Ron Bowes
@iagox86.bsky.social
Principal Security Researcher at GreyNoise. https://skullsecurity.org
Mostly post about work stuff, maybe some improv stuff and maybe even magic some day. Seattle-based (originally Canadian), queer, cybersecurity nerd.
(He/him)
Mostly post about work stuff, maybe some improv stuff and maybe even magic some day. Seattle-based (originally Canadian), queer, cybersecurity nerd.
(He/him)
As this year up and everybody is using AI to write emails and blog posts and readmes and basically everything else, and it's making the world feel so lonely. I miss human connections
December 20, 2025 at 12:00 AM
As this year up and everybody is using AI to write emails and blog posts and readmes and basically everything else, and it's making the world feel so lonely. I miss human connections
Reposted by Ron Bowes
See you all TOMORROW at 12ET for our last GreyNoise University LIVE of the year! ✨
GreyNoise University LIVE
www.greynoise.io
December 17, 2025 at 6:38 PM
See you all TOMORROW at 12ET for our last GreyNoise University LIVE of the year! ✨
Reposted by Ron Bowes
Update: Analyzing React2Shell payloads. Full breakdown from @hrbrmstr.dev 👇
#React2Shell #Nextjs #CVE202555182
#React2Shell #Nextjs #CVE202555182
React2Shell Payload Analysis: A Look at Selected Opportunistic and Possibly AI-
Over the past ~1.5 weeks, the React2Shell campaign has unleashed a flood of exploitation attempts targeting vulnerable React Server Components. Analyzing the payload size distribution across these att...
www.greynoise.io
December 17, 2025 at 4:36 PM
Update: Analyzing React2Shell payloads. Full breakdown from @hrbrmstr.dev 👇
#React2Shell #Nextjs #CVE202555182
#React2Shell #Nextjs #CVE202555182
Reposted by Ron Bowes
We keep adding to our lineup! Four shows, one night! Come see They Might Be Ghosts, Stay Silly, Fan / Friction. AND Servant of Two Maestros, this Wednesday at The Vermillion! It's free! What else are you doing on a Wednesday??
Please RSVP! partiful.com/e/cQTefmEPhH...
Please RSVP! partiful.com/e/cQTefmEPhH...
December 14, 2025 at 11:36 PM
We keep adding to our lineup! Four shows, one night! Come see They Might Be Ghosts, Stay Silly, Fan / Friction. AND Servant of Two Maestros, this Wednesday at The Vermillion! It's free! What else are you doing on a Wednesday??
Please RSVP! partiful.com/e/cQTefmEPhH...
Please RSVP! partiful.com/e/cQTefmEPhH...
What else are you gonna do on a Wednesday in #Seattle? Come see us!!
We keep adding to our lineup! Four shows, one night! Come see They Might Be Ghosts, Stay Silly, Fan / Friction. AND Servant of Two Maestros, this Wednesday at The Vermillion! It's free! What else are you doing on a Wednesday??
Please RSVP! partiful.com/e/cQTefmEPhH...
Please RSVP! partiful.com/e/cQTefmEPhH...
December 14, 2025 at 11:53 PM
What else are you gonna do on a Wednesday in #Seattle? Come see us!!
Reposted by Ron Bowes
Federal agencies now only have one more day to patch React2Shell bug #cybersecurity #hacking #news #infosec #security #technology #privacy
Federal agencies now only have one more day to patch React2Shell bug
Wide exploitation of the vulnerability known as React2Shell has prompted CISA to reduce the amount of time federal agencies have to patch the bug.
therecord.media
December 12, 2025 at 4:16 PM
Federal agencies now only have one more day to patch React2Shell bug #cybersecurity #hacking #news #infosec #security #technology #privacy
I'll be performing next week! We're having so much fun with our silly little format, and Servant of Two Maestros does some awesome musical improv that I can't even
If you're in Seattle, come check us out!
If you're in Seattle, come check us out!
The Might Be Ghosts is putting on a show with Servant of Two Maestros next week at the Vermillion! It's gonna be AWESOME! And... it's free! Come see some amazing #Seattle #improv!
RSVP: partiful.com/e/cQTefmEPhH...
RSVP: partiful.com/e/cQTefmEPhH...
December 11, 2025 at 5:30 PM
I'll be performing next week! We're having so much fun with our silly little format, and Servant of Two Maestros does some awesome musical improv that I can't even
If you're in Seattle, come check us out!
If you're in Seattle, come check us out!
Reposted by Ron Bowes
Just in: Watch #React2Shell exploitation unfold over time in the map below (geo of source IPs attempting to exploit CVE-2025-55182).
#GreyNoise #ThreatIntel #CVE202555182 #Nextjs #Cybersecurity
#GreyNoise #ThreatIntel #CVE202555182 #Nextjs #Cybersecurity
December 11, 2025 at 3:51 PM
Just in: Watch #React2Shell exploitation unfold over time in the map below (geo of source IPs attempting to exploit CVE-2025-55182).
#GreyNoise #ThreatIntel #CVE202555182 #Nextjs #Cybersecurity
#GreyNoise #ThreatIntel #CVE202555182 #Nextjs #Cybersecurity
Reposted by Ron Bowes
Over 10,000 Docker Hub images found leaking credentials, auth keys #cybersecurity #hacking #news #infosec #security #technology #privacy
Over 10,000 Docker Hub images found leaking credentials, auth keys
More than 10,000 Docker Hub container images expose data that should be protected, including live credentials to production systems, CI/CD databases, or LLM model keys.
www.bleepingcomputer.com
December 11, 2025 at 7:31 AM
Over 10,000 Docker Hub images found leaking credentials, auth keys #cybersecurity #hacking #news #infosec #security #technology #privacy
Reposted by Ron Bowes
☕ & #threatintel: CISA has moved the due date for mitigating CVE-2025-55182 (Meta React Server Components Remote Code Execution Vulnerability) up by two weeks. It was initially set for December 26, but it is now due on December 12.
1/2
1/2
December 10, 2025 at 2:04 PM
☕ & #threatintel: CISA has moved the due date for mitigating CVE-2025-55182 (Meta React Server Components Remote Code Execution Vulnerability) up by two weeks. It was initially set for December 26, but it is now due on December 12.
1/2
1/2
Reposted by Ron Bowes
Ron & my talk from SuriCon 2025 | Abusing HTTP Quirks to Evade Detection
I think it turned out pretty well; pardon the disco effect where a stage light was failing :)
www.youtube.com/watc...
CC: @iagox86.bsky.social @greynoise.io
I think it turned out pretty well; pardon the disco effect where a stage light was failing :)
www.youtube.com/watc...
CC: @iagox86.bsky.social @greynoise.io
SuriCon 2025 | Abusing HTTP Quirks to Evade Detection
Presented at SuriCon 2025 by Ron Bowes and Glenn Thorpe
Network protocols are messy! Sure, there are standards — RFCs, IEEEs, you name it — but there are also multiple ways to do basically everything. If you’re relying on network IDS/IPS tools like Suricata, I have bad news — a sufficiently cl
www.youtube.com
December 9, 2025 at 10:41 PM
Ron & my talk from SuriCon 2025 | Abusing HTTP Quirks to Evade Detection
I think it turned out pretty well; pardon the disco effect where a stage light was failing :)
www.youtube.com/watc...
CC: @iagox86.bsky.social @greynoise.io
I think it turned out pretty well; pardon the disco effect where a stage light was failing :)
www.youtube.com/watc...
CC: @iagox86.bsky.social @greynoise.io
Reposted by Ron Bowes
👀 React2Shell attacker profiles fresh from GreyNoise telemetry: info.greynoise.io/hubfs/PDFs-S..., don't miss the latest contribution from GreyNoise Labs on React2Shell: www.labs.greynoise.io/grimoire/202...
#React2Shell #Nextjs #CVE202555182 #CVE #GreyNoise
#React2Shell #Nextjs #CVE202555182 #CVE #GreyNoise
December 9, 2025 at 6:59 PM
👀 React2Shell attacker profiles fresh from GreyNoise telemetry: info.greynoise.io/hubfs/PDFs-S..., don't miss the latest contribution from GreyNoise Labs on React2Shell: www.labs.greynoise.io/grimoire/202...
#React2Shell #Nextjs #CVE202555182 #CVE #GreyNoise
#React2Shell #Nextjs #CVE202555182 #CVE #GreyNoise
Reposted by Ron Bowes
React2Shell blog update 🚨 compromised Next.js nodes are rapidly being enlisted into botnets; threat actor activity reaches ~80 source countries; and more.
#React2Shell #Nextjs #GreyNoise #ThreatIntel
#React2Shell #Nextjs #GreyNoise #ThreatIntel
CVE-2025-55182 (React2Shell) Opportunistic Exploitation In The Wild: What The GreyNoise Observation Grid Is Seeing So Far
GreyNoise is already seeing opportunistic, largely automated exploitation attempts consistent with the newly disclosed React Server Components (RSC) “Flight” protocol RCE—often referred to publicly as...
www.greynoise.io
December 9, 2025 at 4:51 PM
React2Shell blog update 🚨 compromised Next.js nodes are rapidly being enlisted into botnets; threat actor activity reaches ~80 source countries; and more.
#React2Shell #Nextjs #GreyNoise #ThreatIntel
#React2Shell #Nextjs #GreyNoise #ThreatIntel
Reposted by Ron Bowes
London, we are headed your way THIS week! See you there!
Headed to BlackHat EU? 🇬🇧
Swing by the @corelight-inc.bsky.social + GreyNoise booth for a chat and then grab drinks with the team after the con on Wednesday, Dec 10th. Sign up today to reserve your spot!
Swing by the @corelight-inc.bsky.social + GreyNoise booth for a chat and then grab drinks with the team after the con on Wednesday, Dec 10th. Sign up today to reserve your spot!
GreyNoise - Happy Hour at BlackHat Europe
Had a full day at BlackHat? Come put your feet up with GreyNoise and Corelight for a laid-back evening with complimentary drinks, nibbles, and great conversations.
info.greynoise.io
December 8, 2025 at 4:14 PM
London, we are headed your way THIS week! See you there!
Reposted by Ron Bowes
Glad to see people talking about Penn Jillette. The 2024 interview was done by me. I found him to be a refreshingly reflective, self-critical individual who has remained curious and willing to evolve.
December 8, 2025 at 5:03 AM
Glad to see people talking about Penn Jillette. The 2024 interview was done by me. I found him to be a refreshingly reflective, self-critical individual who has remained curious and willing to evolve.
I've spent years building a habit of using Duolingo nightly, but I can't stand their attempts at making their app addictive.. I just want to skip this sorta thing and do my lessons
December 6, 2025 at 6:42 AM
I've spent years building a habit of using Duolingo nightly, but I can't stand their attempts at making their app addictive.. I just want to skip this sorta thing and do my lessons
It feels like all of the "year in review" things are LLM-generated this year and I hate it so much. Just text like "let's hit play on the story of your year!". Do others not notice how cheap it sounds?
December 6, 2025 at 2:10 AM
It feels like all of the "year in review" things are LLM-generated this year and I hate it so much. Just text like "let's hit play on the story of your year!". Do others not notice how cheap it sounds?
My advice to people in this situation is to be friendly and helpful, and at worst they'll ignore you (if they do and it's important, escalate through your/their manager if you're an employee)
In all the time I've been doing this, nobody had reacted poorly. Worst case is polite disinterest
In all the time I've been doing this, nobody had reacted poorly. Worst case is polite disinterest
first time having to notify admin abt a vulnerability kinda nervous 👉👈 i dont get paid enough for this our webservers still on php 7
December 5, 2025 at 4:49 PM
My advice to people in this situation is to be friendly and helpful, and at worst they'll ignore you (if they do and it's important, escalate through your/their manager if you're an employee)
In all the time I've been doing this, nobody had reacted poorly. Worst case is polite disinterest
In all the time I've been doing this, nobody had reacted poorly. Worst case is polite disinterest
Reposted by Ron Bowes
CVE-2025-55182 (React2Shell) attacks have begun.
We are seeing broad automated exploitation, PoE math probes, encoded PS stagers, and AMSI bypass attempts, with botnets already adding the vuln.
Patch fast. Watch your logs.
We are seeing broad automated exploitation, PoE math probes, encoded PS stagers, and AMSI bypass attempts, with botnets already adding the vuln.
Patch fast. Watch your logs.
CVE-2025-55182 (React2Shell) Opportunistic Exploitation In The Wild: What The GreyNoise Observation Grid Is Seeing So Far
GreyNoise is already seeing opportunistic, largely automated exploitation attempts consistent with the newly disclosed React Server Components (RSC) “Flight” protocol RCE—often referred to publicly as...
www.greynoise.io
December 5, 2025 at 3:09 PM
CVE-2025-55182 (React2Shell) attacks have begun.
We are seeing broad automated exploitation, PoE math probes, encoded PS stagers, and AMSI bypass attempts, with botnets already adding the vuln.
Patch fast. Watch your logs.
We are seeing broad automated exploitation, PoE math probes, encoded PS stagers, and AMSI bypass attempts, with botnets already adding the vuln.
Patch fast. Watch your logs.
Reposted by Ron Bowes
Palo + SonicWall campaign uncovered. We dug into a spike of GlobalProtect login attempts earlier this week and found something unexpected.
Full analysis: www.greynoise.io/blog/hidden-...
#Palo #SonicWall #Cybersecurity
Full analysis: www.greynoise.io/blog/hidden-...
#Palo #SonicWall #Cybersecurity
www.greynoise.io
December 4, 2025 at 10:31 PM
Palo + SonicWall campaign uncovered. We dug into a spike of GlobalProtect login attempts earlier this week and found something unexpected.
Full analysis: www.greynoise.io/blog/hidden-...
#Palo #SonicWall #Cybersecurity
Full analysis: www.greynoise.io/blog/hidden-...
#Palo #SonicWall #Cybersecurity
Reposted by Ron Bowes
Developer attempts to replicate "Liquid Glass" in CSS, and once finished realizes what she'd actually created is an exploit for a fundamental, previously unknown, and rather serious browser vulnerability
lyra.horse/blog/2025/12...
"CSS hack accidentally becomes regular hack"
lyra.horse/blog/2025/12...
"CSS hack accidentally becomes regular hack"
SVG Filters - Clickjacking 2.0
A novel and powerful twist on an old classic.
lyra.horse
December 5, 2025 at 2:03 AM
Developer attempts to replicate "Liquid Glass" in CSS, and once finished realizes what she'd actually created is an exploit for a fundamental, previously unknown, and rather serious browser vulnerability
lyra.horse/blog/2025/12...
"CSS hack accidentally becomes regular hack"
lyra.horse/blog/2025/12...
"CSS hack accidentally becomes regular hack"
Reposted by Ron Bowes
Ohhh! Look what just arrived in Seattle. 👀 The new Amtrak Cascades Playing Cards are here and are being stocked for sale on the trains right now! So exciting! Go get yours onboard. Then let me know when you find Bigfoot! #trains #playingcards #fun #bigfoot #pnw
December 3, 2025 at 9:51 PM
Ohhh! Look what just arrived in Seattle. 👀 The new Amtrak Cascades Playing Cards are here and are being stocked for sale on the trains right now! So exciting! Go get yours onboard. Then let me know when you find Bigfoot! #trains #playingcards #fun #bigfoot #pnw
Reposted by Ron Bowes
FUD sucks. The warnings around this React vuln are not FUD. Get those patch plans in motion cyberscoop.com/react-server...
Developers scramble as critical React flaw threatens major apps
The open-source code library is one of the most extensively used application frameworks. Wiz found vulnerable versions in around 39% of cloud environments.
cyberscoop.com
December 3, 2025 at 7:27 PM
FUD sucks. The warnings around this React vuln are not FUD. Get those patch plans in motion cyberscoop.com/react-server...
Does *anybody* want "most relevant" results first when searching small datasets (like emails)? It drives me crazy when things aren't in chronological order
December 3, 2025 at 6:15 PM
Does *anybody* want "most relevant" results first when searching small datasets (like emails)? It drives me crazy when things aren't in chronological order