Censys
@censys.bsky.social
Censys is the trusted source for real-time Internet intelligence and actionable threat insights for global governments, Fortune 500 companies, and leading threat intelligence providers worldwide.
Multiple US gov agencies have warned orgs to stay vigilant for potential Iran-affiliated cyber activity. We studied exposure of 4 vendors previously known to be of interest to IR-affiliated groups.
Read more: censys.com/blog/ics-ira...
Read more: censys.com/blog/ics-ira...
June 30, 2025 at 5:37 PM
Multiple US gov agencies have warned orgs to stay vigilant for potential Iran-affiliated cyber activity. We studied exposure of 4 vendors previously known to be of interest to IR-affiliated groups.
Read more: censys.com/blog/ics-ira...
Read more: censys.com/blog/ics-ira...
🔌 #Iran Internet #Outage Update
----
June 21 marked lowest visibility—but signs of recovery.
📉 Some networks (e.g., DATAK, HAMYAR-AS) remain unstable.
📈 Others (e.g., RESPINA-AS, MOBINNET-AS) are bouncing back strong.
View at #Censys: censys.com/blog/irans-i...
----
June 21 marked lowest visibility—but signs of recovery.
📉 Some networks (e.g., DATAK, HAMYAR-AS) remain unstable.
📈 Others (e.g., RESPINA-AS, MOBINNET-AS) are bouncing back strong.
View at #Censys: censys.com/blog/irans-i...
June 23, 2025 at 8:44 PM
🔌 #Iran Internet #Outage Update
----
June 21 marked lowest visibility—but signs of recovery.
📉 Some networks (e.g., DATAK, HAMYAR-AS) remain unstable.
📈 Others (e.g., RESPINA-AS, MOBINNET-AS) are bouncing back strong.
View at #Censys: censys.com/blog/irans-i...
----
June 21 marked lowest visibility—but signs of recovery.
📉 Some networks (e.g., DATAK, HAMYAR-AS) remain unstable.
📈 Others (e.g., RESPINA-AS, MOBINNET-AS) are bouncing back strong.
View at #Censys: censys.com/blog/irans-i...
🔍 We looked at the C2 server associated with the Flodrix botnet and used an internet-exposed RPC service to uncover a world-readable NFS mount and 745 compromised hosts!
👀 censys.com/blog/poking-...
👀 censys.com/blog/poking-...
June 19, 2025 at 4:42 PM
🔍 We looked at the C2 server associated with the Flodrix botnet and used an internet-exposed RPC service to uncover a world-readable NFS mount and 745 compromised hosts!
👀 censys.com/blog/poking-...
👀 censys.com/blog/poking-...
Around 12PM UTC on June 18, scan error rates in Iran surged to nearly 100%, indicating a sudden, nationwide outage affecting almost all services. Systems that were previously reachable are now timing out or rejecting connections.
June 18, 2025 at 5:52 PM
Around 12PM UTC on June 18, scan error rates in Iran surged to nearly 100%, indicating a sudden, nationwide outage affecting almost all services. Systems that were previously reachable are now timing out or rejecting connections.
We used the new Censys Threat Hunting Module to investigate a Colombian threat actor, uncovering a series of remote access trojan (RAT) C2 servers.
We also show how to use this information to create a set of IOCs for defensive measures: censys.com/blog/unmaski...
We also show how to use this information to create a set of IOCs for defensive measures: censys.com/blog/unmaski...
June 11, 2025 at 4:45 PM
We used the new Censys Threat Hunting Module to investigate a Colombian threat actor, uncovering a series of remote access trojan (RAT) C2 servers.
We also show how to use this information to create a set of IOCs for defensive measures: censys.com/blog/unmaski...
We also show how to use this information to create a set of IOCs for defensive measures: censys.com/blog/unmaski...
A defining moment for Censys - We are excited to announce that the Threat Hunting Module in the new Censys Platform is now #GA!
www.censys.com/blog/interne...
www.censys.com/blog/interne...
June 10, 2025 at 3:12 PM
A defining moment for Censys - We are excited to announce that the Threat Hunting Module in the new Censys Platform is now #GA!
www.censys.com/blog/interne...
www.censys.com/blog/interne...
Reposted by Censys
Great research. They found 400 web-based HMIs for US water facilities exposed online. All used same HMI/SCADA software. Some required credentials to access, some were in read-only mode and couldn't be manipulated. But 40 systems didn't require authentication and were fully controllable via internet
Really excited to see this research go live. We found 400 web based HMIs for US Water facilities open on Censys. With the EPA, we helped reduced that exposure by over 94%.
https://censys.com/blog/turning-off-the-information-flow-working-with-the-epa-to-secure-hundreds-of-exposed-water-hmis
https://censys.com/blog/turning-off-the-information-flow-working-with-the-epa-to-secure-hundreds-of-exposed-water-hmis
June 5, 2025 at 4:51 PM
Great research. They found 400 web-based HMIs for US water facilities exposed online. All used same HMI/SCADA software. Some required credentials to access, some were in read-only mode and couldn't be manipulated. But 40 systems didn't require authentication and were fully controllable via internet
In October 2024, Censys researchers discovered ~400 U.S. water facility web-based HMIs exposed online. Within a month of sharing data with the EPA and the vendor, 58% of systems were protected. Read more here: censys.com/blog/turning...
Turning Off the (Information) Flow: Working With the EPA to Secure Hundreds of Exposed Water HMIs
censys.com
June 5, 2025 at 12:13 PM
In October 2024, Censys researchers discovered ~400 U.S. water facility web-based HMIs exposed online. Within a month of sharing data with the EPA and the vendor, 58% of systems were protected. Read more here: censys.com/blog/turning...
Thousands of compromised ASUS routers are being co-opted into a volatile but persistent botnet. Our latest blog takes IoCs from @greynoise.io and breaks down how the AyySSHush campaign has evolved over the past 5 months — and what makes it stand out: censys.com/blog/trackin...
Tracking AyySSHush: a Newly Discovered ASUS Router Botnet Campaign
censys.com
May 30, 2025 at 1:40 PM
Thousands of compromised ASUS routers are being co-opted into a volatile but persistent botnet. Our latest blog takes IoCs from @greynoise.io and breaks down how the AyySSHush campaign has evolved over the past 5 months — and what makes it stand out: censys.com/blog/trackin...
Trend Micro recently uncovered a campaign abusing TikTok to distribute malware via AI-generated videos, tricking users into installing infostealers. Using IOCs provided by Trend Micro, we found more related infrastructure, including a newer bulletproof service provider: censys.com/blog/tiktok-...
TikTok and Malware
censys.com
May 27, 2025 at 6:18 PM
Trend Micro recently uncovered a campaign abusing TikTok to distribute malware via AI-generated videos, tricking users into installing infostealers. Using IOCs provided by Trend Micro, we found more related infrastructure, including a newer bulletproof service provider: censys.com/blog/tiktok-...
The Censys Research Team evaluated Censys’s IPv4 scanning capability against other engines and found that while these alternatives sometimes self-report higher numbers of results, their data is often stale and inaccurate.
censys.com/blog/the-imp...
censys.com/blog/the-imp...
The Importance of Poppin’ Fresh Data
A recent study by the Censys Research Team evaluated Censys’s IPv4 scanning capability against other engines and found that while these alternatives sometimes self-report higher numbers of results, th...
censys.com
May 19, 2025 at 1:34 PM
The Censys Research Team evaluated Censys’s IPv4 scanning capability against other engines and found that while these alternatives sometimes self-report higher numbers of results, their data is often stale and inaccurate.
censys.com/blog/the-imp...
censys.com/blog/the-imp...
Our latest video dives into the details of CVE-2025-3248, a critical flaw in the Langflow, an open source Python app, that is being exploited in the wild.
youtu.be/vK4iYy_A130?...
youtu.be/vK4iYy_A130?...
The Big Story: Langflow CVE-2025-3248
YouTube video by Censys
youtu.be
May 13, 2025 at 1:50 PM
Our latest video dives into the details of CVE-2025-3248, a critical flaw in the Langflow, an open source Python app, that is being exploited in the wild.
youtu.be/vK4iYy_A130?...
youtu.be/vK4iYy_A130?...
Reposted by Censys
New @censys.bsky.social video on the Langflow CVE-2025-3248 bug and the ongoing exploitation.
youtu.be/vK4iYy_A130?...
youtu.be/vK4iYy_A130?...
The Big Story: Langflow CVE-2025-3248
YouTube video by Censys
youtu.be
May 9, 2025 at 7:07 PM
New @censys.bsky.social video on the Langflow CVE-2025-3248 bug and the ongoing exploitation.
youtu.be/vK4iYy_A130?...
youtu.be/vK4iYy_A130?...
Threat hunting tools should be built for speed and designed by threat hunters. Now they are.
The Censys Threat Module:
⏱️ Speeds up investigations
🌐 Surfaces enriched threat context
📈 Enables real-time pivoting
Act faster. Hunt smarter. See how: censys.com/blog/speedin...
The Censys Threat Module:
⏱️ Speeds up investigations
🌐 Surfaces enriched threat context
📈 Enables real-time pivoting
Act faster. Hunt smarter. See how: censys.com/blog/speedin...
Speeding up Threat Hunting with Censys
Learn how the Censys Threat module allows users to rapidly investigate identified threat actor infrastructure.
censys.com
May 8, 2025 at 2:48 PM
Threat hunting tools should be built for speed and designed by threat hunters. Now they are.
The Censys Threat Module:
⏱️ Speeds up investigations
🌐 Surfaces enriched threat context
📈 Enables real-time pivoting
Act faster. Hunt smarter. See how: censys.com/blog/speedin...
The Censys Threat Module:
⏱️ Speeds up investigations
🌐 Surfaces enriched threat context
📈 Enables real-time pivoting
Act faster. Hunt smarter. See how: censys.com/blog/speedin...
If you think Salt Typhoon has moved on—you might want to double-check your attack surface. We’re still seeing critical telecom infrastructure exposed to active targeting. Find out what we uncovered (and what you should be looking for) censys.com/blog/salt-ty...
Salt Typhoon Attacks Highlight Need for Advanced Defenses
The Salt Typhoon attacks on critical infrastructure show the need for better threat hunting.
censys.com
May 7, 2025 at 5:28 PM
If you think Salt Typhoon has moved on—you might want to double-check your attack surface. We’re still seeing critical telecom infrastructure exposed to active targeting. Find out what we uncovered (and what you should be looking for) censys.com/blog/salt-ty...
Censys was a proud contributor to the 2025 Verizon Data Breach Investigations Report, shedding light on the growing threat to firewalls, VPNs, and other perimeter gear. See that this sharp increase in targeting edge security devices means ➡️ censys.com/blog/postcar...
Postcards From the Edge: Verizon DBIR Reveals Sharp Increase in Targeting of Edge Security Devices
The Verizon 2025 Data Breach Investigations Report shows a sharp increase in edge security device vulnerabilities as the initial access vector in breaches.
censys.com
May 6, 2025 at 4:56 PM
Censys was a proud contributor to the 2025 Verizon Data Breach Investigations Report, shedding light on the growing threat to firewalls, VPNs, and other perimeter gear. See that this sharp increase in targeting edge security devices means ➡️ censys.com/blog/postcar...
How much do zero days actually matter? I've always contended the answer is, not very much. My much smarter @censys.bsky.social colleague Himaja tell me why I'm mostly wrong.
youtu.be/OcUcBcizXas?...
youtu.be/OcUcBcizXas?...
The Big Story: How Much Do Zero Days Matter?
YouTube video by Censys
youtu.be
May 3, 2025 at 7:48 PM
Zero days attract a huge amount of attention in the security community, an amount that is completely disproportionate to how many of these vulnerabilities emerge each year and how often they’re actually used. They’re the Cybertrucks of security.
censys.com/blog/google-...
censys.com/blog/google-...
Google Data Shows Fewer Zero Days in 2024, But More Targeting of Enterprises
New data compiled by Google Threat Intelligence Group shows that while the total number of zero days identified in 2024 dropped to 75 from 98 the year before
censys.com
May 2, 2025 at 1:29 PM
Zero days attract a huge amount of attention in the security community, an amount that is completely disproportionate to how many of these vulnerabilities emerge each year and how often they’re actually used. They’re the Cybertrucks of security.
censys.com/blog/google-...
censys.com/blog/google-...
From an attacker’s perspective it makes perfect sense to target enterprise products, especially networking and security appliances. Those devices can grant a successful adversary broad access to the target organization, and there are often many different options.
censys.com/blog/google-...
censys.com/blog/google-...
Google Data Shows Fewer Zero Days in 2024, But More Targeting of Enterprises
New data compiled by Google Threat Intelligence Group shows that while the total number of zero days identified in 2024 dropped to 75 from 98 the year before
censys.com
May 1, 2025 at 3:33 PM
From an attacker’s perspective it makes perfect sense to target enterprise products, especially networking and security appliances. Those devices can grant a successful adversary broad access to the target organization, and there are often many different options.
censys.com/blog/google-...
censys.com/blog/google-...
See every port. Secure every protocol. 🔐 The new Censys Ports & Protocols Dashboard is your exposure command center. Find out how we're helping SOC teams pinpoint exposures, track protocol misconfigurations, and close compliance gaps faster. censys.com/blog/introdu...
New Ports & Protocols Dashboard from Censys | Exposure Intel
Get real-time visibility into open ports, running services, and exposure risks with the new Censys Ports & Protocols Dashboard—now live in Censys ASM.
censys.com
May 1, 2025 at 2:06 PM
See every port. Secure every protocol. 🔐 The new Censys Ports & Protocols Dashboard is your exposure command center. Find out how we're helping SOC teams pinpoint exposures, track protocol misconfigurations, and close compliance gaps faster. censys.com/blog/introdu...
Whether you're at RSA Conference this week or dealing with #RSAC2025 FOMO, we've got your next stop. Join us May 6-8 in Baltimore to connect and collaborate with security leaders across the military and government sectors.
April 30, 2025 at 8:37 PM
Whether you're at RSA Conference this week or dealing with #RSAC2025 FOMO, we've got your next stop. Join us May 6-8 in Baltimore to connect and collaborate with security leaders across the military and government sectors.
Our monitoring flagged a single host containing the source code for a command-and-control (C2) server, a backdoor, and a trojan dropper build system—a set of tools that (to our knowledge) has not been publicly documented before.
censys.com/blog/scoutin...
censys.com/blog/scoutin...
Scouting a Threat Actor
censys.com
April 30, 2025 at 3:06 PM
Our monitoring flagged a single host containing the source code for a command-and-control (C2) server, a backdoor, and a trojan dropper build system—a set of tools that (to our knowledge) has not been publicly documented before.
censys.com/blog/scoutin...
censys.com/blog/scoutin...
When the AI hype is real. 🎆 The new Censys Query Assistant brings 2+ years of R&D into a tool that makes threat investigation faster, easier, and smarter. Find out how we're bringing the power of natural language search to security teams. censys.com/blog/acceler...
Introducing the Censys Query Assistant: Natural Language Threat Search
Experience faster, easier threat hunting with the new Censys Query Assistant. Search internet intelligence using natural language—no complex syntax required.
censys.com
April 29, 2025 at 3:17 PM
When the AI hype is real. 🎆 The new Censys Query Assistant brings 2+ years of R&D into a tool that makes threat investigation faster, easier, and smarter. Find out how we're bringing the power of natural language search to security teams. censys.com/blog/acceler...
Threat hunters, this is your inside track. 🎥 We just dropped an exclusive threat intelligence briefing from malware analyst Silas Cutler. Get insight into the BeaverTail malware campaign, North Korea’s infiltration of global tech, and more. Watch now. censys.com/podcasts-vid...
April 28, 2025 at 8:29 PM
Threat hunters, this is your inside track. 🎥 We just dropped an exclusive threat intelligence briefing from malware analyst Silas Cutler. Get insight into the BeaverTail malware campaign, North Korea’s infiltration of global tech, and more. Watch now. censys.com/podcasts-vid...
🚨 Launch Alert 🚨Censys just redefined threat hunting. Our new Threat Hunting Module delivers unmatched visibility and context from real-time Internet Intelligence that empowers you to proactively hunt emerging threats. See it in action: censys.com/solutions/th... #cybersecurity #threathunting
Censys Threat Hunting – Regain the Initiative and Seize Control
The Censys Threat Hunting module delivers critical threat insights and crucial hunt capabilities that empowers security teams to hunt faster, accelerate investigations, and preemptively defend against...
censys.com
April 28, 2025 at 12:18 PM
🚨 Launch Alert 🚨Censys just redefined threat hunting. Our new Threat Hunting Module delivers unmatched visibility and context from real-time Internet Intelligence that empowers you to proactively hunt emerging threats. See it in action: censys.com/solutions/th... #cybersecurity #threathunting