GreyNoise

Surge in Brute-Force Attempts Against Fortinet SSL VPNs

On August 3, we observed the largest single-day spike in brute-force activity against Fortinet SSL VPNs in recent months. Full breakdown of the campaign and how we traced it: https://www.greynoise.io/blog/vulnerability-fortinet-vpn-bruteforce-spike […]

[Original post on infosec.exchange]

NoiseLetter July 2025 Get GreyNoise updates! Read the July 2025 NoiseLetter for product news, key resources, the latest tags and vulnerabilities, and more.

This month's NoiseLetter will make the perfect light reading for a trip to say...Vegas? Make sure to check it out (even if you're not headed to BlackHat/DEF CON there is something in it for you). 🤘https://www.greynoise.io/resources/noiseletter-july-2025

Yesterday, we published new research revealing an early warning system for CVE disclosure. 📌 Full report: https://www.greynoise.io/resources/early-warning-signals-attacker-behavior-precedes-new-vulnerabilities

#Cybersecurity #ThreatIntel #VulnerabilityManagement #GreyNoise #InfoSec #CISO

GreyNoise University LIVE

GN University LIVE is headed your way tomorrow @ 12pm ET, don't miss it! 🔥
https://www.greynoise.io/events/greynoise-university-live

🚨 New Research: GreyNoise identifies an early warning signal, spikes in attacker activity tend to precede new CVE disclosures within six weeks. Which vendors show the strongest signal and more, all in our latest report ⬇️ […]

GreyNoise University LIVE

GN University LIVE is headed your way tomorrow @ 12pm ET, don't miss it! 🔥
https://www.greynoise.io/events/greynoise-university-live

A Spike in the Desert: How GreyNoise Uncovered a Global Pattern of VOIP-Based Telnet Attacks A spike in botnet traffic from a single utility in a rural part of New Mexico led to the discovery of a global botnet. Explore how human-led, AI-powered analysis exposed compromised devices, uncovered attack patterns, and why defenders should take note.

An unexpected cluster of malicious IPs in a remote U.S. town led GreyNoise researchers to uncover a 500+ device botnet. Full analysis: https://www.greynoise.io/blog/how-greynoise-uncovered-global-pattern-voip-based-telnet-attacks

#Cybersecurity #ThreatIntel #Botnet #VoIP #GreyNoise #Cyber #Tech

A vulnerability in a Signal-based enterprise messaging app could expose plaintext usernames and passwords via an unauthenticated memory dump. We're seeing exploit attempts in real time.

Full analysis: https://www.greynoise.io/blog/active-exploit-attempts-signal-based-messaging-app […]

Exploitation of CitrixBleed 2 (CVE-2025-5777) Began Before PoC Was Public GreyNoise has observed active exploitation attempts against CVE-2025-5777 (CitrixBleed 2), a memory overread vulnerability in Citrix NetScaler. Exploitation began on June 23 — nearly two weeks before a public proof-of-concept was released on July 4.

GreyNoise observed exploitation of CitrixBleed 2 (CVE-2025-5777) nearly two weeks before a public PoC was released. Full breakdown: https://www.greynoise.io/blog/exploitation-citrixbleed-2-cve-2025-5777-before-public-poc #GreyNoise #ThreatIntel #CitrixBleed #Citrix #NetScaler

GreyNoise Identifies New Scraper Botnet Concentrated in Taiwan GreyNoise has identified a previously untracked variant of a scraper botnet, detectable through a globally unique network fingerprint. To detect it, GreyNoise analysts created a signature using JA4+, the suite of JA4 signatures used to fingerprint network traffic.

🚨 GreyNoise uncovered a previously untracked botnet, mostly based in Taiwan. Detected using JA4H + JA4T behavioral fingerprinting. Full analysis and list of IPs: https://www.greynoise.io/blog/new-scraper-botnet-concentrated-in-taiwan

#GreyNoise #ThreatIntel #Cybersecurity

NoiseLetter June 2025 Get GreyNoise updates! Read the June 2025 NoiseLetter for product news, key resources, the latest tags and vulnerabilities, and more.

For the 5th year, we’re on summer break✈️Mandatory PTO starts TODAY! Services will stay up, with a skeleton crew on call for emergencies. Miss us? Check out this month’s NoiseLetter. See ya July 7! ✌️

💌 https://www.greynoise.io/resources/noiseletter-june-2025

GreyNoise University LIVE

See ya'll tomorrow at 12pm ET, for June's GreyNoise University LIVE! 🔥

https://www.greynoise.io/events/greynoise-university-live

GreyNoise University LIVE

See ya'll tomorrow at 12pm ET, for June's GreyNoise University LIVE! 🔥

https://www.greynoise.io/events/greynoise-university-live

Surge in MOVEit Transfer Scanning Activity Could Signal Emerging Threat Activity GreyNoise has identified a notable surge in scanning activity targeting MOVEit Transfer systems, beginning on May 27, 2025. Prior to this date, scanning was minimal — typically fewer than 10 IPs observed per day.

🚨 GreyNoise has observed a surge in scanning activity against MOVEit Transfer. Read the blog & see suspicious and malicious IPs: https://www.greynoise.io/blog/surge-moveit-transfer-scanning-activity

#GreyNoise #ThreatIntel #Cybersecurity

@runZeroInc we are stoked to have you back this year! 🔥

GreyNoise - NoiseFest at BlackHat 2025 Join us for NoiseFest at BlackHat/DEFCON on Thursday, August 7th. Enjoy drinks, snacks, and engaging conversations with your peers. RSVP now!

VEGAS, WE ARE SO BACK! 🤘

https://info.greynoise.io/events/noisefest-blackhat-2025

New GreyNoise Labs research: CVE-2025-4748

Our team demonstrates how path traversal via zip archives can be used to achieve file write and code execution against Erlang OTP environments, exploiting CVE-2025-4748. This technique leverages the zip:unzip function when untrusted zip files are […]

GreyNoise Observes Exploit Attempts Targeting Zyxel CVE-2023-28771 ‍On June 16, GreyNoise observed exploit attempts targeting CVE-2023-28771 — a remote code execution vulnerability affecting Zyxel Internet Key Exchange (IKE) packet decoders over UDP port 500.

GreyNoise has observed exploit attempts targeting CVE-2023-28771 — an RCE vuln affecting Zyxel devices. Full analysis + malicious IPs

🔗https://www.greynoise.io/blog/exploit-attempts-targeting-zyxel-cve-2023-28771

#Cybersecurity #ThreatIntel #Vulnerabilities #GreyNoise

Cribl Pit Stop - Toronto Learn how to supercharge your telemetry management strategy from the world’s leader in telemetry management infrastructure. Cribl is coming to Toronto to address your data challenges.

Hey Toronto 🇨🇦! We are headed your way next week with our friends @cribl_io for their #CriblPitStop. Say hi to our team and get the inside scoop about all things GreyNoise! 🍁

https://info.cribl.io/RM-FEV-FY26-Q2-06-17-PitStop-Toronto_LP-Registration.html

Coordinated Brute Force Activity Targeting Apache Tomcat Manager Indicates Possible Upcoming Threats GreyNoise recently observed a coordinated spike in malicious activity against Apache Tomcat Manager interfaces. On June 5, 2025, two GreyNoise tags — Tomcat Manager Brute Force Attempt and Tomcat Manager Login Attempt — registered well above baseline volumes, indicating a deliberate attempt to identify and access exposed Tomcat services at scale.

🚨 Brute force activity against Apache Tomcat Manager just spiked, indicating possible upcoming threats. 🔗 Full analysis & malicious IPs: https://www.greynoise.io/blog/coordinated-brute-force-activity-targeting-apache-tomcat-manager
#GreyNoise #Apache #ThreatIntel #Tomcat

Technical Blog Drop 🔥 GreyNoise Labs explains why encoded payloads may go unnoticed:
🔗 https://labs.greynoise.io/grimoire/2025-06-05-suricata-url-decoding/

#Suricata #Cybersecurity

GreyNoise Webinar - How Resurgent Vulnerabilities Jeopardize Organizational Security Join GreyNoise Founder & Chief Architect Andrew Morris and VP of Data Science Bob Rudis as they break down key insights from our latest 2025 report, A Blindspot in Cyber Defense: How Resurgent Vulnerabilities Jeopardize Organizational Security.

ICYMI 👀 @hrbrmstr + Noah gave an epic talk on all things resurgent vulns, check it out 🔥

https://info.greynoise.io/webinar/how-resurgent-vulnerabilities-jeopardize-organizational-security

🧟‍♂️ Old CVEs are back from the dead + they’re coming for your edge tech.

Join @morris + @hrbrmstr TOMORROW as they unpack the weird world of resurgent vulns and what they mean for your security strategy.

🎟️ Register now […]

NoiseLetter May 2025 Get GreyNoise updates! Read the May 2025 NoiseLetter for product news, key resources, the latest tags and vulnerabilities, and more.

It's may almost be summer, but not before you check out this month's NoiseLetter! 🌊 https://www.greynoise.io/resources/noiseletter-may-2025

We are back this Thursday for another GreyNoise University LIVE, tune in for demos, news + what to expect this month! 🔗https://www.greynoise.io/events/greynoise-university-live

GreyNoise Discovers Stealthy Backdoor Campaign Targeting ASUS Routers. Attacker tradecraft reflects APT-like behavior: quiet, durable, and designed for long-term access. Full blog […]

[Original post on infosec.exchange]

We are back this Thursday for another GreyNoise University LIVE, tune in for demos, news + what to expect this month! 🔗https://www.greynoise.io/events/greynoise-university-live

🚨 On May 8, GreyNoise observed a coordinated scanning operation launched by 251 malicious IPs, all hosted by Amazon and geolocated in Japan. ColdFusion, Apache Struts, Tomcat targeted. Full analysis […]

GreyNoise observed a major spike in scanning against Ivanti products weeks before two zero-days were disclosed in Ivanti EPMM. Full update: https://www.greynoise.io/blog/surge-ivanti-connect-secure-scanning-activity
#Ivanti #GreyNoise #Cybersecurity #ZeroDays

GreyNoise Webinar - How Resurgent Vulnerabilities Jeopardize Organizational Security Join GreyNoise Founder & Chief Architect Andrew Morris and VP of Data Science Bob Rudis as they break down key insights from our latest 2025 report, A Blindspot in Cyber Defense: How Resurgent Vulnerabilities Jeopardize Organizational Security.

Old CVEs, new nightmares 😱 Resurgent vulns are rewriting the risk equation..are you prepared? Join @morris + @hrbrmstr next week as they unpack key insights from our latest 2025 report.

https://info.greynoise.io/webinar/how-resurgent-vulnerabilities-jeopardize-organizational-security