Topic: greynoise intelligence
-
Major Firewall Vendors Hit in Coordinated Cyberattack
A coordinated cyberattack is targeting Cisco, Palo Alto Networks, and Fortinet devices, with all exploitation campaigns originating from identical subnets, indicating a unified threat actor. The attacks began in early September, exploiting zero-day vulnerabilities in Cisco devices and causing a 5...
Read More » -
GlobalProtect VPN Portals Hit by 2.3 Million Cyber Scans
A fortyfold surge in malicious scanning targeting Palo Alto Networks GlobalProtect VPN portals began on November 14, 2025, marking the highest volume observed in the past 90 days, with 2.3 million sessions detected over five days. These coordinated scans focus on the login endpoint and are linked...
Read More » -
Palo Alto Portal Scans Skyrocket 500%
GreyNoise reported a 500% surge in reconnaissance scans targeting Palo Alto Networks login interfaces, with 1,300 distinct IPs detected on October 3rd, primarily originating from the United States. Similar scanning campaigns have targeted other remote access services like Cisco ASA, with shared c...
Read More » -
Palo Alto Networks Login Portals Under Massive Attack Surge
A dramatic 500% surge in suspicious network scans is targeting Palo Alto Networks login portals, with over 1,285 unique IPs involved, indicating a coordinated reconnaissance campaign. The majority of scanning IPs originated from the U.S., with clusters focusing on targets in the U.S. and Pakistan...
Read More »