Happy Halloween from your fave GreyNerds 🍬🍫

GreyNoise has observed a surge in PHP exploitation activity since late summer — now peaking as attackers deploy cryptominers at scale. Full analysis ⬇️ #GreyNoise #PHP #ThreatIntel

Attacker infrastructure evolves in real time. Your defenses should too. Introducing GreyNoise Block, ensuring your blocklists update automatically. 🦾

GreyNoise has linked three concurrent campaigns targeting remote-access technologies — Palo Alto login attempts, Fortinet SSL VPN brute-forcing, and Cisco ASA scanning — all partially driven by the same threat actor(s) [High Confidence]. Full analysis 👇 #Palo #Cisco #Fortinet #ThreatIntel

A 100,000-IP botnet is actively targeting U.S. RDP infrastructure. 🔗 Read the analysis 👇 #Cybersecurity #RDP #Botnet #GreyNoise

Hey #CriblCon25! 👋 Looking forward to seeing you soon! 👻🤝🐐

NoiseLetter, but make it fashionably late... 💅 We were at our company offsite, but we're back with our new GreyNoise MCP Server launch, Cisco ASA zero-day and VPN brute force insights, plus upcoming events, let's get into it!

We got (most of) the team together last week and it was magical, so grateful for each + every one of these GreyNoids ✨

🚨GreyNoise has published a new Situation Report on Cisco ASA reconnaissance activity we observed before the new zero-days were disclosed. Read the full report: info.greynoise.io/hubfs/Situat... #Cisco #ASA #CiscoASA #GreyNoise #ThreatIntel #CVE202520333 #CVE202520362

GreyNoise observed two scanning surges against Cisco ASA devices in late August, both representing significant elevations above baseline. This activity led to the discovery of a botnet cluster solely scanning for Cisco ASA on August 26. #CiscoASA #Cisco #GreyNoise #Cybersecurity #ThreatIntel

On August 21, GreyNoise observed nearly 2,000 malicious IPs probing Microsoft Remote Desktop (RDP) services in a single day — a sharp deviation from baseline activity. Full blog: www.greynoise.io/blog/surge-m... #ThreatIntel #RDP #Cybersecurity #GreyNoise #Analysis #RemoteDesktop

On August 3, we observed the largest single-day spike in brute-force activity against Fortinet SSL VPNs in recent months. Full breakdown of the campaign and how we traced it: www.greynoise.io/blog/vulnera... #Fortinet #Cybersecurity #ThreatIntel #BruteForce #GreyNoise #SSL #VPN

🚨 New Research: GreyNoise identifies an early warning signal, spikes in attacker activity tend to precede new CVE disclosures within six weeks. Which vendors show the strongest signal and more, all in our latest report ⬇️

An unexpected cluster of malicious IPs in a remote U.S. town led GreyNoise researchers to uncover a 500+ device botnet. Full analysis ⬇️ #Cybersecurity #ThreatIntel #Botnet #VoIP #GreyNoise #Cyber #Tech

A Spike in the Desert: How GreyNoise Uncovered a Global Pattern of VOIP-Based Telnet Attacks www.greynoise.io/blog/how-gre...

GreyNoise observed exploitation of CitrixBleed 2 (CVE-2025-5777) nearly two weeks before a public PoC was released. Full breakdown ⬇️ #GreyNoise #ThreatIntel #CitrixBleed #Citrix #NetScaler

🚨 GreyNoise has observed a surge in scanning activity against MOVEit Transfer. Read the blog & see suspicious and malicious IPs ⬇️ #GreyNoise #ThreatIntel #Cybersecurity

VEGAS, WE ARE SO BACK! 🤘

New GreyNoise Labs research: CVE-2025-4748. Our team demonstrates how path traversal via zip archives can be used to achieve file write and code execution against Erlang OTP environments. Read the full tech breakdown here ⬇️

GreyNoise Discovers Stealthy Backdoor Campaign Targeting ASUS Routers. Attacker tradecraft reflects APT-like behavior: quiet, durable, and designed for long-term access. Full blog ⬇️ #Cybersecurity #ThreatIntel #GreyNoise #ASUS

🚨 On May 8, GreyNoise observed a coordinated scanning operation launched by 251 malicious IPs, all hosted by Amazon and geolocated in Japan. ColdFusion, Apache Struts, Tomcat targeted. Full analysis ⬇️ #Cybersecurity #GreyNoise #ThreatIntel

🚨 Today on Storm⚡ Watch: 2025’s Top Cybersecurity Threats EXPOSED: 0-Day Attacks, Chinese Hackers & Enterprise Breaches www.youtube.com/watch?v=D-zZ... @greynoise.io @runzero.com @censys.bsky.social @vulncheck.bsky.social

New Research Alert: Attackers are exploiting a dangerous class of cyber flaws—resurgent vulnerabilities. Learn how they work, why they matter, and what defenders can do. Full analysis ⬇️
#Cybersecurity #GreyNoise #Vulnerabilities

Just launched: GreyNoise Global Observation Grid 🌐 5,000 sensors in 80+ countries delivering near real-time, verifiable threat intel. More signal, less noise.

🚨 Today on Storm⚡ Watch: InfosecSherpa Interview, Ukraine Drone Malware, & VulnCon Recap www.youtube.com/watch?v=AItI... @greynoise.io @vulncheck.bsky.social @runzero.com @censys.bsky.social

In case you missed Storm⚡ Watch this week. I would say they "crushed" it. www.twitch.tv/videos/24273... @greynoise.io

Spike in Exploitation Attempts Targeting TVT NVMS9000 DVRs — reportedly used in security and surveillance systems. Full analysis ⬇️ #GreyNoise #Exploitation #ThreatIntel #Cybersecurity

‼ GreyNoise is pivoting to GreyVibes™: threat intel meets self-care. Just kidding. (Probably.) But you should go touch some grass today. Read the real March Noiseletter: www.greynoise.io/resources/no...

Today's Storm⚡️Watch episode "Cybercrime Evolution: Robot Dog Backdoors & Mob's Digital Takeover" www.youtube.com/watch?v=Nhss... @greynoise.io @censys.bsky.social @vulncheck.bsky.social @runzero.com

🚨 Surge in Palo Alto Networks Login Scanning Activity: Nearly 24,000 unique IPs have attempted access over the past 30 days. Full analysis ⬇️ #PANOS #PaloAltoNetworks #Vulnerability

Today's episode of Storm⚡Watch www.youtube.com/watch?v=iS3X... @greynoise.io @runzero.com @censys.bsky.social @vulncheck.bsky.social

GreyNoise has identified a notable resurgence of in-the-wild activity targeting three ServiceNow vulnerabilities Over 70% of sessions in the past week were directed at systems in Israel. www.greynoise.io/blog/in-the-...

🚨Active Exploitation Alert: Critical Apache Tomcat RCE (CVE-2025-24813). Majority of traffic targeting U.S.-based systems. Full analysis & attacker IPs⬇️ #ApacheTomcat #Apache #GreyNoise #Vulnerability #CVE202524813

‼️NoiseFest is coming to RSA! 🤘 Drinks, raffles, & zero nonsense. Bring your F#@KtheNOISE energy + let’s have a good time!

Don't miss today's episode of Storm⚡️Watch! The team examines "unforgivable vulnerabilities" and the Ballista botnet exploiting CVE-2023-1389. Youtube - www.youtube.com/watch?v=yiKg... Twitch - www.twitch.tv/greynoiseio @greynoise.io @censys.bsky.social @runzero.com @vulncheck.bsky.social

🚨 New DDoS Botnet Discovered: Over 30,000 Devices Reportedly Used in Attacks. Majority of observed activity traced to Iran. Block these IPs immediately. #Cybersecurity #GreyNoise #Botnet

🚨 Mass Exploitation of CVE-2024-4577 Detected. View and block malicious IPs now: www.greynoise.io/blog/mass-ex... #CVE20244577 #Cybersecurity

🚨 23 CVEs from Black Basta’s leaked chat logs are actively exploited. Some hit in the last 24 hrs, including CVE-2023-6875 (not in KEV). #Cybersecurity #ThreatIntel #Ransomware #BlackBasta

Next week on Storm⚡️Watch, we chat with Mary N. Chaney, CEO of Minorities in Cybersecurity, on how diversity—across race, gender, neurodiversity & more—strengthens global cyber defenses. Don’t miss it!

Join us @ 10:30 ET for GreyNoise Storm⚡️Watch! Today, we ask if you think your WFH cow-orker seems sketch, they might literally be working from North Korea. We cover the bizarre tale of an Arizona woman busted for running a seekrit laptop farm. https://stormwatch.ing/ 1/3

🚨 CVE-2025-0108 is being actively exploited! 🚨 GreyNoise sees live attacks on PAN-OS firewalls. Patch now. Restrict access. Stay ahead. 🔗 www.greynoise.io/blog/greynoi...

🚨GreyNoise has observed a spike in exploitation attempts targeting: 🔹 CVE-2022-47945 (ThinkPHP LFI) 🔹 CVE-2023-49103 (ownCloud GraphAPI) Get the full breakdown →

Coming at you LIVE this Thursday @ 12 ET, check out GreyNoise University LIVE, where you can learn all the things, ask all the questions, + maybe even walk (scroll?) away with some sweet, sweet swag--don't miss it! 🤘

Join us @ 10:30 ET for GreyNoise Storm⚡️Watch! Today, the crew is risin' up, back on the street, and hangin' tough with Mark Ellzey, Senior Security Researcher @ Censys to learn how to stalk malicious prey wiht Censeye 🐅. https://stormwatch.ing/ 1/4

💡 Attackers act fast on public PoC code — sometimes within hours. On Dec 5, PoC for two Mitel MiCollab CVEs dropped, and GreyNoise immediately detected attacker activity. 🔎 Real-time intelligence is critical.

According to 220 of you, communication is cybersecurity’s secret sauce. 🎙️ Bridging tech to business, navigating Slack + generational gaps—it’s the skill shaping careers.

379,868 attempts to exploit CVE-2021-32030 failed due to one tiny error—precision matters. 🔍

🚨 145,000 ICS systems exposed. Thousands of insecure interfaces. A new report reveals critical systems are left unprotected, giving attackers potential entry points. GreyNoise research shows these systems are rapidly scanned, with malicious activity. www.greynoise.io/blog/new-rep...

If you’re at the API Cybersecurity Conference for the Oil & Natural Gas Industry, swing by booth 202 for some solid swag, a live demo, and an in-depth look at the noise that matters. See y'all there! 🤠

🚨 New Discovery: GreyNoise finds zero-day vulnerabilities in IoT-connected live streaming cameras with the help of AI, catching an attack before it could escalate. See a real-world example of AI + human expertise partnering on threat detection. Read more here.