit data via our Live Exploit Tracker.
Defenders deserve actionable signals, not just scores.
👉 www.crowdsec.net/blog/crowdse...
db.gcve.eu is now live, an open, European-operated advisory database. CrowdSec complements it with real-world exploit data via our Live Exploit Tracker.
Defenders deserve actionable signals, not just scores.
👉 www.crowdsec.net/blog/crowdse...
February 11, 2026 at 9:00 AM
Europe gets a boost in vulnerability intelligence! 🚀
db.gcve.eu is now live, an open, European-operated advisory database. CrowdSec complements it with real-world exploit data via our Live Exploit Tracker.
Defenders deserve actionable signals, not just scores.
👉 www.crowdsec.net/blog/crowdse...
db.gcve.eu is now live, an open, European-operated advisory database. CrowdSec complements it with real-world exploit data via our Live Exploit Tracker.
Defenders deserve actionable signals, not just scores.
👉 www.crowdsec.net/blog/crowdse...
CrowdSec TCP protection helps MSPs & hosters stop mass attacks automatically, using shared threat intelligence, not manual rules.
Watch the full video here to learn more: www.youtube.com/watch?v=knoV...
Watch the full video here to learn more: www.youtube.com/watch?v=knoV...
February 10, 2026 at 9:38 AM
CrowdSec TCP protection helps MSPs & hosters stop mass attacks automatically, using shared threat intelligence, not manual rules.
Watch the full video here to learn more: www.youtube.com/watch?v=knoV...
Watch the full video here to learn more: www.youtube.com/watch?v=knoV...
🚨 This week’s CrowdSec Threat Alert: CVE-2026-1281, a pre-auth RCE in Ivanti EPMM, is actively exploited in the wild, putting Enterprise Mobile Management at risk worldwide.
Discover all the details in our latest article 👉 www.crowdsec.net/vulntracking...
Discover all the details in our latest article 👉 www.crowdsec.net/vulntracking...
CVE-2026-1281 in Ivanti EPMM: Confirmed In-the-Wild Exploitation
CVE-2026-1281 is an actively exploited RCE vulnerability in Ivanti EPMM. Learn how to detect, mitigate, and protect your infrastructure.
www.crowdsec.net
February 9, 2026 at 12:46 PM
🚨 This week’s CrowdSec Threat Alert: CVE-2026-1281, a pre-auth RCE in Ivanti EPMM, is actively exploited in the wild, putting Enterprise Mobile Management at risk worldwide.
Discover all the details in our latest article 👉 www.crowdsec.net/vulntracking...
Discover all the details in our latest article 👉 www.crowdsec.net/vulntracking...
⏳Secure your web apps in just 4 minutes!
Follow this tutorial & unlock its full potential:
✅ Traditional WAF protection enhanced with advanced CrowdSec behavioral detection
✅ Effortless virtual patching
✅ Full compatibility with your existing ModSecurity rules
🎥 www.youtube.com/watch?v=LyNf...
Follow this tutorial & unlock its full potential:
✅ Traditional WAF protection enhanced with advanced CrowdSec behavioral detection
✅ Effortless virtual patching
✅ Full compatibility with your existing ModSecurity rules
🎥 www.youtube.com/watch?v=LyNf...
Install the CrowdSec WAF in Just 4 Minutes
YouTube video by CrowdSec
www.youtube.com
February 6, 2026 at 9:29 AM
⏳Secure your web apps in just 4 minutes!
Follow this tutorial & unlock its full potential:
✅ Traditional WAF protection enhanced with advanced CrowdSec behavioral detection
✅ Effortless virtual patching
✅ Full compatibility with your existing ModSecurity rules
🎥 www.youtube.com/watch?v=LyNf...
Follow this tutorial & unlock its full potential:
✅ Traditional WAF protection enhanced with advanced CrowdSec behavioral detection
✅ Effortless virtual patching
✅ Full compatibility with your existing ModSecurity rules
🎥 www.youtube.com/watch?v=LyNf...
🎉Introducing Live Exploit Tracker, the latest addition to CrowdSec’s security arsenal.
L.E.T. delivers ground-truth threat intelligence based on real attacks observed across hundreds of thousands of production systems worldwide.
Learn more & get started today → www.crowdsec.net/blog/introdu...
L.E.T. delivers ground-truth threat intelligence based on real attacks observed across hundreds of thousands of production systems worldwide.
Learn more & get started today → www.crowdsec.net/blog/introdu...
February 5, 2026 at 9:41 AM
🎉Introducing Live Exploit Tracker, the latest addition to CrowdSec’s security arsenal.
L.E.T. delivers ground-truth threat intelligence based on real attacks observed across hundreds of thousands of production systems worldwide.
Learn more & get started today → www.crowdsec.net/blog/introdu...
L.E.T. delivers ground-truth threat intelligence based on real attacks observed across hundreds of thousands of production systems worldwide.
Learn more & get started today → www.crowdsec.net/blog/introdu...
It’s been a minute since we last shined a light on CrowdSec Academy, so here’s your reminder 👋
You can learn the fundamentals of cybersecurity and master CrowdSec’s open-source Security Engine, completely free.
🎓 Start learning now → academy.crowdsec.net/home
You can learn the fundamentals of cybersecurity and master CrowdSec’s open-source Security Engine, completely free.
🎓 Start learning now → academy.crowdsec.net/home
February 4, 2026 at 10:19 AM
It’s been a minute since we last shined a light on CrowdSec Academy, so here’s your reminder 👋
You can learn the fundamentals of cybersecurity and master CrowdSec’s open-source Security Engine, completely free.
🎓 Start learning now → academy.crowdsec.net/home
You can learn the fundamentals of cybersecurity and master CrowdSec’s open-source Security Engine, completely free.
🎓 Start learning now → academy.crowdsec.net/home
✨ The CrowdSec Console Premium free trial is now 30 days 📅, giving you more time to evaluate advanced features in real conditions properly.
Learn more → doc.crowdsec.net/u/console/pr...
Learn more → doc.crowdsec.net/u/console/pr...
February 3, 2026 at 11:53 AM
✨ The CrowdSec Console Premium free trial is now 30 days 📅, giving you more time to evaluate advanced features in real conditions properly.
Learn more → doc.crowdsec.net/u/console/pr...
Learn more → doc.crowdsec.net/u/console/pr...
🚨 This week’s CrowdSec Threat Alert article highlights CVE-2025-68645 (LFI) and CVE-2022-27926 (XSS), actively exploited in the wild against Zimbra Collaboration servers.
Explore attack details, threat trends, and mitigation steps in the article 👉 www.crowdsec.net/vulntracking...
Explore attack details, threat trends, and mitigation steps in the article 👉 www.crowdsec.net/vulntracking...
February 2, 2026 at 1:48 PM
🚨 This week’s CrowdSec Threat Alert article highlights CVE-2025-68645 (LFI) and CVE-2022-27926 (XSS), actively exploited in the wild against Zimbra Collaboration servers.
Explore attack details, threat trends, and mitigation steps in the article 👉 www.crowdsec.net/vulntracking...
Explore attack details, threat trends, and mitigation steps in the article 👉 www.crowdsec.net/vulntracking...
We’re proud to be included in the VulnCheck State of Exploitation 2026 report and recognized for CrowdSec’s growth as a leading source in first reporting KEVs throughout 2025.
Big thanks to @vulncheck.bsky.social for the recognition.
👉 Read the full article:
www.vulncheck.com/blog/state-o...
Big thanks to @vulncheck.bsky.social for the recognition.
👉 Read the full article:
www.vulncheck.com/blog/state-o...
January 30, 2026 at 9:39 AM
We’re proud to be included in the VulnCheck State of Exploitation 2026 report and recognized for CrowdSec’s growth as a leading source in first reporting KEVs throughout 2025.
Big thanks to @vulncheck.bsky.social for the recognition.
👉 Read the full article:
www.vulncheck.com/blog/state-o...
Big thanks to @vulncheck.bsky.social for the recognition.
👉 Read the full article:
www.vulncheck.com/blog/state-o...
Watch the full Open Source HAProxy-Native Security webinar replay over on YouTube: youtu.be/knoVkVg-8Ds
Dive into SPOA, SPOE, and SPOP, how they fit into the traffic flow, and how CrowdSec collects signals and enforces decisions using HAProxy’s native integrations.
Dive into SPOA, SPOE, and SPOP, how they fit into the traffic flow, and how CrowdSec collects signals and enforces decisions using HAProxy’s native integrations.
Open Source HAProxy-Native Security
YouTube video by CrowdSec
youtu.be
January 29, 2026 at 10:26 AM
Watch the full Open Source HAProxy-Native Security webinar replay over on YouTube: youtu.be/knoVkVg-8Ds
Dive into SPOA, SPOE, and SPOP, how they fit into the traffic flow, and how CrowdSec collects signals and enforces decisions using HAProxy’s native integrations.
Dive into SPOA, SPOE, and SPOP, how they fit into the traffic flow, and how CrowdSec collects signals and enforces decisions using HAProxy’s native integrations.
Many organizations rely on checklists, CVSS scores, or the belief that “good intentions” are enough. ⚠️ But attackers exploit the gaps these myths create.
Learn the 5 vulnerability myths putting your business at risk 👉 www.crowdsec.net/blog/5-commo...
#vulnerability #cybersecurity
Learn the 5 vulnerability myths putting your business at risk 👉 www.crowdsec.net/blog/5-commo...
#vulnerability #cybersecurity
January 28, 2026 at 10:39 AM
Many organizations rely on checklists, CVSS scores, or the belief that “good intentions” are enough. ⚠️ But attackers exploit the gaps these myths create.
Learn the 5 vulnerability myths putting your business at risk 👉 www.crowdsec.net/blog/5-commo...
#vulnerability #cybersecurity
Learn the 5 vulnerability myths putting your business at risk 👉 www.crowdsec.net/blog/5-commo...
#vulnerability #cybersecurity
⏰ We’re just a few hours away!
Join us today at 3 PM CET for our webinar with @Suricata
👉 Save your seat now: us02web.zoom.us/webinar/regi...
Join us today at 3 PM CET for our webinar with @Suricata
👉 Save your seat now: us02web.zoom.us/webinar/regi...
January 27, 2026 at 11:37 AM
⏰ We’re just a few hours away!
Join us today at 3 PM CET for our webinar with @Suricata
👉 Save your seat now: us02web.zoom.us/webinar/regi...
Join us today at 3 PM CET for our webinar with @Suricata
👉 Save your seat now: us02web.zoom.us/webinar/regi...
Reposted by CrowdSec
Did a write-up about how I use @crowdsec.bsky.social and @traefik.io to block IPs suspected of HTTP-based attacks: snorre.io/blog/2026-01...
The default http-probing scenario was a bit aggressive, so had to override that one. But otherwise it seems to be doing a fine job!
The default http-probing scenario was a bit aggressive, so had to override that one. But otherwise it seems to be doing a fine job!
Protecting Traefik proxy with CrowdSec
snorre.io
January 25, 2026 at 8:17 PM
Did a write-up about how I use @crowdsec.bsky.social and @traefik.io to block IPs suspected of HTTP-based attacks: snorre.io/blog/2026-01...
The default http-probing scenario was a bit aggressive, so had to override that one. But otherwise it seems to be doing a fine job!
The default http-probing scenario was a bit aggressive, so had to override that one. But otherwise it seems to be doing a fine job!
🚨 This week’s CrowdSec Threat Alert highlights CVE-2025-34291, a critical LangFlow RCE actively exploited in the wild.
👀 Security teams: patch your LangFlow instances and harden configurations to prevent account takeovers and full AI workflow compromise.
👉 www.crowdsec.net/vulntracking...
👀 Security teams: patch your LangFlow instances and harden configurations to prevent account takeovers and full AI workflow compromise.
👉 www.crowdsec.net/vulntracking...
CVE-2025-34291 Exploited in the Wild: LangFlow AI Framework Under Fire
CVE-2025-34291 is an actively exploited RCE vulnerability in LangFlow. Learn how to detect, mitigate, and protect your AI infrastructure.
www.crowdsec.net
January 26, 2026 at 2:48 PM
🚨 This week’s CrowdSec Threat Alert highlights CVE-2025-34291, a critical LangFlow RCE actively exploited in the wild.
👀 Security teams: patch your LangFlow instances and harden configurations to prevent account takeovers and full AI workflow compromise.
👉 www.crowdsec.net/vulntracking...
👀 Security teams: patch your LangFlow instances and harden configurations to prevent account takeovers and full AI workflow compromise.
👉 www.crowdsec.net/vulntracking...
Not all threat intelligence tells the same story.
🍯Honeypots show internet noise. Production telemetry shows what attackers actually do when real businesses are on the line.
Understanding the difference is the key to actionable security.
Learn more 👉 www.crowdsec.net/blog/honeypo...
🍯Honeypots show internet noise. Production telemetry shows what attackers actually do when real businesses are on the line.
Understanding the difference is the key to actionable security.
Learn more 👉 www.crowdsec.net/blog/honeypo...
January 23, 2026 at 11:29 AM
Not all threat intelligence tells the same story.
🍯Honeypots show internet noise. Production telemetry shows what attackers actually do when real businesses are on the line.
Understanding the difference is the key to actionable security.
Learn more 👉 www.crowdsec.net/blog/honeypo...
🍯Honeypots show internet noise. Production telemetry shows what attackers actually do when real businesses are on the line.
Understanding the difference is the key to actionable security.
Learn more 👉 www.crowdsec.net/blog/honeypo...
⏰ Only 1 hour to go! Join us for this month’s Office Hours webinar!
We’ll dive into SPOA, SPOE, and SPOP, exploring how they fit into traffic flow and how CrowdSec collects signals and enforces decisions using HAProxy’s native integrations.
📍 Live on YouTube: www.youtube.com/watch?v=QDdp...
We’ll dive into SPOA, SPOE, and SPOP, exploring how they fit into traffic flow and how CrowdSec collects signals and enforces decisions using HAProxy’s native integrations.
📍 Live on YouTube: www.youtube.com/watch?v=QDdp...
Community Office Hours: Open Source HAProxy-Native Security
YouTube video by CrowdSec
www.youtube.com
January 22, 2026 at 3:12 PM
⏰ Only 1 hour to go! Join us for this month’s Office Hours webinar!
We’ll dive into SPOA, SPOE, and SPOP, exploring how they fit into traffic flow and how CrowdSec collects signals and enforces decisions using HAProxy’s native integrations.
📍 Live on YouTube: www.youtube.com/watch?v=QDdp...
We’ll dive into SPOA, SPOE, and SPOP, exploring how they fit into traffic flow and how CrowdSec collects signals and enforces decisions using HAProxy’s native integrations.
📍 Live on YouTube: www.youtube.com/watch?v=QDdp...
📝 New article by a CrowdSec Ambassador, Killian Prin-Abeil!
In this deep dive, he breaks down #React2Shell (CVE-2025-55182), from how the #RCE works in #React Server Components to why Next.js apps are vulnerable by default.
👉Read it here: www.crowdsec.net/blog/react2s...
In this deep dive, he breaks down #React2Shell (CVE-2025-55182), from how the #RCE works in #React Server Components to why Next.js apps are vulnerable by default.
👉Read it here: www.crowdsec.net/blog/react2s...
January 21, 2026 at 10:42 AM
📝 New article by a CrowdSec Ambassador, Killian Prin-Abeil!
In this deep dive, he breaks down #React2Shell (CVE-2025-55182), from how the #RCE works in #React Server Components to why Next.js apps are vulnerable by default.
👉Read it here: www.crowdsec.net/blog/react2s...
In this deep dive, he breaks down #React2Shell (CVE-2025-55182), from how the #RCE works in #React Server Components to why Next.js apps are vulnerable by default.
👉Read it here: www.crowdsec.net/blog/react2s...
🎉 We’re excited for our upcoming webinar with #Suricata on January 27th at 3 PM CET!
👉 Save your seat: us02web.zoom.us/webinar/regi...
👉 Save your seat: us02web.zoom.us/webinar/regi...
January 20, 2026 at 10:26 AM
🎉 We’re excited for our upcoming webinar with #Suricata on January 27th at 3 PM CET!
👉 Save your seat: us02web.zoom.us/webinar/regi...
👉 Save your seat: us02web.zoom.us/webinar/regi...
🚨 This week’s CrowdSec Threat Alert article highlights CVE-2025-59287, a critical WSUS RCE being actively probed and exploited in real-world environments.
👉 Dive into the data, attack patterns, and mitigation steps in the full report: www.crowdsec.net/vulntracking...
#CVE #threatalert
👉 Dive into the data, attack patterns, and mitigation steps in the full report: www.crowdsec.net/vulntracking...
#CVE #threatalert
January 19, 2026 at 11:54 AM
🚨 This week’s CrowdSec Threat Alert article highlights CVE-2025-59287, a critical WSUS RCE being actively probed and exploited in real-world environments.
👉 Dive into the data, attack patterns, and mitigation steps in the full report: www.crowdsec.net/vulntracking...
#CVE #threatalert
👉 Dive into the data, attack patterns, and mitigation steps in the full report: www.crowdsec.net/vulntracking...
#CVE #threatalert
🚀Community Spotlight at CfgMgmtCamp 2026 (Ghent)
If you’re attending CfgMgmtCamp 2026, don’t miss Michal Sochon’s talk on integrating CrowdSec with MikroTik routers.
📅 Feb 3, 2026 | 16:25–16:50
📍 Room B.1.036
🎤 CrowdSec and MikroTik integration
More info: cfp.cfgmgmtcamp.org/ghent2026/ta...
If you’re attending CfgMgmtCamp 2026, don’t miss Michal Sochon’s talk on integrating CrowdSec with MikroTik routers.
📅 Feb 3, 2026 | 16:25–16:50
📍 Room B.1.036
🎤 CrowdSec and MikroTik integration
More info: cfp.cfgmgmtcamp.org/ghent2026/ta...
Crowdsec and Mikrotik integration CfgMgmtCamp 2026 Ghent
This project is not affiliated in any way with CrowdSec nor MikroTik, thus use at your own risk.
Crowdsec is something like fail2ban but across multiple hosts/clusters. Mitigation of the attacks can ...
cfp.cfgmgmtcamp.org
January 16, 2026 at 10:21 AM
🚀Community Spotlight at CfgMgmtCamp 2026 (Ghent)
If you’re attending CfgMgmtCamp 2026, don’t miss Michal Sochon’s talk on integrating CrowdSec with MikroTik routers.
📅 Feb 3, 2026 | 16:25–16:50
📍 Room B.1.036
🎤 CrowdSec and MikroTik integration
More info: cfp.cfgmgmtcamp.org/ghent2026/ta...
If you’re attending CfgMgmtCamp 2026, don’t miss Michal Sochon’s talk on integrating CrowdSec with MikroTik routers.
📅 Feb 3, 2026 | 16:25–16:50
📍 Room B.1.036
🎤 CrowdSec and MikroTik integration
More info: cfp.cfgmgmtcamp.org/ghent2026/ta...
Happy 25th, Drupal! 🎉 Thank you for inspiring collaboration, innovation, and open source spirit.
Proud to work alongside this community, building a safer, stronger web together. 💙
#Drupal25Words #Drupal
Proud to work alongside this community, building a safer, stronger web together. 💙
#Drupal25Words #Drupal
January 15, 2026 at 8:58 AM
Happy 25th, Drupal! 🎉 Thank you for inspiring collaboration, innovation, and open source spirit.
Proud to work alongside this community, building a safer, stronger web together. 💙
#Drupal25Words #Drupal
Proud to work alongside this community, building a safer, stronger web together. 💙
#Drupal25Words #Drupal