GreyNoise's Avatar

GreyNoise

@greynoise.io.bsky.social

GreyNoise analyzes Internet background noise. Use GreyNoise to remove pointless security alerts, find compromised devices, or identify emerging threats.

3,874 Followers  |  24 Following  |  302 Posts  |  Joined: 18.07.2023  |  1.787

Latest posts by greynoise.io on Bluesky

Preview
NoiseLetter July 2025 Get GreyNoise updates! Read the July 2025 NoiseLetter for product news, key resources, the latest tags and vulnerabilities, and more.

This month's NoiseLetter will make the perfect light reading for a trip to say...Vegas? Make sure to check it out (even if you're not headed to BlackHat/DEF CON there is something in it for you). 🀘

01.08.2025 20:46 β€” πŸ‘ 2    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Post image

Yesterday, we published new research revealing an early warning system for CVE disclosure.

πŸ“Œ Full report: www.greynoise.io/resources/ea...

#Cybersecurity #ThreatIntel #VulnerabilityManagement #GreyNoise #InfoSec #CISO

01.08.2025 13:33 β€” πŸ‘ 6    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0

Starting in 10! πŸ‘€

31.07.2025 15:51 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Early Warning Signals: When Attacker Behavior Precedes New Vulnerabilities GreyNoise’s new research reveals a recurring pattern: spikes in malicious activity often precede the disclosure of new CVEs β€” especially in enterprise edge technologies like VPNs and firewalls.

🚨 New Research: GreyNoise identifies an early warning signal, spikes in attacker activity tend to precede new CVE disclosures within six weeks. Which vendors show the strongest signal and more, all in our latest report ⬇️

31.07.2025 13:18 β€” πŸ‘ 5    πŸ” 5    πŸ’¬ 0    πŸ“Œ 1
Preview
GreyNoise University LIVE

GN University LIVE is headed your way tomorrow @ 12pm ET, don't miss it! πŸ”₯

30.07.2025 16:31 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 1
Preview
A Spike in the Desert: How GreyNoise Uncovered a Global Pattern of VOIP-Based Telnet Attacks A spike in botnet traffic from a single utility in a rural part of New Mexico led to the discovery of a global botnet. Explore how human-led, AI-powered analysis exposed compromised devices, uncovered...

An unexpected cluster of malicious IPs in a remote U.S. town led GreyNoise researchers to uncover a 500+ device botnet. Full analysis ⬇️
#Cybersecurity #ThreatIntel #Botnet #VoIP #GreyNoise #Cyber #Tech

24.07.2025 13:05 β€” πŸ‘ 10    πŸ” 8    πŸ’¬ 0    πŸ“Œ 0
Preview
Flaw in Signal App Clone Could Leak Passwords β€” GreyNoise Identifies Active Reconnaissance and Exploit Attempts A vulnerability disclosed in May 2025, CVE-2025-48927, affects certain deployments of TeleMessageTM SGNL. If exposed, this endpoint can return a full snapshot of heap memory which may include plaintex...

A vulnerability in a Signal-based enterprise messaging app could expose plaintext usernames and passwords via an unauthenticated memory dump. We're seeing exploit attempts in real time. Full analysis ⬇️ #Cybersecurity #ThreatIntel #GreyNoise

17.07.2025 13:04 β€” πŸ‘ 7    πŸ” 4    πŸ’¬ 0    πŸ“Œ 0
Preview
Exploitation of CitrixBleed 2 (CVE-2025-5777) Began Before PoC Was Public GreyNoise has observed active exploitation attempts against CVE-2025-5777 (CitrixBleed 2), a memory overread vulnerability in Citrix NetScaler. Exploitation began on June 23 β€” nearly two weeks before a public proof-of-concept was released on July 4.

GreyNoise observed exploitation of CitrixBleed 2 (CVE-2025-5777) nearly two weeks before a public PoC was released. Full breakdown ⬇️
#GreyNoise #ThreatIntel #CitrixBleed #Citrix #NetScaler

16.07.2025 20:45 β€” πŸ‘ 7    πŸ” 8    πŸ’¬ 0    πŸ“Œ 0
Preview
GreyNoise Identifies New Scraper Botnet Concentrated in Taiwan GreyNoise has identified a previously untracked variant of a scraper botnet, detectable through a globally unique network fingerprint. To detect it, GreyNoise analysts created a signature using JA4+, ...

🚨 GreyNoise uncovered a previously untracked botnet, mostly based in Taiwan. Detected using JA4H + JA4T behavioral fingerprinting. Full analysis and list of IPs ⬇️ #GreyNoise #ThreatIntel #Cybersecurity

09.07.2025 13:05 β€” πŸ‘ 9    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0
Preview
NoiseLetter June 2025 Get GreyNoise updates! Read the June 2025 NoiseLetter for product news, key resources, the latest tags and vulnerabilities, and more.

For the 5th year, we’re on summer break✈️Mandatory PTO starts TODAY! Services will stay up, with a skeleton crew on call for emergencies. Miss us? Check out this month’s NoiseLetter. See ya July 7! ✌️

27.06.2025 15:32 β€” πŸ‘ 4    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0

See ya in 46 minutes...but who's counting 😬

26.06.2025 15:14 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
GreyNoise University LIVE

See ya'll tomorrow at 12pm ET, for June's GreyNoise University LIVE! πŸ”₯

25.06.2025 18:16 β€” πŸ‘ 1    πŸ” 2    πŸ’¬ 0    πŸ“Œ 1
Preview
Surge in MOVEit Transfer Scanning Activity Could Signal Emerging Threat Activity GreyNoise has identified a notable surge in scanning activity targeting MOVEit Transfer systems, beginning on May 27, 2025. Prior to this date, scanning was minimal β€” typically fewer than 10 IPs obser...

🚨 GreyNoise has observed a surge in scanning activity against MOVEit Transfer. Read the blog & see suspicious and malicious IPs ⬇️

#GreyNoise #ThreatIntel #Cybersecurity

25.06.2025 13:06 β€” πŸ‘ 11    πŸ” 5    πŸ’¬ 0    πŸ“Œ 0

@runzero.com we are stoked to have you back this year! πŸ”₯

20.06.2025 16:10 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
GreyNoise - NoiseFest at BlackHat 2025 Join us for NoiseFest at BlackHat/DEFCON on Thursday, August 7th. Enjoy drinks, snacks, and engaging conversations with your peers. RSVP now!

VEGAS, WE ARE SO BACK! 🀘

18.06.2025 19:16 β€” πŸ‘ 10    πŸ” 3    πŸ’¬ 1    πŸ“Œ 0
Preview
Exploiting Erlang OTP with Zip files: CVE-2025-4748 – GreyNoise Labs Improper Limitation of a Pathname to a Restricted Directory (β€˜Path Traversal’) vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation

New GreyNoise Labs research: CVE-2025-4748. Our team demonstrates how path traversal via zip archives can be used to achieve file write and code execution against Erlang OTP environments.

Read the full tech breakdown here ⬇️

17.06.2025 17:17 β€” πŸ‘ 5    πŸ” 4    πŸ’¬ 0    πŸ“Œ 1
Preview
GreyNoise Observes Exploit Attempts Targeting Zyxel CVE-2023-28771 ‍On June 16, GreyNoise observed exploit attempts targeting CVE-2023-28771 β€” a remote code execution vulnerability affecting Zyxel Internet Key Exchange (IKE) packet decoders over UDP port 500.

GreyNoise has observed exploit attempts targeting CVE-2023-28771 β€” an RCE vuln affecting Zyxel devices. Full analysis + malicious IPs ⬇️

#Cybersecurity #ThreatIntel #Vulnerabilities #GreyNoise

16.06.2025 21:04 β€” πŸ‘ 9    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
Cribl Pit Stop - Toronto Learn how to supercharge your telemetry management strategy from the world’s leader in telemetry management infrastructure. Cribl is coming to Toronto to address your data challenges.

Hey Toronto πŸ‡¨πŸ‡¦! We are headed your way next week with our friends Cribl, for their #CriblPitStop. Say hi to our team and get the inside scoop about all things GreyNoise! 🍁

13.06.2025 19:03 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
Coordinated Brute Force Activity Targeting Apache Tomcat Manager Indicates Possible Upcoming Threats GreyNoise recently observed a coordinated spike in malicious activity against Apache Tomcat Manager interfaces. On June 5, 2025, two GreyNoise tags β€” Tomcat Manager Brute Force Attempt and Tomcat Mana...

🚨 Brute force activity against Apache Tomcat Manager just spiked, indicating possible upcoming threats. πŸ”— Full analysis & malicious IPs ⬇️
#GreyNoise #Apache #ThreatIntel #Tomcat

10.06.2025 13:16 β€” πŸ‘ 4    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0

Technical Blog Drop πŸ”₯ GreyNoise Labs explains why encoded payloads may go unnoticed.
#Suricata #Cybersecurity

06.06.2025 16:30 β€” πŸ‘ 7    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
GreyNoise Webinar - How Resurgent Vulnerabilities Jeopardize Organizational Security Watch as GreyNoise experts break down key insights from our latest 2025 report, A Blindspot in Cyber Defense: How Resurgent Vulnerabilities Jeopardize Organizational Security.

ICYMI πŸ‘€ @hrbrmstr.dev + Noah gave an epic talk on all things resurgent vulns, check it out πŸ”₯

05.06.2025 17:29 β€” πŸ‘ 3    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
GreyNoise Webinar - How Resurgent Vulnerabilities Jeopardize Organizational Security Join GreyNoise Founder & Chief Architect Andrew Morris and VP of Data Science Bob Rudis as they break down key insights from our latest 2025 report, A Blindspot in Cyber Defense: How Resurgent Vulnera...

πŸ§Ÿβ€β™‚οΈ Old CVEs are back from the dead + they’re coming for your edge tech.

Join @andrewmorr.is + @hrbrmstr.dev TOMORROW as they unpack the weird world of resurgent vulns and what they mean for your security strategy.

🎟️ Register now ⬇️

02.06.2025 17:40 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
NoiseLetter May 2025 Get GreyNoise updates! Read the May 2025 NoiseLetter for product news, key resources, the latest tags and vulnerabilities, and more.

It may almost be summer, but not before you check out this month's NoiseLetter! 🌊

29.05.2025 15:39 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

See ya soon!

29.05.2025 15:20 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
GreyNoise Discovers Stealthy Backdoor Campaign Affecting Thousands of ASUS Routers GreyNoise uncovers a stealth campaign exploiting ASUS routers, enabling persistent backdoor access via CVE-2023-39780 and unpatched techniques. Learn how attackers evade detection, how GreyNoise disco...

GreyNoise Discovers Stealthy Backdoor Campaign Targeting ASUS Routers. Attacker tradecraft reflects APT-like behavior: quiet, durable, and designed for long-term access. Full blog ⬇️

#Cybersecurity #ThreatIntel #GreyNoise #ASUS

28.05.2025 13:33 β€” πŸ‘ 18    πŸ” 14    πŸ’¬ 1    πŸ“Œ 2
Post image

We are back this Thursday for another GreyNoise University LIVE, tune in for demos, news + what to expect this month! πŸ”—https://www.greynoise.io/events/greynoise-university-live

27.05.2025 22:25 β€” πŸ‘ 5    πŸ” 1    πŸ’¬ 0    πŸ“Œ 2
Preview
Coordinated Cloud-Based Scanning Operation Targets 75 Known Exposure Points in One Day On May 8, GreyNoise observed a highly coordinated reconnaissance campaign launched by 251 malicious IP addresses, all geolocated to Japan and hosted by Amazon AWS. The infrastructure and execution sug...

🚨 On May 8, GreyNoise observed a coordinated scanning operation launched by 251 malicious IPs, all hosted by Amazon and geolocated in Japan. ColdFusion, Apache Struts, Tomcat targeted. Full analysis ⬇️
#Cybersecurity #GreyNoise #ThreatIntel

27.05.2025 16:50 β€” πŸ‘ 8    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0
Post image

GreyNoise observed a major spike in scanning against Ivanti products weeks before two zero-days were disclosed in Ivanti EPMM. Full update: www.greynoise.io/blog/surge-i...
#Ivanti #GreyNoise #Cybersecurity #ZeroDays

20.05.2025 19:54 β€” πŸ‘ 8    πŸ” 6    πŸ’¬ 0    πŸ“Œ 0

*in two weeks, whoops πŸ˜…

20.05.2025 18:52 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
GreyNoise Webinar - How Resurgent Vulnerabilities Jeopardize Organizational Security Join GreyNoise Founder & Chief Architect Andrew Morris and VP of Data Science Bob Rudis as they break down key insights from our latest 2025 report, A Blindspot in Cyber Defense: How Resurgent Vulnera...

Old CVEs, new nightmares 😱 Resurgent vulns are rewriting the risk equation..are you prepared? Join @andrewmorr.is + boB Rudis next week as they unpack key insights from our latest 2025 report.

20.05.2025 17:16 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0

@greynoise.io is following 20 prominent accounts