We deployed MCP honeypots to understand how threat actors engage with AI middleware exposed to the internet. What we observed was unexpected. Full analysis ⬇️
#GreyNoise #AI #AISecurity #MCP #MCPSecurity #Cybersecurity #ThreatIntel
#GreyNoise #AI #AISecurity #MCP #MCPSecurity #Cybersecurity #ThreatIntel
What GreyNoise Learned from Deploying MCP Honeypots
GreyNoise deployed MCP honeypots to see what happens when AI middleware meets the open internet — revealing how attackers interact with this new layer of AI infrastructure.
www.greynoise.io
November 5, 2025 at 7:15 PM
We deployed MCP honeypots to understand how threat actors engage with AI middleware exposed to the internet. What we observed was unexpected. Full analysis ⬇️
#GreyNoise #AI #AISecurity #MCP #MCPSecurity #Cybersecurity #ThreatIntel
#GreyNoise #AI #AISecurity #MCP #MCPSecurity #Cybersecurity #ThreatIntel
A global botnet has tripled in size in the past five days, so GreyNoise is sharing an executive situation report (SITREP) to streamline decision making.
Full SITREP: info.greynoise.io/hubfs/Situat...
Full SITREP: info.greynoise.io/hubfs/Situat...
October 15, 2025 at 5:58 PM
A global botnet has tripled in size in the past five days, so GreyNoise is sharing an executive situation report (SITREP) to streamline decision making.
Full SITREP: info.greynoise.io/hubfs/Situat...
Full SITREP: info.greynoise.io/hubfs/Situat...
GreyNoise observed a ~500% surge in IPs scanning Palo Alto Networks login portals on October 3, 2025 — the highest level we’ve seen in 90 days. Read our full analysis here 👇 #PaloAltoNetworks #PaloAlto #GreyNoise #ThreatIntel #PANOS
Palo Alto Scanning Surges ~500% in 48 Hours, Marking 90-Day High
On October 3, 2025, GreyNoise observed a ~500% increase in IPs scanning Palo Alto Networks login portals, the highest level recorded in the past 90 days. The activity was highly targeted and involved ...
www.greynoise.io
October 3, 2025 at 9:01 PM
GreyNoise observed a ~500% surge in IPs scanning Palo Alto Networks login portals on October 3, 2025 — the highest level we’ve seen in 90 days. Read our full analysis here 👇 #PaloAltoNetworks #PaloAlto #GreyNoise #ThreatIntel #PANOS
GreyNoise now has coverage for Cisco zero-days CVE-2025-20333 and CVE-2025-20362. Watch for exploit attempts in real-time:
CVE-2025-20333 (Net new): viz.greynoise.io/tags/cisco-a...
CVE-2025-20362 (Updated tag): viz.greynoise.io/tags/cisco-a...
#CiscoASA #ZeroDay #CVE202520333 #CVE202520362
CVE-2025-20333 (Net new): viz.greynoise.io/tags/cisco-a...
CVE-2025-20362 (Updated tag): viz.greynoise.io/tags/cisco-a...
#CiscoASA #ZeroDay #CVE202520333 #CVE202520362
October 1, 2025 at 10:24 PM
GreyNoise now has coverage for Cisco zero-days CVE-2025-20333 and CVE-2025-20362. Watch for exploit attempts in real-time:
CVE-2025-20333 (Net new): viz.greynoise.io/tags/cisco-a...
CVE-2025-20362 (Updated tag): viz.greynoise.io/tags/cisco-a...
#CiscoASA #ZeroDay #CVE202520333 #CVE202520362
CVE-2025-20333 (Net new): viz.greynoise.io/tags/cisco-a...
CVE-2025-20362 (Updated tag): viz.greynoise.io/tags/cisco-a...
#CiscoASA #ZeroDay #CVE202520333 #CVE202520362
Sept 25: Cisco disclosed two ASA/FTD zero-days (#CVE-2025-20333, #CVE-2025-20362).
Weeks earlier, GreyNoise saw 25k IPs scanning ASA — another case of recon surges preceding disclosures.
Read the update: www.greynoise.io/blog/scannin...
#CiscoASA #ZeroDay #Cisco
Weeks earlier, GreyNoise saw 25k IPs scanning ASA — another case of recon surges preceding disclosures.
Read the update: www.greynoise.io/blog/scannin...
#CiscoASA #ZeroDay #Cisco
25,000 IPs Scanned Cisco ASA Devices — New Vulnerability Potentially Incoming
GreyNoise observed two scanning surges against Cisco Adaptive Security Appliance (ASA) devices in late August including more than 25,000 unique IPs in a single burst. This activity represents a signif...
www.greynoise.io
September 26, 2025 at 8:51 PM
Sept 25: Cisco disclosed two ASA/FTD zero-days (#CVE-2025-20333, #CVE-2025-20362).
Weeks earlier, GreyNoise saw 25k IPs scanning ASA — another case of recon surges preceding disclosures.
Read the update: www.greynoise.io/blog/scannin...
#CiscoASA #ZeroDay #Cisco
Weeks earlier, GreyNoise saw 25k IPs scanning ASA — another case of recon surges preceding disclosures.
Read the update: www.greynoise.io/blog/scannin...
#CiscoASA #ZeroDay #Cisco
GreyNoise is hiring a Principal Product Manager!
Do you have the chops to help us launch game-changing new capabilities in the security space? LFG!
#infosecjobs #remotejobs
grnh.se/1ea85ad35us
Do you have the chops to help us launch game-changing new capabilities in the security space? LFG!
#infosecjobs #remotejobs
grnh.se/1ea85ad35us
Principal Product Manager
United States or Remote
grnh.se
April 19, 2024 at 4:55 PM
GreyNoise is hiring a Principal Product Manager!
Do you have the chops to help us launch game-changing new capabilities in the security space? LFG!
#infosecjobs #remotejobs
grnh.se/1ea85ad35us
Do you have the chops to help us launch game-changing new capabilities in the security space? LFG!
#infosecjobs #remotejobs
grnh.se/1ea85ad35us
The GreyNoise 2023 Internet Exploitation Retrospective Report is LIVE. Our team decodes 2023's cyber landscape with critical exploits, key stats + insights for proactive defense. Stay ahead and download now!
GreyNoise 2023 Internet Exploitation Retrospective Report
The GreyNoise 2023 Internet Exploitation Retrospective Report provides insights into major cyber threats and vulnerabilities observed throughout the year.
www.greynoise.io
January 16, 2024 at 6:00 PM
The GreyNoise 2023 Internet Exploitation Retrospective Report is LIVE. Our team decodes 2023's cyber landscape with critical exploits, key stats + insights for proactive defense. Stay ahead and download now!
🚨Active Exploitation Alert: Critical Apache Tomcat RCE (CVE-2025-24813). Majority of traffic targeting U.S.-based systems. Full analysis & attacker IPs: https://greynoise.io/blog/active-exploitation-critical-apache-tomcat-rce-vulnerability-cve-2025-24813 […]
[Original post on infosec.exchange]
[Original post on infosec.exchange]
March 20, 2025 at 7:29 PM
🚨Active Exploitation Alert: Critical Apache Tomcat RCE (CVE-2025-24813). Majority of traffic targeting U.S.-based systems. Full analysis & attacker IPs: https://greynoise.io/blog/active-exploitation-critical-apache-tomcat-rce-vulnerability-cve-2025-24813 […]
[Original post on infosec.exchange]
[Original post on infosec.exchange]
Join us at 10:30 ET for GreyNoise Storm⚡️Watch!
https://stormwatch.ing/
Today, we're doing it. We've been tiptoeing around it for weeks, but we HAVE to talk about "KEV". #Stormwatch
1/4
https://stormwatch.ing/
Today, we're doing it. We've been tiptoeing around it for weeks, but we HAVE to talk about "KEV". #Stormwatch
1/4
March 11, 2025 at 12:03 PM
Join us at 10:30 ET for GreyNoise Storm⚡️Watch!
https://stormwatch.ing/
Today, we're doing it. We've been tiptoeing around it for weeks, but we HAVE to talk about "KEV". #Stormwatch
1/4
https://stormwatch.ing/
Today, we're doing it. We've been tiptoeing around it for weeks, but we HAVE to talk about "KEV". #Stormwatch
1/4
🚨 GreyNoise 101 just leveled up—welcome to GreyNoise University LIVE. 📚 Same vibe, + even better content. Join us the last Thursday of every month starting Jan 30, at 12 PM ET for live demos, fresh updates, + real-time Q&A.
GreyNoise University LIVE
www.greynoise.io
January 14, 2025 at 10:48 PM
🚨 GreyNoise 101 just leveled up—welcome to GreyNoise University LIVE. 📚 Same vibe, + even better content. Join us the last Thursday of every month starting Jan 30, at 12 PM ET for live demos, fresh updates, + real-time Q&A.
btw #GreyNoise puts on some of the best live #Infosec TV around. Check them out on Tuesday mornings (1030am eastern US): www.twitch.tv/greynoiseio
GreyNoiseIO - Twitch
Storm⚡️Watch by GreyNoise is a weekly livestream that digs into various cybersecurity topics and internet exploitation trends. Our goal is simple: to deliver insightful analyses, thought-provoking per...
www.twitch.tv
January 21, 2025 at 2:15 AM
btw #GreyNoise puts on some of the best live #Infosec TV around. Check them out on Tuesday mornings (1030am eastern US): www.twitch.tv/greynoiseio
See y’all in an hour! https://www.greynoise.io/events/greynoise-university-live
GreyNoise University LIVE
www.greynoise.io
April 24, 2025 at 2:59 PM
See y’all in an hour! https://www.greynoise.io/events/greynoise-university-live
April 25, 2025 at 10:38 AM
I wrote a @GreyNoise blog about Suricata, poor documentation, overlapping RFCs, and weird historical choices. Hope you like it!
If you like "things about Suricata that annoy Ron" blogs, let me know.. I have way more. :)
www.labs.greynoise.io/grimoire/202...
#infosec #detectionengineering #blog
If you like "things about Suricata that annoy Ron" blogs, let me know.. I have way more. :)
www.labs.greynoise.io/grimoire/202...
#infosec #detectionengineering #blog
Suricata evasion, starring URL decoding – GreyNoise Labs
How does Suricata’s URL decoding work? It’s more complex than you think!
www.labs.greynoise.io
June 5, 2025 at 9:06 PM
I wrote a @GreyNoise blog about Suricata, poor documentation, overlapping RFCs, and weird historical choices. Hope you like it!
If you like "things about Suricata that annoy Ron" blogs, let me know.. I have way more. :)
www.labs.greynoise.io/grimoire/202...
#infosec #detectionengineering #blog
If you like "things about Suricata that annoy Ron" blogs, let me know.. I have way more. :)
www.labs.greynoise.io/grimoire/202...
#infosec #detectionengineering #blog
📢 GreyNoise observe un pic de crawling ciblant F5 BIG-IP après un incident annoncé
📝 GreyNoise, via son blog, décrit des anomalies de trafic ciblant F5 B…
https://cyberveille.ch/posts/2025-10-16-greynoise-observe-un-pic-de-crawling-ciblant-f5-big-ip-apres-un-incident-annonce/ #F5_BIG_IP #Cyberveille
📝 GreyNoise, via son blog, décrit des anomalies de trafic ciblant F5 B…
https://cyberveille.ch/posts/2025-10-16-greynoise-observe-un-pic-de-crawling-ciblant-f5-big-ip-apres-un-incident-annonce/ #F5_BIG_IP #Cyberveille
October 18, 2025 at 3:30 AM
📢 GreyNoise observe un pic de crawling ciblant F5 BIG-IP après un incident annoncé
📝 GreyNoise, via son blog, décrit des anomalies de trafic ciblant F5 B…
https://cyberveille.ch/posts/2025-10-16-greynoise-observe-un-pic-de-crawling-ciblant-f5-big-ip-apres-un-incident-annonce/ #F5_BIG_IP #Cyberveille
📝 GreyNoise, via son blog, décrit des anomalies de trafic ciblant F5 B…
https://cyberveille.ch/posts/2025-10-16-greynoise-observe-un-pic-de-crawling-ciblant-f5-big-ip-apres-un-incident-annonce/ #F5_BIG_IP #Cyberveille
November 22, 2024 at 2:20 PM
Join me, Emily, Kimber + SPECIAL GUEST Erick Galinkin for GreyNoise Storm⚡️Watch @ 10:30 ET. https://stormwatch.ing/
We're back in AI-land to review recent CISA AI deployment guidance & more warnings on criminial use of AI.
We also poke at an XZ-style attack on the OpenJS foundation.
1/2
We're back in AI-land to review recent CISA AI deployment guidance & more warnings on criminial use of AI.
We also poke at an XZ-style attack on the OpenJS foundation.
1/2
Storm⚡️Watch
Storm⚡️Watch is a weekly podcast and livestream that digs deep into various cybersecurity topics and internet exploitation trends. Our goal is simple: to deliver insightful analyses, thought-provoking perspectives, timely updates and the occasional hot-take on the ever-evolving cybersecurity landscape.
stormwatch.ing
April 16, 2024 at 12:11 PM
Join me, Emily, Kimber + SPECIAL GUEST Erick Galinkin for GreyNoise Storm⚡️Watch @ 10:30 ET. https://stormwatch.ing/
We're back in AI-land to review recent CISA AI deployment guidance & more warnings on criminial use of AI.
We also poke at an XZ-style attack on the OpenJS foundation.
1/2
We're back in AI-land to review recent CISA AI deployment guidance & more warnings on criminial use of AI.
We also poke at an XZ-style attack on the OpenJS foundation.
1/2
Zyxel、ゼロデイ脆弱性の悪用に対して「パッチなし」警告を発行
台湾のネットワーク機器メーカー、Zyxelは火曜日、複数の旧式DSL CPE製品に存在する2つのゼロデイ脆弱性は修正されないと発表した。
この通知は、脅威情報会社GreyNoiseが、 Miraiベースのボットネットによって積極的に悪用されている重大なコマンドインジェクションバグによって1,500台以上のデバイスが影響を受けていると警告してから約1週間後に出された。
www.securityweek.com/zyxel-issues...
台湾のネットワーク機器メーカー、Zyxelは火曜日、複数の旧式DSL CPE製品に存在する2つのゼロデイ脆弱性は修正されないと発表した。
この通知は、脅威情報会社GreyNoiseが、 Miraiベースのボットネットによって積極的に悪用されている重大なコマンドインジェクションバグによって1,500台以上のデバイスが影響を受けていると警告してから約1週間後に出された。
www.securityweek.com/zyxel-issues...
Zyxel Issues ‘No Patch’ Warning for Exploited Zero-Days
Multiple Zyxel legacy DSL CPE products are affected by exploited zero-day vulnerabilities that will not be patched.
www.securityweek.com
February 5, 2025 at 1:41 PM
Zyxel、ゼロデイ脆弱性の悪用に対して「パッチなし」警告を発行
台湾のネットワーク機器メーカー、Zyxelは火曜日、複数の旧式DSL CPE製品に存在する2つのゼロデイ脆弱性は修正されないと発表した。
この通知は、脅威情報会社GreyNoiseが、 Miraiベースのボットネットによって積極的に悪用されている重大なコマンドインジェクションバグによって1,500台以上のデバイスが影響を受けていると警告してから約1週間後に出された。
www.securityweek.com/zyxel-issues...
台湾のネットワーク機器メーカー、Zyxelは火曜日、複数の旧式DSL CPE製品に存在する2つのゼロデイ脆弱性は修正されないと発表した。
この通知は、脅威情報会社GreyNoiseが、 Miraiベースのボットネットによって積極的に悪用されている重大なコマンドインジェクションバグによって1,500台以上のデバイスが影響を受けていると警告してから約1週間後に出された。
www.securityweek.com/zyxel-issues...
Join us @ 10:30 ET for another episode of GreyNoise Storm⚡️Watch!
https://stormwatch.ing/
Today, we're 🧭 the terrifying landscape of industrial control systems as Emily walks us through some research that will have everyone scratching their heads.
1/3
https://stormwatch.ing/
Today, we're 🧭 the terrifying landscape of industrial control systems as Emily walks us through some research that will have everyone scratching their heads.
1/3
Storm⚡️Watch
Storm⚡️Watch is a weekly podcast and livestream that digs deep into various cybersecurity topics and internet exploitation trends. Our goal is simple: to deliver insightful analyses, thought-provoking perspectives, timely updates and the occasional hot-take on the ever-evolving cybersecurity landscape.
stormwatch.ing
August 13, 2024 at 12:11 PM
Join us @ 10:30 ET for another episode of GreyNoise Storm⚡️Watch!
https://stormwatch.ing/
Today, we're 🧭 the terrifying landscape of industrial control systems as Emily walks us through some research that will have everyone scratching their heads.
1/3
https://stormwatch.ing/
Today, we're 🧭 the terrifying landscape of industrial control systems as Emily walks us through some research that will have everyone scratching their heads.
1/3
Join us @ 10:30 ET for GreyNoise Storm⚡️Watch!
https://stormwatch.ing/
Today, the crew starts off a bit lighter than usual by taking a peek at *your* fav hacker films. Based on the survey responses, y'all had a lot of fun with this poll.
1/5
https://stormwatch.ing/
Today, the crew starts off a bit lighter than usual by taking a peek at *your* fav hacker films. Based on the survey responses, y'all had a lot of fun with this poll.
1/5
Storm⚡️Watch
Storm⚡️Watch is a weekly podcast and livestream that digs deep into various cybersecurity topics and internet exploitation trends. Our goal is simple: to deliver insightful analyses, thought-provoking perspectives, timely updates and the occasional hot-take on the ever-evolving cybersecurity landscape.
stormwatch.ing
March 18, 2025 at 11:44 AM
Join us @ 10:30 ET for GreyNoise Storm⚡️Watch!
https://stormwatch.ing/
Today, the crew starts off a bit lighter than usual by taking a peek at *your* fav hacker films. Based on the survey responses, y'all had a lot of fun with this poll.
1/5
https://stormwatch.ing/
Today, the crew starts off a bit lighter than usual by taking a peek at *your* fav hacker films. Based on the survey responses, y'all had a lot of fun with this poll.
1/5
GreyNoise Labs - How-To: Linux Process Injection https://www.labs.greynoise.io/grimoire/2025-01-28-process-injection/
GreyNoise Labs - How-To: Linux Process Injection
Ever wondered how to inject code into a process on Linux?
www.labs.greynoise.io
February 5, 2025 at 1:40 AM
GreyNoise Labs - How-To: Linux Process Injection https://www.labs.greynoise.io/grimoire/2025-01-28-process-injection/
Join us @ 10:30 ET for Storm⚡Watch!
https://stormwatch.ing/
Unlike RSA attendees, we're workin' for a livin', today!
For those traipsing along the Expo floor, make sure to stop by the Censys & GreyNoise booths, for some sweet swag & even sweeter data-backed discussions.
https://stormwatch.ing/
Unlike RSA attendees, we're workin' for a livin', today!
For those traipsing along the Expo floor, make sure to stop by the Censys & GreyNoise booths, for some sweet swag & even sweeter data-backed discussions.
April 22, 2025 at 11:12 AM
Join us @ 10:30 ET for Storm⚡Watch!
https://stormwatch.ing/
Unlike RSA attendees, we're workin' for a livin', today!
For those traipsing along the Expo floor, make sure to stop by the Censys & GreyNoise booths, for some sweet swag & even sweeter data-backed discussions.
https://stormwatch.ing/
Unlike RSA attendees, we're workin' for a livin', today!
For those traipsing along the Expo floor, make sure to stop by the Censys & GreyNoise booths, for some sweet swag & even sweeter data-backed discussions.
5ire + Ollama + Qwen 3 + MCP tool calling (with our public alpha MCP server) works pretty nicely.
I'll do a 5ire write-up for ThursdAI's Drop.
I'll do a 5ire write-up for ThursdAI's Drop.
June 24, 2025 at 1:03 PM
5ire + Ollama + Qwen 3 + MCP tool calling (with our public alpha MCP server) works pretty nicely.
I'll do a 5ire write-up for ThursdAI's Drop.
I'll do a 5ire write-up for ThursdAI's Drop.
🚨 BREAKING: GreyNoise discovered a sophisticated backdoor campaign compromising ~9,000 ASUS routers worldwide. Unlike typical malware attacks, this operation uses the router's own legitimate features to create persistent backdoors that survive firmware updates and reboots.
1/4
1/4
May 28, 2025 at 1:22 PM
🚨 BREAKING: GreyNoise discovered a sophisticated backdoor campaign compromising ~9,000 ASUS routers worldwide. Unlike typical malware attacks, this operation uses the router's own legitimate features to create persistent backdoors that survive firmware updates and reboots.
1/4
1/4
GreyNoise Uncovers Unique Risks From Resurgent Cybersecurity Vulnerabilities Attackers from every...
https://www.greynoise.io/blog/greynoise-uncovers-unique-risks-from-resurgent-cybersecurity-vulnerabilities
Result Details
https://www.greynoise.io/blog/greynoise-uncovers-unique-risks-from-resurgent-cybersecurity-vulnerabilities
Result Details
GreyNoise Uncovers Unique Risks From Resurgent Cybersecurity Vulnerabilities
Attackers from every corner of the internet are exploiting a uniquely dangerous class of cyber flaws: resurgent vulnerabilities.
www.greynoise.io
April 24, 2025 at 2:15 PM
GreyNoise Uncovers Unique Risks From Resurgent Cybersecurity Vulnerabilities Attackers from every...
https://www.greynoise.io/blog/greynoise-uncovers-unique-risks-from-resurgent-cybersecurity-vulnerabilities
Result Details
https://www.greynoise.io/blog/greynoise-uncovers-unique-risks-from-resurgent-cybersecurity-vulnerabilities
Result Details