Lightnews — Scholar-powered news

Ron Bowes @iagox86.bsky.social · 41m

An autoexec.bat prank.. amazing!

Reposted by Ron Bowes

GreyNoise @greynoise.io · 4d

GreyNoise has linked three concurrent campaigns targeting remote-access technologies — Palo Alto login attempts, Fortinet SSL VPN brute-forcing, and Cisco ASA scanning — all partially driven by the same threat actor(s) [High Confidence]. Full analysis 👇 #Palo #Cisco #Fortinet #ThreatIntel

Palo Alto Scanning Surges ~500% in 48 Hours, Marking 90-Day High

On October 3, 2025, GreyNoise observed a ~500% increase in IPs scanning Palo Alto Networks login portals, the highest level recorded in the past 90 days. The activity was highly targeted and involved ...

www.greynoise.io

2 7

Ron Bowes @iagox86.bsky.social · 4d

Pretty sure that's fake

Reposted by Ron Bowes

GreyNoise @greynoise.io · 5d

Palo login attempts are escalating, potentially driven by iteration through a large credential dataset. GreyNoise is sharing observed usernames/passwords for defender review.

🔗 Latest: www.greynoise.io/blog/palo-al...

#PaloAltoNetworks #ThreatIntel

4 7

Ron Bowes @iagox86.bsky.social · 6d

Also outright malicious repos.. I report them all the time and they only rarely get removed

2

Reposted by Ron Bowes

GreyNoise @greynoise.io · 6d

NoiseLetter, but make it fashionably late... 💅 We were at our company offsite, but we're back with our new GreyNoise MCP Server launch, Cisco ASA zero-day and VPN brute force insights, plus upcoming events, let's get into it!

NoiseLetter September 2025

Get GreyNoise updates! Read the September 2025 NoiseLetter for product news, key resources, the latest tags and vulnerabilities, and more.

www.greynoise.io

3 7

Reposted by Ron Bowes

GreyNoise @greynoise.io · 9d

GreyNoise observed a ~500% surge in IPs scanning Palo Alto Networks login portals on October 3, 2025 — the highest level we’ve seen in 90 days. Read our full analysis here 👇 #PaloAltoNetworks #PaloAlto #GreyNoise #ThreatIntel #PANOS

Palo Alto Scanning Surges ~500% in 48 Hours, Marking 90-Day High

On October 3, 2025, GreyNoise observed a ~500% increase in IPs scanning Palo Alto Networks login portals, the highest level recorded in the past 90 days. The activity was highly targeted and involved ...

www.greynoise.io

4 4

Reposted by Ron Bowes

GreyNoise @greynoise.io · 10d

On 28 September, GreyNoise observed a sharp one-day surge in attempts to exploit Grafana CVE-2021-43798. Full analysis & malicious IPs ⬇️
#Grafana #GreyNoise #ThreatIntel

Coordinated Grafana Exploitation Attempts on 28 September

GreyNoise observed a sharp one-day surge of exploitation attempts targeting CVE-2021-43798 — a Grafana path traversal vulnerability that enables arbitrary file reads. All observed IPs are classified a...

www.greynoise.io

4 7

Ron Bowes @iagox86.bsky.social · 11d

Calling it "World War I" was just asking for trouble

8

Reposted by Ron Bowes

GreyNoise @greynoise.io · 11d

GreyNoise now has coverage for Cisco zero-days CVE-2025-20333 and CVE-2025-20362. Watch for exploit attempts in real-time:

CVE-2025-20333 (Net new): viz.greynoise.io/tags/cisco-a...

CVE-2025-20362 (Updated tag): viz.greynoise.io/tags/cisco-a...

#CiscoASA #ZeroDay #CVE202520333 #CVE202520362

3 5

Ron Bowes @iagox86.bsky.social · 11d

They're trying so hard to brand it as "democrat shutdown" that it just comes off as whiny and pathetic

But they've also bought all the media so it might even work :(

Ron Bowes @iagox86.bsky.social · 11d

Everything I know about that movie is from the book Box Office Poison, but it made me want to watch it!

1

Ron Bowes @iagox86.bsky.social · 11d

Creating a password requires entropy, and entropy is slowly killing the universe. Why do you want me to kill the universe??

1 3

Ron Bowes @iagox86.bsky.social · 11d

At least they didn't say "some experts believe ..."? Low bar, I know..

Ron Bowes @iagox86.bsky.social · 12d

I was getting my (second shot of 3) Hepatitis B vaccine yesterday, and the nurse administering it asked if I knew where/how to get the COVID booster

Was it REALLY necessary to throw a ton of confusion into the vaccine situation??

1

Ron Bowes @iagox86.bsky.social · 13d

I've learned never to underestimate them

1

Ron Bowes @iagox86.bsky.social · 13d

My thoughts exactly!

Reposted by Ron Bowes

Jason Koebler @jasonkoebler.bsky.social · 14d

How Ruby went off the rails: A deep dive into the ownership and governance drama of some of the most important open source projects in the world

www.404media.co/how-ruby-wen...

How Ruby Went Off the Rails

What happened to RubyGems, Bundler, and the Open Source drama that controls the internet infrastructure.

www.404media.co

4 19 72

Reposted by Ron Bowes

hrbrmstr 🇺🇦 🇬🇱 🇨🇦 🏳️‍🌈 @hrbrmstr.dev · 15d

www.koi.security/blog/postmar...

First Malicious MCP in the Wild: The Postmark Backdoor That's Stealing Your Emails | Koi Blog

www.koi.security

1 4

Ron Bowes @iagox86.bsky.social · 16d

"It's my fault, I asked if you could read, not if you could count" "if I could count I wouldn't have had four children"

--Gabriella Lester and her volunteer at Scoopfest

@heyscoops.bsky.social

3 11

Ron Bowes @iagox86.bsky.social · 16d

"Some have criticized the officer who dropped the weapon for not handling it properly" can our media please give up this passive language bullshit? He clearly different handle it properly, you're allowed to take an editorial stand

2 4

Ron Bowes @iagox86.bsky.social · 16d

Couple more

Michael Goudeau eating a tomato while juggling

Ron Bowes @iagox86.bsky.social · 16d

Wow, Michael Goudeau performed at Scoopfest! I didn't think I'd ever get to see him perform!

@heyscoops.bsky.social

Michael Goudeau wondering how tall the room is

Michael Goudeau with a rubber band in his hair

2 3 15

Reposted by Ron Bowes

GreyNoise @greynoise.io · 16d

Sept 25: Cisco disclosed two ASA/FTD zero-days (#CVE-2025-20333, #CVE-2025-20362).

Weeks earlier, GreyNoise saw 25k IPs scanning ASA — another case of recon surges preceding disclosures.

Read the update: www.greynoise.io/blog/scannin...

#CiscoASA #ZeroDay #Cisco

25,000 IPs Scanned Cisco ASA Devices — New Vulnerability Potentially Incoming

GreyNoise observed two scanning surges against Cisco Adaptive Security Appliance (ASA) devices in late August including more than 25,000 unique IPs in a single burst. This activity represents a signif...

www.greynoise.io

3 5