Glenn 📎

RE: @kev_Stalker@infosec.exchange

Got one today.

Rideshare drivers: check engine light
Claude code: update available!

Looking forward to sharing the stage at [un]prompted with the wizard himself, @hrbrmstr@mastodon.social, as we showcase "Orbie" (a custom-built AI agent that analyzes internet-scale honeypot data to surface emerging threats and even identify campaigns).

We’ll share what works, what doesn’t, and the specific campaigns we caught that traditional methods missed. You’ll see how domain expertise embedded in tooling enables LLMs to operate on billions of network sessions, and why that matters more than the model you choose.

https://unpromptedcon.org/

Excited to share that I've been asked to speak at the Minorities in Cybersecurity Conference this March!

I’ll be on a panel “How Do You Define Cybersecurity Experience? A Change in Perspective” where we’ll dig into what really counts as cybersecurity experience beyond job titles, traditional career paths, and gatekeeping checklists.

If you’re passionate about broadening who gets seen, heard, and valued in this field, attend and lets continue the conversation in person. https://www.mincybsec.org/annual-conference

Fun how MSFT doesn't share any identifiable information about what their scanning looks like. (https://internetscans.microsoft.com/). While it appears to be just a user agent, since it's spoofable, we can't mark it benign.

If anyone there wants to confirm the list of 240+ IPs we're observing/suspecting, LMK.

RE: @kev_Stalker@infosec.exchange

So, based on my work of digging into the KEV Ransomware flips, the RSS feed will now auto-toot here, if interested. There was a flip Tuesday (before the bot) and another just now.

#threatintel

RE: @greynoise@infosec.exchange

My latest pet project, an RSS feed to alert you to the silent KEV knownRansomwareCampaignUse flips!

(Did you know there were four CVEs flipped last week?) #threatintel

🍩 & #threatintel - Since its disclosure 11 days ago, 95% of the exploitation attempts of CVE-2026-20045, a critical vulnerability in Cisco Unified Communications Manager, have used a distinctive user-agent: Mozilla/5.0 (compatible; CiscoExploit/1.0) and are heavily targeted against our Cisco Unified Communications Manager (UCM) sensors.

We're tracking it here: https://viz.greynoise.io/tags/cisco-unified-communications-manager-input-validation-cve-2026-20045-rce-attempt?days=10

Appears to be from https://github.com/Ashwesker/Ashwesker-CVE-2026-20045

☕ & #threatintel - Two campaigns (100x spike!) are hitting Ivanti Connect Secure; one loud (34K sessions from Romania/Moldova), one stealthy (~6K distributed IPs). Both target a pre-exploitation endpoint for CVE-2025-0282. https://www.labs.greynoise.io/grimoire/2026-01-29-inside-the-infrastructure-whos-scanning-for-ivanti-connect-secure/

CISA's KEV hit 1,500 yesterday. I'm working on a cool #threatintel blog (yes, I'm biased) about additional hidden intel in KEV that should be published soon, along with a helpful tool hosted by GreyNoise! :)

It’s almost 2026 and I still can’t seem to find:
- an iOS calendar app I fully like (and that includes fantastical)
- a digital way of taking notes that fits my needs in the moment and later. The closest is the Agenda app for iOS/Mac.

“Why is everything political?”

Because it is.

“Secretary of State Marco Rubio is apparently a serif fan: He ordered diplomats this week to return to using Times New Roman size 14 in official documents, overhauling a Biden-era change to the more modern-looking Calibri. The shift to Calibiri was aimed at increasing accessibility for people with reading challenges and those who use screen readers, but Rubio characterized it as a “wasteful” diversity, equity, inclusion and accessibility program. He said switching back would “restore decorum and professionalism to the department’s written work.”
- @MorningBrew@flipboard.com