GreyNoise

GreyNoise unveils MCP Server to power AI-driven SOC workflows

GreyNoise, Industry news /

GreyNoise unveils MCP Server to power AI-driven SOC workflows 2025-09-18 at 07:17 By Industry News GreyNoise Intelligence introduced the GreyNoise Model Context Protocol (MCP) Server to enable MCP-compatible LLMs and agents to query GreyNoise APIs directly, providing real-time, actionable threat intelligence for AI agents. “AI Agents represent a major shift in cybersecurity, moving beyond simple […]

React to this headline:

Loading spinner

GreyNoise unveils MCP Server to power AI-driven SOC workflows Read More »

Can AI make threat intelligence easier? One platform thinks so

analytics, automation, CISO, cybersecurity, data collection, Don't miss, GreyNoise, News, Threat Intelligence /

Can AI make threat intelligence easier? One platform thinks so 2025-08-28 at 07:38 By Mirko Zorz When analysts at RH-ISAC found themselves spending 10 hours a week just collecting threat intelligence, they knew their process wasn’t sustainable. They were manually tracking blogs, RSS feeds, and social media channels, but it took too long to separate

React to this headline:

Loading spinner

Can AI make threat intelligence easier? One platform thinks so Read More »

Brute-force attacks hammer Fortinet devices worldwide

brute-force, Don't miss, exploit, firewall, Fortinet, GreyNoise, Hot stuff, News /

Brute-force attacks hammer Fortinet devices worldwide 2025-08-14 at 17:05 By Zeljka Zorz A surge in brute-force attempts targeting Fortinet SSL VPNs that was spotted earlier this month could be a portent of imminent attacks leveraging currently undisclosed (potentially zero-day) vulnerabilities in Fortinet devices. Shifting attacks Greynoise, a cybersecurity intelligence service that through its global network

React to this headline:

Loading spinner

Brute-force attacks hammer Fortinet devices worldwide Read More »

GreyNoise enhances threat response with real-time blocklists, feeds, and SOAR integrations

GreyNoise, Industry news /

GreyNoise enhances threat response with real-time blocklists, feeds, and SOAR integrations 2025-07-31 at 16:33 By Industry News GreyNoise Intelligence introduced three new platform capabilities designed to help security teams detect, block and respond faster to emerging cybersecurity threats. These capabilities, including Real-time Dynamic Blocklists, new GreyNoise feeds and integrations for Security Orchestration, Automation and Response

React to this headline:

Loading spinner

GreyNoise enhances threat response with real-time blocklists, feeds, and SOAR integrations Read More »

GreyNoise Flags 9,000 ASUS Routers Backdoored Via Patched Vulnerability

Asus, botnet, Censys, CVE-2023-39780, GreyNoise, IoT Security, Malware & Threats, ORB, Vulnerabilities /

GreyNoise Flags 9,000 ASUS Routers Backdoored Via Patched Vulnerability 2025-05-29 at 17:37 By Ryan Naraine Professional hackers have built a network of ASUS routers that can survive firmware upgrades, factory reboots and most anti-malware scans. The post GreyNoise Flags 9,000 ASUS Routers Backdoored Via Patched Vulnerability appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

GreyNoise Flags 9,000 ASUS Routers Backdoored Via Patched Vulnerability Read More »

Attackers are probing Palo Alto Networks GlobalProtect portals

Don't miss, enterprise, GreyNoise, Hot stuff, News, Palo Alto Networks, scanning, VPN /

Attackers are probing Palo Alto Networks GlobalProtect portals 2025-04-01 at 14:21 By Zeljka Zorz Cybersecurity company GreyNoise is warning about a significant increase of scanning activity targeting internet-facing Palo Alto Networks GlobalProtect portals in the last 30 days, and has urged organizations with exposed systems to secure them and look for signs of compromise. “The

React to this headline:

Loading spinner

Attackers are probing Palo Alto Networks GlobalProtect portals Read More »

Attackers are chaining flaws to breach Palo Alto Networks firewalls

Assetnote, Don't miss, enterprise, GreyNoise, Hot stuff, News, Palo Alto Networks, vulnerability /

Attackers are chaining flaws to breach Palo Alto Networks firewalls 2025-02-19 at 11:03 By Zeljka Zorz Exploitation attempts targeting CVE-2025-0108, a recently disclosed authentication bypass vulnerability affecting the management web interface of Palo Alto Networks’ firewalls, are ramping up. “GreyNoise now sees 25 malicious IPs actively exploiting CVE-2025-0108, up from 2 on February 13,” the

React to this headline:

Loading spinner

Attackers are chaining flaws to breach Palo Alto Networks firewalls Read More »

Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891)

Censys, Don't miss, GreyNoise, Hot stuff, News, VulnCheck, vulnerability, Zyxel /

Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) 2025-01-29 at 18:32 By Zeljka Zorz CVE-2024-40891, a command injection vulnerability in Zyxel CPE Series telecommunications devices that has yet to be fixed by the manufacturer, is being targeted by attackers, cybersecurity company Greynoise has warned. Successful exploitation would allow attackers to execute

React to this headline:

Loading spinner

Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) Read More »

New Zyxel Zero-Day Under Attack, No Patch Available

Censys, CVE-2024-40891, GreyNoise, Malware & Threats, Vulnerabilities, Zyxel /

New Zyxel Zero-Day Under Attack, No Patch Available 2025-01-29 at 18:21 By Ryan Naraine GreyNoise reports active exploitation of a newly discovered zero-day vulnerability in Zyxel CPE devices. There are no patches available. The post New Zyxel Zero-Day Under Attack, No Patch Available appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

New Zyxel Zero-Day Under Attack, No Patch Available Read More »

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation

Don't miss, enterprise, exploit, firewall, GreyNoise, Hot stuff, News, Palo Alto Networks, PoC, security update, TrustedSec, Volexity, vulnerability, WatchTowr /

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation 2024-04-17 at 12:31 By Zeljka Zorz While it initially seemed that protecting Palo Alto Network firewalls from attacks leveraging CVE-2024-3400 would be as easy a disabling the devices’ telemetry, it has now been comfirmed that this mitigation is ineffectual. “Device telemetry does not need to be

React to this headline:

Loading spinner

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation Read More »

Akira, LockBit actively searching for vulnerable Cisco ASA devices

Cisco, Don't miss, enterprise, exploit, GreyNoise, Hot stuff, News, Ransomware, Truesec, vulnerability /

Akira, LockBit actively searching for vulnerable Cisco ASA devices 2024-02-08 at 14:31 By Zeljka Zorz Akira and Lockbit ransomware groups are trying to breach Cisco ASA SSL VPN devices by exploiting several older vulnerabilities, security researcher Kevin Beaumont is warning. They are targeting vulnerabilities for which patches have been made available in 2020 and 2023.

React to this headline:

Loading spinner

Akira, LockBit actively searching for vulnerable Cisco ASA devices Read More »

Ivanti EPMM and MobileIron Core vulnerability is actively exploited, CISA confirms (CVE-2023-35082)

CISA, Don't miss, endpoint management, exploit, GreyNoise, Ivanti, News, Rapid7, vulnerability /

Ivanti EPMM and MobileIron Core vulnerability is actively exploited, CISA confirms (CVE-2023-35082) 2024-01-19 at 19:49 By Zeljka Zorz A previously patched critical vulnerability (CVE-2023-35082) affecting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core is being actively exploited, the Cybersecurity and Infrastructure Security Agency (CISA) has confirmed by adding the vulnerability to its Known Exploited Vulnerabilities

React to this headline:

Loading spinner

Ivanti EPMM and MobileIron Core vulnerability is actively exploited, CISA confirms (CVE-2023-35082) Read More »

Critical ownCloud flaw under attack (CVE-2023-49103)

Don't miss, GreyNoise, Hot stuff, News, ownCloud, SANS ISC, vulnerability /

Critical ownCloud flaw under attack (CVE-2023-49103) 28/11/2023 at 14:17 By Zeljka Zorz Attackers are trying to exploit a critical information disclosure vulnerability (CVE-2023-49103) in ownCloud, a popular file sharing and collaboration platform used in enterprise settings. Greynoise and SANS ISC say attemps have been first spotted over the weekend, though Dr. Johannes Ullrich, Dean of

React to this headline:

Loading spinner

Critical ownCloud flaw under attack (CVE-2023-49103) Read More »

Atlassian Confluence data-wiping vulnerability exploited

Atlassian Confluence, Don't miss, GreyNoise, Hot stuff, News, PoC, Shadowserver /

Atlassian Confluence data-wiping vulnerability exploited 06/11/2023 at 13:19 By Zeljka Zorz Threat actors are trying to exploit CVE-2023-22518, a critical Atlassian Confluence flaw that allows unauthenticated attackers to reset vulnerable instances’ database, Greynoise is observing. The Shadowserver Foundation has also seen 30+ IP addresses testing for the flaw in internet-facing Confluence installations. From security updates

React to this headline:

Loading spinner

Atlassian Confluence data-wiping vulnerability exploited Read More »

Critical Atlassian Confluence vulnerability exploited by state-backed threat actor

Atlassian, Atlassian Confluence, Don't miss, exploit, GreyNoise, Hot stuff, Microsoft, News, Rapid7, vulnerability /

Critical Atlassian Confluence vulnerability exploited by state-backed threat actor 11/10/2023 at 14:18 By Helga Labus A critical flaw in Atlassian Confluence Data Center and Server (CVE-2023-22515) has been exploited by a state-backed threat actor, Microsoft’s threat analysts have pinpointed. About the vulnerability CVE-2023-22515 was initially classified as a critical privilege escalation vulnerability affecting Confluence Data

React to this headline:

Loading spinner

Critical Atlassian Confluence vulnerability exploited by state-backed threat actor Read More »

11 search engines for cybersecurity research you can use right now

cybersecurity, dark web, Don't miss, FullHunt, GreyNoise, Hot stuff, Intelligence X, Netlas, News, OffSec, ONYPHE, penetration testing, Shodan /

11 search engines for cybersecurity research you can use right now 29/08/2023 at 06:32 By Help Net Security Staying ahead in cybersecurity requires constant learning and adaptation. If you’re interested in cybersecurity research, explore the resources outlined below. DNSdumpster DNSdumpster is a free domain research tool that can discover hosts related to a domain. Finding

React to this headline:

Loading spinner

11 search engines for cybersecurity research you can use right now Read More »

Citrix ADC zero-day exploitatation: CISA releases details about attack on CI organization (CVE-2023-3519)

0-day, CISA, Citrix, critical infrastructure, Don't miss, GreyNoise, Hot stuff, Incident Response, News /

Citrix ADC zero-day exploitatation: CISA releases details about attack on CI organization (CVE-2023-3519) 21/07/2023 at 14:19 By Zeljka Zorz The exploitation of the Citrix NetScaler ADC zero-day vulnerability (CVE-2023-3519) was first spotted by a critical infrastructure organization, who reported it to the Cybersecurity and Infrastructure Security Agency (CISA). “In June 2023, threat actors exploited this

React to this headline:

Loading spinner

Citrix ADC zero-day exploitatation: CISA releases details about attack on CI organization (CVE-2023-3519) Read More »

VMware Aria Operations for Networks vulnerability exploited in the wild (CVE-2023-20887)

Don't miss, enterprise, GreyNoise, Hot stuff, News, patch, VMWare, vulnerability /

VMware Aria Operations for Networks vulnerability exploited in the wild (CVE-2023-20887) 21/06/2023 at 11:42 By Zeljka Zorz CVE-2023-20887, a pre-authentication command injection vulnerability in VMware Aria Operations for Networks (formerly vRealize Network Insight), has been spotted being exploited in the wild. There are no workarounds to mitigate the risk of exploitation – enterprise admins are

React to this headline:

Loading spinner

VMware Aria Operations for Networks vulnerability exploited in the wild (CVE-2023-20887) Read More »

ThreatBlockr integrates with GreyNoise to guard against false positives

GreyNoise, Industry news, ThreatBlockr /

ThreatBlockr integrates with GreyNoise to guard against false positives 09/05/2023 at 18:17 By Industry News ThreatBlockr and GreyNoise announced a partnership that will enhance the ThreatBlockr platform. By leveraging GreyNoise data, ThreatBlockr customers now have automatic access to this enhanced cyber intelligence and the largest cyber intelligence data set that protects against false positives. “False

React to this headline:

Loading spinner

ThreatBlockr integrates with GreyNoise to guard against false positives Read More »

Scroll to Top