Threat intelligence startup GreyNoise said in a blog post on Tuesday that it had observed a “notable resurgence of ...

A significant spike in scanning activity targeting Palo Alto Network GlobalProtect login portals has been observed, with ...

GreyNoise warns of a coordinated effort probing the internet for potentially vulnerable Palo Alto Networks GlobalProtect instances.

GreyNoise observed a spike in scanning throughout March 2025 Thousands of IP addresses were scanning PAN-OS GlobalProtect portals These activities usually lead up to a cyberattack, researchers claim ...

Cisco Talos recently found a bug in PHP-CGI, being used in attacks against Japanese firms GreyNoise said the attacks are ...

Attack attempts via CVE-2025-24813 are underway, but successful attacks require specific, non-default configurations, ...

IPs scanned Palo Alto GlobalProtect portals in late March, signaling systemic recon before potential exploits.

It is called Eleven11bot, and its malware was found on more than 86,000 Internet of Things (IoT) devices, according to multiple research teams, including Nokia, GreyNoise, and The Shadowserver ...

Nearly 24K unique IP addresses have attempted to access portals in the last 30 days, raising concerns of imminent attacks ...

Threat intelligence company GreyNoise warns that a critical PHP remote code execution vulnerability that impacts Windows systems is now under mass exploitation. Tracked as CVE-2024-4577 ...

Exploitation of a critical-severity vulnerability affecting Windows-based PHP installations has impacted organizations in the U.S., according to a researcher at threat intelligence firm GreyNoise.