GreyNoise Intelligence

On this episode of Storm?Watch, the crew kicks off report season with a deep dive into Veracode's State of Software Security 2025, Dragos, Inc. OT/ICS Cybersecurity Report, and Huntress's Cyber Threat Report, highlighting trends in software security, industrial ransomware threats, and evolving attack tactics. They also cover a massive $1.5 billion Ethereum heist, recent findings from Censys and VulnCheck, and GreyNoise Intelligence latest insights into mass internet exploitation and a new DDoS botnet. Forecast = Ransomware storms surge with an 87% spike in industrial attacks—brace for ICS strikes from GRAPHITE and BAUXITE! Infostealers hit healthcare and education, while VPN vulnerabilities pour in—grab your digital umbrella! Subscribe to Storm??Watch - https://stormwatch.ing

?? Mass Exploitation of CVE-2024-4577 Detected ?? ?? View and block malicious IPs now: https://lnkd.in/gS2pqMJu GreyNoise data confirms widespread exploitation of PHP-CGI vulnerability CVE-2024-4577, far beyond initial reports. ?? 1,089 unique IPs exploiting this flaw in January 2025 ?? 43% of malicious IPs originate from Germany & China ?? Significant exploitation observed in U.S., Singapore, Japan, UK, India & more Organizations with internet-facing PHP-CGI installations should patch immediately and monitor for indicators of compromise. #ThreatIntelligence #CyberSecurity #CVE20244577 #Infosec #GreyNoise #CVE #Exploitation #PHP #Cybersecurity #Cyber?

The perimeter has evolved, and edge devices have become some of the most targeted entry points for attackers.???? Organizations — both in the public and private sectors — are facing a growing challenge: understanding which vulnerabilities are actually being exploited in the wild. With so many alerts and limited resources, prioritization is critical. That’s why I joined GreyNoise Intelligence. Instead of adding more noise, we help security teams focus on real threats, using real-time observations from thousands of sensors deployed in 50+ countries. Our 2025 Mass Internet Exploitation Report just launched, breaking down which CVEs attackers are targeting at scale. If you’re in threat intelligence, vulnerability management, or incident response, this is a must-read. Check it out here: https://lnkd.in/eGmR3Mcx Excited for what’s ahead! #GreyNoise #Cybersecurity #ThreatIntelligence #VulnerabilityManagement #IncidentResponse #SOC

?? GreyNoise has detected active exploitation of Silk Typhoon-linked CVEs in the past 24 hours. Full analysis: https://lnkd.in/gzn4X9ik More than 90 threat IPs have been observed exploiting these vulnerabilities in the past 24 hours — just one day after Microsoft reported Silk Typhoon’s shift to targeting IT supply chains. GreyNoise is not attributing this activity to Silk Typhoon but is reporting active exploitation across CVEs linked to the group's operations. ?? What are these IPs doing? How widespread is the activity? Our latest analysis breaks it down with source countries, IP counts, and observed behaviors. ?? Read the full analysis: https://lnkd.in/gzn4X9ik #GreyNoise #PANOS #SSRF #CVE202126855 #CVE202144228 #CVE20243400 #Log4shell #Log4j #SilkTyphoon #HAFNIUM #CVE #Vulnerability #ThreatIntel #News #Cybersecurity #Cyber #ThreatIntelligence #InfoSec #SOC #ThreatHunting #VulnerabilityManagement #CISO #CIO #Exploitation #Microsoft

?? The 2025 Mass Internet Exploitation Report is here. See which CVEs attackers actually targeted — and what it means for defenders. ?? Skim the Quick Hits Below and Download the Report Now → https://lnkd.in/dsCHUCaM Attackers aren’t just exploiting new vulnerabilities. 40% of exploited CVEs in 2024 were at least four years old, some dating back to the 1990s. ?? Some were targeted before being added to KEV ?? Ransomware groups are automating mass exploitation ?? IoT devices, home routers, and enterprise software were prime targets Security teams need real-time intelligence, not just static risk models. ?? Get the full report → https://lnkd.in/dsCHUCaM #GreyNoise #Report #MassExploitation #Cybersecurity #Cyber #ThreatIntel #Vulnerability #CVE #KEV #CISA #InfoSec #SOC #ThreatHunting #IoT #Ransomware #Exploitation #Exploit

?? Exploitation of Newly Added KEV CVEs ?? Full analysis: https://lnkd.in/gvz7y6RH CISA just added five vulnerabilities to KEV — but GreyNoise saw exploitation of three of them months ago. ?? CVE-2022-43939 & CVE-2022-43769 – Hitachi Vantara Pentaho BA Server ?? CVE-2024-4885 – Progress WhatsUp Gold First Exploitation Seen: December 6, 2024 KEV Added: March 3, 2025 ?? Who’s targeting them? ?? Where are attacks coming from? ?? What should defenders do? We break it all down in our latest blog. Get the full details here: https://lnkd.in/gvz7y6RH #ThreatIntelligence #Cybersecurity #KEV #GreyNoise #CISA #CVE #CVE202243939 #CVE202243769 #CVE20244885 #Exploitation #ThreatIntel #Progress #Hitachi #CISAKEV #Vulnerability #SOC #ThreatHunting #VulnerabilityManagement

Welcome to the mothership, Kent R., we are stoked to have you!

??CISA added 5 CVEs to the KEV catalog today — GreyNoise had already tagged 3 of them before they made the list. ?? ?? Hop to the GreyNoise Visualizer to see activity across these CVEs: https://viz.greynoise.io KEV is an important resource for defenders, highlighting vulnerabilities known to be actively exploited. GreyNoise complements KEV by providing early visibility into exploitation activity as it happens. Before these CVEs were added, GreyNoise had already identified and tagged: ?? CVE-2022-43939 – Hitachi Vantara Pentaho BA Server Authorization Bypass ?? CVE-2022-43769 – Hitachi Vantara Pentaho BA Server Special Element Injection ?? CVE-2024-4885 – Progress WhatsUp Gold Path Traversal This kind of early insight helps security teams prioritize vulnerabilities before they make it to official lists, reducing uncertainty and improving response times. #Cybersecurity #ThreatIntelligence #KEV #GreyNoise #VulnerabilityManagement #CISA #SOC #Vulnerability #Exploitation #CVE