Security LandDec 28

A high-severity flaw known as MongoBleed (CVE-2025-14847) is currently being exploited in the wild.

The scale is significant:

🔍 Wiz researchers have confirmed active exploitation.
📊 Data from Shodan and Censys reveals between 87,000 and 100,000 potentially vulnerable MongoDB instances.

Read More: https://www.security.land/mongobleed-alert-cve-2025-14847-exploited-in-the-wild/

#SecurityLand #CyberSecurity #InfoSec #MongoDB #MongoBleed #DatabaseSecurity #Wiz #Shodan #Censys #CloudSecurity

MongoBleed CVE-2025-14847: Is Your MongoDB Exposed?

Dubbed "MongoBleed," CVE-2025-14847 allows unauthenticated attackers to exfiltrate sensitive data from MongoDB heap memory. With 87,000 instances exposed, active exploitation is now confirmed.

Security Land | Decoding the Cyber Threat Landscape
Security LandDec 15

New infrastructure analysis from Censys reveals how the pro-Russian hacktivist group NoName057(16) maintains DDoSia operations through rapid server rotation. Monitoring since mid-2025 shows an average of 6 control servers active simultaneously, but with a mean lifespan of only 2.53 days.

#SecurityLand #ThreatHorizon #Research #Censys #DDoSia #DDoS #DDoSAttack #NoName057 #Ukraine #Russia #Hacktivism

Read More: https://www.security.land/ddosia-infrastructure-censys-research-noname057/

Censys Reveals Rapid Server Rotation Behind NoName057(16) Attacks

Censys research reveals DDoSia control servers last avg 2.5 days, with 6 active at any time. Analysis of pro-Russian DDoS infrastructure.

Security Land | Decoding the Cyber Threat Landscape
KrebsOnSecurity RSSNov 24

Is Your Android TV Streaming Box Part of a Botnet?

https://krebsonsecurity.com/2025/11/is-your-android-tv-streaming-box-part-of-a-botnet/

#SuperMediaTechnologyCompanyLtd. #ElectronicFrontierFoundation #FederalBureauofInvestigation #InternetofThings(IoT) #HalfSpaceLabsLimited #BadBox2.0Enterprise #GrassOpCo(BVI)Ltd #LowerTribecaCorp. #ALittleSunshine #ARPpoisoning #WebFraud2.0 #RileyKilmer #WyndNetwork #SuperCaja #Synthient #Superbox #BestBuy #Tcpdump #Walmart #Amazon #Censys #IPidea #Netcat

Is Your Android TV Streaming Box Part of a Botnet? – Krebs on Security

SchamschulaNov 20
What's up with #censys? First I block their scans in nginx.conf. They didn't get the message. I then add their published CIDRs to a ipfw drop table. So now they again tried from unpublished CIDRs -> added those to the drop table.
Show threadTaylor ParizoOct 16

@brian_greenberg

I attempted to create a Censys query to help identify some victim devices. Just SNMP not Telnet.

Legacy Censys (search.censys.io)
services.software.vendor: /"Cisco"/ and (services.snmp.oid_system.name:"3750G" or services.snmp.oid_system.name:"9300" or services.snmp.oid_system.name:"9400")

V2 Censys (platform.censys.io)
(host.services.software.vendor=~"^\"Cisco\"$" or host.services.hardware.vendor=~"^\"Cisco\"$" or host.services.operating_systems.vendor=~"^\"Cisco\"$") and host.services.snmp.oid_system.name:{"3750G", "9300", "9400"}

#Censys #Cisco

Show threadOhmbudsmanSep 4, 2025
🌐 Censys warns: nation-states abusing academic access to internet mapping data.
Source: https://www.theregister.com/2025/09/03/censys_abuse_sigcomm_paper/
#Cybersecurity #Research #Censys
Internet mapping and research outfit Censys reveals state-based abuse, harassment

: ‘Universities are being used to proxy offensive government operations, turning research access decisions political’

The Register
kyu3(キューさん) Aug 25, 2025

#NAS の情報を勝手に公開!? IPアドレスにポート、さらに所在地まで晒してしまう #Censys に自分の情報が載っていないか、動画で調べ方を解説【イニシャルBチャンネル】 - INTERNET Watch

https://internet.watch.impress.co.jp/docs/column/shimizumovie/2039261.html

NASの情報を勝手に公開!? IPアドレスにポート、さらに所在地まで晒してしまうCensysに自分の情報が載っていないか、動画で調べ方を解説

 NASの説明書に従って設定しただけなのに、いつのまにかNASに外部からアクセスするための情報が公開されている。そんなウソみたいな話が現実のものとなっている。

INTERNET Watch
Silas CutlerJul 31, 2025
Hey, #Censys just released a new chrome extension
https://chromewebstore.google.com/detail/censys/cjcbocemonlaehhhpeaadmgakfofjlll
Silas CutlerJul 21, 2025
Write-up on our perspective at #Censys on ToolShell / CVE-2025-53770 exploit in SharePoint: https://censys.com/advisory/cve-2025-53770
CensysJun 23, 2025

🔌 Iran Internet Outage Update
Since June 18, Iran has faced a near-total internet blackout. June 21 marked the lowest point in visibility—but signs of recovery are emerging.

📉 Some networks (e.g., DATAK, HAMYAR-AS) remain unstable.
📈 Others (e.g., RESPINA-AS, MOBINNET-AS) are bouncing back strong.
🧭 TIC appears in nearly all slow-recovering transit paths.

We’re tracking it all.
🔍 View the update at Censys: https://censys.com/blog/irans-internet-a-censys-perspective

#InternetShutdown #Iran #NetworkOutage #Censys #InternetIntelligence