NEW: The U.S. Treasury is sanctioning a Russian zero-day broker called Operation Zero. U.S. officials confirmed that Operation Zero was the company that bought exploits stolen by the former boss of U.S. defense contractor L3Harris Trenchant.
Trenchant made hacking tools for the U.S. and its allies.
Our blog at @Censys now has a proper RSS feed https://censys.com/feed/
(cc: @Feedly #GoogleReader)
I've been seeing Vshell in #opendirs for a few years. With the recent attention, it was time to do a proper write-up on it:
https://censys.com/blog/vshell/
Check out the agenda for [un]prompted . It was incredible to see what folks submitted and I'm excited to see everyone in March
https://unpromptedcon.org/
#InternetOfPlants
π₯ π New research from @morecoffeeplz.bsky.social
and @silascutler.bsky.social on the "silent" AI network, a massive, unmanaged layer of open-source AI infrastructure operating in the shadows.
New research from @silascutler.bsky.social and myself.
We tracked 175k exposed Ollama endpoints for nearly a year. Collected and analyzed custom models, sizes, quantizations, system prompts, and more.
How do you track DDoS infrastructure when C2 servers rarely last a day?
@vtx-savage.bsky.social and @silascutler.bsky.social are breaking down real-world DDoSia hunting using the Synapse-Censys Power-Up in our next webinar.
vertex.link/events/censy...
Join me next week at the @SANSInstitute #CTISummit in Arlington, VA where I'll be presenting on an operation against the infostealer #Rhadamanthys from early in its development.
Register @ https://www.sans.org/u/1CtB
We're hosting a webinar with @censys.bsky.social! Attackers can rotate infrastructure faster than threat hunters can keep up. Learn how defenders can pivot from indicators to infrastructure-centric intelligence.
@vtx-savage.bsky.social + @silascutler.bsky.social
vertex.link/events/censy...
Come see me talk at the @SANSInstitute #CTISummit in Arlington, VA about the infostealer #Rhadamanthys during its early development.
https://www.sans.org/u/1CtB
What a quote.
Critical MongoDB Uninitialized Memory Disclosure Vulnerability [CVE-2025-14847] #MongoBleed
From Censys scanning, we're seeing around 87,000 possibly vulnerable hosts
https://censys.com/advisory/cve-2025-14847
π¨π¨π¨ PATCH YO' MONGODB - PUBLIC POC AVAILABLE π¨π¨π¨
m.cje.io/4q2Bi1Y
ColdFusion++ Christmas Campaign: Catching a Coordinated Callback Calamity
https://www.labs.greynoise.io/grimoire/2025-12-26-coldfusion/
Some unusual #CobaltStrike activity we observed at Censys before the holiday. At the start of December, we saw a spike in CobaltStrike in AS138415 followed by a matching spike two days after on AS133199.
Report: https://censys.com/blog/recap-of-a-suspicious-surge-in-cobalt-strike
I'm speaking at the @SANSInstitute #CTISummit on an operation against #Rhadamanthys years before #OperationEndgame.
https://www.sans.org/u/1CtB
Dave Stern is an unrecognized national hero.
Scoop: The lone employee behind CISA's Pre-Ransomware Notification Initiative resigned on Friday rather than take a forced reassignment to FEMA.
CISA says PRNI will continue, but sources said David Stern's loss will be a major setback for it.
My story: www.cybersecuritydive.com/news/cisa-ra...
Iβm old enough to remember when CBS News would never have surrendered to a demagogic president or any other politician. Remember Edward R. Murrow?
For anyone looking to optimize their news feeds, I've been using Miniflux (https://miniflux.app/) as an RSS reader for the past few years.
Recently I found it also works well for tracking newly released mechanical keyboards.
#DistillingCyber podcast is back with a special episode featuring Stacy O'Mara & Leonard Bailey.
Tune in to explore whether offensive cyber operations should be used to counter cyber threats β if so, who should be authorized to carry them out? www.centerforcybersecuritypolicy.org/insights-and...
https://unpromptedcon.org/
Con: 3-4 March 2026
CFP closes 28 January 2026, Submit at https://sessionize.com/unprompted-the-ai-security-practitio/
NoName057(16) are still active despite last week's DOJ indictment. We looked into how their DDoSia platform works:
https://censys.com/blog/ddosia-infrastructure
I'm sorry if I'm behind on replying to email. I'm at this point for reference
New threat, Kazu ransomware. @ecrime.ch has new information on this threat actor. Kazu has claimed ~35 mostly public sector victims across Latin America, the Middle East, and Asia. π cc @gate15.bsky.social @ransomwaresommelier.com @silascutler.bsky.social #cybersecurity #ransomware
Part 2 of @DomainTools research is out: Inside the Great Firewall Part 2: Technical Infrastructure
https://dti.domaintools.com/inside-the-great-firewall-part-2-technical-infrastructure/
Interested in Jump The Wall? Applications close Nov 7 π₯
www.districtcon.org/jtw
