Topic: reconnaissance activity
-
Palo Alto Portal Scans Skyrocket 500%
GreyNoise reported a 500% surge in reconnaissance scans targeting Palo Alto Networks login interfaces, with 1,300 distinct IPs detected on October 3rd, primarily originating from the United States. Similar scanning campaigns have targeted other remote access services like Cisco ASA, with shared c...
Read More » -
Hackers Actively Exploit Critical BeyondTrust RCE Flaw
A critical command injection vulnerability (CVE-2026-1731) in BeyondTrust's remote access software is being actively exploited, allowing unauthenticated attackers to run arbitrary commands on unpatched systems. Threat intelligence confirms widespread scanning and exploitation, with attackers abus...
Read More » -
CISA Warns: Malware Kits Found in Ivanti EPMM Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified malware exploiting two vulnerabilities in Ivanti Endpoint Manager Mobile, enabling remote command execution. A China-linked espionage group has been actively using these vulnerabilities as zero-days since mid-May to e...
Read More » -
Industrial Threat Actors Outpace OT Security Teams
Adversaries are increasingly focusing on "control-loop mapping" to understand and manipulate physical industrial processes, moving beyond simple network intrusion to enable real-world disruption. The threat landscape shows greater specialization, with distinct groups acting as initial access brok...
Read More » -
Cisco ASA Firewalls Under Active Attack from Zero-Day Exploits
Cisco has issued an urgent alert to patch two actively exploited zero-day vulnerabilities (CVE-2025-20333 and CVE-2025-20362) affecting its ASA and FTD software. The company, aided by international cybersecurity agencies, also addressed a third critical flaw (CVE-2025-20363) but has not linked it...
Read More »