GreyNoise
@greynoise.io
GreyNoise analyzes Internet background noise. Use GreyNoise to remove pointless security alerts, find compromised devices, or identify emerging threats.
New on the GreyNoise blog: We borrow from some unexpected fields, enzyme kinetics, species biodiversity models, astrophotography, to understand internet-wide scanning activity and measure what we might be missing.
#GreyNoise #Cybersecurity
#GreyNoise #Cybersecurity
Filtering Noise in (Cyber)Space
Dive into the scientific methods GreyNoise uses to separate internet noise from real threats, providing defenders a clearer, more accurate view of malicious activity.
www.greynoise.io
January 12, 2026 at 9:14 PM
New on the GreyNoise blog: We borrow from some unexpected fields, enzyme kinetics, species biodiversity models, astrophotography, to understand internet-wide scanning activity and measure what we might be missing.
#GreyNoise #Cybersecurity
#GreyNoise #Cybersecurity
🚨 We are hiring across sales, alliances, and customer experience for our US + EMEA teams 🌍
See a role you'd crush? We would love to hear from you!
👉 Apply now: greynoise.io/careers
#hiring #cybersecuritycareers
See a role you'd crush? We would love to hear from you!
👉 Apply now: greynoise.io/careers
#hiring #cybersecuritycareers
January 12, 2026 at 3:59 PM
🚨 We are hiring across sales, alliances, and customer experience for our US + EMEA teams 🌍
See a role you'd crush? We would love to hear from you!
👉 Apply now: greynoise.io/careers
#hiring #cybersecuritycareers
See a role you'd crush? We would love to hear from you!
👉 Apply now: greynoise.io/careers
#hiring #cybersecuritycareers
GreyNoise analyzed activity targeting exposed Ollama and LLM infrastructure, identifying SSRF abuse attempts and large-scale probing of LLM model endpoints.
#GreyNoise #ThreatIntelligence #LLMSecurity
#GreyNoise #ThreatIntelligence #LLMSecurity
Threat Actors Actively Targeting LLMs
Our Ollama honeypot infrastructure captured 91,403 attack sessions between October 2025 and January 2026. Buried in that data: two distinct campaigns that reveal how threat actors are systematically m...
www.greynoise.io
January 8, 2026 at 7:58 PM
GreyNoise analyzed activity targeting exposed Ollama and LLM infrastructure, identifying SSRF abuse attempts and large-scale probing of LLM model endpoints.
#GreyNoise #ThreatIntelligence #LLMSecurity
#GreyNoise #ThreatIntelligence #LLMSecurity
Reposted by GreyNoise
All internet traffic from Iran ceased in @greynoise.io one hour ago. Tier 1 dropped off two hours ago.
January 8, 2026 at 7:56 PM
All internet traffic from Iran ceased in @greynoise.io one hour ago. Tier 1 dropped off two hours ago.
Ransomware starts with reconnaissance: we observed a recent large-scale scanning campaign validating exploitable systems, data that feeds the initial access market and shows up later in real attacks. 🕵️♀️
#GreyNoise #Ransomware #InitialAccess #IAB #Recon
#GreyNoise #Ransomware #InitialAccess #IAB #Recon
The Ransomware Ground Game: How A Christmas Scanning Campaign Will Fuel 2026 Attacks
Over four days in December, one operator scanned the internet with 240+ exploits, logging confirmed vulnerabilities that could power targeted intrusions in 2026.
www.greynoise.io
January 8, 2026 at 3:03 PM
Ransomware starts with reconnaissance: we observed a recent large-scale scanning campaign validating exploitable systems, data that feeds the initial access market and shows up later in real attacks. 🕵️♀️
#GreyNoise #Ransomware #InitialAccess #IAB #Recon
#GreyNoise #Ransomware #InitialAccess #IAB #Recon
Back from the holidays and afraid to open your inbox? Same. Open the latest NoiseLetter instead.
NoiseLetter December 2025
Get GreyNoise updates! Read the December 2025 NoiseLetter for product news, key resources, the latest tags and vulnerabilities, and more.
www.greynoise.io
January 7, 2026 at 5:01 PM
Back from the holidays and afraid to open your inbox? Same. Open the latest NoiseLetter instead.
New year, new opportunities? Check out our current openings for a new start in the new year! 🪩🎉
🔗 greynoise.io/careers
🔗 greynoise.io/careers
December 31, 2025 at 5:48 PM
New year, new opportunities? Check out our current openings for a new start in the new year! 🪩🎉
🔗 greynoise.io/careers
🔗 greynoise.io/careers
See ya'll in 10 ⏳
See you all TOMORROW at 12ET for our last GreyNoise University LIVE of the year! ✨
GreyNoise University LIVE
www.greynoise.io
December 18, 2025 at 4:51 PM
See ya'll in 10 ⏳
GreyNoise is tracking a coordinated credential-based campaign targeting Cisco SSL VPN and Palo Alto Networks GlobalProtect.
#Cisco #PaloAltoNetworks #GreyNoise #VPN #CiscoSSLVPN #GlobalProtect #ThreatIntel
#Cisco #PaloAltoNetworks #GreyNoise #VPN #CiscoSSLVPN #GlobalProtect #ThreatIntel
Coordinated Credential-Based Campaign Targets Cisco and Palo Alto Networks VPN Gateways
GreyNoise is tracking a coordinated, automated credential-based campaign targeting enterprise VPN authentication infrastructure, with activity observed against Cisco SSL VPN and Palo Alto Networks Glo...
greynoise.io
December 17, 2025 at 8:01 PM
GreyNoise is tracking a coordinated credential-based campaign targeting Cisco SSL VPN and Palo Alto Networks GlobalProtect.
#Cisco #PaloAltoNetworks #GreyNoise #VPN #CiscoSSLVPN #GlobalProtect #ThreatIntel
#Cisco #PaloAltoNetworks #GreyNoise #VPN #CiscoSSLVPN #GlobalProtect #ThreatIntel
See you all TOMORROW at 12ET for our last GreyNoise University LIVE of the year! ✨
GreyNoise University LIVE
www.greynoise.io
December 17, 2025 at 6:38 PM
See you all TOMORROW at 12ET for our last GreyNoise University LIVE of the year! ✨
Update: Analyzing React2Shell payloads. Full breakdown from @hrbrmstr.dev 👇
#React2Shell #Nextjs #CVE202555182
#React2Shell #Nextjs #CVE202555182
React2Shell Payload Analysis: A Look at Selected Opportunistic and Possibly AI-
Over the past ~1.5 weeks, the React2Shell campaign has unleashed a flood of exploitation attempts targeting vulnerable React Server Components. Analyzing the payload size distribution across these att...
www.greynoise.io
December 17, 2025 at 4:36 PM
Update: Analyzing React2Shell payloads. Full breakdown from @hrbrmstr.dev 👇
#React2Shell #Nextjs #CVE202555182
#React2Shell #Nextjs #CVE202555182
Just in: Watch #React2Shell exploitation unfold over time in the map below (geo of source IPs attempting to exploit CVE-2025-55182).
#GreyNoise #ThreatIntel #CVE202555182 #Nextjs #Cybersecurity
#GreyNoise #ThreatIntel #CVE202555182 #Nextjs #Cybersecurity
December 11, 2025 at 3:51 PM
Just in: Watch #React2Shell exploitation unfold over time in the map below (geo of source IPs attempting to exploit CVE-2025-55182).
#GreyNoise #ThreatIntel #CVE202555182 #Nextjs #Cybersecurity
#GreyNoise #ThreatIntel #CVE202555182 #Nextjs #Cybersecurity
Reposted by GreyNoise
Ron & my talk from SuriCon 2025 | Abusing HTTP Quirks to Evade Detection
I think it turned out pretty well; pardon the disco effect where a stage light was failing :)
www.youtube.com/watc...
CC: @iagox86.bsky.social @greynoise.io
I think it turned out pretty well; pardon the disco effect where a stage light was failing :)
www.youtube.com/watc...
CC: @iagox86.bsky.social @greynoise.io
SuriCon 2025 | Abusing HTTP Quirks to Evade Detection
Presented at SuriCon 2025 by Ron Bowes and Glenn Thorpe
Network protocols are messy! Sure, there are standards — RFCs, IEEEs, you name it — but there are also multiple ways to do basically everything. If you’re relying on network IDS/IPS tools like Suricata, I have bad news — a sufficiently cl
www.youtube.com
December 9, 2025 at 10:41 PM
Ron & my talk from SuriCon 2025 | Abusing HTTP Quirks to Evade Detection
I think it turned out pretty well; pardon the disco effect where a stage light was failing :)
www.youtube.com/watc...
CC: @iagox86.bsky.social @greynoise.io
I think it turned out pretty well; pardon the disco effect where a stage light was failing :)
www.youtube.com/watc...
CC: @iagox86.bsky.social @greynoise.io
Reposted by GreyNoise
Lots of React4Shell in @greynoise.io. Visualization a la @hrbrmstr.dev
December 9, 2025 at 8:18 PM
Lots of React4Shell in @greynoise.io. Visualization a la @hrbrmstr.dev
Going LIVE in 30 to talk all things React2Shell with the Storm ⚡️ Watch crew!
www.linkedin.com/events/storm...
www.linkedin.com/events/storm...
December 9, 2025 at 7:33 PM
Going LIVE in 30 to talk all things React2Shell with the Storm ⚡️ Watch crew!
www.linkedin.com/events/storm...
www.linkedin.com/events/storm...
👀 React2Shell attacker profiles fresh from GreyNoise telemetry: info.greynoise.io/hubfs/PDFs-S..., don't miss the latest contribution from GreyNoise Labs on React2Shell: www.labs.greynoise.io/grimoire/202...
#React2Shell #Nextjs #CVE202555182 #CVE #GreyNoise
#React2Shell #Nextjs #CVE202555182 #CVE #GreyNoise
December 9, 2025 at 6:59 PM
👀 React2Shell attacker profiles fresh from GreyNoise telemetry: info.greynoise.io/hubfs/PDFs-S..., don't miss the latest contribution from GreyNoise Labs on React2Shell: www.labs.greynoise.io/grimoire/202...
#React2Shell #Nextjs #CVE202555182 #CVE #GreyNoise
#React2Shell #Nextjs #CVE202555182 #CVE #GreyNoise
React2Shell blog update 🚨 compromised Next.js nodes are rapidly being enlisted into botnets; threat actor activity reaches ~80 source countries; and more.
#React2Shell #Nextjs #GreyNoise #ThreatIntel
#React2Shell #Nextjs #GreyNoise #ThreatIntel
CVE-2025-55182 (React2Shell) Opportunistic Exploitation In The Wild: What The GreyNoise Observation Grid Is Seeing So Far
GreyNoise is already seeing opportunistic, largely automated exploitation attempts consistent with the newly disclosed React Server Components (RSC) “Flight” protocol RCE—often referred to publicly as...
www.greynoise.io
December 9, 2025 at 4:51 PM
React2Shell blog update 🚨 compromised Next.js nodes are rapidly being enlisted into botnets; threat actor activity reaches ~80 source countries; and more.
#React2Shell #Nextjs #GreyNoise #ThreatIntel
#React2Shell #Nextjs #GreyNoise #ThreatIntel
London, we are headed your way THIS week! See you there!
Headed to BlackHat EU? 🇬🇧
Swing by the @corelight-inc.bsky.social + GreyNoise booth for a chat and then grab drinks with the team after the con on Wednesday, Dec 10th. Sign up today to reserve your spot!
Swing by the @corelight-inc.bsky.social + GreyNoise booth for a chat and then grab drinks with the team after the con on Wednesday, Dec 10th. Sign up today to reserve your spot!
GreyNoise - Happy Hour at BlackHat Europe
Had a full day at BlackHat? Come put your feet up with GreyNoise and Corelight for a laid-back evening with complimentary drinks, nibbles, and great conversations.
info.greynoise.io
December 8, 2025 at 4:14 PM
London, we are headed your way THIS week! See you there!
Reposted by GreyNoise
React Server CVE-2025-55182 popping off in @greynoise.io right now. Blog from @hrbrmstr.dev up:
www.greynoise.io/blog/cve-202...
www.greynoise.io/blog/cve-202...
December 5, 2025 at 4:55 PM
React Server CVE-2025-55182 popping off in @greynoise.io right now. Blog from @hrbrmstr.dev up:
www.greynoise.io/blog/cve-202...
www.greynoise.io/blog/cve-202...
CVE-2025-55182 (React2Shell) attacks have begun.
We are seeing broad automated exploitation, PoE math probes, encoded PS stagers, and AMSI bypass attempts, with botnets already adding the vuln.
Patch fast. Watch your logs.
We are seeing broad automated exploitation, PoE math probes, encoded PS stagers, and AMSI bypass attempts, with botnets already adding the vuln.
Patch fast. Watch your logs.
CVE-2025-55182 (React2Shell) Opportunistic Exploitation In The Wild: What The GreyNoise Observation Grid Is Seeing So Far
GreyNoise is already seeing opportunistic, largely automated exploitation attempts consistent with the newly disclosed React Server Components (RSC) “Flight” protocol RCE—often referred to publicly as...
www.greynoise.io
December 5, 2025 at 3:09 PM
CVE-2025-55182 (React2Shell) attacks have begun.
We are seeing broad automated exploitation, PoE math probes, encoded PS stagers, and AMSI bypass attempts, with botnets already adding the vuln.
Patch fast. Watch your logs.
We are seeing broad automated exploitation, PoE math probes, encoded PS stagers, and AMSI bypass attempts, with botnets already adding the vuln.
Patch fast. Watch your logs.
Palo + SonicWall campaign uncovered. We dug into a spike of GlobalProtect login attempts earlier this week and found something unexpected.
Full analysis: www.greynoise.io/blog/hidden-...
#Palo #SonicWall #Cybersecurity
Full analysis: www.greynoise.io/blog/hidden-...
#Palo #SonicWall #Cybersecurity
www.greynoise.io
December 4, 2025 at 10:31 PM
Palo + SonicWall campaign uncovered. We dug into a spike of GlobalProtect login attempts earlier this week and found something unexpected.
Full analysis: www.greynoise.io/blog/hidden-...
#Palo #SonicWall #Cybersecurity
Full analysis: www.greynoise.io/blog/hidden-...
#Palo #SonicWall #Cybersecurity
Headed to BlackHat EU? 🇬🇧
Swing by the @corelight-inc.bsky.social + GreyNoise booth for a chat and then grab drinks with the team after the con on Wednesday, Dec 10th. Sign up today to reserve your spot!
Swing by the @corelight-inc.bsky.social + GreyNoise booth for a chat and then grab drinks with the team after the con on Wednesday, Dec 10th. Sign up today to reserve your spot!
GreyNoise - Happy Hour at BlackHat Europe
Had a full day at BlackHat? Come put your feet up with GreyNoise and Corelight for a laid-back evening with complimentary drinks, nibbles, and great conversations.
info.greynoise.io
December 4, 2025 at 3:07 PM
Headed to BlackHat EU? 🇬🇧
Swing by the @corelight-inc.bsky.social + GreyNoise booth for a chat and then grab drinks with the team after the con on Wednesday, Dec 10th. Sign up today to reserve your spot!
Swing by the @corelight-inc.bsky.social + GreyNoise booth for a chat and then grab drinks with the team after the con on Wednesday, Dec 10th. Sign up today to reserve your spot!
The holiday season brings travel, warm drinks, and... serving as the family IT help desk. Check it all out in November's NoiseLetter ❄️
NoiseLetter November 2025
Get GreyNoise updates! Read the November 2025 NoiseLetter for product news, key resources, the latest tags and vulnerabilities, and more.
www.greynoise.io
December 2, 2025 at 6:51 PM
The holiday season brings travel, warm drinks, and... serving as the family IT help desk. Check it all out in November's NoiseLetter ❄️
Check out @hrbrmstr.dev's convo with @npr.org about the spike in inventive holiday cyber scams, from fake shipping alerts to bogus charity requests. ’Tis the season for scammers, so slow down, double-check links, + stay safe out there. 🎁🔒
Holiday cyber scams are getting more inventive
Hackers are hoping to take advantage of the holiday season, and they're not just stealing money or data.
www.npr.org
December 1, 2025 at 7:34 PM
Check out @hrbrmstr.dev's convo with @npr.org about the spike in inventive holiday cyber scams, from fake shipping alerts to bogus charity requests. ’Tis the season for scammers, so slow down, double-check links, + stay safe out there. 🎁🔒