Notices by GreyNoise (greynoise@infosec.exchange)

Embed this notice
GreyNoise (greynoise@infosec.exchange)'s status on Saturday, 17-May-2025 02:40:04 JST GreyNoise

Two critical Ivanti zero-days (CVE-2025-4427 + CVE-2025-4428) are now being actively exploited after a surge in scanning activity last month. Immediate patching is required. Get more details here ⬇️ https://www.greynoise.io/blog/ivanti-epmm-zero-days-reconnaissance-exploitation
#ZeroDay #CyberSecurity #threatintel
In conversation about 13 days ago from infosec.exchange permalink
Attachments
1. Untitled attachment
  https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/518/471/220/723/020/original/c3b5c5b4674c1b28.png
2. Domain not in remote thumbnail source whitelist: cdn.prod.website-files.com
  
  Ivanti EPMM Zero-Days: Reconnaissance to Exploitation
  
  Two critical Ivanti zero-days (CVE-2025-4427 and CVE-2025-4428) are now being actively exploited after a surge in scanning activity last month. When chained together, these vulnerabilities enable unauthenticated remote code execution on Ivanti Endpoint Manager Mobile systems.
Embed this notice
GreyNoise (greynoise@infosec.exchange)'s status on Friday, 25-Apr-2025 17:29:07 JST GreyNoise

🚨 9X Surge in Scanning for Ivanti Connect Secure. No CVEs are tied to this yet, but patterns like this often precede exploitation. Full analysis + suspicious IPs: https://www.greynoise.io/blog/surge-ivanti-connect-secure-scanning-activity #Ivanti #Cybersecurity #Scanning
In conversation about a month ago from infosec.exchange permalink
Attachments
1. Domain not in remote thumbnail source whitelist: cdn.prod.website-files.com
  
  9X Surge in Ivanti Connect Secure Scanning Activity
  
  GreyNoise observed a 9X spike in suspicious scanning activity targeting Ivanti Connect Secure or Ivanti Pulse Secure VPN systems. More than 230 unique IPs probed ICS/IPS endpoints. This surge may indicate coordinated reconnaissance and possible preparation for future exploitation.
Embed this notice
GreyNoise (greynoise@infosec.exchange)'s status on Friday, 28-Mar-2025 06:36:42 JST GreyNoise
- Horizon3.ai
🚨 New GreyNoise Tag Alert: We've added a fresh tag tracking CrushFTP Authentication Bypass (CVE-2025-2825) exploitation attempts. Thanks to @horizon3ai for the intel! Dive into the details: https://viz.greynoise.io/tags/crushftp-authentication-bypass-cve-2025-2825-attempt
In conversation about 2 months ago from infosec.exchange permalink
Attachments
1. Domain not in remote thumbnail source whitelist: viz.greynoise.io
  
  GreyNoise Visualizer
  
  At GreyNoise, we collect and analyze untargeted, widespread, and opportunistic scan and attack activity that reaches every server directly connected to the Internet.
Embed this notice
GreyNoise (greynoise@infosec.exchange)'s status on Thursday, 13-Mar-2025 05:44:15 JST GreyNoise

🚨 March 12 UPDATE: Grafana Exploitation May Signal Multi-Phase SSRF Attacks. Update + original analysis: https://www.greynoise.io/blog/new-ssrf-exploitation-surge #Cybersecurity #GreyNoise #Vulnerability
In conversation about 3 months ago from infosec.exchange permalink
Attachments
1. Domain not in remote thumbnail source whitelist: cdn.prod.website-files.com
  
  New SSRF Exploitation Surge Serves as a Reminder of 2019 Capital One Breach
  
  GreyNoise observed 400+ IPs exploiting multiple SSRF vulnerabilities across various platforms, with recent activity concentrated in Israel and the Netherlands.
Embed this notice
GreyNoise (greynoise@infosec.exchange)'s status on Wednesday, 29-Jan-2025 05:11:57 JST GreyNoise

🚨 Hackers Are Exploiting Fortinet Firewalls 🚨
15k+ FortiGate firewalls were breached via CVE-2022-40684. GreyNoise has spotted 366 compromised devices behaving abnormally. Defenders: Patch now, secure your systems, and check your IPs.
https://www.greynoise.io/blog/hackers-actively-exploiting-fortinet-firewalls-real-time-insights-from-greynoise
In conversation about 4 months ago from infosec.exchange permalink
Attachments
1. Untitled attachment
  https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/907/770/149/546/063/original/3d85b319fc4d6966.png
2. Domain not in remote thumbnail source whitelist: cdn.prod.website-files.com
  
  Hackers Actively Exploiting Fortinet Firewalls: Real-Time Insights from GreyNoise | GreyNoise Blog
  
  Discover how attackers are exploiting Fortinet FortiGate firewalls in real time. Get critical insights into malicious activities tied to CVE-2022-40684, helping defenders identify, track, and respond to threats effectively.
Embed this notice
GreyNoise (greynoise@infosec.exchange)'s status on Saturday, 10-Feb-2024 06:03:13 JST GreyNoise

We believe the public PoC for for CVE-2020-3580 XSS affecting Cisco ASA and FTD may be being utilized to curate a list of IP's that are likely to be vulnerable to CVE-2020-3259, an unauthenticated memory disclosure vulnerability, recently attributed to Akira ransomware.
https://viz.greynoise.io/tag/cisco-asa-xss-attempt?days=30
In conversation about a year ago from infosec.exchange permalink
Attachments
1. Untitled attachment
  https://media.infosec.exchange/infosec.exchange/media_attachments/files/111/903/422/912/637/950/original/0bed12921fd4cfc9.png

Public

Notices by GreyNoise (greynoise@infosec.exchange)

User actions

Following 0

Followers 0

Groups 0

Statistics

Feeds