When two open source tools join forces, your defense gets an unbeatable upgrade!

Check out this step-by-step tutorial by our amazing Ambassador Killian Prin-Abeil on integrating #CrowdSec with @wazuh, the open source XDR/SIEM platform that protects endpoints and cloud workloads.

This article shows you how to centralize CrowdSec’s real-time threat alerts into Wazuh for smarter, faster security. https://crowdsec.net/blog/crowdsec-and-wazuh-integration

Happening tomorrow!
Join our very first CrowdSec Community Office Hours at 18:00 UTC+2!

Open discussions, live Q&A, and this month’s focus: Remediation Metrics

Everyone’s welcome — come hang out!
https://app.livestorm.co/crowdsec/crowdsec-community-office-hours

Want to boost your #website’s #security? Check out this awesome new tutorial!

What you'll learn:
• How to set up #CrowdSec + #Caddy step by step
• #Docker Compose examples
• Simple tips to improve your setup

Dive into the video here: https://youtu.be/jlWarrYWV1c?si=RwieKXYZ0BqiNxwK

Big thanks to Genie AJ for sharing this with the #community!

Exciting news: the #CrowdSec Public Roadmap is now live!

Now you can see what’s coming next, from new features to improvements and upcoming changes.

And the best part? It’s interactive: you can upvote and comment on existing items, and even propose your own ideas.

Check it out here: https://roadmap.crowdsec.net/

Monday Threat Alert: CVE-2025-0108

Here’s your Monday report on immediate and emerging threats, powered by the power of the crowd.

CVE-2025-0108 exploit attempts on the rise
Opportunistic targeting of unpatched or misconfigured systems

The #CrowdSec Network has detected a significant increase in malicious activity targeting CVE-2025-0108, an authentication bypass vulnerability in Palo Alto Networks' PAN-OS software. [1/3]

Did you know the CrowdSec WAF can detect CVE-2021-3129 with just one simple rule?

In the past month alone, the #CrowdSec Network identified nearly 1K malicious IPs attempting to exploit this vulnerability. Thanks to our Threat Intelligence feed, these IPs are now flagged and shared across the entire network, giving all users preemptive protection against this threat.

Want to see how the CrowdSec WAF and CTI feed work together to enhance crowd-powered security?

https://crowdsec.net/blog/how-crowdsec-waf-provides-insights-to-cti

Refer a friend to CrowdSec and get rewarded!

Know someone who would benefit from CrowdSec? Invite them to join, and you’ll both receive rewards! Your support helps grow our community. Safer together.

Refer now: https://contact.crowdsec.net/referral

Tired of dealing with stealthy bot attacks?
Combine Fail2ban + CrowdSec to block malicious IPs in real time. Works flawlessly on Debian & RHEL.

https://www.enginyring.com/en/blog/how-to-mitigate-sophisticated-bot-attacks-using-fail2ban-and-crowdsec-on-debian-rhel

Wenn /dev/null eine Größenbeschränkung hätte, würde morgen auch die Welt stillstehen…

Is there a crowd sourced blocklist for #AI crawlers, that I can feed into #CrowdSec?
The pricing for their Platinum plan with includes curated AI crawler blocklist is rather … exploitive.

Gestern habe ich zum ersten Mal von #Crowdsec gehört, heute wird zum ersten Mal ein Zugriff via Tor von #Crowdsec blockiert

I spent the whole evening migrating my public sites to the new VPS + #BunkerWeb + #TailScale setup. Apart from a few minor problems, everything worked very well. Tomorrow I will integrate #CrowdSec into BunkerWeb.

But now it's time to sleep

I have started to migrate from #CloudFlare Tunnel to a VPS + #Tailscale setup. Connection is already established, now I have to decide whether to use #Traefik + #CrowdSec or #BunkerWeb to protect my public Web-Services.

Currently blocking 18687 IPv4 and 890 IPv6 IP addresses that are trying to brute force their way in to my mailserver. Thanks, #nftables, thanks, #crowdsec :) (This is on a single core VPS with 2GB of RAM, no measurable performance impact, since quite some years now)

Frage an die #Crowdsec Bubble:

So weit klar: Ich kann #Crowdsec nehmen und den #Docker Socket lesen lassen. Ich schränke ein, dass nur der #Traefik Container gelesen wird. Dann sag ich Crowdsec, dass das was er da liest ein JSON Log vom Typ Traefik ist.

So weit so klar.

Kann ich dann einfach weiter sagen jetzt aktivier darauf deine Standard-Parser für #Wordpress?

Einfach so?

Oder muss ich dazwischen noch irgendwas einstellen, dass das JSON richtig geparst wird?
Gibt es dafür einen Debugger?