GreyNoise
@greynoise.io
GreyNoise analyzes Internet background noise. Use GreyNoise to remove pointless security alerts, find compromised devices, or identify emerging threats.
We’ve launched At The Edge, a weekly brief for GreyNoise customers highlighting shifts in attacker behavior seen across the Global Observation Grid (GOG).
Human-led analysis that turns internet noise into insight defenders can act on.
#ThreatIntel #GreyNoise
Human-led analysis that turns internet noise into insight defenders can act on.
#ThreatIntel #GreyNoise
November 6, 2025 at 3:00 PM
We’ve launched At The Edge, a weekly brief for GreyNoise customers highlighting shifts in attacker behavior seen across the Global Observation Grid (GOG).
Human-led analysis that turns internet noise into insight defenders can act on.
#ThreatIntel #GreyNoise
Human-led analysis that turns internet noise into insight defenders can act on.
#ThreatIntel #GreyNoise
We deployed MCP honeypots to understand how threat actors engage with AI middleware exposed to the internet. What we observed was unexpected. Full analysis ⬇️
#GreyNoise #AI #AISecurity #MCP #MCPSecurity #Cybersecurity #ThreatIntel
#GreyNoise #AI #AISecurity #MCP #MCPSecurity #Cybersecurity #ThreatIntel
What GreyNoise Learned from Deploying MCP Honeypots
GreyNoise deployed MCP honeypots to see what happens when AI middleware meets the open internet — revealing how attackers interact with this new layer of AI infrastructure.
www.greynoise.io
November 5, 2025 at 7:15 PM
We deployed MCP honeypots to understand how threat actors engage with AI middleware exposed to the internet. What we observed was unexpected. Full analysis ⬇️
#GreyNoise #AI #AISecurity #MCP #MCPSecurity #Cybersecurity #ThreatIntel
#GreyNoise #AI #AISecurity #MCP #MCPSecurity #Cybersecurity #ThreatIntel
GreyNoise has observed a surge in PHP exploitation activity since late summer — now peaking as attackers deploy cryptominers at scale. Full analysis ⬇️ #GreyNoise #PHP #ThreatIntel
PHP Cryptomining Campaign: October/November 2025
From Aug–Oct 2025, GreyNoise observed a surge in exploitation attempts against PHP and PHP-based frameworks as attackers deployed cryptominers—driven by rising Bitcoin prices and higher mining payoffs...
www.greynoise.io
November 4, 2025 at 4:36 PM
GreyNoise has observed a surge in PHP exploitation activity since late summer — now peaking as attackers deploy cryptominers at scale. Full analysis ⬇️ #GreyNoise #PHP #ThreatIntel
Headed to #FalConEurope2025 this week? Come by booth 45 and chat with the team. On Wednesday, continue the conversation at our joint happy hour with Cribl + NetBuilder from 7-?? at Nobu Barcelona, sign up today! ⬇️
GreyNoise - Dinner and Drinks at Fal.Con
Join GreyNoise, Cribl, and Netbuilder on Wednesday, 5 November, for dinner and drinks after a long day at Fal.Con Europe.
info.greynoise.io
November 3, 2025 at 6:40 PM
Headed to #FalConEurope2025 this week? Come by booth 45 and chat with the team. On Wednesday, continue the conversation at our joint happy hour with Cribl + NetBuilder from 7-?? at Nobu Barcelona, sign up today! ⬇️
Happy Halloween from your fave GreyNerds 🍬🍫
October 31, 2025 at 9:21 PM
Happy Halloween from your fave GreyNerds 🍬🍫
Happy Halloween from the GreyNoise ghouls + goblins! This month's NoiseLetter is packed to the brim with tricks + treats, catch up on all the haunts from this past month and be sure to check back in later for the results of our annual Candy Bracket 🎃
NoiseLetter October 2025
Get GreyNoise updates! Read the October 2025 NoiseLetter for product news, key resources, the latest tags and vulnerabilities, and more.
www.greynoise.io
October 31, 2025 at 4:34 PM
Happy Halloween from the GreyNoise ghouls + goblins! This month's NoiseLetter is packed to the brim with tricks + treats, catch up on all the haunts from this past month and be sure to check back in later for the results of our annual Candy Bracket 🎃
Starting soon! 👽
Tune in for a very spooky GreyNoise University LIVE, tomorrow October 30th @ 12 ET. Sign up today, if you dare! 🕸️
GreyNoise University LIVE
www.greynoise.io
October 30, 2025 at 3:57 PM
Starting soon! 👽
Tune in for a very spooky GreyNoise University LIVE, tomorrow October 30th @ 12 ET. Sign up today, if you dare! 🕸️
GreyNoise University LIVE
www.greynoise.io
October 29, 2025 at 3:56 PM
Tune in for a very spooky GreyNoise University LIVE, tomorrow October 30th @ 12 ET. Sign up today, if you dare! 🕸️
We are excited to sponsor #FalConEurope2025 next week in Barcelona! If you're there come by booth 45, or want to meet up with the team, let us know!
Fal.Con Europe 2025
www.greynoise.io
October 28, 2025 at 9:07 PM
We are excited to sponsor #FalConEurope2025 next week in Barcelona! If you're there come by booth 45, or want to meet up with the team, let us know!
see ya'll Friday 😈
I've just received word that we're preparing for this years annual @greynoise.io halloween candy bracket. Twix won years 1-2. 100 Grand won last year on a complete fluke. I might write a blog post about how last year's candy bracket undermined my faith in the democratic process.
October 27, 2025 at 9:32 PM
see ya'll Friday 😈
Want an inside look at what happens when attackers pop our honeypots + AWS slides into our inbox? 📥 Check out Corey's latest blog ⬇️
We Got Yelled At by Amazon So You Didn’t Have To
At GreyNoise, our sensors attract attackers so you don’t have to. We take the hits, learn from every attack, and share insights so you stay safe.
www.greynoise.io
October 24, 2025 at 4:50 PM
Want an inside look at what happens when attackers pop our honeypots + AWS slides into our inbox? 📥 Check out Corey's latest blog ⬇️
Reposted by GreyNoise
big week in the morris household. we've started tracking ORBs at @greynoise.io and I'm shitposting again btw (h/t @hrbrmstr.dev)
October 23, 2025 at 6:36 PM
big week in the morris household. we've started tracking ORBs at @greynoise.io and I'm shitposting again btw (h/t @hrbrmstr.dev)
Threat Actors Rotating New IPs Daily to Attack Microsoft RDP
Full Analysis ⬇️
#RDP #GreyNoise #ThreatIntel
Full Analysis ⬇️
#RDP #GreyNoise #ThreatIntel
Threat Actors Deploying New IPs Daily to Attack Microsoft RDP
GreyNoise reports attackers using rotating IPs to exploit Microsoft RDP timing vulnerabilities, targeting RD Web Access and RDP login enumeration to evade detection.
www.greynoise.io
October 20, 2025 at 8:40 PM
Threat Actors Rotating New IPs Daily to Attack Microsoft RDP
Full Analysis ⬇️
#RDP #GreyNoise #ThreatIntel
Full Analysis ⬇️
#RDP #GreyNoise #ThreatIntel
GreyNoise's Threat Intelligence Map visualizes network events across the internet, scans, probes, attacks + connects them to geopolitical context. Real-time intelligence, that looks pretty cool too 😎
🗺️ threat-map.greynoise.io
🗺️ threat-map.greynoise.io
October 16, 2025 at 5:38 PM
GreyNoise's Threat Intelligence Map visualizes network events across the internet, scans, probes, attacks + connects them to geopolitical context. Real-time intelligence, that looks pretty cool too 😎
🗺️ threat-map.greynoise.io
🗺️ threat-map.greynoise.io
Amid the security incident involving F5 BIG-IP announced today, GreyNoise is sharing recent insights into activity targeting BIG-IP to aid in defensive posturing. The anomalies reported in our blog may not necessarily relate to the 15 Oct incident. ⬇️
GreyNoise’s Recent Observations Around F5
Amid the security incident involving F5 BIG-IP announced on 15 October 2025, GreyNoise is sharing recent insights into activity targeting BIG-IP to aid in defensive posturing.
www.greynoise.io
October 15, 2025 at 11:35 PM
Amid the security incident involving F5 BIG-IP announced today, GreyNoise is sharing recent insights into activity targeting BIG-IP to aid in defensive posturing. The anomalies reported in our blog may not necessarily relate to the 15 Oct incident. ⬇️
A global botnet has tripled in size in the past five days, so GreyNoise is sharing an executive situation report (SITREP) to streamline decision making.
Full SITREP: info.greynoise.io/hubfs/Situat...
Full SITREP: info.greynoise.io/hubfs/Situat...
October 15, 2025 at 5:58 PM
A global botnet has tripled in size in the past five days, so GreyNoise is sharing an executive situation report (SITREP) to streamline decision making.
Full SITREP: info.greynoise.io/hubfs/Situat...
Full SITREP: info.greynoise.io/hubfs/Situat...
Attacker infrastructure evolves in real time. Your defenses should too. Introducing GreyNoise Block, ensuring your blocklists update automatically. 🦾
Introducing GreyNoise Block: Fully configurable, real-time blocklists
Discover why traditional blocklists fail and how GreyNoise Block offers real-time, configurable, low-noise IP blocking powered by primary-sourced intelligence.
www.greynoise.io
October 14, 2025 at 5:03 PM
Attacker infrastructure evolves in real time. Your defenses should too. Introducing GreyNoise Block, ensuring your blocklists update automatically. 🦾
Hey #CriblCon25! 👋 Looking forward to seeing you soon! 👻🤝🐐
October 13, 2025 at 9:17 PM
Hey #CriblCon25! 👋 Looking forward to seeing you soon! 👻🤝🐐
A 100,000-IP botnet is actively targeting U.S. RDP infrastructure. 🔗 Read the analysis 👇
#Cybersecurity #RDP #Botnet #GreyNoise
#Cybersecurity #RDP #Botnet #GreyNoise
100,000+ IP Botnet Launches Coordinated RDP Attack Wave Against US Infrastructure
Since October 8, 2025, GreyNoise has tracked a coordinated botnet operation involving over 100,000 unique IP addresses from more than 100 countries targeting Remote Desktop Protocol (RDP) services in ...
www.greynoise.io
October 10, 2025 at 9:49 PM
A 100,000-IP botnet is actively targeting U.S. RDP infrastructure. 🔗 Read the analysis 👇
#Cybersecurity #RDP #Botnet #GreyNoise
#Cybersecurity #RDP #Botnet #GreyNoise
The GreyNoise team will be at #CriblCon next week and we would love to see you there! If you are headed to Maryland for the event, check out our booth and talk to the team. 👻🤝🐐
🔗 events.cribl.io/criblcon25/b...
🔗 events.cribl.io/criblcon25/b...
October 10, 2025 at 8:35 PM
The GreyNoise team will be at #CriblCon next week and we would love to see you there! If you are headed to Maryland for the event, check out our booth and talk to the team. 👻🤝🐐
🔗 events.cribl.io/criblcon25/b...
🔗 events.cribl.io/criblcon25/b...
GreyNoise has linked three concurrent campaigns targeting remote-access technologies — Palo Alto login attempts, Fortinet SSL VPN brute-forcing, and Cisco ASA scanning — all partially driven by the same threat actor(s) [High Confidence]. Full analysis 👇 #Palo #Cisco #Fortinet #ThreatIntel
Palo Alto Scanning Surges ~500% in 48 Hours, Marking 90-Day High
On October 3, 2025, GreyNoise observed a ~500% increase in IPs scanning Palo Alto Networks login portals, the highest level recorded in the past 90 days. The activity was highly targeted and involved ...
www.greynoise.io
October 8, 2025 at 10:00 PM
GreyNoise has linked three concurrent campaigns targeting remote-access technologies — Palo Alto login attempts, Fortinet SSL VPN brute-forcing, and Cisco ASA scanning — all partially driven by the same threat actor(s) [High Confidence]. Full analysis 👇 #Palo #Cisco #Fortinet #ThreatIntel
GreyNoise Feeds are here: real-time webhook alerts for CVE status changes, exploitation spikes, and IP classification changes. No more polling. Respond the moment threats emerge. 🦾
Introducing GreyNoise Feeds: Real-Time Intel for Real-Time Response
Learn how GreyNoise Feeds enable real-time, event-driven threat intelligence that eliminates polling delays—helping defenders react instantly to new exploits, IP threats, and zero-day activity.
www.greynoise.io
October 8, 2025 at 5:05 PM
GreyNoise Feeds are here: real-time webhook alerts for CVE status changes, exploitation spikes, and IP classification changes. No more polling. Respond the moment threats emerge. 🦾
Palo login attempts are escalating, potentially driven by iteration through a large credential dataset. GreyNoise is sharing observed usernames/passwords for defender review.
🔗 Latest: www.greynoise.io/blog/palo-al...
#PaloAltoNetworks #ThreatIntel
🔗 Latest: www.greynoise.io/blog/palo-al...
#PaloAltoNetworks #ThreatIntel
October 7, 2025 at 9:03 PM
Palo login attempts are escalating, potentially driven by iteration through a large credential dataset. GreyNoise is sharing observed usernames/passwords for defender review.
🔗 Latest: www.greynoise.io/blog/palo-al...
#PaloAltoNetworks #ThreatIntel
🔗 Latest: www.greynoise.io/blog/palo-al...
#PaloAltoNetworks #ThreatIntel
NoiseLetter, but make it fashionably late... 💅 We were at our company offsite, but we're back with our new GreyNoise MCP Server launch, Cisco ASA zero-day and VPN brute force insights, plus upcoming events, let's get into it!
NoiseLetter September 2025
Get GreyNoise updates! Read the September 2025 NoiseLetter for product news, key resources, the latest tags and vulnerabilities, and more.
www.greynoise.io
October 6, 2025 at 5:19 PM
NoiseLetter, but make it fashionably late... 💅 We were at our company offsite, but we're back with our new GreyNoise MCP Server launch, Cisco ASA zero-day and VPN brute force insights, plus upcoming events, let's get into it!
GreyNoise observed a ~500% surge in IPs scanning Palo Alto Networks login portals on October 3, 2025 — the highest level we’ve seen in 90 days. Read our full analysis here 👇 #PaloAltoNetworks #PaloAlto #GreyNoise #ThreatIntel #PANOS
Palo Alto Scanning Surges ~500% in 48 Hours, Marking 90-Day High
On October 3, 2025, GreyNoise observed a ~500% increase in IPs scanning Palo Alto Networks login portals, the highest level recorded in the past 90 days. The activity was highly targeted and involved ...
www.greynoise.io
October 3, 2025 at 9:01 PM
GreyNoise observed a ~500% surge in IPs scanning Palo Alto Networks login portals on October 3, 2025 — the highest level we’ve seen in 90 days. Read our full analysis here 👇 #PaloAltoNetworks #PaloAlto #GreyNoise #ThreatIntel #PANOS