GreyNoise threat intelligence

From Security Week – Questions Remain Over Attacks Causing DrayTek Router Reboots

[[{"value":"DrayTek has shared some clarifications regarding the recent attacks causing router reboots, but some questions remain unanswered. The post Questions Remain Over Attacks Causing DrayTek Router Reboots appeared first on…

shaikh Saqib April 2, 2025

News

From Security Week – Hackers Looking for Vulnerable Palo Alto Networks GlobalProtect Portals

[[{"value":"GreyNoise warns of a coordinated effort probing the internet for potentially vulnerable Palo Alto Networks GlobalProtect instances. The post Hackers Looking for Vulnerable Palo Alto Networks GlobalProtect Portals appeared first…

shaikh Saqib April 1, 2025

Vulnerabilities

From Cybersecurity Help – Surge in attacks targeting Palo Alto networks gateways observed

The activity began on March 17, 2025, and persisted at a rate of nearly 20,000 unique IP addresses per day. Read More

Samir K April 1, 2025

News

From Cyber Security News – DrayTek Routers Vulnerability Exploited in the Wild – Possibly Links to Reboot Loop

Multiple internet service providers worldwide are reporting widespread disruptions as DrayTek routers enter continuous reboot loops, affecting businesses and consumers alike. Security intelligence firm GreyNoise has identified the active exploitation…

shaikh Saqib March 26, 2025

News

From Security Week – Grafana Flaws Likely Targeted in Broad SSRF Exploitation Campaign

[[{"value":"Threat actors are likely targeting Grafana path traversal bugs for reconnaissance in a SSRF exploitation campaign targeting popular platforms. The post Grafana Flaws Likely Targeted in Broad SSRF Exploitation Campaign…

shaikh Saqib March 13, 2025

News

From The Hacker News – Over 400 IPs Exploiting Multiple SSRF Vulnerabilities in Coordinated Cyber Attack

Threat intelligence firm GreyNoise is warning of a "coordinated surge" in the exploitation of Server-Side Request Forgery (SSRF) vulnerabilities spanning multiple platforms. "At least 400 IPs have been seen actively exploiting multiple SSRF CVEs simultaneously, with notable overlap between attack attempts," the company said, adding it observed the activity on March 9, 2025. The countries which

shaikh Saqib March 12, 2025

Vulnerabilities

From Cybersecurity Help – Critical PHP flaw comes under mass-exploitation

If successfully exploited, the flaw could allow attackers to execute arbitrary code. Read More

shaikh Saqib March 11, 2025

News

From The Hacker News – CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting Advantive VeraCore and Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-57968 - An unrestricted file upload vulnerability in Advantive VeraCore

shaikh Saqib March 11, 2025

News

From The Hacker News – CISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities List

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The flaws are listed below - CVE-2025-0108 (CVSS score: 7.8) - An authentication bypass vulnerability in the Palo Alto Networks PAN-OS

shaikh Saqib February 19, 2025

News

From Security Week – Hackers Exploit Palo Alto Firewall Vulnerability Day After Disclosure

[[{"value":"Attempts to exploit CVE-2024-0108, an authentication bypass vulnerability in Palo Alto firewalls, started one day after disclosure. The post Hackers Exploit Palo Alto Firewall Vulnerability Day After Disclosure appeared first…

shaikh Saqib February 14, 2025

News

From Cyber Security News – Hackers Actively Exploiting New PAN-OS Authentication Bypass Vulnerability

Palo Alto Networks has released a patch for a high-severity authentication bypass vulnerability, identified as CVE-2025-0108, affecting their PAN-OS software. GreyNoise has observed active exploitation attempts targeting this vulnerability. The flaw…

shaikh Saqib February 14, 2025

News

From Security Week – Exploitation of Old ThinkPHP, OwnCloud Vulnerabilities Surges

[[{"value":"Threat actors are increasingly exploiting two old vulnerabilities in ThinkPHP and OwnCloud in their attacks. The post Exploitation of Old ThinkPHP, OwnCloud Vulnerabilities Surges appeared first on SecurityWeek."}]] Read More

shaikh Saqib February 13, 2025

News

From The Hacker News – Palo Alto Networks Patches Authentication Bypass Exploit in PAN-OS Software

Palo Alto Networks has addressed a high-severity security flaw in its PAN-OS software that could result in an authentication bypass. The vulnerability, tracked as CVE-2025-0108, carries a CVSS score of 7.8 out of 10.0. The score, however, drops to 5.1 if access to the management interface is restricted to a jump box. "An authentication bypass in the Palo Alto Networks PAN-OS software enables an

shaikh Saqib February 13, 2025