GreyNoise analyzes Internet background noise. Use GreyNoise to remove pointless security alerts, find compromised devices, or identify emerging threats.
(Yes, it's really us. - Love, GreyNoise )
RE: https://infosec.exchange/@greynoise/115736358685164517
See ya'll in 10 ⏳
GreyNoise is tracking a coordinated credential-based campaign targeting Cisco SSL VPN and Palo Alto Networks GlobalProtect.
🔗 https://www.greynoise.io/blog/credential-based-campaign-cisco-palo-alto-networks-vpn-gateways
#Cisco #PaloAltoNetworks #GreyNoise #VPN #CiscoSSLVPN #GlobalProtect #ThreatIntel
Update: Analyzing React2Shell payloads. Full breakdown from @hrbrmstr 👉 https://www.greynoise.io/blog/react2shell-payload-analysis
Just in: Watch #React2Shell exploitation unfold over time in the map below (geo of source IPs attempting to exploit CVE-2025-55182).
#GreyNoise #ThreatIntel #CVE202555182 #Nextjs #Cybersecurity
Ron & my talk from SuriCon 2025 | Abusing HTTP Quirks to Evade Detection
I think it turned out pretty well; pardon the disco effect where a stage light was failing :)
https://www.youtube.com/watch?v=kYyAi_mtWdg
CC: @iagox86 @greynoise
👀 React2Shell attacker profiles fresh from GreyNoise telemetry: https://info.greynoise.io/hubfs/PDFs-Sales-Marketing/GreyNoise-React2Shell-Attacker-Profiles.pngAlso, don't miss the latest contribution from GreyNoise Labs on React2Shell: https://www.labs.greynoise.io/grimoire/2025-12-09-react2shell-meshcentral/
GreyNoise is already seeing opportunistic, largely automated exploitation attempts consistent with the newly disclosed React Server Components (RSC) “Flight” protocol RCE—often referred to publicly as “React2Shell” and tracked as CVE-2025-55182.
RE: https://infosec.exchange/@greynoise/115661815317969588
London we are headed your way THIS week! Hope to see you there! 🤘
Glenn 📎