200,886,675 sessions. 101 unique source IPs. March 16–23, 2026.

GreyNoise At The Edge intelligence brief highlights:

1. The MEVSPACE RDP brute-force operator returned after a 99.8% infrastructure collapse — single IP generated 7,975,241 sessions before deliberately withdrawing after 4 days. GreyNoise has tracked a surge-withdraw-reconstitute cycle since January 2026, reinforcing that well-resourced operators can reconstitute capacity within days.

2. Two coordinated campaigns emerged: VPSVAULT.HOST (IoT worm weaponizing 21+ CVEs against 12+ manufacturers) and Omegatech (TLS fingerprint randomization with 5,854 unique JA3s per node).

3. Sophos CVE-2022-1040 exploitation stabilized at 638,654 sessions in its fifth consecutive week. Enterprise VPN credential pressure reached week 9 across five vendors with 2.9M+ combined sessions.

4. n8n CVE-2026-21858 (CVSS 10.0) reached 118,086 sessions with links to MuddyWater and ZeroBot. ICS/SCADA reconnaissance expanded with new HMI and PLC vulnerabilities trending.

🔗 https://www.greynoise.io/resources/at-the-edge-clear-032326

#ThreatIntel #CyberSecurity #InfoSec #GreyNoise

Il 14 gennaio qualcuno ha staccato la spina a Telnet. Il traffico globale è crollato del 65% in un'ora, sei giorni prima che il mondo sapesse perché. Taiwan ha filtrato il 77%, l'India il 70%, il Giappone il 65%.

Un protocollo nato nel 1969, una vulnerabilità nascosta per 11 anni, 52 IP da 16 paesi che hanno tentato l'exploit, e un mistero che sembra un thriller. La storia completa nel nuovo episodio del buongiornirondirondello.

https://youtu.be/vVQuEC0Py3s?si=-xV2PRSFLz9mbURb

#telnet #security #arpanet #protocolli #greynoise

52% of RCE attempts came from IPs with no prior GreyNoise history. New research on where edge defenses fall short + what to do about it: https://www.greynoise.io/resources/2026-state-of-the-edge-report

#ThreatIntel #Cybersecurity #GreyNoise

This week's At the Edge: CLEAR is out — a preview of the intel brief GreyNoise customers get every week.

🔗 https://www.greynoise.io/resources/at-the-edge-clear-021626

That's just the preview. greynoise.io/contact

#ThreatIntel #CyberSecurity #GreyNoise

Telnet traffic didn’t “trend down” — it reportedly fell off a cliff. GreyNoise says global sessions dropped 65% in one hour on Jan 14, days before CVE-2026-24061 (GNU InetUtils telnetd, 9.8) went public Jan 20. Smells like someone quietly slammed the port-23 door… who got the laser pointer? 😼

https://tech.slashdot.org/story/26/02/14/0447228/sudden-telnet-traffic-drop-are-telcos-filtering-ports-to-block-critical-vulnerability

#Telnet #CyberSecurity #GreyNoise

Three campaigns. One has Cobalt Strike ready.

RDP nearly quadrupled. A botnet picked up a new CVE. And someone built a Kubernetes cluster just to exploit n8n.

A preview of what GreyNoise customers get every week. Full brief has the IOCs, attribution, and analysis.

#ThreatIntelligence #InfoSec #GreyNoise #CyberSecurity

We observed a 65% drop in global telnet traffic in a single hour on Jan 14, settling into a sustained 59% reduction. 18 ASNs went silent, 5 countries disappeared, but cloud providers were unaffected.

Our analysis of 51.2M sessions points to backbone-level port 23 filtering by a North American Tier 1 transit provider.

🔗 https://www.labs.greynoise.io/grimoire/2026-02-10-telnet-falls-silent/

#GreyNoise #ThreatIntel #CyberSecurity #InfoSec