Lightnews — Scholar-powered news

GreyNoise @greynoise.io · 11h

GreyNoise has linked three concurrent campaigns targeting remote-access technologies — Palo Alto login attempts, Fortinet SSL VPN brute-forcing, and Cisco ASA scanning — all partially driven by the same threat actor(s) [High Confidence]. Full analysis 👇 #Palo #Cisco #Fortinet #ThreatIntel

Palo Alto Scanning Surges ~500% in 48 Hours, Marking 90-Day High

On October 3, 2025, GreyNoise observed a ~500% increase in IPs scanning Palo Alto Networks login portals, the highest level recorded in the past 90 days. The activity was highly targeted and involved ...

www.greynoise.io

1 5

GreyNoise @greynoise.io · 16h

GreyNoise Feeds are here: real-time webhook alerts for CVE status changes, exploitation spikes, and IP classification changes. No more polling. Respond the moment threats emerge. 🦾

Introducing GreyNoise Feeds: Real-Time Intel for Real-Time Response

Learn how GreyNoise Feeds enable real-time, event-driven threat intelligence that eliminates polling delays—helping defenders react instantly to new exploits, IP threats, and zero-day activity.

www.greynoise.io

1

GreyNoise @greynoise.io · 1d

Palo login attempts are escalating, potentially driven by iteration through a large credential dataset. GreyNoise is sharing observed usernames/passwords for defender review.

🔗 Latest: www.greynoise.io/blog/palo-al...

#PaloAltoNetworks #ThreatIntel

4 6

GreyNoise @greynoise.io · 2d

NoiseLetter, but make it fashionably late... 💅 We were at our company offsite, but we're back with our new GreyNoise MCP Server launch, Cisco ASA zero-day and VPN brute force insights, plus upcoming events, let's get into it!

NoiseLetter September 2025

Get GreyNoise updates! Read the September 2025 NoiseLetter for product news, key resources, the latest tags and vulnerabilities, and more.

www.greynoise.io

3 7

GreyNoise @greynoise.io · 5d

GreyNoise observed a ~500% surge in IPs scanning Palo Alto Networks login portals on October 3, 2025 — the highest level we’ve seen in 90 days. Read our full analysis here 👇 #PaloAltoNetworks #PaloAlto #GreyNoise #ThreatIntel #PANOS

Palo Alto Scanning Surges ~500% in 48 Hours, Marking 90-Day High

On October 3, 2025, GreyNoise observed a ~500% increase in IPs scanning Palo Alto Networks login portals, the highest level recorded in the past 90 days. The activity was highly targeted and involved ...

www.greynoise.io

4 3

GreyNoise @greynoise.io · 6d

On 28 September, GreyNoise observed a sharp one-day surge in attempts to exploit Grafana CVE-2021-43798. Full analysis & malicious IPs ⬇️
#Grafana #GreyNoise #ThreatIntel

Coordinated Grafana Exploitation Attempts on 28 September

GreyNoise observed a sharp one-day surge of exploitation attempts targeting CVE-2021-43798 — a Grafana path traversal vulnerability that enables arbitrary file reads. All observed IPs are classified a...

www.greynoise.io

4 6

GreyNoise @greynoise.io · 6d

We got (most of) the team together last week and it was magical, so grateful for each + every one of these GreyNoids ✨

2 8

GreyNoise @greynoise.io · 7d

GreyNoise now has coverage for Cisco zero-days CVE-2025-20333 and CVE-2025-20362. Watch for exploit attempts in real-time:

CVE-2025-20333 (Net new): viz.greynoise.io/tags/cisco-a...

CVE-2025-20362 (Updated tag): viz.greynoise.io/tags/cisco-a...

#CiscoASA #ZeroDay #CVE202520333 #CVE202520362

3 5

GreyNoise @greynoise.io · 9d

🚨GreyNoise has published a new Situation Report on Cisco ASA reconnaissance activity we observed before the new zero-days were disclosed.

Read the full report: info.greynoise.io/hubfs/Situat...

#Cisco #ASA #CiscoASA #GreyNoise #ThreatIntel #CVE202520333 #CVE202520362

5 7

GreyNoise @greynoise.io · 12d

Sept 25: Cisco disclosed two ASA/FTD zero-days (#CVE-2025-20333, #CVE-2025-20362).

Weeks earlier, GreyNoise saw 25k IPs scanning ASA — another case of recon surges preceding disclosures.

Read the update: www.greynoise.io/blog/scannin...

#CiscoASA #ZeroDay #Cisco

25,000 IPs Scanned Cisco ASA Devices — New Vulnerability Potentially Incoming

GreyNoise observed two scanning surges against Cisco Adaptive Security Appliance (ASA) devices in late August including more than 25,000 unique IPs in a single burst. This activity represents a signif...

www.greynoise.io

3 5

GreyNoise @greynoise.io · 13d

Hey Toronto! 🇨🇦 We will be up North next week with runZero for #SecTor! Come hang out on Wednesday for some drinks + good conversation!

🔗 www.runzero.com/sector-happy...

RSVP for the runZero + GreyNoise SecTor happy hour!

Join us for post-conference drinks where we'll share insights on asset discovery, threat intel, and the wild stuff lurking in your network.

www.runzero.com

1 2

GreyNoise @greynoise.io · 19d

🗣️ Catch Dio9sys' talk this weekend at #PancakesCon!
⏰ Sunday, 9/21 from 12:20–1:00 PM CT
🎤 One-liners and One Needle: Bash and Needlebinding
📺 www.youtube.com/live/P4Shsxw...

ComfyCon x PancakesCon 2025

YouTube video by ComfyCon AU

www.youtube.com

1 3

GreyNoise @greynoise.io · 20d

LIVE in 15 ⏲️

GreyNoise @greynoise.io · 21d

GreyNoise University LIVE is back from a little summer break and ready to dive into demos, events, updates + dad jokes. Catch up with us TOMORROW at 12 ET! 📺

GreyNoise University LIVE

www.greynoise.io

1 4

GreyNoise @greynoise.io · 20d

GreyNoise Intel is now accessible via MCP! AI agents and SOCs can triage, respond, and monitor threats with real-time IP reputation + behavior tags. Automate remediation, reduce false positives, + prioritize active threats.

Learn more ⬇️

GreyNoise Intel Now Available Through MCP

GreyNoise MCP Server is now available, enabling AI agents compatible with the Model Context Protocol (MCP) to efficiently consume GreyNoise intelligence, enhancing data-driven security insights.

www.greynoise.io

1 3

GreyNoise @greynoise.io · 21d

GreyNoise University LIVE is back from a little summer break and ready to dive into demos, events, updates + dad jokes. Catch up with us TOMORROW at 12 ET! 📺

GreyNoise University LIVE

www.greynoise.io

2 5

GreyNoise @greynoise.io · 23d

We're looking for some awesome folks to join our team!
If one of these roles catches your eye, we'd love to hear from you.

👩‍💻 greynoise.io/careers

We are hiring

Senior Software Engineer
Head of US Federal Sales
RSM - US DoD + IC
RSM - US Enterprise
Sales Engineer - US DoD + IC

Apply now at greynoise.io/careers

3 4

GreyNoise @greynoise.io · 28d

Our very own @dtg.bsky.social is dropping knowledge on how to outsmart malicious AI in his latest feature. 🤖

Cybersecurity To Protect From Malicious AI: Daniel Grant Of GreyNoise Intelligence On How To…

An Interview With David Leichner

medium.com

1 1

GreyNoise @greynoise.io · 29d

See you soon! @hrbrmstr.dev + Noah are bringing a jam-packed webinar getting into our most recent report, Early Warning Signals: When Attacker Activity Precedes New Vulns, you’ll definitely want to tune in. 📺

GreyNoise Webinar - How to Spot Early Warning Signals for Emerging Vulnerabilities

Join GreyNoise VP of Data Science Bob Rudis and Head of Content Noah Stone as they break down key insights from our latest report, Early Warning Signals: When Attacker Activity Precedes New Vulnerabil...

info.greynoise.io

2 3

GreyNoise @greynoise.io · Sep 5

Hey London 👋🇬🇧 Join us Sept 11 at the Crowne Plaza Docklands during #DSEI for a GreyNoise Threat Brief! Insights, drinks, light fare, networking, limited swag + CPE credits all waiting for you!🍻
⏰ 16:30–18:30
👇 Save your spot today!

GreyNoise - Exclusive Threat Briefing at DSEI

Join our exlusive Threat Briefing at the Crowne Plaza London Dockside during DSEI. Our team will share timely insights into the latest threat intelligence trends, attacker behaviours, and how GreyNois...

info.greynoise.io

2

GreyNoise @greynoise.io · Sep 4

GreyNoise observed two scanning surges against Cisco ASA devices in late August, both representing significant elevations above baseline. This activity led to the discovery of a botnet cluster solely scanning for Cisco ASA on August 26.
#CiscoASA #Cisco #GreyNoise #Cybersecurity #ThreatIntel

25,000 IPs Scanned Cisco ASA Devices — New Vulnerability Potentially Incoming

GreyNoise observed two scanning surges against Cisco Adaptive Security Appliance (ASA) devices in late August including more than 25,000 unique IPs in a single burst. This activity represents a signif...

www.greynoise.io

3 5

GreyNoise @greynoise.io · Sep 2

We survived August in the desert, with fresh insights on early warning signals, 73 new threat tags, + lots of upcoming events. Check out August's NoiseLetter for everything you need to know this month. ☀️

NoiseLetter August 2025

Get GreyNoise updates! Read the August 2025 NoiseLetter for product news, key resources, the latest tags and vulnerabilities, and more.

www.greynoise.io

1 3

GreyNoise @greynoise.io · Aug 28

We’re honored that GreyNoise Intelligence was acknowledged in the latest joint cyber advisory from the NSA Cybersecurity Collaboration Center and partner agencies. Read the full advisory here: media.defense.gov/2025/Aug/22/...
#GreyNoise #Cybersecurity #ThreatIntelligence

4

GreyNoise @greynoise.io · Aug 27

30,000+ IPs hit Microsoft Remote Desktop on Aug 24, a significant escalation from our original reporting of nearly 2,000 IPs on August 21. Full analysis: www.greynoise.io/blog/surge-m...
#ThreatIntel #RDP #Cybersecurity #IncidentResponse #GreyNoise #SOC #VulnerabilityManagement #MicrosoftRDP

2 4

GreyNoise @greynoise.io · Aug 25

On August 21, GreyNoise observed nearly 2,000 malicious IPs probing Microsoft Remote Desktop (RDP) services in a single day — a sharp deviation from baseline activity. Full blog: www.greynoise.io/blog/surge-m...

#ThreatIntel #RDP #Cybersecurity #GreyNoise #Analysis #RemoteDesktop

Nearly 2,000 Malicious IPs Probe Microsoft Remote Desktop in Single-Day Surge

On August 21, GreyNoise observed a sharp surge in scanning against Microsoft Remote Desktop (RDP) services.

www.greynoise.io

2 2

GreyNoise @greynoise.io · Aug 21

psychic.labs.greynoise.io 👀

1 3