2026-04-15T09:11:47Z https://yabu.me GreyNoise https://yabu.me/npub1lmdgglk68ys6e75ycxxrv2rufxs49hm5rxh23473f5rrgeucvm9qaum9t8 https://media.infosec.exchange/infosec.exchange/accounts/avatars/109/287/162/176/762/744/original/03f75c5756bc3459.png https://media.infosec.exchange/infosec.exchange/accounts/avatars/109/287/162/176/762/744/original/03f75c5756bc3459.png https://yabu.me/nevent1qqswhezzan4q5409544l7279aq9z97nawtfqr6eqcpux6dnwhm7ykrqzyrld4pr7mgujrt86snqccd3g03y6z5klwsv6a2xh69xsvdr8npnv5y2u837 We observed a 65% drop in global telnet traffic in a single hour on Jan 14, settling into a sustained 59% reduction. 18 ASNs went silent, 5 countries disappeared, but cloud providers were unaffected.<br/><br/>Our analysis of 51.2M sessions points to backbone-level port 23 filtering by a North American Tier 1 transit provider.<br/><br/>🔗 <a href="https://www.labs.greynoise.io/grimoire/2026-02-10-telnet-falls-silent/">https://www.labs.greynoise.io/grimoire/2026-02-10-telnet-falls-silent/</a><br/><br/>#GreyNoise #ThreatIntel #CyberSecurity #InfoSec 2026-02-10T20:42:17Z https://yabu.me/nevent1qqs9umpnwjjnwa7q5ntyqszeskhev6ua9kedjs3hw2r3gdn2zf8w20qzyrld4pr7mgujrt86snqccd3g03y6z5klwsv6a2xh69xsvdr8npnv5009vqf 🚨 Palo Alto GlobalProtect scanning surged 40X in 24hrs...a 90-day high.<br/>2.3M login attempts from concentrated infrastructure (AS200373/AS208885).<br/>Block these IPs now: <a href="https://www.greynoise.io/blog/palo-alto-scanning-surges-90-day-high">https://www.greynoise.io/blog/palo-alto-scanning-surges-90-day-high</a> 2025-11-19T21:04:48Z https://yabu.me/nevent1qqsp67vfaxmav2xu7hnd4gxlg3ulm6x09yhpzfrz2madw77uc3h876szyrld4pr7mgujrt86snqccd3g03y6z5klwsv6a2xh69xsvdr8npnv59sedu7 EU sanctioned Stark Industries in May. Leaked docs gave them 12 days warning.<br/><br/>Result: ASN shuffle, rebrand to THE.Hosting. Corporate shells changed, network behavior didn&#39;t.<br/><br/>We tracked it: AS44477→AS209847. Packets don&#39;t lie. <br/>🔗 <a href="https://www.greynoise.io/blog/stark-industries-shell-game">https://www.greynoise.io/blog/stark-industries-shell-game</a> 2025-11-17T20:56:56Z https://yabu.me/nevent1qqs9afszp6k8yzdftt020yrcdddfvqmy88xtnjhu7vlwqkx89pfpy6czyrld4pr7mgujrt86snqccd3g03y6z5klwsv6a2xh69xsvdr8npnv5ne4h8u GreyNoise now has coverage for Cisco zero-days CVE-2025-20333 and CVE-2025-20362. Watch for exploit attempts in real-time:CVE-2025-20333 <br/>(Net-new): <a href="https://viz.greynoise.io/tags/cisco-asa-vpn-input-validation-cve-2025-20333-rce-attempt?days=1CVE-2025-20362">https://viz.greynoise.io/tags/cisco-asa-vpn-input-validation-cve-2025-20333-rce-attempt?days=1CVE-2025-20362</a> <br/>(Updated tag): <a href="https://viz.greynoise.io/tags/cisco-asa-directory-traversal-cve-2018-0296-and-cve-2025-20362-attempt">https://viz.greynoise.io/tags/cisco-asa-directory-traversal-cve-2018-0296-and-cve-2025-20362-attempt</a><br/><br/>#CiscoASA #Cisco #ZeroDay #CiscoZeroDays #CVE202520333 #CVE202520362 #GreyNoise #ThreatIntel 2025-10-01T22:03:23Z https://yabu.me/nevent1qqsg8eh2d779lrj93sxq06uvc2f2uhfgg868jpguqszgwf8ak9fu09gzyrld4pr7mgujrt86snqccd3g03y6z5klwsv6a2xh69xsvdr8npnv5ywrf8s On August 21, GreyNoise observed nearly 2,000 malicious IPs probing Microsoft Remote Desktop (RDP) services in a single day — a sharp deviation from baseline activity. Full blog: <a href="https://www.greynoise.io/blog/surge-malicious-ips-probe-microsoft-remote-desktop">https://www.greynoise.io/blog/surge-malicious-ips-probe-microsoft-remote-desktop</a><br/><br/>#ThreatIntel #RDP #Cybersecurity #GreyNoise #Analysis #RemoteDesktop<br/> <img src="https://media.infosec.exchange/infosec.exchange/media_attachments/files/115/090/941/432/782/395/original/a498b25dbf6f7c24.png"> <br/> 2025-08-25T19:00:06Z https://yabu.me/nevent1qqsdzj6zhmlld5qm6pntmfdnpcnxzg3ly6xe97r6fy0wqvj77h6q70czyrld4pr7mgujrt86snqccd3g03y6z5klwsv6a2xh69xsvdr8npnv5eamwh3 Two critical Ivanti zero-days (CVE-2025-4427 + CVE-2025-4428) are now being actively exploited after a surge in scanning activity last month. Immediate patching is required. Get more details here ⬇️ <a href="https://www.greynoise.io/blog/ivanti-epmm-zero-days-reconnaissance-exploitation">https://www.greynoise.io/blog/ivanti-epmm-zero-days-reconnaissance-exploitation</a> <br/>#ZeroDay #CyberSecurity #threatintel<br/> <img src="https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/518/471/220/723/020/original/c3b5c5b4674c1b28.png"> <br/> 2025-05-16T16:33:19Z https://yabu.me/nevent1qqsygedzuptwrezpjlz397ehke596hta8krs76q72vqhttcw2jkc5fszyrld4pr7mgujrt86snqccd3g03y6z5klwsv6a2xh69xsvdr8npnv5m6dj3a 🚨 9X Surge in Scanning for Ivanti Connect Secure. No CVEs are tied to this yet, but patterns like this often precede exploitation. Full analysis + suspicious IPs: <a href="https://www.greynoise.io/blog/surge-ivanti-connect-secure-scanning-activity">https://www.greynoise.io/blog/surge-ivanti-connect-secure-scanning-activity</a> #Ivanti #Cybersecurity #Scanning 2025-04-23T20:40:23Z https://yabu.me/nevent1qqs98w2jqwk289judwvxsv7wf2hft8c09a4057u84rvlhhkzgyv7n0qzyrld4pr7mgujrt86snqccd3g03y6z5klwsv6a2xh69xsvdr8npnv58vmjyz 🚨 New GreyNoise Tag Alert: We&#39;ve added a fresh tag tracking CrushFTP Authentication Bypass (CVE-2025-2825) exploitation attempts. Thanks to <span itemprop="mentions" itemscope itemtype="https://schema.org/Person"><a itemprop="url" href="/npub13armu7zdf9840ldhtzushktn9lget8tyd0kac3swy0grn9dejj6qszp2f4" class="bg-lavender dark:prose:text-neutral-50 dark:text-neutral-50 dark:bg-garnet px-1"><span>Horizon3.ai</span> (<span class="italic">npub13ar…p2f4</span>)</a></span> for the intel! Dive into the details: <a href="https://viz.greynoise.io/tags/crushftp-authentication-bypass-cve-2025-2825-attempt">https://viz.greynoise.io/tags/crushftp-authentication-bypass-cve-2025-2825-attempt</a> 2025-03-27T21:31:36Z https://yabu.me/nevent1qqsweapl8mfefd4ppr0y89z6vtzzlt2ledz3fu7tcdjv67ja6vffxuqzyrld4pr7mgujrt86snqccd3g03y6z5klwsv6a2xh69xsvdr8npnv59k25p4 🚨Active Exploitation Alert: Critical Apache Tomcat RCE (CVE-2025-24813). Majority of traffic targeting U.S.-based systems. Full analysis &amp; attacker IPs: <a href="https://greynoise.io/blog/active-exploitation-critical-apache-tomcat-rce-vulnerability-cve-2025-24813">https://greynoise.io/blog/active-exploitation-critical-apache-tomcat-rce-vulnerability-cve-2025-24813</a><br/>#ApacheTomcat #Apache #GreyNoise #Vulnerability #CVE202524813<br/> <img src="https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/196/407/729/558/204/original/bd5acbbb497fb86e.png"> <br/> 2025-03-20T19:29:00Z https://yabu.me/nevent1qqst5nfctzdzvznd0tw9xy47zxue47zm0y28r6x3rvljzwg9gp0jkkqzyrld4pr7mgujrt86snqccd3g03y6z5klwsv6a2xh69xsvdr8npnv5alszss 🚨 March 12 UPDATE: Grafana Exploitation May Signal Multi-Phase SSRF Attacks. Update + original analysis: <a href="https://www.greynoise.io/blog/new-ssrf-exploitation-surge">https://www.greynoise.io/blog/new-ssrf-exploitation-surge</a> #Cybersecurity #GreyNoise #Vulnerability 2025-03-12T20:41:21Z https://yabu.me/nevent1qqsrjm03pvl99a96jjed3s8xm8lywvlx5e27ejy75mt3lcult9kx0uczyrld4pr7mgujrt86snqccd3g03y6z5klwsv6a2xh69xsvdr8npnv5ztnexd Where do you get the most actionable threat intel? 🧐 2025-03-10T18:42:01Z https://yabu.me/nevent1qqsv58vrnjxyf45g87snumqak2h54kfq4p4087z7mhc7u6f2w8x8mpczyrld4pr7mgujrt86snqccd3g03y6z5klwsv6a2xh69xsvdr8npnv558kcrm 🚨 Hackers Are Exploiting Fortinet Firewalls 🚨<br/>15k+ FortiGate firewalls were breached via CVE-2022-40684. GreyNoise has spotted 366 compromised devices behaving abnormally. Defenders: Patch now, secure your systems, and check your IPs. <br/><br/><a href="https://www.greynoise.io/blog/hackers-actively-exploiting-fortinet-firewalls-real-time-insights-from-greynoise">https://www.greynoise.io/blog/hackers-actively-exploiting-fortinet-firewalls-real-time-insights-from-greynoise</a><br/> <img src="https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/907/770/149/546/063/original/3d85b319fc4d6966.png"> <br/> 2025-01-28T20:04:00Z