13+ hour, 12+ min ago  (617+ words) Grey Noise does not attribute this activity to a named actor. Coloca Tel Inc. is the RIPE-registered holder of AS213438. IP geolocation describes where infrastructure is routed, not where operators sit. For most of the past year, Romania was the largest…...

3+ day, 18+ hour ago  (458+ words) Grey Noise Grey Noise Intelligence Introduces C2 Detection to Close the Visibility Gap at the Edge of the Network Leverages Outbound Telemetry to Detect Compromises "Washington, DC " April 7, 2026 " Grey Noise Intelligence, the cybersecurity company providing real-time intelligence about network-based attacks, today…...

1+ mon, 6+ day ago  (380+ words) That classification data is now available across the Crowd Strike Falcon platform " in Next-Gen SIEM, Falcon Fusion SOAR, and the agentic workflows that are defining the next era of security operations. For teams running Falcon, Grey Noise intelligence is operationalized…...

1+ mon, 2+ week ago  (229+ words) Grey Noise analyzed 2. 97 billion sessions over 162 days in H2 2025, and the patterns reveal where edge defenses hold up " and where they fall short. The data exposes specific concentration points in VPN targeting, infrastructure sourcing, and exploitation behavior that challenge conventional defensive…...

1+ mon, 3+ week ago  (446+ words) It took less than 24 hours. On February 10, a proof-of-concept exploit for CVE-2026-1731, a critical pre-authentication remote code execution vulnerability in Beyond Trust Remote Support and Privileged Remote Access, was posted to Git Hub. By February 11, Grey Noise's Global Observation Grid…...

2+ mon, 15+ hour ago  (650+ words) CVE-2026-1281 is a CVSS 9. 8 (v3. 1) unauthenticated remote code execution vulnerability in Ivanti Endpoint Manager Mobile. It exploits Bash arithmetic expansion in EPMM's file delivery mechanism, allowing an unauthenticated attacker to execute arbitrary commands on the underlying server. Ivanti also disclosed CVE…...

2+ mon, 1+ week ago  (513+ words) In 2025, 59 vulnerabilities silently flipped to "known ransomware use." If CISA updates a vulnerability's status in the Known Exploited Vulnerabilities (KEV) catalog and nobody notices, did it even matter? "Stick around to the end for a new tool that exposes these…...

2+ mon, 4+ week ago  (1170+ words) When an IP address reaches out to you, Grey Noise can tell you if it's just a benign scanner or something targeted and malicious. Grey Noise collects and analyzes untargeted, widespread, and opportunistic scan-and-attack activity across the entire IPv4 space, giving…...

3+ mon, 2+ day ago  (255+ words) Attackers targeted two vectors: The campaign ran from October 2025 through January 2026, with a dramatic spike over Christmas1, 688 sessions in 48 hours. Attackers used Project Discovery's OAST (Out-of-band Application Security Testing) infrastructure to confirm successful SSRF exploitation via callback validation. Fingerprinting revealed the…...