In-the-wild activity targeting SonicWall, Zyxel, F5, Linksys, Zoho, and Ivanti. Surge on March 28. Full analysis: https://www.greynoise.io/blog/heightened-in-the-wild-activity-key-technologies
Frühere Suchanfragen
Suchoptionen
#greynoise
2 Beiträge2 Beteiligte0 Beiträge heute
Attackers are probing Palo Alto Networks GlobalProtect portals https://www.helpnetsecurity.com/2025/04/01/attackers-are-probing-palo-alto-networks-globalprotect-portals/ #PaloAltoNetworks #enterprise #Don'tmiss #GreyNoise #Hotstuff #scanning #News #VPN
Help Net Security · Attackers are probing Palo Alto Networks GlobalProtect portals - Help Net Security
Mehr von 
Zeljka Zorz
Following reports of widespread DrayTek router reboots, GreyNoise is bringing awareness to in-the-wild activity against multiple known vulnerabilities in DrayTek devices. Read the analysis 
https://www.greynoise.io/blog/in-the-wild-activity-against-draytek-routers
Active Exploitation Alert: Critical Apache Tomcat RCE (CVE-2025-24813). Majority of traffic targeting U.S.-based systems. Exploits limited to naive attackers using PoC code. Full analysis & attacker IPs: https://greynoise.io/blog/active-exploitation-critical-apache-tomcat-rce-vulnerability-cve-2025-24813
#ApacheTomcat #Apache #GreyNoise #Vulnerability #CVE202524813
March 12 UPDATE: Grafana Exploitation May Signal Multi-Phase SSRF Attacks. Update + original analysis: https://www.greynoise.io/blog/new-ssrf-exploitation-surge #Cybersecurity #GreyNoise #Vulnerability
GreyNoise has detected active exploitation of Silk Typhoon-linked CVEs in the past 24 hours. 90 threat IPs actively targeting. Full analysis: https://www.greynoise.io/blog/active-exploitation-silk-typhoon-linked-cves #GreyNoise #Cybersecurity #SilkTyphoon
www.greynoise.ioGreyNoise Detects Active Exploitation of Silk Typhoon-Linked CVEsSilk Typhoon-linked CVEs are under active exploitation. GreyNoise observed 90+ threat IPs exploiting them in the past 24 hours, following Microsoft’s report on the group's evolving tactics.
GreyNoise Intelligence Releases New Research on Cybersecurity Vulns – Source: www.darkreading.com https://ciso2ciso.com/greynoise-intelligence-releases-new-research-on-cybersecurity-vulns-source-www-darkreading-com/ #rssfeedpostgeneratorecho #DarkReadingSecurity #CyberSecurityNews #DARKReading #GreyNoise
CISO2CISO.COM & CYBER SECURITY GROUP · GreyNoise Intelligence Releases New Research on Cybersecurity Vulns – Source: www.darkreading.comSource: www.darkreading.com - Author: Please enable cookies. Sorry, you have been blocked You are unable to access darkread
Exploitation of Newly Added KEV CVEs. GreyNoise tagged 3 of them before KEV addition. Full analysis: https://greynoise.io/blog/greynoise-observes-exploitation-three-newly-added-kev-vulnerabilities
#GreyNoise #KEV #CISA
greynoise.ioGreyNoise Observes Exploitation of Three Newly Added KEV VulnerabilitiesOn March 3, 2025, the Cybersecurity and Infrastructure Security Agency added five vulnerabilities to its Known Exploited Vulnerabilities catalog, confirming their exploitation in the wild.
New DDoS Botnet Discovered: Over 30,000 Devices Reportedly Used in Attacks. Majority of observed activity traced to Iran. Block these IPs immediately.
Attackers are chaining flaws to breach Palo Alto Networks firewalls https://www.helpnetsecurity.com/2025/02/19/palo-alto-networks-firewalls-cve-2025-0108-cve-2024-9474-cve-2025-0111/ #PaloAltoNetworks #vulnerability #enterprise #Don'tmiss #Assetnote #GreyNoise #Hotstuff #News
Help Net Security · Attackers are chaining flaws to breach Palo Alto Networks firewalls - Help Net Security
Mehr von Zeljka Zorz
Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) https://www.helpnetsecurity.com/2025/01/29/zyxel-cpe-devices-under-attack-vulnerability-cve-2024-40891/ #vulnerability #Don'tmiss #GreyNoise #VulnCheck #Hotstuff #Censys #Zyxel #News
Help Net Security · Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) - Help Net Security
Mehr von Zeljka Zorz
New Zyxel Zero-Day Under Attack, No Patch Available https://www.securityweek.com/new-zyxel-zero-day-under-attack-no-patch-available/ #Malware&Threats #Vulnerabilities #CVE202440891 #GreyNoise #Censys #Zyxel
New Zyxel Zero-Day Under Attack, No Patch Available https://www.securityweek.com/new-zyxel-zero-day-under-attack-no-patch-available/ #Malware&Threats #Vulnerabilities #CVE202440891 #GreyNoise #Censys #Zyxel
I posted a quick/fun little blog about the dangers of invisible bytes, particularly when everybody copies/pastes exploits without understanding them:
https://www.labs.greynoise.io/grimoire/2024-11-20-null-problem/
GreyNoise LabsGreyNoise Labs - Null problem! Or: the dangers of an invisible byteA quick and silly post about a weird exploit situation
#Google 
und #Greynoise melden Erfolge bei KI-gestützter Schwachstellensuche | Security https://www.heise.de/news/Google-und-Greynoise-melden-Erfolge-bei-KI-gestuetzter-Schwachstellensuche-10004183.html #ArtificialIntelligence
heise online · Google und Greynoise melden Erfolge bei KI-gestützter Schwachstellensuche
I love it when companies put their name in the PoC, it makes it so much easier to track down what I'm seeing when it gets sprayed out on the internet. Thanks watchTowr!
(This is Palo Alto Expedition - CVE-2024-9463)
I wrote a blog about ongoing exploitation of CVE-2023-22527, an Atlassian Confluence vulnerability from January of this year. What the attacker's up to, what their payload does, etc. (TL;DR: it's crypto.. it seems like it's always crypto these days)
https://www.labs.greynoise.io/grimoire/2024-03-confluence-where-are-they-now/
GreyNoise LabsGreyNoise Labs - Where are they now? Starring: Confluence CVE-2023-22527Let’s look at current exploitation of CVE-2023-22527 - a Confluence template-injection vulnerability
Sicherheitslücke in ownCloud entdeckt: Was man darüber wissen sollte!
#Datenschutz #ITSicherheit #CVE202349103 #CVE202394104 #CVE202394105 #GlennThorpe #Graphapi #Greynoise #KevinBeaumont #ownCloud #ownCloudServer https://tarnkappe.info/artikel/it-sicherheit/sicherheitsluecke-in-owncloud-entdeckt-was-man-darueber-wissen-sollte-284041.html
Tarnkappe.info · Sicherheitslücke in ownCloud entdeckt: Was man darüber wissen sollte!Kritische Sicherheitslücke bedroht ownCloud-Server. Betroffen sind vor allem Server in Deutschland, den USA, Frankreich, Russland und Polen.