React2Shell exploitation frequency in GreyNoise dec 5-dec 6

Remember folks- it's only a crypto miner until it isn't

React Server CVE-2025-55182 popping off in @greynoise.io right now. Blog from @hrbrmstr.dev up: www.greynoise.io/blog/cve-202...

one thing about me is that I love windows. the building fixture. not the operating system.

Shamlessly reposting from elsewhere- you can easily communicate between Linux VMs and guests using VSOCK (man7.org/linux/man-pa...). Here's some silly examples of bidirectional chat btwn host & guest using Socat. Or connecting via SSH to my home router from the VM without TCP/IP. No code required.

on the surface this appears to be a massive credential stuffing campaign against Palo Alto's. please audit your successful logins and enable MFA. good catch @remyhax.bsky.social www.greynoise.io/blog/palo-al...

People always make fun of me for being polite to LLMs and I like to joke that I want to be on the good side of the robots when they take over the world. But really it just feels like a nasty habit to reinforce being an asshole on the computer. Unless we're playing Modern Warfare and you're 12.

POV you're my new 42U server rack in the garage and I just turned the lights off and saw your lights blinking in the dark for the first time

did you know you can quickly figure out if an ethernet port/cable supports PoE by putting it on your lips and feeling whether it electrocutes you or not

We've hired Colonel Shawn Smagh to up our @greynoise.io intel reporting game and we've started producing weekly intelligence briefs. This week's is a banger.

Happy Halloween from your fave GreyNerds 🍬🍫

Annual candy bracket is done. I'm gonna need some time to reflect.

ned flanders

we did a pew pew map btw threat-map.greynoise.io

I've just received word that we're preparing for this years annual @greynoise.io halloween candy bracket. Twix won years 1-2. 100 Grand won last year on a complete fluke. I might write a blog post about how last year's candy bracket undermined my faith in the democratic process.

excuse me for talking to you like a human ass being

when it comes to a head it will have been obvious in hindsight

big week in the morris household. we've started tracking ORBs at @greynoise.io and I'm shitposting again btw (h/t @hrbrmstr.dev)

DuckDB GraphQL btw duckdb.org/2025/10/22/d...

Played Broken Arrow last night on Steam and its sick

full moon AND full lunar eclipse tomorrow btw

doing some ground floor reporting (celebrating my uncles 80th birthday)

just accidentally spilled some water on my shorts which dried instantly. This is how I realized I've been wearing a swimsuit as shorts.

psychic.labs.greynoise.io - Offline, in-memory bitmaps of GreyNoise data. Available now.

Super proud of the folks at @thinkstcanary.canary.tools. They continue to inspire me every day. techcrunch.com/2025/05/29/a...

anyways I'm putting real ass routers on the GreyNoise grid now and they're getting popped. shoved this one in my apartment onto a sensor in Russia.

hxxps[:]//youtu[.]be/6skuCiLCjRA?si=JIbO4aZP0MlW6G04

I'm doing a little bit of research on model context protocol (MCP) servers. I ripped back a few thousand repos from github and am doing some automated analysis on their codebases. Here's the language stats on ~2,100 MCP repos. More to come.

did a silly little watercolor

in the past 24 hours traffic out of Spain down ~50%, traffic out of Portugal down 90% in terms of raw signals in @greynoise.io

Did a quick talk on edge device security and how insanely broken it is for the incredible folks at the Belgian Cybersecurity Center. Here are the slides. www.slideshare.net/slideshow/th...

TL;DR - Attackers still use these old ass vulns because they're STILL WORKING www.greynoise.io/blog/greynoi...

the answer to this is literally always yes

Yall are beyond not ready about the shit we're cooking up with @censys.bsky.social and @greynoise.io powers combined censys.com/blog/hunting...

Pope Francis was a great leader. I'm really sad he's dead. I'll never forget in his first months of being pope when a journalist asked him what he thought about an openly gay priest and he responded "Who am I to judge?". Which translated, to me, to: "none of us are anyone to judge". Rest in peace.

on the bright side we're finally going to live in a world without software vulnerabilities

shitposting on bluesky feels like farting in an elevator

the more european a website looks the more i KNOW they're damn sure not setting cookies when i slam that "reject all but essential" button

got the new server runnin

Feels silly to have to say this but Trump's "directing of investigation" & attacks on Chris Krebs (and "suspensions of cleared staff" at S1) are fucking demented

telling the AI to write some tests real quick. 100% coverage.

Nzyme v2.0.0-alpha.16 has been released, featuring several new capabilities and improvements — including drone detection. www.nzyme.org/blog/project...

beating this dead horse just a little bit more- what are some of your favorite write ups of real ass breaches? one of mine is Phineas Fisher's hackingteam writeup: web.archive.org/web/20160421... and web.archive.org/web/20160417...

idk why this cracks me up so much. "hey man is it cool if me and 32 of my close buds come over?"

One of the missing-est things in this cursed field is "A DENOMINATOR". Were doing reasonably well on tracking actor TTPs and such, but we're really missing ground truth/empirics on breaches and how they happen and products/how well they work. Alas, we're spending shitloads on sales and marketing

imagine how fast the state of information security would advance if there was no risk at all of "reputation damage/brand loss" and every single incident response report and post-mortem was detailed, public, indexed & searchable for all to see and learn from