GreyNoise

@greynoise@infosec.exchange
1.9K Followers
30 Following
473 Posts

GreyNoise analyzes Internet background noise. Use GreyNoise to remove pointless security alerts, find compromised devices, or identify emerging threats.

(Yes, it's really us. - Love, GreyNoise )

GreyNoise3d ago

RE: https://infosec.exchange/@greynoise/115736358685164517

See ya'll in 10 ⏳

GreyNoise4d ago

GreyNoise is tracking a coordinated credential-based campaign targeting Cisco SSL VPN and Palo Alto Networks GlobalProtect.

🔗 https://www.greynoise.io/blog/credential-based-campaign-cisco-palo-alto-networks-vpn-gateways

#Cisco #PaloAltoNetworks #GreyNoise #VPN #CiscoSSLVPN #GlobalProtect #ThreatIntel

GreyNoise4d ago
See you all TOMORROW at 12ET for our last GreyNoise University LIVE of the year! ✨ https://www.greynoise.io/events/greynoise-university-live
GreyNoise University LIVE

GreyNoise4d ago

Update: Analyzing React2Shell payloads. Full breakdown from @hrbrmstr 👉 https://www.greynoise.io/blog/react2shell-payload-analysis

#React2Shell #Nextjs #CVE202555182

GreyNoiseDec 11

Just in: Watch #React2Shell exploitation unfold over time in the map below (geo of source IPs attempting to exploit CVE-2025-55182).

#GreyNoise #ThreatIntel #CVE202555182 #Nextjs #Cybersecurity

GreyNoiseDec 10
Glenn 📎Dec 9

Ron & my talk from SuriCon 2025 | Abusing HTTP Quirks to Evade Detection
I think it turned out pretty well; pardon the disco effect where a stage light was failing :)

https://www.youtube.com/watch?v=kYyAi_mtWdg

CC: @iagox86 @greynoise

SuriCon 2025 | Abusing HTTP Quirks to Evade Detection

YouTube
GreyNoiseDec 9
Going LIVE in 30 to talk all things React2Shell with the Storm ⚡️ Watch crew!
https://www.greynoise.io/stormwatch
GreyNoiseDec 9

👀 React2Shell attacker profiles fresh from GreyNoise telemetry: https://info.greynoise.io/hubfs/PDFs-Sales-Marketing/GreyNoise-React2Shell-Attacker-Profiles.pngAlso, don't miss the latest contribution from GreyNoise Labs on React2Shell: https://www.labs.greynoise.io/grimoire/2025-12-09-react2shell-meshcentral/

#React2Shell #Nextjs #CVE202555182 #CVE #GreyNoise

GreyNoiseDec 9
React2Shell blog update 🚨 compromised Next.js nodes are rapidly being enlisted into botnets; threat actor activity reaches ~80 source countries; and more. https://www.greynoise.io/blog/cve-2025-55182-react2shell-opportunistic-exploitation-in-the-wild-what-the-greynoise-observation-grid-is-seeing-so-far
#React2Shell #Nextjs #GreyNoise #ThreatIntel
CVE-2025-55182 (React2Shell) Opportunistic Exploitation In The Wild: What The GreyNoise Observation Grid Is Seeing So Far

GreyNoise is already seeing opportunistic, largely automated exploitation attempts consistent with the newly disclosed React Server Components (RSC) “Flight” protocol RCE—often referred to publicly as “React2Shell” and tracked as CVE-2025-55182.

GreyNoiseDec 8

RE: https://infosec.exchange/@greynoise/115661815317969588

London we are headed your way THIS week! Hope to see you there! 🤘

×
GreyNoise4d ago

GreyNoise is tracking a coordinated credential-based campaign targeting Cisco SSL VPN and Palo Alto Networks GlobalProtect.

🔗 https://www.greynoise.io/blog/credential-based-campaign-cisco-palo-alto-networks-vpn-gateways

#Cisco #PaloAltoNetworks #GreyNoise #VPN #CiscoSSLVPN #GlobalProtect #ThreatIntel

Show threadmicrowavetacos4d ago
@greynoise we saw similar activity last year at xmas and attackers would use first initial last name combinations en masse with lists of common passwords. 8.3 million attempts in 28 hrs. Over 10k+ source IPs that they would rotate across. If they discovered a valid username password combo they would attempt pass code mfa option to brute force it. Passcode as mfa option would not notify user that their account was being attacked and was not subject to lockout like push is so you could bruteforce mfa passcodes. Only a million attempts for a 6 digit passcode. This appears to have been fixed by some major mfa providers this year as we see passcode now locking accounts after repeat failures. Don't publish Global Protect web interface to the internet. Require GP client, cert before allowing auth. They also went after Netscalers in the same time frame. Tis the season...
Show threadmicrowavetacos4d ago
@greynoise found a pic from last year's campaign.