Lightnews — Scholar-powered news

GreyNoise @greynoise.infosec.exchange.ap.brid.gy · 1d

GreyNoise has linked three concurrent campaigns targeting remote-access technologies — Palo Alto login attempts, Fortinet SSL VPN brute-forcing, and Cisco ASA scanning — all partially driven by the same threat actor(s) High Confidence]. Full analysis 👇 […]

Original post on infosec.exchange

infosec.exchange

1

GreyNoise @greynoise.infosec.exchange.ap.brid.gy · 1d

GreyNoise Feeds are here: real-time webhook alerts for CVE status changes, exploitation spikes, and IP classification changes. No more polling. Respond the moment threats emerge. 🦾
www.greynoise.io/blog/introducing-greynoise-feeds-real-time-intel-real-time-response

GreyNoise @greynoise.infosec.exchange.ap.brid.gy · 2d

Palo login attempts are escalating, potentially driven by iteration through a large credential dataset. GreyNoise is sharing observed usernames/passwords for defender review.

🔗 Latest: https://www.greynoise.io/blog/palo-alto-scanning-surges

#paloaltonetworks #threatintel

4

GreyNoise @greynoise.infosec.exchange.ap.brid.gy · 3d

NoiseLetter, but make it fashionably late... 💅 We were at our company offsite, but we're back with our new GreyNoise MCP Server launch, Cisco ASA zero-day and VPN brute force insights, plus upcoming events, let's get into it!

https://www.greynoise.io/resources/noiseletter-september-2025

NoiseLetter September 2025

Get GreyNoise updates! Read the September 2025 NoiseLetter for product news, key resources, the latest tags and vulnerabilities, and more.

www.greynoise.io

GreyNoise @greynoise.infosec.exchange.ap.brid.gy · 6d

GreyNoise observed a ~500% surge in IPs scanning Palo Alto Networks login portals on October 3, 2025 — the highest level we’ve seen in 90 days. Read our full analysis here 👉 https://www.greynoise.io/blog/palo-alto-scanning-surges
#paloaltonetworks #paloalto #greynoise #threatintel #panos

Palo Alto Scanning Surges ~500% in 48 Hours, Marking 90-Day High

On October 3, 2025, GreyNoise observed a ~500% increase in IPs scanning Palo Alto Networks login portals, the highest level recorded in the past 90 days. The activity was highly targeted and involved multiple, potentially coordinated scanning clusters.

www.greynoise.io

3 1

GreyNoise @greynoise.infosec.exchange.ap.brid.gy · 7d

On 28 September, GreyNoise observed a sharp one-day surge in attempts to exploit Grafana CVE-2021-43798. Full analysis & malicious IPs ⬇️ https://www.greynoise.io/blog/coordinated-grafana-exploitation-attempts
#grafana #greynoise #threatintel

Coordinated Grafana Exploitation Attempts on 28 September

GreyNoise observed a sharp one-day surge of exploitation attempts targeting CVE-2021-43798 — a Grafana path traversal vulnerability that enables arbitrary file reads. All observed IPs are classified as malicious.

www.greynoise.io

1 1

GreyNoise @greynoise.infosec.exchange.ap.brid.gy · 7d

We got (most of) the team together last week and it was magical, so grateful for each + every one of these GreyNoids ✨

1

GreyNoise @greynoise.infosec.exchange.ap.brid.gy · 8d

GreyNoise now has coverage for Cisco zero-days CVE-2025-20333 and CVE-2025-20362. Watch for exploit attempts in real-time:CVE-2025-20333
(Net-new): https://viz.greynoise.io/tags/cisco-asa-vpn-input-validation-cve-2025-20333-rce-attempt?days=1CVE-2025-20362
(Updated tag) […]

Original post on infosec.exchange

infosec.exchange

1 1

GreyNoise @greynoise.infosec.exchange.ap.brid.gy · 10d

🚨GreyNoise has published a new Situation Report on Cisco ASA reconnaissance activity we observed before the new zero-days were disclosed.

Read the full report: https://info.greynoise.io/hubfs/Situation-Reports/SITREP-Cisco-Zero-Days.pdf

#cisco #asa […]

[Original post on infosec.exchange]

2

GreyNoise @greynoise.infosec.exchange.ap.brid.gy · 13d

Sept 25: Cisco disclosed two ASA/FTD zero-days (#CVE-2025-20333, #CVE-2025-20362).

Weeks earlier, GreyNoise saw 25k IPs scanning ASA — another case of recon surges preceding disclosures.

Read the update: https://www.greynoise.io/blog/scanning-surge-cisco-asa-devices

#ciscoasa #zeroday #cisco

25,000 IPs Scanned Cisco ASA Devices — New Vulnerability Potentially Incoming

GreyNoise observed two scanning surges against Cisco Adaptive Security Appliance (ASA) devices in late August including more than 25,000 unique IPs in a single burst. This activity represents a significant elevation above baseline, typically registering at less than 500 IPs per day.

www.greynoise.io

1

GreyNoise @greynoise.infosec.exchange.ap.brid.gy · 15d

Hey Toronto! 🇨🇦 We will be up North next week with @runZeroInc for #sector! Come hang out on Wednesday for some drinks + good conversation!

🔗 https://www.runzero.com/sector-happy-hour/

RSVP for the runZero + GreyNoise SecTor happy hour!

Join us for post-conference drinks where we'll share insights on asset discovery, threat intel, and the wild stuff lurking in your network.

www.runzero.com

GreyNoise @greynoise.infosec.exchange.ap.brid.gy · 20d

🗣️ Catch @Dio9sys talk this weekend at #pancakescon!
⏰ Sunday, 9/21 from 12:20–1:00 PM CT
🎤 One-liners and One Needle: Bash and Needlebinding
📺 https://www.youtube.com/live/P4Shsxwe5C0

1

GreyNoise @greynoise.infosec.exchange.ap.brid.gy · 21d

RE: https://infosec.exchange/@greynoise/115220504354435524

LIVE in 15 ⏲️

GreyNoise @greynoise.infosec.exchange.ap.brid.gy · 22d

GreyNoise University LIVE is back from a little summer break and ready to dive into demos, events, updates + dad jokes. Catch up with us TOMORROW at 12 ET! 📺
https://www.greynoise.io/events/greynoise-university-live

GreyNoise University LIVE

www.greynoise.io

GreyNoise @greynoise.infosec.exchange.ap.brid.gy · 22d

GreyNoise Intel is now accessible via MCP! AI agents and SOCs can triage, respond, and monitor threats with real-time IP reputation + behavior tags. Automate remediation, reduce false positives, + prioritize active threats.

Learn more ➡️ […]

Original post on infosec.exchange

infosec.exchange

1

GreyNoise @greynoise.infosec.exchange.ap.brid.gy · 22d

GreyNoise University LIVE is back from a little summer break and ready to dive into demos, events, updates + dad jokes. Catch up with us TOMORROW at 12 ET! 📺
https://www.greynoise.io/events/greynoise-university-live

GreyNoise University LIVE

www.greynoise.io

1

GreyNoise @greynoise.infosec.exchange.ap.brid.gy · 24d

We're looking for some awesome folks to join our team!
If one of these roles catches your eye, we'd love to hear from you.

👩‍💻 greynoise.io/careers

We are hiring

Senior Software Engineer
Head of US Federal Sales
RSM - US DoD + IC
RSM - US Enterprise
Sales Engineer - US DoD + IC

Apply now at greynoise.io/careers

2

GreyNoise @greynoise.infosec.exchange.ap.brid.gy · 29d

Our very own Daniel Grant is dropping knowledge on how to outsmart malicious AI in his latest feature. 🤖
https://medium.com/authority-magazine/cybersecurity-to-protect-from-malicious-ai-daniel-grant-of-greynoise-intelligence-on-how-to-2acf8e086d40

Cybersecurity To Protect From Malicious AI: Daniel Grant Of GreyNoise Intelligence On How To…

An Interview With David Leichner

medium.com

GreyNoise @greynoise.infosec.exchange.ap.brid.gy · Sep 9

See you soon! @hrbrmstr + Noah are bringing a jam-packed webinar getting into our most recent report, Early Warning Signals: When Attacker Activity Precedes New Vulns, you’ll definitely want to tune in. 📺 […]

Original post on infosec.exchange

infosec.exchange

1

GreyNoise @greynoise.infosec.exchange.ap.brid.gy · Sep 5

Hey London 👋🇬🇧 Join us Sept 11 at the Crowne Plaza Docklands during #dsei for a GreyNoise Threat Brief! Insights, drinks, light fare, networking, limited swag + CPE credits all waiting for you!🍻
⏰ 16:30–18:30
👇 Save your spot today!
https://info.greynoise.io/greynoise-threat-briefing-dsei

GreyNoise - Exclusive Threat Briefing at DSEI

Join our exlusive Threat Briefing at the Crowne Plaza London Dockside during DSEI. Our team will share timely insights into the latest threat intelligence trends, attacker behaviours, and how GreyNoise helps organisations cut through the noise.

info.greynoise.io

GreyNoise @greynoise.infosec.exchange.ap.brid.gy · Sep 4

GreyNoise observed two scanning surges against Cisco ASA devices in late August, both representing significant elevations above baseline. This activity led to the discovery of a botnet cluster solely scanning for Cisco ASA on August 26.

Full analysis […]

Original post on infosec.exchange

infosec.exchange

3 1

GreyNoise @greynoise.infosec.exchange.ap.brid.gy · Sep 2

We survived August in the desert, with fresh insights on early warning signals, 73 new threat tags, + lots of upcoming events. Check out August's NoiseLetter for everything you need to know this month. ☀️
https://www.greynoise.io/resources/noiseletter-august-2025

NoiseLetter August 2025

Get GreyNoise updates! Read the August 2025 NoiseLetter for product news, key resources, the latest tags and vulnerabilities, and more.

www.greynoise.io

GreyNoise @greynoise.infosec.exchange.ap.brid.gy · Aug 28

We’re honored that GreyNoise Intelligence was acknowledged in the latest joint cyber advisory from the NSA Cybersecurity Collaboration Center and partner agencies. Read the full advisory here […]

[Original post on infosec.exchange]

GreyNoise @greynoise.infosec.exchange.ap.brid.gy · Aug 27

30,000+ IPs hit Microsoft Remote Desktop on Aug 24, a significant escalation from our original reporting of nearly 2,000 IPs on August 21. Full analysis: https://www.greynoise.io/blog/surge-malicious-ips-probe-microsoft-remote-desktop
#threatintel #rdp […]

[Original post on infosec.exchange]

GreyNoise @greynoise.infosec.exchange.ap.brid.gy · Aug 25

On August 21, GreyNoise observed nearly 2,000 malicious IPs probing Microsoft Remote Desktop (RDP) services in a single day — a sharp deviation from baseline activity. Full blog […]

[Original post on infosec.exchange]

2

GreyNoise @greynoise.infosec.exchange.ap.brid.gy · Aug 21

https://psychic.labs.greynoise.io/ 👀

1