GreyNoise Archives • Daily CyberSecurity

Massive SonicWall Reconnaissance Campaign Signals Imminent Ransomware Strikes SonicWall Reconnaissance Akira Ransomware residential proxy malware TraderTraitor BreachForums Honeypot, French Interior Ministry Leak

SonicWall Reconnaissance Akira Ransomware residential proxy malware TraderTraitor BreachForums Honeypot, French Interior Ministry Leak

Massive SonicWall Reconnaissance Campaign Signals Imminent Ransomware Strikes

Do Son February 28, 2026

Between February 22 and February 25, 2026, threat intelligence firm GreyNoise detected a highly coordinated reconnaissance campaign...

Weaver E-cology RCE CVE-2026-22679 CVE-2026-20127 Cisco SD-WAN Exploitation AI-Driven Cyberattack ARXON Malware React Server Components Vulnerability CVE-2025-55182 FortiWeb Auth Bypass, Unauthenticated Admin Takeover RayInitiator Bootkit, LINE VIPER CVE-2025-59689 Department of the Treasury cybersecurity - CVE-2025-0108 PoC CVE-2025-31103 Dior Data Breach SK Telecom data breach, long-term intrusion

React Under Siege: Two IPs Drive 56% of Critical CVE-2025-55182 Attacks

Do Son February 4, 2026

Two months after the disclosure of a catastrophic vulnerability in React Server Components, the attack landscape has...

Check Point VPN vulnerability exploited in the wild Check Point VPN exploit CVE-2026-50751 zero-day Checkmarx Breach Supply Chain Attack Ivanti EPMM RCE CVE-2026-1281 Modular DS Vulnerability CVE-2026-23550 D-Link RCE Vulnerability CVE-2026-0625 Christmas 2025 GreyNoise Campaign, Japan-Based Initial Access Broker React2Shell Zero-Day, APT Active Exploitation WordPress vulnerability, authentication bypass FreePBX, zero-day Trend Micro Apex One, Remote Code Execution BitoPro Hack, Crypto Theft UNC5337 - CVE-2022-47945 Safe{Wallet} hack Fortinet vulnerability, CVE-2024-21762, FortiGate attack Balloonfly, Play ransomware Ivanti EPMM CVE-2025-4427 and CVE-2025-4428

Holiday ColdFusion Attacks Reveal Massive 2.5 Million Request Onslaught

Do Son December 29, 2025

What started as a seemingly targeted holiday raid on Adobe ColdFusion servers has unraveled into a sprawling,...

Coordinated Reconnaissance: 7,000+ IPs Target Palo Alto GlobalProtect and SonicWall API Endpoints Palo Alto SonicWall Scanning, Coordinated Reconnaissance

Palo Alto SonicWall Scanning, Coordinated Reconnaissance

Coordinated Reconnaissance: 7,000+ IPs Target Palo Alto GlobalProtect and SonicWall API Endpoints

Do Son December 6, 2025

A sudden surge in mass scanning activity has targeted two major enterprise security vendors, Palo Alto Networks...

Coordinated Cryptojacking Blitz: Hackers Exploit ThinkPHP and PHP RCE Flaws to Maximize Mining Profit PHP Cryptojacking, Coordinated Exploitation

PHP Cryptojacking, Coordinated Exploitation

Coordinated Cryptojacking Blitz: Hackers Exploit ThinkPHP and PHP RCE Flaws to Maximize Mining Profit

Do Son November 5, 2025

Analysts at GreyNoise Intelligence have reported a sharp, coordinated surge in attacks exploiting vulnerabilities across PHP and...

Massive RDP Botnet Unleashed: 100,000+ IPs in Coordinated Global Scanning Campaign Targeting US RDP Botnet, Coordinated Scanning CVE-2024-21888 & CVE-2024-21893

RDP Botnet, Coordinated Scanning CVE-2024-21888 & CVE-2024-21893

Massive RDP Botnet Unleashed: 100,000+ IPs in Coordinated Global Scanning Campaign Targeting US

Do Son October 13, 2025

GreyNoise Intelligence has issued an alert about a massive coordinated botnet operation targeting Remote Desktop Protocol (RDP)...

GreyNoise Detects Coordinated Surge Exploiting Grafana Path Traversal Flaw (CVE-2021-43798) Grafana Exploitation, Coordinated Scanning Arcserve UDP Vulnerabilities

Grafana Exploitation, Coordinated Scanning Arcserve UDP Vulnerabilities

GreyNoise Detects Coordinated Surge Exploiting Grafana Path Traversal Flaw (CVE-2021-43798)

Do Son October 3, 2025

Recently, GreyNoise observed a sudden and highly coordinated wave of exploitation attempts targeting CVE-2021-43798, a Grafana path...

A Massive Coordinated Attack Is Probing Cisco ASA Devices Cisco ASA, reconnaissance

A Massive Coordinated Attack Is Probing Cisco ASA Devices

Do Son September 5, 2025

The GreyNoise Intelligence team has observed two unusually large waves of scanning activity targeting Cisco Adaptive Security...

A Storm Is Coming: A Massive Coordinated Attack Is Probing RDP Connections RDP scanning, Remote Desktop Protocol

A Storm Is Coming: A Massive Coordinated Attack Is Probing RDP Connections

Do Son August 26, 2025

Security intelligence firm GreyNoise has sounded the alarm over a massive spike in Microsoft Remote Desktop (RDP)...

Zyxel Firewalls Under Attack via Critical CVE-2023-28771 Zyxel Firewall, CVE-2023-28771

Zyxel Firewalls Under Attack via Critical CVE-2023-28771

Do Son June 17, 2025

A sudden and coordinated wave of exploit attempts targeting a critical vulnerability in Zyxel firewalls has been...

Apache Tomcat Under Attack: Massive Brute-Force Campaign Targets Manager Interfaces Apache Tomcat, Brute-Force Attacks CVE-2024-38286 - Apache Tomcat 11

Apache Tomcat, Brute-Force Attacks CVE-2024-38286 - Apache Tomcat 11

Apache Tomcat Under Attack: Massive Brute-Force Campaign Targets Manager Interfaces

Do Son June 13, 2025

A significant surge in brute-force attacks is targeting Apache Tomcat Manager interfaces, according to a new report...

AyySSHush: New Stealthy Botnet Backdoors ASUS Routers, Persists Through Firmware Updates AyySSHush Botnet, ASUS Router Attacks

AyySSHush: New Stealthy Botnet Backdoors ASUS Routers, Persists Through Firmware Updates

Do Son May 31, 2025

A new wave of router-based cyberattacks has emerged in the form of a stealthy and persistent botnet...

Beyond Malware: Stealthy ASUS Router Exploitation Survives Reboots, Builds Botnet ASUS router hack Stealthy botnet

Beyond Malware: Stealthy ASUS Router Exploitation Survives Reboots, Builds Botnet

Do Son May 29, 2025

GreyNoise has revealed a stealthy, long-running exploitation campaign targeting thousands of ASUS routers, laying the foundation for...

Critical Alert 3 Active Exploits Detected Today

Critical Alert

GreyNoise

Massive SonicWall Reconnaissance Campaign Signals Imminent Ransomware Strikes

React Under Siege: Two IPs Drive 56% of Critical CVE-2025-55182 Attacks

Holiday ColdFusion Attacks Reveal Massive 2.5 Million Request Onslaught

Coordinated Reconnaissance: 7,000+ IPs Target Palo Alto GlobalProtect and SonicWall API Endpoints

Massive RDP Botnet Unleashed: 100,000+ IPs in Coordinated Global Scanning Campaign Targeting US

GreyNoise Detects Coordinated Surge Exploiting Grafana Path Traversal Flaw (CVE-2021-43798)

A Massive Coordinated Attack Is Probing Cisco ASA Devices

A Storm Is Coming: A Massive Coordinated Attack Is Probing RDP Connections

Zyxel Firewalls Under Attack via Critical CVE-2023-28771

AyySSHush: New Stealthy Botnet Backdoors ASUS Routers, Persists Through Firmware Updates

Beyond Malware: Stealthy ASUS Router Exploitation Survives Reboots, Builds Botnet