GreyNoise analyzes Internet background noise. Use GreyNoise to remove pointless security alerts, find compromised devices, or identify emerging threats.
(Yes, it's really us. - Love, GreyNoise )
Today's the perfect day for a matinee double feature:
GreyNoise University LIVE: https://www.greynoise.io/events/greynoise-university-live
The Invisible Army: What 4 Billion Sessions Reveal About Residential Proxy Abuse Webinar: https://info.greynoise.io/webinar/invisible-army?_ga=2.231440415.1063083880.1777487534-981227823.1753375781
We're so back, after taking last month off, we are refreshed + ready for April's GreyNoise University LIVE!!
πΊ Tune in TOMORROW at 12 ET! https://www.greynoise.io/events/greynoise-university-live
Project Swarm is a research initiative that opens the GreyNoise deception platform to the global security community. When you deploy a GreyNoise sensor through Project Swarm, you get visibility into all the traffic hitting that sensor, and everything your sensor captures is yours to work with.
Residential proxies, sleep cycles, and 4 BILLION sessions π
Join us Thursday, April 30th at 2pm ET to see why IP reputation is broken against home traffic + what actually works instead.
Save your spot now πhttps://info.greynoise.io/webinar/invisible-army
This webinar presents the full findings of the latest report on residential proxy abuse β why IP reputation is structurally broken against this traffic, behavioral patterns consistent with compromised home PCs following the human sleep cycle, and what four separate threats hiding behind one label mean for detection strategy.
GreyNoise At The Edge β April 13β20, 2026. Four themes dominated activity on the GreyNoise sensor network this week β spanning reconnaissance, exploitation attempts, credential brute-forcing, and botnet recruitment.
1. A broad credential and configuration discovery campaign ran at ~6.2M sessions across hundreds of IPs β ENV files, .git/config, AWS metadata, path traversal, sensitive file access. The biggest real story, distributed rather than concentrated.
2. VNC scanning surged to the third-most-targeted port on the internet β port 5900 at 17.4M sessions. Not in prior briefs.
3. A new multi-cloud Masscan framework activated this week. Shared JA3 across a new Poland IP and an existing DigitalOcean Singapore cluster.
4. VPSVAULT IoT worm weaponized CVE-2025-54322 (Xspeeder SXZOS, CVSS 10.0). CVE-2026-24061 (GNU telnetd, CVSS 9.8, CISA KEV) also in payload.
Full Report: https://www.greynoise.io/resources/at-the-edge-clear-042026
See you in Glasgow for #CyberUK! π¬π§
Find GreyNoise at Booth D2 + catch our talks:
π Apr 22, 12:20 β Nishawn Smagh
π Apr 23, 14:30 β Glenn Thorpe III
Happy Hour @ Golf Fang on Apr 22 β³οΈ
Book 1:1 time: https://info.greynoise.io/cyberuk-meet-with-us
Atlanta!!! π
We will be in town for the CrowdStrike #CrowdTour this week + we're kicking things off early with a Happy Hour TOMORROW! Come hang out with us from 4-6 at the Blue Moon Brewery & Grill. π»
