If anyone has an unused business hall pass code for BH and is feeling extra nice, please let me know. :)
| @ntkramer |
Glenn π
@ntkramer@infosec.exchange
- 579 Followers
- 276 Following
- 1,034 Posts
Experienced InfoSec | Elder Millennial | πΌ Security Research @greynoise | I ask 'why?' a lot | Pro Oxford Comma | Fix it! | He/Him | #BLM | Views are my own.
GreyNoise (@greynoise@infosec.exchange)
A vulnerability in a Signal-based enterprise messaging app could expose plaintext usernames and passwords via an unauthenticated memory dump. We're seeing exploit attempts in real time. Full analysis: https://www.greynoise.io/blog/active-exploit-attempts-signal-based-messaging-app #Cybersecurity #ThreatIntel #GreyNoise
π CVE-2017-18370 (Zyxel P660HN)
Oldie but goodie.
https://viz.greynoise.io/tags/zyxel-p660hn-viewlog-asp-command-injection-attempt?days=30
4/4
β‘ CVE-2024-20439 (Cisco Smart Licensing Utility) (9.8/10, KEV)
Hardcoded credentials have been known since late last year.
π₯ CVE-2025-49132 (Pterodactyl Panel RCE) (10/10 RCE)
Active exploitation observed within days of disclosure.
https://viz.greynoise.io/tags/pterodactyl-panel-remote-code-execution-cve-2025-49132-attempt?days=10
2/4
π« & #threatintel - noticing a few other spikes orgs should be mindful of:
π₯ CVE-2025-49132 (Pterodactyl Panel RCE) (10/10 RCE)
β‘ CVE-2024-20439 (Cisco Smart Licensing Utility) (9.8/10, KEV)
π CVE-2017-18370 (Zyxel P660HN)
1/4
π₯ CVE-2025-49132 (Pterodactyl Panel RCE) (10/10 RCE)
β‘ CVE-2024-20439 (Cisco Smart Licensing Utility) (9.8/10, KEV)
π CVE-2017-18370 (Zyxel P660HN)
1/4
Thanks for the h/t @GossiTheDog!
2/2
2/2
π©Έ& #threatintel | We (@greynoise) just published a quick note (https://www.greynoise.io/blog/exploitation-citrixbleed-2-cve-2025-5777-before-public-poc) regarding CVE-2025-5777 - CitrixBleed 2
The main takeaway is we, first hand, observed exploitation almost two weeks before the POC was released, so ensure all retro threat hunting goes back at LEAST a month, but ideally further.
1/2
Exploitation of CitrixBleed 2 (CVE-2025-5777) Began Before PoC Was Public
GreyNoise has observed active exploitation attempts against CVE-2025-5777 (CitrixBleed 2), a memory overread vulnerability in Citrix NetScaler. Exploitation began on June 23 β nearly two weeks before a public proof-of-concept was released on July 4.
π₯ & #threatintel - Thanks to Horizon3, we pushed a tag out today for CitrixBleed 2 CVE-2025-5777 and are backfilling. Currently, we see 233 hits starting on July 1 from:
64.176.50[.]109
38.154.237[.]100
102.129.235[.]108
121.237.80[.]241
45.135.232[.]2
Follow along here: https://viz.greynoise.io/tags/citrixbleed-2-cve-2025-5777-attempt?days=10
