GreyNoise

🚀 New GreyNoise + Google SecOps integrations are live. See which IPs scan everyone vs just you, now directly inside Google SecOps.

🧩 SIEM: Standardized ingestion, dashboards, YARA-L rules, and saved searches
⚡️ SOAR: v7.0 actions, webhooks, and playbooks to automate triage

https://www.greynoise.io/blog/greynoise-google-secops-integration

Hey London! We are closing down day 1 at #ecrimecongress today + cant wait to see you tomorrow! If you're around, say hi to the team, watch a demo, and grab some great swag! 🔥

Edge attacks are evolving faster than your playbook. Join @morris@infosec.exchange, @hrbrmstr@infosec.exchange + Shawn Smagh next Tuesday for a live breakdown of where edge targeting is concentrating, where defenses are failing, + what 162 days of internet-scale data says about your real exposure.

https://info.greynoise.io/webinar/state-of-the-edge-2026

February was anything but quiet at GreyNoise, from our 2026 State of the Edge Report to new edge attack research, Ivanti + BeyondTrust deep dives, and a packed March of events, check it all out in this month's Noiseletter! 🚀

https://www.greynoise.io/resources/noiseletter-february-2026

GreyNoise is now integrated across CrowdStrike Falcon. 🚀

Falcon users can bring GreyNoise IP classification into Next-Gen SIEM searches, Fusion SOAR playbooks, and Charlotte AI workflows to triage faster, cut background noise + prioritize real threats.

https://www.greynoise.io/blog/greynoise-intelligence-available-across-crowdstrike-falcon-platform

Here's a taste of what GreyNoise customers got in this week's At The Edge intelligence brief.

268M sessions. 540K unique IPs. Four findings that matter.

→ Sophos CVE-2022-1040 surged 435% — second consecutive week
→ 9.1M RDP sessions from two IPs, one JA4T fingerprint
→ VPN siege Week 6 — vendors rotating after our published analysis
→ Scanning landscape collapsed. Enterprise campaigns didn't.

Full brief: IOCs, attribution, recommendations.

🔗 https://www.greynoise.io/resources/at-the-edge-clear-030226

greynoise.io/contact

Noise: analyzed.
Security: certified.

GreyNoise is now ISO 27001 certified 🔐
We spend our days tracking internet background noise and we hold ourselves to the same high security standards we expect from the ecosystem.

GreyNoise observed a coordinated campaign probing SonicWall firewalls to identify which devices have SSL VPN enabled — the prerequisite step before credential attacks. Four infrastructure clusters, a commercial proxy service rotating thousands of IPs, and near-zero exploitation. This is target mapping.

🔗 https://www.greynoise.io/blog/active-reconnaissance-campaign-targets-sonicwall-firewalls-through-commercial-proxy-infrastructure

Join us today at 12pm ET for February’s GreyNoise University LIVE session, where you’ll get an overview of what’s new at GreyNoise, plus a live demo of our tools and latest product releases.

🔗 https://www.greynoise.io/events/greynoise-university-live

52% of RCE attempts came from IPs with no prior GreyNoise history. New research on where edge defenses fall short + what to do about it: https://www.greynoise.io/resources/2026-state-of-the-edge-report

#ThreatIntel #Cybersecurity #GreyNoise

This week's At the Edge: CLEAR is out — a preview of the intel brief GreyNoise customers get every week.

🔗 https://www.greynoise.io/resources/at-the-edge-clear-021626

That's just the preview. greynoise.io/contact

#ThreatIntel #CyberSecurity #GreyNoise

It took less than a day. A PoC for BeyondTrust CVE-2026-1731 hit GitHub, and GreyNoise immediately started seeing reconnaissance from multi-exploit actors hiding behind VPNs + custom tooling. See what our data reveals about who’s mapping targets + how.

🔗 https://www.greynoise.io/blog/reconnaissance-beyondtrust-rce-cve-2026-1731

Three campaigns. One has Cobalt Strike ready.

RDP nearly quadrupled. A botnet picked up a new CVE. And someone built a Kubernetes cluster just to exploit n8n.

A preview of what GreyNoise customers get every week. Full brief has the IOCs, attribution, and analysis.

#ThreatIntelligence #InfoSec #GreyNoise #CyberSecurity

We observed a 65% drop in global telnet traffic in a single hour on Jan 14, settling into a sustained 59% reduction. 18 ASNs went silent, 5 countries disappeared, but cloud providers were unaffected.

Our analysis of 51.2M sessions points to backbone-level port 23 filtering by a North American Tier 1 transit provider.

🔗 https://www.labs.greynoise.io/grimoire/2026-02-10-telnet-falls-silent/

#GreyNoise #ThreatIntel #CyberSecurity #InfoSec

83% of observed Ivanti EPMM exploitation (CVE-2026-1281) traces to one bulletproof IP that isn't on any published IOC list. The IPs that are? VPN exits with zero Ivanti activity. We broke down who's actually doing this ⬇️ https://www.greynoise.io/blog/active-ivanti-exploitation

#Ivanti #ThreatIntel #CVE20261281 #InfoSec

Attackers are operating at machine speed + so should defenders. 🤖

Check out the Government Technology Insider article, where our Principal Intelligence Liaison, Shawn Smagh, shares what we’re seeing in the data and 4️⃣ steps to get to active defense at machine speed.
https://governmenttechnologyinsider.com/the-ai-accelerated-threat-landscape-four-steps-toward-active-defense-at-machine-speed/

Check out this month's NoiseLetter for the latest on Ghostie + all things GreyNoise!
🗞️https://www.greynoise.io/resources/noiseletter-january-2026

Two IPs now generate 56% of all CVE-2025-55182 exploitation traffic.

One deploys cryptominers. The other opens reverse shells.

We dug into the infrastructure. What we found goes back to 2020.

https://www.greynoise.io/blog/react2shell-exploitation-consolidates

In 2025, 59 CVEs quietly flipped to “known ransomware use” in CISA’s KEV...no alerts, no fanfare. 🧐

We dug through a year of JSON to catch every silent flip and built an RSS feed so you don’t miss the next one.

Read the blog + grab the feed 🗞️

https://www.greynoise.io/blog/unmasking-cisas-hidden-kev-ransomware-updates