ONYPHE
@onyphe.io
Provider of Attack Surface Discovery (ASD), Attack Surface Management (ASM) and CTI solutions. Scanning at Internet-scale since 2017 - contact at onyphe dot io
Pinned
ONYPHE
@onyphe.io
· Jan 31
🎉 Retrospective 2024 and Roadmap 2025
👉 Over the last 12 months, we massively increased our visibility of Internet exposed assets. Until now, we focused on #ASM, but this year we will improve our automatic #ASD and expand into the #CTI segment.
Read more: search.onyphe.io/docs/write-u...
👉 Over the last 12 months, we massively increased our visibility of Internet exposed assets. Until now, we focused on #ASM, but this year we will improve our automatic #ASD and expand into the #CTI segment.
Read more: search.onyphe.io/docs/write-u...
Reposted by ONYPHE
For personal use I added a "geolocus" tool to a Deno-based MCP server (that has alot of random tools/functions in it).
It's been useful enough that I started extracting it to a standalone geolocus MCP server I shld be able to release in a couple days.
The @onyphe.io folks are super rad.
It's been useful enough that I started extracting it to a standalone geolocus MCP server I shld be able to release in a couple days.
The @onyphe.io folks are super rad.
June 3, 2025 at 2:22 AM
For personal use I added a "geolocus" tool to a Deno-based MCP server (that has alot of random tools/functions in it).
It's been useful enough that I started extracting it to a standalone geolocus MCP server I shld be able to release in a couple days.
The @onyphe.io folks are super rad.
It's been useful enough that I started extracting it to a standalone geolocus MCP server I shld be able to release in a couple days.
The @onyphe.io folks are super rad.
📣 We have added a new #vulnerability detection to our #ASM #AttackSurfaceManagement solution for #Ivanti product:
CVE-2025-4427+CVE-2025-4428 unauth RCE
search.onyphe.io/search?q=cat...
Thanks to watchTowr for detection method.
CVE-2025-4427+CVE-2025-4428 unauth RCE
search.onyphe.io/search?q=cat...
Thanks to watchTowr for detection method.
May 16, 2025 at 10:08 AM
📣 We have added a new #vulnerability detection to our #ASM #AttackSurfaceManagement solution for #Ivanti product:
CVE-2025-4427+CVE-2025-4428 unauth RCE
search.onyphe.io/search?q=cat...
Thanks to watchTowr for detection method.
CVE-2025-4427+CVE-2025-4428 unauth RCE
search.onyphe.io/search?q=cat...
Thanks to watchTowr for detection method.
Reposted by ONYPHE
ONYPHE has a super cool geolocus MMDB — https://www.geolocus.io/ — that gets updated daily and has network-level metadata for IP addresses (ref first image JSON).
Since it's way more efficient to use this than their API, I built a cross-platform CLI tool for […]
[Original post on mastodon.social]
Since it's way more efficient to use this than their API, I built a cross-platform CLI tool for […]
[Original post on mastodon.social]
April 27, 2025 at 5:09 PM
ONYPHE has a super cool geolocus MMDB — https://www.geolocus.io/ — that gets updated daily and has network-level metadata for IP addresses (ref first image JSON).
Since it's way more efficient to use this than their API, I built a cross-platform CLI tool for […]
[Original post on mastodon.social]
Since it's way more efficient to use this than their API, I built a cross-platform CLI tool for […]
[Original post on mastodon.social]
Reposted by ONYPHE
New geolocus-cli For ONYPHE’s Geolocus Database
ONYPHE has made available a free API and free MMDB download of their new Geolocus database. It provided IP address metadata in the form of: { "abuse": [ "amzn-noc-contact@amazon.com", "aws-routing-poc@amazon.com", "aws-rpki-routing…
#hackernews #news
ONYPHE has made available a free API and free MMDB download of their new Geolocus database. It provided IP address metadata in the form of: { "abuse": [ "amzn-noc-contact@amazon.com", "aws-routing-poc@amazon.com", "aws-rpki-routing…
#hackernews #news
New geolocus-cli For ONYPHE’s Geolocus Database
ONYPHE has made available a free API and free MMDB download of their new Geolocus database. It provided IP address metadata in the form of: { "abuse": [ "amzn-noc-contact@amazon.com", "aws-routing-poc@amazon.com", "aws-rpki-routing-poc@amazon.com", "trustandsafety@support.aws.com" ], "asn": "AS14618", "continent": "NA", "continentname": "North America", "country": "US", "countryname": "United States", "domain": [ "amazon.com", "amazonaws.com", "aws.com" ], "ip": "3.215.138.152", "isineu": 0, […]
securityboulevard.com
April 28, 2025 at 2:01 PM
New geolocus-cli For ONYPHE’s Geolocus Database
ONYPHE has made available a free API and free MMDB download of their new Geolocus database. It provided IP address metadata in the form of: { "abuse": [ "amzn-noc-contact@amazon.com", "aws-routing-poc@amazon.com", "aws-rpki-routing…
#hackernews #news
ONYPHE has made available a free API and free MMDB download of their new Geolocus database. It provided IP address metadata in the form of: { "abuse": [ "amzn-noc-contact@amazon.com", "aws-routing-poc@amazon.com", "aws-rpki-routing…
#hackernews #news
The recovery continues, but things are not yet back to normal
April 29, 2025 at 4:54 AM
The recovery continues, but things are not yet back to normal
Things are not yet getting better in Spain and Portugal. General downward trend and some visible instability in the remaining networks that are reachable.
#PowerOutage
#PowerOutage
April 28, 2025 at 6:47 PM
Things are not yet getting better in Spain and Portugal. General downward trend and some visible instability in the remaining networks that are reachable.
#PowerOutage
#PowerOutage
The electrical power outage in Spain and Portugal as seen from the Internet (France included for reference)
April 28, 2025 at 4:03 PM
The electrical power outage in Spain and Portugal as seen from the Internet (France included for reference)
#CVE-2025-32432 #0day #CraftCMS discovered by Orange Cyberdefense
💥Unauthenticated Remote Code Execution. No CVSS yet, we suggest to give it a 10
📌40,000 IP addresses representing over 37,000 domain names exposed, 12,168 unique domains vulnerable
Blog:
blog.onyphe.io/en/cve-2025-...
💥Unauthenticated Remote Code Execution. No CVSS yet, we suggest to give it a 10
📌40,000 IP addresses representing over 37,000 domain names exposed, 12,168 unique domains vulnerable
Blog:
blog.onyphe.io/en/cve-2025-...
CVE-2025-32432 – 0day Craft CMS discovered by Orange Cyberdefense – Blog | Big Data for Cyber Defense
blog.onyphe.io
April 25, 2025 at 3:45 PM
#CVE-2025-32432 #0day #CraftCMS discovered by Orange Cyberdefense
💥Unauthenticated Remote Code Execution. No CVSS yet, we suggest to give it a 10
📌40,000 IP addresses representing over 37,000 domain names exposed, 12,168 unique domains vulnerable
Blog:
blog.onyphe.io/en/cve-2025-...
💥Unauthenticated Remote Code Execution. No CVSS yet, we suggest to give it a 10
📌40,000 IP addresses representing over 37,000 domain names exposed, 12,168 unique domains vulnerable
Blog:
blog.onyphe.io/en/cve-2025-...
UPDATE: our scan has finished, near 22,000 devices are compromised.
💥Detection method for #symlink #backdoor on #fortinet
"we are willing to share it, privately"
More than 18k devices compromised
Read more: blog.onyphe.io/en/symlink-b...
"we are willing to share it, privately"
More than 18k devices compromised
Read more: blog.onyphe.io/en/symlink-b...
Symlink backdoor on Fortinet SSL-VPN devices – Blog | Big Data for Cyber Defense
blog.onyphe.io
April 22, 2025 at 1:48 PM
UPDATE: our scan has finished, near 22,000 devices are compromised.
💥Méthode de détection de la #backdoor #symlink sur #fortinet
"nous sommes prêts à la partager, en privé"
Plus de 18,000 équipements compromis
Lire l'article : blog.onyphe.io/backdoor-sym...
"nous sommes prêts à la partager, en privé"
Plus de 18,000 équipements compromis
Lire l'article : blog.onyphe.io/backdoor-sym...
Backdoor symlink sur des VPN SSL Fortinet – Blog | Big Data for Cyber Defense
blog.onyphe.io
April 21, 2025 at 12:50 PM
💥Méthode de détection de la #backdoor #symlink sur #fortinet
"nous sommes prêts à la partager, en privé"
Plus de 18,000 équipements compromis
Lire l'article : blog.onyphe.io/backdoor-sym...
"nous sommes prêts à la partager, en privé"
Plus de 18,000 équipements compromis
Lire l'article : blog.onyphe.io/backdoor-sym...
💥Detection method for #symlink #backdoor on #fortinet
"we are willing to share it, privately"
More than 18k devices compromised
Read more: blog.onyphe.io/en/symlink-b...
"we are willing to share it, privately"
More than 18k devices compromised
Read more: blog.onyphe.io/en/symlink-b...
Symlink backdoor on Fortinet SSL-VPN devices – Blog | Big Data for Cyber Defense
blog.onyphe.io
April 21, 2025 at 12:49 PM
💥Detection method for #symlink #backdoor on #fortinet
"we are willing to share it, privately"
More than 18k devices compromised
Read more: blog.onyphe.io/en/symlink-b...
"we are willing to share it, privately"
More than 18k devices compromised
Read more: blog.onyphe.io/en/symlink-b...
Time to search for a decentralized way to deal with vulnerability identifiers.
April 16, 2025 at 11:36 AM
Time to search for a decentralized way to deal with vulnerability identifiers.
Reposted by ONYPHE
March 24, 2025 at 8:38 AM
❓Ever wanted to have an IP geolocation database with 2 locations, one physical for the device and one logical from whois data?
👉We provide a free MMDB file for download and a brand new Website for lookups & even a free API access:
www.geolocus.io
👉We provide a free MMDB file for download and a brand new Website for lookups & even a free API access:
www.geolocus.io
Geolocus by ONYPHE
Geolocus is an IPv4 & IPv6 geolocation service. Our motto is: you don't need misleading GPS coordinates, you need trusted IP to country locations. Furthermore, an IP address truly has 2 locations: 1 l...
www.geolocus.io
March 24, 2025 at 7:46 AM
❓Ever wanted to have an IP geolocation database with 2 locations, one physical for the device and one logical from whois data?
👉We provide a free MMDB file for download and a brand new Website for lookups & even a free API access:
www.geolocus.io
👉We provide a free MMDB file for download and a brand new Website for lookups & even a free API access:
www.geolocus.io
Reposted by ONYPHE
👓La Cyber-revue à bas bruit est de retour ! L'alpha et l'oméga de cette édition : les zero days. C'est... surprenant 😇
Et aussi un podcast (coucou @nolimitsecu.bsky.social), des chiffres passionnants d' @onyphe.io et de La tech est politique et sa nouvelle rubrique.
www.linkedin.com/pulse/zero-d...
Et aussi un podcast (coucou @nolimitsecu.bsky.social), des chiffres passionnants d' @onyphe.io et de La tech est politique et sa nouvelle rubrique.
www.linkedin.com/pulse/zero-d...
Zero Day
Bonjour ☕ Bienvenue dans la Cyber-revue à bas bruit de la semaine. Je sais, ça fait un bail, mais : j'ai eu des semaines de ouf (dont une qui s'est finie avec votre dévouée bloquée à Bruxelles pour ca...
www.linkedin.com
March 23, 2025 at 2:01 PM
👓La Cyber-revue à bas bruit est de retour ! L'alpha et l'oméga de cette édition : les zero days. C'est... surprenant 😇
Et aussi un podcast (coucou @nolimitsecu.bsky.social), des chiffres passionnants d' @onyphe.io et de La tech est politique et sa nouvelle rubrique.
www.linkedin.com/pulse/zero-d...
Et aussi un podcast (coucou @nolimitsecu.bsky.social), des chiffres passionnants d' @onyphe.io et de La tech est politique et sa nouvelle rubrique.
www.linkedin.com/pulse/zero-d...
The latest version of our cli tool has been released. Get v4.19.0 and find wrappers with sweet new APIs inside.
Available here ➡️
search.onyphe.io/docs/onyphe-...
or here 🐳 hub.docker.com/r/onyphe/ony...
or even here 🥷 metacpan.org/dist/Onyphe
Available here ➡️
search.onyphe.io/docs/onyphe-...
or here 🐳 hub.docker.com/r/onyphe/ony...
or even here 🥷 metacpan.org/dist/Onyphe
Installation | ONYPHE
Installation
search.onyphe.io
March 18, 2025 at 6:54 AM
The latest version of our cli tool has been released. Get v4.19.0 and find wrappers with sweet new APIs inside.
Available here ➡️
search.onyphe.io/docs/onyphe-...
or here 🐳 hub.docker.com/r/onyphe/ony...
or even here 🥷 metacpan.org/dist/Onyphe
Available here ➡️
search.onyphe.io/docs/onyphe-...
or here 🐳 hub.docker.com/r/onyphe/ony...
or even here 🥷 metacpan.org/dist/Onyphe
💥 Great news 💥
#ASD #AttackSurfaceDiscovery APIs are on their way to general availability.
It will never be as easy to create an asset inventory for any organization attack surface #EASM
Backed by 10th of billions of informations we collect.
#ASD #AttackSurfaceDiscovery APIs are on their way to general availability.
It will never be as easy to create an asset inventory for any organization attack surface #EASM
Backed by 10th of billions of informations we collect.
March 1, 2025 at 5:37 PM
💥 Great news 💥
#ASD #AttackSurfaceDiscovery APIs are on their way to general availability.
It will never be as easy to create an asset inventory for any organization attack surface #EASM
Backed by 10th of billions of informations we collect.
#ASD #AttackSurfaceDiscovery APIs are on their way to general availability.
It will never be as easy to create an asset inventory for any organization attack surface #EASM
Backed by 10th of billions of informations we collect.
Reposted by ONYPHE
📣 Meet Thomas Damonneville - our founder - at the #M3AAWG organized by the Messaging, Malware, Mobile Anti-Abuse Working Group in Lisbon next week for his presentation entitled: “Hunting for phishing URLs, kits and business”.
👋 In partnership with Signal Spam
#phishing #phishingkit #cybersecurity
👋 In partnership with Signal Spam
#phishing #phishingkit #cybersecurity
February 15, 2025 at 6:20 PM
📣 Meet Thomas Damonneville - our founder - at the #M3AAWG organized by the Messaging, Malware, Mobile Anti-Abuse Working Group in Lisbon next week for his presentation entitled: “Hunting for phishing URLs, kits and business”.
👋 In partnership with Signal Spam
#phishing #phishingkit #cybersecurity
👋 In partnership with Signal Spam
#phishing #phishingkit #cybersecurity
Yes, still 50k compromised devices. Since more than 12 months.
A thousand you say?
In December 2024 you say?
@insikt.bsky.social
Is this not just badcandy again?
because those telcos and universities have been owned for much longer than that via CVE-2023-20198. They just periodically have to recompromise them as they get rebooted.
Also try 50k devices.
In December 2024 you say?
@insikt.bsky.social
Is this not just badcandy again?
because those telcos and universities have been owned for much longer than that via CVE-2023-20198. They just periodically have to recompromise them as they get rebooted.
Also try 50k devices.
RedMike Hackers Exploited 1000+ Cisco Devices to Gain Admin Access
February 14, 2025 at 12:21 PM
Yes, still 50k compromised devices. Since more than 12 months.
📣 We have added a new #vulnerability detection to our #ASM #AttackSurfaceManagement solution for #PaloAltoNetworks PA product:
CVE-2025-0108: authentication bypass on management interface
search.onyphe.io/search?q=cat...
Thanks to @assetnote.io for having shared the detection method.
CVE-2025-0108: authentication bypass on management interface
search.onyphe.io/search?q=cat...
Thanks to @assetnote.io for having shared the detection method.
February 14, 2025 at 9:16 AM
📣 We have added a new #vulnerability detection to our #ASM #AttackSurfaceManagement solution for #PaloAltoNetworks PA product:
CVE-2025-0108: authentication bypass on management interface
search.onyphe.io/search?q=cat...
Thanks to @assetnote.io for having shared the detection method.
CVE-2025-0108: authentication bypass on management interface
search.onyphe.io/search?q=cat...
Thanks to @assetnote.io for having shared the detection method.
Reposted by ONYPHE
Yet by performing an awkward legal waltz around the subject, Talos have helpfully supported my hypothesis that compromised IOS XE devices are part of an ORB network serving multiple APTs.
archive.hack.lu/hack-lu-2024...
archive.hack.lu/hack-lu-2024...
The XE Files - Trust No Router hack.lu 2024
On the 16th October 2023 Cisco Talos shared intelligence about a handful of compromised routers discovered while resolving customer support requests. As the full story unfolded, a handful of backdoore...
archive.hack.lu
February 12, 2025 at 9:21 AM
Yet by performing an awkward legal waltz around the subject, Talos have helpfully supported my hypothesis that compromised IOS XE devices are part of an ORB network serving multiple APTs.
archive.hack.lu/hack-lu-2024...
archive.hack.lu/hack-lu-2024...
🎉 Retrospective 2024 and Roadmap 2025
👉 Over the last 12 months, we massively increased our visibility of Internet exposed assets. Until now, we focused on #ASM, but this year we will improve our automatic #ASD and expand into the #CTI segment.
Read more: search.onyphe.io/docs/write-u...
👉 Over the last 12 months, we massively increased our visibility of Internet exposed assets. Until now, we focused on #ASM, but this year we will improve our automatic #ASD and expand into the #CTI segment.
Read more: search.onyphe.io/docs/write-u...
January 31, 2025 at 2:22 PM
🎉 Retrospective 2024 and Roadmap 2025
👉 Over the last 12 months, we massively increased our visibility of Internet exposed assets. Until now, we focused on #ASM, but this year we will improve our automatic #ASD and expand into the #CTI segment.
Read more: search.onyphe.io/docs/write-u...
👉 Over the last 12 months, we massively increased our visibility of Internet exposed assets. Until now, we focused on #ASM, but this year we will improve our automatic #ASD and expand into the #CTI segment.
Read more: search.onyphe.io/docs/write-u...
Reposted by ONYPHE
we tag it at a risky protocol
there are 2.2M results for Windows RPC boxes
there are 2.2M results for Windows RPC boxes
January 3, 2025 at 9:56 AM
we tag it at a risky protocol
there are 2.2M results for Windows RPC boxes
there are 2.2M results for Windows RPC boxes
🪘 That's probably the best advertisement we may have: an independent benchmark from GreyNoise Intelligence about benign Internet scanning activity. It shows our #scanning technology can give you a better view on your exposed assets that cyber-criminals.
January 21, 2025 at 4:00 PM
🪘 That's probably the best advertisement we may have: an independent benchmark from GreyNoise Intelligence about benign Internet scanning activity. It shows our #scanning technology can give you a better view on your exposed assets that cyber-criminals.
January 21, 2025 at 1:20 PM
🪘 That's probably the best advertisement we may have: an independent benchmark from GreyNoise Intelligence about benign Internet scanning activity. It shows our #scanning technology can give you a better view on your exposed assets that cyber-criminals.