2+ hour, 5+ min ago  (380+ words) That classification data is now available across the CrowdStrike Falcon platform " in Next-Gen SIEM, Falcon Fusion SOAR, and the agentic workflows that are defining the next era of security operations. For teams running Falcon, GreyNoise intelligence is operationalized across three…...

2+ week, 5+ day ago  (446+ words) It took less than 24 hours. On February 10, a proof-of-concept exploit for CVE-2026-1731, a critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access, was posted to GitHub. By February 11, GreyNoise's Global Observation Grid was recording reconnaissance…...

3+ week, 1+ day ago  (650+ words) CVE-2026-1281 is a CVSS 9.8 (v3.1) unauthenticated remote code execution vulnerability in Ivanti Endpoint Manager Mobile. It exploits Bash arithmetic expansion in EPMM's file delivery mechanism, allowing an unauthenticated attacker to execute arbitrary commands on the underlying server. Ivanti also disclosed CVE…...

1+ mon, 2+ day ago  (513+ words) In 2025, 59 vulnerabilities silently flipped to "known ransomware use." If CISA updates a vulnerability's status in the Known Exploited Vulnerabilities (KEV) catalog and nobody notices, did it even matter? "Stick around to the end for a new tool that exposes these…...

1+ mon, 1+ week ago  (520+ words) Time is the one variable defenders can't control. The gap between an exploit disclosure and a patch, or between an initial compromise and its discovery, is where attackers thrive. They automate everything'recon, scanning, and exploitation'shifting their infrastructure by the hour…...

1+ mon, 3+ week ago  (255+ words) Attackers targeted two vectors: The campaign ran from October 2025 through January 2026, with a dramatic spike over Christmas1,688 sessions in 48 hours. Attackers used ProjectDiscovery's OAST (Out-of-band Application Security Testing) infrastructure to confirm successful SSRF exploitation via callback validation. Fingerprinting revealed the operation's…...