GreyNoise

@[email protected]
2K Followers
31 Following
528 Posts

GreyNoise analyzes Internet background noise. Use GreyNoise to remove pointless security alerts, find compromised devices, or identify emerging threats.

(Yes, it's really us. - Love, GreyNoise )

GreyNoise2d ago

GreyNoise At The Edge — April 13–20, 2026. Four themes dominated activity on the GreyNoise sensor network this week — spanning reconnaissance, exploitation attempts, credential brute-forcing, and botnet recruitment.

1. A broad credential and configuration discovery campaign ran at ~6.2M sessions across hundreds of IPs — ENV files, .git/config, AWS metadata, path traversal, sensitive file access. The biggest real story, distributed rather than concentrated.

2. VNC scanning surged to the third-most-targeted port on the internet — port 5900 at 17.4M sessions. Not in prior briefs.

3. A new multi-cloud Masscan framework activated this week. Shared JA3 across a new Poland IP and an existing DigitalOcean Singapore cluster.

4. VPSVAULT IoT worm weaponized CVE-2025-54322 (Xspeeder SXZOS, CVSS 10.0). CVE-2026-24061 (GNU telnetd, CVSS 9.8, CISA KEV) also in payload.

Full Report: https://www.greynoise.io/resources/at-the-edge-clear-042026

#ThreatIntel #CyberSecurity #InfoSec #GreyNoise

At The Edge Clear: April 13 - 20, 2026

This week's report covers credential discovery, VNC exposure, and a new multi-cloud scanning framework.

GreyNoise2d ago
11 hosting ASNs appeared in pre-disclosure surges across 3+ vendor families. When targeting concentrates, lead time drops from 21 days to 7.5. The infrastructure behind these surges is recognizable. https://www.greynoise.io/resources/ten-days-before-zero
Ten Days Before Zero: How Activity Surges in GreyNoise Data Precede Vulnerability Disclosure

Attackers are moving before disclosures. GreyNoise shows how surge activity can signal vulnerabilities days before CVEs are published.

GreyNoise4d ago

See you in Glasgow for #CyberUK! 🇬🇧

Find GreyNoise at Booth D2 + catch our talks:
🗓 Apr 22, 12:20 – Nishawn Smagh
🗓 Apr 23, 14:30 – Glenn Thorpe III

Happy Hour @ Golf Fang on Apr 22 ⛳️

Book 1:1 time: https://info.greynoise.io/cyberuk-meet-with-us

#CyberSecurity #ThreatIntelligence #GreyNoise

CyberUK| Meet With Us | GreyNoise Intelligence

GreyNoise is proud to be a sponsor and speaker at this years CyberUK conference. Here are all the different ways you can engage with GreyNoise during the event.

GreyNoise5d ago

Atlanta!!! 🍑

We will be in town for the CrowdStrike #CrowdTour this week + we're kicking things off early with a Happy Hour TOMORROW! Come hang out with us from 4-6 at the Blue Moon Brewery & Grill. 🍻

https://info.greynoise.io/event/happy-hour-atlanta

GreyNoise | Happy Hour Atlanta

We’re leaving the slide decks and sales pitches at the office in favor of cold beers and genuine conversation. Join us to unwind, talk shop (or not), and enjoy a relaxed evening with your Atlanta peers.

GreyNoise5d ago

The internet changes before the advisory drops. New from GreyNoise: activity surges preceded 33 CVEs across 16 vendor families with a median 11-day lead. The pattern holds up to rigorous testing.

https://www.greynoise.io/resources/ten-days-before-zero

Ten Days Before Zero: How Activity Surges in GreyNoise Data Precede Vulnerability Disclosure

Attackers are moving before disclosures. GreyNoise shows how surge activity can signal vulnerabilities days before CVEs are published.

GreyNoiseApr 17

39% of IPs targeting the edge are residential. Geolocation catches 0% of them.

We analyzed 4 billion sessions and the findings break A LOT of assumptions.

Join us April 30 at 2 PM ET as we unpack what's really hiding in your traffic.

👉 https://info.greynoise.io/webinar/invisible-army

Webinar - The Invisible Army: What 4 Billion Sessions Reveal About Residential Proxy Abuse

This webinar presents the full findings of the latest report on residential proxy abuse — why IP reputation is structurally broken against this traffic, behavioral patterns consistent with compromised home PCs following the human sleep cycle, and what four separate threats hiding behind one label mean for detection strategy.

GreyNoiseApr 15

Fortinet remains the #1 targeted perimeter vendor:

• CVE-2026-35616 auth bypass: 1,535,690 sessions
• SSL VPN brute-force: 116,753 sessions (trending ↑)
• CISA KEV since April 6

See it on GreyNoise → https://www.greynoise.io/resources/at-the-edge-clear-041326

At The Edge Clear: April 06 - 13, 2026

This week's intelligence highlights a shift from opportunistic scanning to coordinated, targeted exploitation of enterprise perimeter devices and IoT infrastructure, with adversaries operationalizing prior reconnaissance at scale.

GreyNoiseApr 10

21 IPs generated nearly half of all RDP scanning on the internet in 48 hours. Then vanished — for the second time in 30 days.

🔗 https://www.greynoise.io/blog/ip-addresses-behind-nearly-half-rdp-internet-scanning

#ThreatIntel #RDP #CyberSecurity #InfoSec #ThreatHunting

Show threadGreyNoiseApr 7
Press Release: https://www.prweb.com/releases/greynoise-intelligence-introduces-c2-detection-to-close-the-visibility-gap-at-the-edge-of-the-network-302734388.html
GreyNoise Intelligence Introduces C2 Detection to Close the Visibility Gap at the Edge of the Network

/PRNewswire-PRWeb/ -- GreyNoise Intelligence, the cybersecurity company providing real-time intelligence about network-based attacks, today introduced Command...

GreyNoiseApr 7

🚨We just shipped C2 Detection.

Compromised edge devices call home to attacker infrastructure. The evidence is in your outbound logs...most teams just can’t see it.

Now they can. 👀

Learn more >> https://www.greynoise.io/blog/introducing-c2-detection