#greynoise — Public Fediverse posts

See you in Glasgow for #CyberUK! 🇬🇧

Find GreyNoise at Booth D2 + catch our talks:
🗓 Apr 22, 12:20 – Nishawn Smagh
🗓 Apr 23, 14:30 – Glenn Thorpe III

Happy Hour @ Golf Fang on Apr 22 ⛳️

Book 1:1 time: https://info.greynoise.io/cyberuk-meet-with-us

#CyberSecurity #ThreatIntelligence #GreyNoise

⚠️ Unlike typical exploits, no buffer overflow or memory corruption needed - just one manipulated environment variable grants root access

🛡️ Not all Telnet implementations affected - only #GNU inet utils; proprietary versions like #Cisco and #BusyBox are safe

📊 #GreyNoise threat intelligence reports multiple exploit attempts per hour already detected in the wild

🔄 Telnet's unencrypted nature makes attacks visible to defenders monitoring plaintext traffic for "-f root" patterns

Ransomware starts with reconnaissance: we observed a recent large-scale scanning campaign validating exploitable systems, data that feeds the initial access market and shows up later in real attacks. 🕵️‍♀️

https://www.greynoise.io/blog/christmas-scanning-campaign-fuel-2026-attacks

#GreyNoise #Ransomware #InitialAccess #IAB #Recon

React2Shell Update – 7 January 2026
Full update & analysis: https://www.greynoise.io/blog/cve-2025-55182-react2shell-opportunistic-exploitation-in-the-wild-what-the-greynoise-observation-grid-is-seeing-so-far

#GreyNoise #React2Shell

GreyNoise is tracking a coordinated credential-based campaign targeting Cisco SSL VPN and Palo Alto Networks GlobalProtect.

🔗 https://www.greynoise.io/blog/credential-based-campaign-cisco-palo-alto-networks-vpn-gateways

#Cisco #PaloAltoNetworks #GreyNoise #VPN #CiscoSSLVPN #GlobalProtect #ThreatIntel

Headed to BlackHat EU? 🇬🇧
Swing by the @corelight + GreyNoise booth for a chat and then grab drinks with the team after the con on Wednesday, Dec 10th. Sign up today to reserve your spot!

🔗 https://info.greynoise.io/events/blackhat-europe-hh-2025

#BHEU #Corelight #GreyNoise

Brute-force attacks hammer Fortinet devices worldwide https://www.helpnetsecurity.com/2025/08/14/brute-force-attacks-hammer-fortinet-devices-worldwide/ #brute-force #Don'tmiss #GreyNoise #Hotstuff #firewall #Fortinet #exploit #News

New TeleMessage SGNL Flaw Is Actively Being Exploited by Attackers – Source:hackread.com https://ciso2ciso.com/new-telemessage-sgnl-flaw-is-actively-being-exploited-by-attackers-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #TeleMessageSGNL #cybersecurity #Vulnerability #TeleMessage #0CISO2CISO #Encryption #GreyNoise #Hackread #security #Signal #CISA

New TeleMessage SGNL Flaw Is Actively Being Exploited by Attackers https://hackread.com/telemessage-sgnl-flaw-actively-exploited-by-attackers/ #TeleMessageSGNL #Cybersecurity #Vulnerability #TeleMessage #Encryption #GreyNoise #Security #Signal #CISA

GreyNoise observed exploitation of CitrixBleed 2 (CVE-2025-5777) nearly two weeks before a public PoC was released. Full breakdown: https://www.greynoise.io/blog/exploitation-citrixbleed-2-cve-2025-5777-before-public-poc #GreyNoise #ThreatIntel #CitrixBleed #Citrix #NetScaler

GreyNoise observed a major spike in scanning against Ivanti products weeks before two zero-days were disclosed in Ivanti EPMM. Full update: https://www.greynoise.io/blog/surge-ivanti-connect-secure-scanning-activity
#Ivanti #GreyNoise #Cybersecurity #ZeroDays

New Threat Update from GreyNoise — Significant spike in exploitation attempts targeting Linksys E-Series routers, likely Mirai. Full analysis ⬇️
https://www.greynoise.io/blog/heightened-in-the-wild-activity-key-technologies

#Cybersecurity #ThreatIntel #GreyNoise #Mirai #Linksys

In-the-wild activity targeting SonicWall, Zyxel, F5, Linksys, Zoho, and Ivanti. Surge on March 28. Full analysis: https://www.greynoise.io/blog/heightened-in-the-wild-activity-key-technologies

#GreyNoise #F5 #Ivanti #SonicWall #Zoho #Linksys #CVE #Vulnerability

🚨 Following reports of widespread DrayTek router reboots, GreyNoise is bringing awareness to in-the-wild activity against multiple known vulnerabilities in DrayTek devices. Read the analysis ⬇️

https://www.greynoise.io/blog/in-the-wild-activity-against-draytek-routers

#GreyNoise #ThreatIntel #Cybersecurity #DrayTek

Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) https://www.helpnetsecurity.com/2025/01/29/zyxel-cpe-devices-under-attack-vulnerability-cve-2024-40891/ #vulnerability #Don'tmiss #GreyNoise #VulnCheck #Hotstuff #Censys #Zyxel #News

New Zyxel Zero-Day Under Attack, No Patch Available https://www.securityweek.com/new-zyxel-zero-day-under-attack-no-patch-available/ #Malware&Threats #Vulnerabilities #CVE202440891 #GreyNoise #Censys #Zyxel

New Zyxel Zero-Day Under Attack, No Patch Available https://www.securityweek.com/new-zyxel-zero-day-under-attack-no-patch-available/ #Malware&Threats #Vulnerabilities #CVE202440891 #GreyNoise #Censys #Zyxel

JA4T and JA4TS are the latest additions to the suite of JA4+ network fingerprints.

JA4T can identify intermediary proxies, VPNs, load balancers, tunneling, and fingerprint client/server OS, devices, applications and hosting/provider characteristics. When paired with additional JA4 hashes, this allows WAF tuning to focus on a set of hashes to limit false positives versus a constantly changing list of IPs. This will make a great addition to infrastructure hunting and DDoS attribution.
https://medium.com/foxio/ja4t-tcp-fingerprinting-12fb7ce9cb5a

#DDos #WAF #JA4 #Greynoise #Infosec

Decrypted: Hackers show off their exploits as Black Hat goes virtual - Every year hackers descend on Las Vegas in the sweltering August heat to break ground on security re... - http://feedproxy.google.com/~r/Techcrunch/~3/MsAVDqxhLOM/ #computersecurity #electionsecurity #electronicvoting #microsoftwindows #cryptography #cyberwarfare #searchengine #unitedstates #cybercrime #computing #decrypted #elections #greynoise #mattblaze #security #annarbor #lasvegas #michigan #privacy #seriesb #iran