A dark-themed slide shows a table summarizing the internet exposure of four device types targeted by Iranian threat actors, comparing counts from January 2025 to June 2025 and showing the percentage change. Unitronics, Red Lion, and Tridium Niagara all increased in exposure, while Orpak SiteOmat decreased by nearly 25%.
Multiple US gov agencies have warned orgs to stay vigilant for potential Iran-affiliated cyber activity. We studied exposure of 4 vendors previously known to be of interest to IR-affiliated groups.
Read more: censys.com/blog/ics-ira...
30.06.2025 17:37 β π 1 π 0 π¬ 0 π 0
Screenshot of dashboard depicting Censys observed host counts in Iran from June 16 through June 23
π #Iran Internet #Outage Update
----
June 21 marked lowest visibilityβbut signs of recovery.
π Some networks (e.g., DATAK, HAMYAR-AS) remain unstable.
π Others (e.g., RESPINA-AS, MOBINNET-AS) are bouncing back strong.
View at #Censys: censys.com/blog/irans-i...
23.06.2025 20:44 β π 0 π 1 π¬ 0 π 0
Screenshot of a terminal with white text on black background, showing results of the "showmount -a" command on an IP address
π We looked at the C2 server associated with the Flodrix botnet and used an internet-exposed RPC service to uncover a world-readable NFS mount and 745 compromised hosts!
π censys.com/blog/poking-...
19.06.2025 16:42 β π 3 π 1 π¬ 0 π 0
Two line graphs depicting scan error and success rates for Iran. Around 12pm UTC on June 18, the bottom graph depicts a sharp increase in scan error rates, while the top depicts a complementary decrease in scan success rates
Around 12PM UTC on June 18, scan error rates in Iran surged to nearly 100%, indicating a sudden, nationwide outage affecting almost all services. Systems that were previously reachable are now timing out or rejecting connections.
18.06.2025 17:52 β π 1 π 0 π¬ 0 π 0
Censys Community | Censys Community
Ask, discuss, learn, and connect in the Censys Community
Hey there, sorry to hear you're having a problem with your account. Make a post about your issue in our Community forum and we'll try to help! community.censys.com
16.06.2025 14:27 β π 0 π 0 π¬ 1 π 0
Screenshot of Censys Platform
We used the new Censys Threat Hunting Module to investigate a Colombian threat actor, uncovering a series of remote access trojan (RAT) C2 servers.
We also show how to use this information to create a set of IOCs for defensive measures: censys.com/blog/unmaski...
11.06.2025 16:45 β π 0 π 1 π¬ 0 π 0
A defining moment for Censys - We are excited to announce that the Threat Hunting Module in the new Censys Platform is now #GA!
www.censys.com/blog/interne...
10.06.2025 15:12 β π 0 π 0 π¬ 0 π 0
Great research. They found 400 web-based HMIs for US water facilities exposed online. All used same HMI/SCADA software. Some required credentials to access, some were in read-only mode and couldn't be manipulated. But 40 systems didn't require authentication and were fully controllable via internet
05.06.2025 16:51 β π 28 π 16 π¬ 1 π 1
Turning Off the (Information) Flow: Working With the EPA to Secure Hundreds of Exposed Water HMIs
In October 2024, Censys researchers discovered ~400 U.S. water facility web-based HMIs exposed online. Within a month of sharing data with the EPA and the vendor, 58% of systems were protected. Read more here: censys.com/blog/turning...
05.06.2025 12:13 β π 1 π 1 π¬ 0 π 1
Tracking AyySSHush: a Newly Discovered ASUS Router Botnet Campaign
Thousands of compromised ASUS routers are being co-opted into a volatile but persistent botnet. Our latest blog takes IoCs from @greynoise.io and breaks down how the AyySSHush campaign has evolved over the past 5 months β and what makes it stand out: censys.com/blog/trackin...
30.05.2025 13:40 β π 0 π 0 π¬ 0 π 0
TikTok and Malware
Trend Micro recently uncovered a campaign abusing TikTok to distribute malware via AI-generated videos, tricking users into installing infostealers. Using IOCs provided by Trend Micro, we found more related infrastructure, including a newer bulletproof service provider: censys.com/blog/tiktok-...
27.05.2025 18:18 β π 1 π 4 π¬ 0 π 0
The Importance of Poppinβ Fresh Data
A recent study by the Censys Research Team evaluated Censysβs IPv4 scanning capability against other engines and found that while these alternatives sometimes self-report higher numbers of results, th...
The Censys Research Team evaluated Censysβs IPv4 scanning capability against other engines and found that while these alternatives sometimes self-report higher numbers of results, their data is often stale and inaccurate.
censys.com/blog/the-imp...
19.05.2025 13:34 β π 0 π 0 π¬ 0 π 1
YouTube video by Censys
The Big Story: Langflow CVE-2025-3248
Our latest video dives into the details of CVE-2025-3248, a critical flaw in the Langflow, an open source Python app, that is being exploited in the wild.
youtu.be/vK4iYy_A130?...
13.05.2025 13:50 β π 0 π 1 π¬ 0 π 0
YouTube video by Censys
The Big Story: Langflow CVE-2025-3248
New @censys.bsky.social video on the Langflow CVE-2025-3248 bug and the ongoing exploitation.
youtu.be/vK4iYy_A130?...
09.05.2025 19:07 β π 0 π 1 π¬ 0 π 0
Speeding up Threat Hunting with Censys
Learn how the Censys Threat module allows users to rapidly investigate identified threat actor infrastructure.
Threat hunting tools should be built for speed and designed by threat hunters. Now they are.
The Censys Threat Module:
β±οΈ Speeds up investigations
π Surfaces enriched threat context
π Enables real-time pivoting
Act faster. Hunt smarter. See how: censys.com/blog/speedin...
08.05.2025 14:48 β π 0 π 1 π¬ 0 π 0
Salt Typhoon Attacks Highlight Need for Advanced Defenses
The Salt Typhoon attacks on critical infrastructure show the need for better threat hunting.
If you think Salt Typhoon has moved onβyou might want to double-check your attack surface. Weβre still seeing critical telecom infrastructure exposed to active targeting. Find out what we uncovered (and what you should be looking for) censys.com/blog/salt-ty...
07.05.2025 17:28 β π 0 π 0 π¬ 0 π 0
Postcards From the Edge: Verizon DBIR Reveals Sharp Increase in Targeting of Edge Security Devices
The Verizon 2025 Data Breach Investigations Report shows a sharp increase in edge security device vulnerabilities as the initial access vector in breaches.
Censys was a proud contributor to the 2025 Verizon Data Breach Investigations Report, shedding light on the growing threat to firewalls, VPNs, and other perimeter gear. See that this sharp increase in targeting edge security devices means β‘οΈ censys.com/blog/postcar...
06.05.2025 16:56 β π 0 π 2 π¬ 0 π 0
03.05.2025 19:48 β π 0 π 0 π¬ 0 π 0
Google Data Shows Fewer Zero Days in 2024, But More Targeting of Enterprises
New data compiled by Google Threat Intelligence Group shows that while the total number of zero days identified in 2024 dropped to 75 from 98 the year before
Zero days attract a huge amount of attention in the security community, an amount that is completely disproportionate to how many of these vulnerabilities emerge each year and how often theyβre actually used. Theyβre the Cybertrucks of security.
censys.com/blog/google-...
02.05.2025 13:29 β π 1 π 1 π¬ 0 π 0
Google Data Shows Fewer Zero Days in 2024, But More Targeting of Enterprises
New data compiled by Google Threat Intelligence Group shows that while the total number of zero days identified in 2024 dropped to 75 from 98 the year before
From an attackerβs perspective it makes perfect sense to target enterprise products, especially networking and security appliances. Those devices can grant a successful adversary broad access to the target organization, and there are often many different options.
censys.com/blog/google-...
01.05.2025 15:33 β π 0 π 1 π¬ 0 π 0
New Ports & Protocols Dashboard from Censys | Exposure Intel
Get real-time visibility into open ports, running services, and exposure risks with the new Censys Ports & Protocols Dashboardβnow live in Censys ASM.
See every port. Secure every protocol. π The new Censys Ports & Protocols Dashboard is your exposure command center. Find out how we're helping SOC teams pinpoint exposures, track protocol misconfigurations, and close compliance gaps faster. censys.com/blog/introdu...
01.05.2025 14:06 β π 0 π 0 π¬ 0 π 0
Whether you're at RSA Conference this week or dealing with #RSAC2025 FOMO, we've got your next stop. Join us May 6-8 in Baltimore to connect and collaborate with security leaders across the military and government sectors.
30.04.2025 20:37 β π 0 π 0 π¬ 0 π 0
Scouting a Threat Actor
Our monitoring flagged a single host containing the source code for a command-and-control (C2) server, a backdoor, and a trojan dropper build systemβa set of tools that (to our knowledge) has not been publicly documented before.
censys.com/blog/scoutin...
30.04.2025 15:05 β π 1 π 1 π¬ 0 π 0
Introducing the Censys Query Assistant: Natural Language Threat Search
Experience faster, easier threat hunting with the new Censys Query Assistant. Search internet intelligence using natural languageβno complex syntax required.
When the AI hype is real. π The new Censys Query Assistant brings 2+ years of R&D into a tool that makes threat investigation faster, easier, and smarter. Find out how we're bringing the power of natural language search to security teams. censys.com/blog/acceler...
29.04.2025 15:17 β π 0 π 0 π¬ 0 π 0
Threat hunters, this is your inside track. π₯ We just dropped an exclusive threat intelligence briefing from malware analyst Silas Cutler. Get insight into the BeaverTail malware campaign, North Koreaβs infiltration of global tech, and more. Watch now. censys.com/podcasts-vid...
28.04.2025 20:29 β π 3 π 0 π¬ 0 π 0
Censys Threat Hunting β Regain the Initiative and Seize Control
The Censys Threat Hunting module delivers critical threat insights and crucial hunt capabilities that empowers security teams to hunt faster, accelerate investigations, and preemptively defend against...
π¨ Launch Alert π¨Censys just redefined threat hunting. Our new Threat Hunting Module delivers unmatched visibility and context from real-time Internet Intelligence that empowers you to proactively hunt emerging threats. See it in action: censys.com/solutions/th... #cybersecurity #threathunting
28.04.2025 12:18 β π 1 π 1 π¬ 1 π 0
YouTube video by Censys
The Big Story: BeaverTail, InvisibleFerret and the Carnival of North Korean Threats
Fresh new video with @silascutler.bsky.social and @dennisf.bsky.social discussing the BeaverTail and InvisibleFerret malware and the DPRK threat actor landscape.
youtu.be/z-KImQiHRck?...
25.04.2025 20:52 β π 3 π 1 π¬ 0 π 1
The End of Stale Indicators
Far too often, indicator feeds are full of stale IPsβones that were active months before they were ever added to a blocklist. We want to end the use of stale indicators.
With our new Threat module, Censys is focused on delivering timely, actionable and context rich information. Over the past few months, we've been tracking a part of BeaverTail deployments used to serve the InvisibleFerret malware in a Collection in the Censys Platform.
censys.com/blog/the-end...
25.04.2025 13:19 β π 1 π 2 π¬ 0 π 0
Cyber pro. Beerie. Bad but fun golfer.
security researcher
https://aneilan.github.io
34
Cyber Threat Intelligencer
Interested in all things cybercrime, nation-state, disinformation, and anything else emerging.
Transparently encrypt data on legacy systems, servers, devices & distributed applications. Encrypt stored data right out of the box quickly and with confidence.
computer security person. former helpdesk.
I cover digital threats for NBC News. Tip me! @kevincollier.01 on signal, kevin.collier@nbcuni.com. NYC, from West Virginia.
Stretch-4 putting in work on the offensive and defensive glass.
Aspiring to play lead and rhythm guitar.
My posts disappear.
I am the host of Behind the Bastards and overlord of podcasts at Cool Zone Media
Hacker, CISO, and private pilot. Certified Bluesky Elder. Author and International Speaker, Chief advocate of #DoBetterBeBetter
Compassion and empathy are traits in short supply but necessary to make this world a better place.
alyssasec.com
Powered by the folks at Red Team Arts!
Gallery - coming soon
redteamarts.com
Experienced InfoSec | Elder Millennial | πΌ @GreyNoiseIO | I ask 'why?' a lot | Pro Oxford Comma | Fix it! | He/Him | #BLM | Views are my own.
https://linktr.ee/glennthorpe
Now Google Threat Intelligence & doing fun things at DistrictCon, fmrly GreyNoiseIO and RecordedFuture, SAISHopkins MASCI alumna | β‘s & rts are my own, my employer definitely doesnβt like Taylor Swift that much
Principal Security Researcher at GreyNoise. https://skullsecurity.org
Mostly post about work stuff, maybe some improv stuff and maybe even magic some day. Seattle-based (originally Canadian), queer, cybersecurity nerd.
(He/him)
Dad, Vulnerability Research, Packet connoisseur. He/Him. Cyber Security Architect @greynoise.bsky.social
, DM's open. Top percentage Rattata. #cve #infosec #cybersecurity
https://remyhax.xyz/
Contains Multitudes.
Threat Researcher.
Trying to leave things better than I found them, including the Internet ⒠runner ⒠security research @ Censys 𧑠she/her ⒠@mle@infosec.exchange
GreyNoise analyzes Internet background noise. Use GreyNoise to remove pointless security alerts, find compromised devices, or identify emerging threats.
Code-level vulnerabilities pose a significant risk in the intricate landscape of cloud-native environments. Ortelius provides end-to-end monitoring, reporting, and faster remediation of security issues throughout the software supply chain.
