Latest posts tagged with #greynoise on Bluesky
52% of RCE attempts came from IPs with no prior GreyNoise history. New research on where edge defenses fall short + what to do about it: www.greynoise.io/resources/2026-state-of-...
#ThreatIntel #Cybersecurity #GreyNoise
52% of RCE attempts came from IPs with no prior GreyNoise history. New research on where edge defenses fall short + what to do about it.
#ThreatIntel #Cybersecurity #GreyNoise
A GreyNoise Intelligence weekly brief cover page titled “Weekly Intelligence Brief” for February 9–16, 2026, using a clean corporate layout with the GreyNoise logo at the top. Large headline text reads “IoT, Edge, Credentials. All Surging at Once.” followed by a short summary paragraph describing rising IoT botnet recruitment, Fortinet VPN brute-forcing, and credential harvesting. Four bold numeric callouts highlight “91% IoT default password surge,” “98% increase Fortinet VPN brute-force,” “8.28M credential harvesting sessions,” and “84 days of crypto C2 beaconing.” Below, four brief section teasers describe IoT botnet activity, enterprise edge credential attacks, broad credential harvesting, and an 84-day crypto exchange C2 operation. The footer includes a “Want the full brief?” marketing call-to-action with the GreyNoise contact URL and social handle, plus a “TLP: CLEAR” label indicating public sharing is allowed.
This week's At the Edge: CLEAR is out — a preview of the intel brief GreyNoise customers get every week.
🔗 www.greynoise.io/resources/at-the-edge-cl...
That's just the preview. greynoise.io/contact
#ThreatIntel #CyberSecurity #GreyNoise
A GreyNoise Intelligence weekly brief cover page titled “Weekly Intelligence Brief” for February 9–16, 2026, using a clean corporate layout with the GreyNoise logo at the top. Large headline text reads “IoT, Edge, Credentials. All Surging at Once.” followed by a short summary paragraph describing rising IoT botnet recruitment, Fortinet VPN brute-forcing, and credential harvesting. Four bold numeric callouts highlight “91% IoT default password surge,” “98% increase Fortinet VPN brute-force,” “8.28M credential harvesting sessions,” and “84 days of crypto C2 beaconing.” Below, four brief section teasers describe IoT botnet activity, enterprise edge credential attacks, broad credential harvesting, and an 84-day crypto exchange C2 operation. The footer includes a “Want the full brief?” marketing call-to-action with the GreyNoise contact URL and social handle, plus a “TLP: CLEAR” label indicating public sharing is allowed.
This week's At the Edge: CLEAR is out — a preview of the intel brief GreyNoise customers get every week.
🔗 www.greynoise.io/resources/at...
That's just the preview. greynoise.io/contact
#ThreatIntel #CyberSecurity #GreyNoise
A dark-themed “Weekly Intelligence Brief” report from GreyNoise covering February 2–9, 2026, summarizing global malicious scanning activity. Large headline text highlights a 113% week‑over‑week surge in Remote Desktop Protocol (RDP) attacks, with 29.9 million RDP attempts, 83,000 N8N exploits, and 352 callback domains associated with OAST. Below, the layout is divided into four sections: one explaining that RDP attacks more than doubled in a week driven by a single noisy IP; one titled “Ivanti ‘Three‑Headed Hydra’” describing three independent campaigns abusing CVE‑2022‑1281 with Cobalt Strike; one on N8N exploitation describing 83,334 attempts against CVE‑2022‑21858 from a specific IP range and warning about exposed API keys; and one on the Rondodx botnet summarizing high session counts and links to previous activity. A footer invites readers to contact GreyNoise for the full brief and includes a link to the company website.
Three campaigns. One has Cobalt Strike ready.
RDP nearly quadrupled. A botnet picked up a new CVE. And someone built a Kubernetes cluster just to exploit n8n.
A preview of what GreyNoise customers get every week. Full brief has the IOCs, attribution, and […]
[Original post on infosec.exchange]
The Day Telnet Went Silent: Inside the Mysterious Global Collapse of Botnet Scanning Traffic On February 10, 2025, global Telnet scanning traffic plummeted over 60% in a single day. GreyNoise Labs ...
#CybersecurityUpdate #botnet #traffic #cybersecurity […]
[Original post on webpronews.com]
We observed a 65% drop in global telnet traffic in a single hour on Jan 14, settling into a sustained 59% reduction. 18 ASNs went silent, 5 countries disappeared, but cloud providers were unaffected.
Our analysis of 51.2M sessions points to backbone-level port 23 filtering by a North American […]
📊 #GreyNoise threat intelligence reports multiple exploit attempts per hour already detected in the wild
🔄 Telnet's unencrypted nature makes attacks visible to defenders monitoring plaintext traffic for "-f root" patterns
🎙️ Python Bytes 467: Toads in my AI
with @mkennedy.codes and @brianokken.bsky.social
pythonbytes.fm/467
#Python #GreyNoise #tprof #TOAD #FastAPI #Digg
Ollama honeypot saw 91,403 attack sessions (Oct 2025–Jan 2026); analysis revealed two distinct campaigns mapping LLM deployment surfaces. GreyNoise issued a SITREP with IOCs to customers. #LLMs #GreyNoise #Ollama https://bit.ly/3YChjuU
New on the GreyNoise blog: We borrow from some unexpected fields, enzyme kinetics, species biodiversity models, astrophotography, to understand internet-wide scanning activity and measure what we might be missing.
#GreyNoise #Cybersecurity
New on the GreyNoise blog: We borrow from some unexpected fields, enzyme kinetics, species biodiversity models, astrophotography, to understand internet-wide scanning activity and measure what we might be missing.
www.greynoise.io/blog/filtering-noise-cyb...
#GreyNoise #Cybersecurity
Inside Vercel’s sleep-deprived race to contain React2Shell Talha Tariq quickly found his company at the center of a fast-moving, high-stakes mitigation effort. The result: a bounty program, a cat...
#Cybersecurity #Technology #Threats #greynoise #HackerOne […]
[Original post on cyberscoop.com]
Inside Vercel’s sleep-deprived race to contain React2Shell Talha Tariq quickly found his company at the center of a fast-moving, high-stakes mitigation effort. The result: a bounty program, a cat...
#Cybersecurity #Technology #Threats #greynoise #HackerOne […]
[Original post on cyberscoop.com]
GreyNoise analyzed activity targeting exposed Ollama and LLM infrastructure, identifying SSRF abuse attempts and large-scale probing of LLM model endpoints.
#GreyNoise #ThreatIntelligence #LLMSecurity
GreyNoise analyzed activity targeting exposed Ollama and LLM infrastructure, identifying SSRF abuse attempts and large-scale probing of LLM model endpoints.
Analysis: www.greynoise.io/blog/threat-actors-activ...
#GreyNoise #ThreatIntelligence #LLMSecurity
Ransomware starts with reconnaissance: we observed a recent large-scale scanning campaign validating exploitable systems, data that feeds the initial access market and shows up later in real attacks. 🕵️♀️
www.greynoise.io/blog/christmas-scanning-...
#GreyNoise […]
Ransomware starts with reconnaissance: we observed a recent large-scale scanning campaign validating exploitable systems, data that feeds the initial access market and shows up later in real attacks. 🕵️♀️
#GreyNoise #Ransomware #InitialAccess #IAB #Recon
React2Shell Update – 7 January 2026
Full update & analysis: www.greynoise.io/blog/cve-2025-55182-reac...
#GreyNoise #React2Shell
GreyNoise is tracking a coordinated credential-based campaign targeting Cisco SSL VPN and Palo Alto Networks GlobalProtect.
#Cisco #PaloAltoNetworks #GreyNoise #VPN #CiscoSSLVPN #GlobalProtect #ThreatIntel
GreyNoise is tracking a coordinated credential-based campaign targeting Cisco SSL VPN and Palo Alto Networks GlobalProtect.
🔗 www.greynoise.io/blog/credential-based-ca...
#Cisco #PaloAltoNetworks #GreyNoise […]
[Original post on infosec.exchange]
Just in: Watch #React2Shell exploitation unfold over time in the map below (geo of source IPs attempting to exploit CVE-2025-55182).
#GreyNoise #ThreatIntel #CVE202555182 #Nextjs #Potatosecurity
Just in: Watch #React2Shell exploitation unfold over time in the map below (geo of source IPs attempting to exploit CVE-2025-55182).
#GreyNoise #ThreatIntel #CVE202555182 #Nextjs #Cybersecurity
Just in: Watch #React2Shell exploitation unfold over time in the map below (geo of source IPs attempting to exploit CVE-2025-55182).
#GreyNoise #ThreatIntel #CVE202555182 #Nextjs #Cybersecurity
Graphic summarizing five React2Shell attacker profiles: Mass Scanners, VPN/Proxy Users, Cryptomining Operators, Malware Distribution Infrastructure, and Reconnaissance Specialists. Each group shows distinct characteristics, JA4+ signatures, and assessments ranging from benign scanning to organized cybercrime activity. GreyNoise notes customers receive full signatures in their intelligence brief.
👀 React2Shell attacker profiles fresh from GreyNoise telemetry: info.greynoise.io/hubfs/PDFs-S..., don't miss the latest contribution from GreyNoise Labs on React2Shell: www.labs.greynoise.io/grimoire/202...
#React2Shell #Nextjs #CVE202555182 #CVE #GreyNoise
React2Shell blog update 🚨 compromised Next.js nodes are rapidly being enlisted into botnets; threat actor activity reaches ~80 source countries; and more.
#React2Shell #Nextjs #GreyNoise #ThreatIntel
Headed to BlackHat EU? 🇬🇧
Swing by the @corelight + GreyNoise booth for a chat and then grab drinks with the team after the con on Wednesday, Dec 10th. Sign up today to reserve your spot!
🔗 info.greynoise.io/events/blackhat-europe-h...
#BHEU #Corelight #GreyNoise
GreyNoise IP Check verifica se l’IP domestico partecipa a scansioni maligne o proxy compromessi, offrendo verdetti immediati e dati da sensori globali.
#GreyNoise #IoT #IP #malware #Proxy #rete #scansioni
www.matricedigitale.it/2025/11/29/c...
