Ashlee Strickland
@astrickland.bsky.social
Reposted by Ashlee Strickland
Happy Halloween from your fave GreyNerds 🍬🍫
October 31, 2025 at 9:21 PM
Happy Halloween from your fave GreyNerds 🍬🍫
Reposted by Ashlee Strickland
GreyNoise has observed a surge in PHP exploitation activity since late summer — now peaking as attackers deploy cryptominers at scale. Full analysis ⬇️ #GreyNoise #PHP #ThreatIntel
PHP Cryptomining Campaign: October/November 2025
From Aug–Oct 2025, GreyNoise observed a surge in exploitation attempts against PHP and PHP-based frameworks as attackers deployed cryptominers—driven by rising Bitcoin prices and higher mining payoffs...
www.greynoise.io
November 4, 2025 at 4:36 PM
GreyNoise has observed a surge in PHP exploitation activity since late summer — now peaking as attackers deploy cryptominers at scale. Full analysis ⬇️ #GreyNoise #PHP #ThreatIntel
Reposted by Ashlee Strickland
Attacker infrastructure evolves in real time. Your defenses should too. Introducing GreyNoise Block, ensuring your blocklists update automatically. 🦾
Introducing GreyNoise Block: Fully configurable, real-time blocklists
Discover why traditional blocklists fail and how GreyNoise Block offers real-time, configurable, low-noise IP blocking powered by primary-sourced intelligence.
www.greynoise.io
October 14, 2025 at 5:03 PM
Attacker infrastructure evolves in real time. Your defenses should too. Introducing GreyNoise Block, ensuring your blocklists update automatically. 🦾
Reposted by Ashlee Strickland
GreyNoise has linked three concurrent campaigns targeting remote-access technologies — Palo Alto login attempts, Fortinet SSL VPN brute-forcing, and Cisco ASA scanning — all partially driven by the same threat actor(s) [High Confidence]. Full analysis 👇 #Palo #Cisco #Fortinet #ThreatIntel
Palo Alto Scanning Surges ~500% in 48 Hours, Marking 90-Day High
On October 3, 2025, GreyNoise observed a ~500% increase in IPs scanning Palo Alto Networks login portals, the highest level recorded in the past 90 days. The activity was highly targeted and involved ...
www.greynoise.io
October 8, 2025 at 10:00 PM
GreyNoise has linked three concurrent campaigns targeting remote-access technologies — Palo Alto login attempts, Fortinet SSL VPN brute-forcing, and Cisco ASA scanning — all partially driven by the same threat actor(s) [High Confidence]. Full analysis 👇 #Palo #Cisco #Fortinet #ThreatIntel
Reposted by Ashlee Strickland
A 100,000-IP botnet is actively targeting U.S. RDP infrastructure. 🔗 Read the analysis 👇
#Cybersecurity #RDP #Botnet #GreyNoise
#Cybersecurity #RDP #Botnet #GreyNoise
100,000+ IP Botnet Launches Coordinated RDP Attack Wave Against US Infrastructure
Since October 8, 2025, GreyNoise has tracked a coordinated botnet operation involving over 100,000 unique IP addresses from more than 100 countries targeting Remote Desktop Protocol (RDP) services in ...
www.greynoise.io
October 10, 2025 at 9:49 PM
A 100,000-IP botnet is actively targeting U.S. RDP infrastructure. 🔗 Read the analysis 👇
#Cybersecurity #RDP #Botnet #GreyNoise
#Cybersecurity #RDP #Botnet #GreyNoise
Reposted by Ashlee Strickland
Hey #CriblCon25! 👋 Looking forward to seeing you soon! 👻🤝🐐
October 13, 2025 at 9:17 PM
Hey #CriblCon25! 👋 Looking forward to seeing you soon! 👻🤝🐐
Reposted by Ashlee Strickland
NoiseLetter, but make it fashionably late... 💅 We were at our company offsite, but we're back with our new GreyNoise MCP Server launch, Cisco ASA zero-day and VPN brute force insights, plus upcoming events, let's get into it!
NoiseLetter September 2025
Get GreyNoise updates! Read the September 2025 NoiseLetter for product news, key resources, the latest tags and vulnerabilities, and more.
www.greynoise.io
October 6, 2025 at 5:19 PM
NoiseLetter, but make it fashionably late... 💅 We were at our company offsite, but we're back with our new GreyNoise MCP Server launch, Cisco ASA zero-day and VPN brute force insights, plus upcoming events, let's get into it!
Reposted by Ashlee Strickland
We got (most of) the team together last week and it was magical, so grateful for each + every one of these GreyNoids ✨
October 2, 2025 at 3:46 PM
We got (most of) the team together last week and it was magical, so grateful for each + every one of these GreyNoids ✨
Reposted by Ashlee Strickland
🚨GreyNoise has published a new Situation Report on Cisco ASA reconnaissance activity we observed before the new zero-days were disclosed.
Read the full report: info.greynoise.io/hubfs/Situat...
#Cisco #ASA #CiscoASA #GreyNoise #ThreatIntel #CVE202520333 #CVE202520362
Read the full report: info.greynoise.io/hubfs/Situat...
#Cisco #ASA #CiscoASA #GreyNoise #ThreatIntel #CVE202520333 #CVE202520362
September 29, 2025 at 5:54 PM
🚨GreyNoise has published a new Situation Report on Cisco ASA reconnaissance activity we observed before the new zero-days were disclosed.
Read the full report: info.greynoise.io/hubfs/Situat...
#Cisco #ASA #CiscoASA #GreyNoise #ThreatIntel #CVE202520333 #CVE202520362
Read the full report: info.greynoise.io/hubfs/Situat...
#Cisco #ASA #CiscoASA #GreyNoise #ThreatIntel #CVE202520333 #CVE202520362
Reposted by Ashlee Strickland
GreyNoise observed two scanning surges against Cisco ASA devices in late August, both representing significant elevations above baseline. This activity led to the discovery of a botnet cluster solely scanning for Cisco ASA on August 26.
#CiscoASA #Cisco #GreyNoise #Cybersecurity #ThreatIntel
#CiscoASA #Cisco #GreyNoise #Cybersecurity #ThreatIntel
25,000 IPs Scanned Cisco ASA Devices — New Vulnerability Potentially Incoming
GreyNoise observed two scanning surges against Cisco Adaptive Security Appliance (ASA) devices in late August including more than 25,000 unique IPs in a single burst. This activity represents a signif...
www.greynoise.io
September 4, 2025 at 2:07 PM
GreyNoise observed two scanning surges against Cisco ASA devices in late August, both representing significant elevations above baseline. This activity led to the discovery of a botnet cluster solely scanning for Cisco ASA on August 26.
#CiscoASA #Cisco #GreyNoise #Cybersecurity #ThreatIntel
#CiscoASA #Cisco #GreyNoise #Cybersecurity #ThreatIntel
Reposted by Ashlee Strickland
On August 21, GreyNoise observed nearly 2,000 malicious IPs probing Microsoft Remote Desktop (RDP) services in a single day — a sharp deviation from baseline activity. Full blog: www.greynoise.io/blog/surge-m...
#ThreatIntel #RDP #Cybersecurity #GreyNoise #Analysis #RemoteDesktop
#ThreatIntel #RDP #Cybersecurity #GreyNoise #Analysis #RemoteDesktop
Nearly 2,000 Malicious IPs Probe Microsoft Remote Desktop in Single-Day Surge
On August 21, GreyNoise observed a sharp surge in scanning against Microsoft Remote Desktop (RDP) services.
www.greynoise.io
August 25, 2025 at 6:58 PM
On August 21, GreyNoise observed nearly 2,000 malicious IPs probing Microsoft Remote Desktop (RDP) services in a single day — a sharp deviation from baseline activity. Full blog: www.greynoise.io/blog/surge-m...
#ThreatIntel #RDP #Cybersecurity #GreyNoise #Analysis #RemoteDesktop
#ThreatIntel #RDP #Cybersecurity #GreyNoise #Analysis #RemoteDesktop
Reposted by Ashlee Strickland
On August 3, we observed the largest single-day spike in brute-force activity against Fortinet SSL VPNs in recent months. Full breakdown of the campaign and how we traced it: www.greynoise.io/blog/vulnera...
#Fortinet #Cybersecurity #ThreatIntel #BruteForce #GreyNoise #SSL #VPN
#Fortinet #Cybersecurity #ThreatIntel #BruteForce #GreyNoise #SSL #VPN
Coordinated Brute Force Campaign Targets Fortinet SSL VPN | GreyNoise
On August 3rd, 2025 GreyNoise observed a significant spike in brute-force traffic targeting Fortinet SSL VPNs. Over 780 unique IPs triggered our Fortinet SSL VPN Bruteforcer tag in a single day — the ...
www.greynoise.io
August 12, 2025 at 1:19 PM
On August 3, we observed the largest single-day spike in brute-force activity against Fortinet SSL VPNs in recent months. Full breakdown of the campaign and how we traced it: www.greynoise.io/blog/vulnera...
#Fortinet #Cybersecurity #ThreatIntel #BruteForce #GreyNoise #SSL #VPN
#Fortinet #Cybersecurity #ThreatIntel #BruteForce #GreyNoise #SSL #VPN
Reposted by Ashlee Strickland
🚨 New Research: GreyNoise identifies an early warning signal, spikes in attacker activity tend to precede new CVE disclosures within six weeks. Which vendors show the strongest signal and more, all in our latest report ⬇️
Early Warning Signals: When Attacker Behavior Precedes New Vulnerabilities
GreyNoise’s new research reveals a recurring pattern: spikes in malicious activity often precede the disclosure of new CVEs — especially in enterprise edge technologies like VPNs and firewalls.
www.greynoise.io
July 31, 2025 at 1:18 PM
🚨 New Research: GreyNoise identifies an early warning signal, spikes in attacker activity tend to precede new CVE disclosures within six weeks. Which vendors show the strongest signal and more, all in our latest report ⬇️
Reposted by Ashlee Strickland
An unexpected cluster of malicious IPs in a remote U.S. town led GreyNoise researchers to uncover a 500+ device botnet. Full analysis ⬇️
#Cybersecurity #ThreatIntel #Botnet #VoIP #GreyNoise #Cyber #Tech
#Cybersecurity #ThreatIntel #Botnet #VoIP #GreyNoise #Cyber #Tech
A Spike in the Desert: How GreyNoise Uncovered a Global Pattern of VOIP-Based Telnet Attacks
A spike in botnet traffic from a single utility in a rural part of New Mexico led to the discovery of a global botnet. Explore how human-led, AI-powered analysis exposed compromised devices, uncovered...
www.greynoise.io
July 24, 2025 at 1:05 PM
An unexpected cluster of malicious IPs in a remote U.S. town led GreyNoise researchers to uncover a 500+ device botnet. Full analysis ⬇️
#Cybersecurity #ThreatIntel #Botnet #VoIP #GreyNoise #Cyber #Tech
#Cybersecurity #ThreatIntel #Botnet #VoIP #GreyNoise #Cyber #Tech
A Spike in the Desert: How GreyNoise Uncovered a Global Pattern of VOIP-Based Telnet Attacks www.greynoise.io/blog/how-gre...
A Spike in the Desert: How GreyNoise Uncovered a Global Pattern of VOIP-Based Telnet Attacks
A spike in botnet traffic from a single utility in a rural part of New Mexico led to the discovery of a global botnet. Explore how human-led, AI-powered analysis exposed compromised devices, uncovered...
www.greynoise.io
July 24, 2025 at 4:40 PM
A Spike in the Desert: How GreyNoise Uncovered a Global Pattern of VOIP-Based Telnet Attacks www.greynoise.io/blog/how-gre...
Reposted by Ashlee Strickland
GreyNoise observed exploitation of CitrixBleed 2 (CVE-2025-5777) nearly two weeks before a public PoC was released. Full breakdown ⬇️
#GreyNoise #ThreatIntel #CitrixBleed #Citrix #NetScaler
#GreyNoise #ThreatIntel #CitrixBleed #Citrix #NetScaler
Exploitation of CitrixBleed 2 (CVE-2025-5777) Began Before PoC Was Public
GreyNoise has observed active exploitation attempts against CVE-2025-5777 (CitrixBleed 2), a memory overread vulnerability in Citrix NetScaler. Exploitation began on June 23 — nearly two weeks before a public proof-of-concept was released on July 4.
www.greynoise.io
July 16, 2025 at 8:45 PM
GreyNoise observed exploitation of CitrixBleed 2 (CVE-2025-5777) nearly two weeks before a public PoC was released. Full breakdown ⬇️
#GreyNoise #ThreatIntel #CitrixBleed #Citrix #NetScaler
#GreyNoise #ThreatIntel #CitrixBleed #Citrix #NetScaler
Reposted by Ashlee Strickland
🚨 GreyNoise has observed a surge in scanning activity against MOVEit Transfer. Read the blog & see suspicious and malicious IPs ⬇️
#GreyNoise #ThreatIntel #Cybersecurity
#GreyNoise #ThreatIntel #Cybersecurity
Surge in MOVEit Transfer Scanning Activity Could Signal Emerging Threat Activity
GreyNoise has identified a notable surge in scanning activity targeting MOVEit Transfer systems, beginning on May 27, 2025. Prior to this date, scanning was minimal — typically fewer than 10 IPs obser...
www.greynoise.io
June 25, 2025 at 1:07 PM
🚨 GreyNoise has observed a surge in scanning activity against MOVEit Transfer. Read the blog & see suspicious and malicious IPs ⬇️
#GreyNoise #ThreatIntel #Cybersecurity
#GreyNoise #ThreatIntel #Cybersecurity
Reposted by Ashlee Strickland
VEGAS, WE ARE SO BACK! 🤘
GreyNoise - NoiseFest at BlackHat 2025
Join us for NoiseFest at BlackHat/DEFCON on Thursday, August 7th. Enjoy drinks, snacks, and engaging conversations with your peers. RSVP now!
info.greynoise.io
June 18, 2025 at 7:16 PM
VEGAS, WE ARE SO BACK! 🤘
Reposted by Ashlee Strickland
New GreyNoise Labs research: CVE-2025-4748. Our team demonstrates how path traversal via zip archives can be used to achieve file write and code execution against Erlang OTP environments.
Read the full tech breakdown here ⬇️
Read the full tech breakdown here ⬇️
Exploiting Erlang OTP with Zip files: CVE-2025-4748 – GreyNoise Labs
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation
www.labs.greynoise.io
June 17, 2025 at 5:17 PM
New GreyNoise Labs research: CVE-2025-4748. Our team demonstrates how path traversal via zip archives can be used to achieve file write and code execution against Erlang OTP environments.
Read the full tech breakdown here ⬇️
Read the full tech breakdown here ⬇️
Reposted by Ashlee Strickland
GreyNoise Discovers Stealthy Backdoor Campaign Targeting ASUS Routers. Attacker tradecraft reflects APT-like behavior: quiet, durable, and designed for long-term access. Full blog ⬇️
#Cybersecurity #ThreatIntel #GreyNoise #ASUS
#Cybersecurity #ThreatIntel #GreyNoise #ASUS
GreyNoise Discovers Stealthy Backdoor Campaign Affecting Thousands of ASUS Routers
GreyNoise uncovers a stealth campaign exploiting ASUS routers, enabling persistent backdoor access via CVE-2023-39780 and unpatched techniques. Learn how attackers evade detection, how GreyNoise disco...
www.greynoise.io
May 28, 2025 at 1:33 PM
GreyNoise Discovers Stealthy Backdoor Campaign Targeting ASUS Routers. Attacker tradecraft reflects APT-like behavior: quiet, durable, and designed for long-term access. Full blog ⬇️
#Cybersecurity #ThreatIntel #GreyNoise #ASUS
#Cybersecurity #ThreatIntel #GreyNoise #ASUS
Reposted by Ashlee Strickland
🚨 On May 8, GreyNoise observed a coordinated scanning operation launched by 251 malicious IPs, all hosted by Amazon and geolocated in Japan. ColdFusion, Apache Struts, Tomcat targeted. Full analysis ⬇️
#Cybersecurity #GreyNoise #ThreatIntel
#Cybersecurity #GreyNoise #ThreatIntel
Coordinated Cloud-Based Scanning Operation Targets 75 Known Exposure Points in One Day
On May 8, GreyNoise observed a highly coordinated reconnaissance campaign launched by 251 malicious IP addresses, all geolocated to Japan and hosted by Amazon AWS. The infrastructure and execution sug...
www.greynoise.io
May 27, 2025 at 4:50 PM
🚨 On May 8, GreyNoise observed a coordinated scanning operation launched by 251 malicious IPs, all hosted by Amazon and geolocated in Japan. ColdFusion, Apache Struts, Tomcat targeted. Full analysis ⬇️
#Cybersecurity #GreyNoise #ThreatIntel
#Cybersecurity #GreyNoise #ThreatIntel
🚨 Today on Storm⚡ Watch:
2025’s Top Cybersecurity Threats EXPOSED: 0-Day Attacks, Chinese Hackers & Enterprise Breaches
www.youtube.com/watch?v=D-zZ...
@greynoise.io @runzero.com @censys.bsky.social @vulncheck.bsky.social
2025’s Top Cybersecurity Threats EXPOSED: 0-Day Attacks, Chinese Hackers & Enterprise Breaches
www.youtube.com/watch?v=D-zZ...
@greynoise.io @runzero.com @censys.bsky.social @vulncheck.bsky.social
Storm Watch | 2025’s Top Cyber Threats EXPOSED: 0-Day Attacks, Chinese Hackers & Enterprise Breaches
YouTube video by GreyNoise Intelligence
www.youtube.com
May 6, 2025 at 2:24 PM
🚨 Today on Storm⚡ Watch:
2025’s Top Cybersecurity Threats EXPOSED: 0-Day Attacks, Chinese Hackers & Enterprise Breaches
www.youtube.com/watch?v=D-zZ...
@greynoise.io @runzero.com @censys.bsky.social @vulncheck.bsky.social
2025’s Top Cybersecurity Threats EXPOSED: 0-Day Attacks, Chinese Hackers & Enterprise Breaches
www.youtube.com/watch?v=D-zZ...
@greynoise.io @runzero.com @censys.bsky.social @vulncheck.bsky.social
Reposted by Ashlee Strickland
New Research Alert: Attackers are exploiting a dangerous class of cyber flaws—resurgent vulnerabilities. Learn how they work, why they matter, and what defenders can do. Full analysis ⬇️
#Cybersecurity #GreyNoise #Vulnerabilities
GreyNoise Uncovers Unique Risks From Resurgent Cybersecurity Vulnerabilities
Attackers from every corner of the internet are exploiting a uniquely dangerous class of cyber flaws: resurgent vulnerabilities.
www.greynoise.io
April 23, 2025 at 2:03 PM
New Research Alert: Attackers are exploiting a dangerous class of cyber flaws—resurgent vulnerabilities. Learn how they work, why they matter, and what defenders can do. Full analysis ⬇️
#Cybersecurity #GreyNoise #Vulnerabilities
Reposted by Ashlee Strickland
Just launched: GreyNoise Global Observation Grid 🌐 5,000 sensors in 80+ countries delivering near real-time, verifiable threat intel. More signal, less noise.
GreyNoise Intelligence Launches Global Observation Grid to Provide Real-time Threat Intelligence on Network Attacks
With 5,000 sensors in 80 countries, the Global Observation Grid processes half a billion sessions per day. This ensures the most real-time, verifiable intelligence on internet scanning and exploitatio...
www.greynoise.io
April 21, 2025 at 5:08 PM
Just launched: GreyNoise Global Observation Grid 🌐 5,000 sensors in 80+ countries delivering near real-time, verifiable threat intel. More signal, less noise.
🚨 Today on Storm⚡ Watch: InfosecSherpa Interview, Ukraine Drone Malware, & VulnCon Recap
www.youtube.com/watch?v=AItI...
@greynoise.io @vulncheck.bsky.social @runzero.com @censys.bsky.social
www.youtube.com/watch?v=AItI...
@greynoise.io @vulncheck.bsky.social @runzero.com @censys.bsky.social
Storm Watch | Cyber Threat Horizon: InfosecSherpa Interview, Ukraine Drone Malware, & VulnCon Recap
YouTube video by GreyNoise Intelligence
www.youtube.com
April 15, 2025 at 2:11 PM
🚨 Today on Storm⚡ Watch: InfosecSherpa Interview, Ukraine Drone Malware, & VulnCon Recap
www.youtube.com/watch?v=AItI...
@greynoise.io @vulncheck.bsky.social @runzero.com @censys.bsky.social
www.youtube.com/watch?v=AItI...
@greynoise.io @vulncheck.bsky.social @runzero.com @censys.bsky.social