Published on: 2025-06-06 08:44:00
Elyse Betters Picaro / ZDNET Do you own an Asus router? If so, your device may have been one of thousands compromised in a large campaign waged by cybercriminals looking to exploit it. In a blog post published Wednesday, security firm GreyNoise revealed that the attack was staged by what it suggests is "a well-resourced and highly capable adversary." Also: Massive data breach exposes 184 million passwords for Google, Microsoft, Facebook, and more To gain initial access, the attackers used bru
Keywords: access asus greynoise router ssh
Find related items on AmazonPublished on: 2025-06-15 00:40:00
The big picture: Backdoors are typically designed to bypass traditional authentication methods and provide unauthorized remote access to vulnerable network appliances or endpoint devices. The most effective backdoors remain invisible to both end users and system administrators, making them especially attractive to threat actors engaged in covert cyber-espionage campaigns. Analysts at GreyNoise have uncovered a mysterious backdoor-based campaign affecting more than 9,000 Asus routers. The unknow
Keywords: access asus backdoor greynoise routers
Find related items on AmazonPublished on: 2025-06-15 12:55:25
Elyse Betters Picaro / ZDNET Do you own an Asus router? If so, your device may have been one of thousands compromised in a large campaign waged by cybercriminals looking to exploit it. In a blog post published Wednesday, security firm GreyNoise revealed that the attack was staged by what it suggests is "a well-resourced and highly capable adversary." Also: Massive data breach exposes 184 million passwords for Google, Microsoft, Facebook, and more To gain initial access, the attackers used bru
Keywords: asus firmware greynoise router ssh
Find related items on AmazonPublished on: 2025-06-15 20:19:04
Thousands of ASUS wireless routers have been compromised by a botnet that has also been targeting Cisco, D-Link, and Linksys devices. The way in which routers are infected means that they remain under the control of attackers even if the firmware is updated … ASUS wireless routers compromised Security researchers at Greynoise first detected the exploit back in March, but held off on making it public until the industry had time to coordinate a response. GreyNoise has identified an ongoing expl
Keywords: asus compromised firmware greynoise routers
Find related items on AmazonPublished on: 2025-06-17 16:44:36
Over 9,000 ASUS routers are compromised by a novel botnet dubbed "AyySSHush" that was also observed targeting SOHO routers from Cisco, D-Link, and Linksys. The campaign was discovered by GreyNoise security researchers in mid-March 2025, who reports that it carries the hallmarks of a nation-state threat actor, though no concrete attributions were made. The threat monitoring firm reports that the attacks combine brute-forcing login credentials, bypassing authentication, and exploiting older vuln
Keywords: asus campaign greynoise routers threat
Find related items on AmazonPublished on: 2025-07-13 19:15:12
wtfis Passive hostname, domain and IP lookup tool for non-robots WTF is it? wtfis is a commandline tool that gathers information about a domain, FQDN or IP address using various OSINT services. Unlike other tools of its kind, it's built specifically for human consumption, providing results that are pretty (YMMV) and easy to read and understand. This tool assumes that you are using free tier / community level accounts, and so makes as few API calls as possible to minimize hitting quotas and r
Keywords: api greynoise ip shodan wtfis
Find related items on AmazonPublished on: 2025-08-03 20:02:43
Threat actors are intensifying internet-wide scanning for Git configuration files that can reveal sensitive secrets and authentication tokens used to compromise cloud services and source code repositories. In a new report from threat monitoring firm GreyNoise, researchers have recorded a massive spike in searches for exposed Git configs between April 20-21, 2025. "GreyNoise observed nearly 4,800 unique IP addresses daily from April 20-21, marking a substantial increase compared to typical leve
Keywords: access credentials files git greynoise
Find related items on AmazonPublished on: 2025-09-07 12:33:42
A significant spike in exploitation attempts targeting TVT NVMS9000 DVRs has been detected, peaking on April 3, 2025, with over 2,500 unique IPs scanning for vulnerable devices. The attacks attempt to exploit an information disclosure vulnerability first disclosed by an SSD Advisory in May 2024, which published the full exploitation details on retrieving admin credentials in cleartext using a single TCP payload. The exploitation results in an authentication bypass, allowing attackers to execut
Keywords: devices dvr dvrs exploitation greynoise
Find related items on AmazonPublished on: 2025-09-19 00:31:00
A significant spike in scanning activity targeting Palo Alto Network GlobalProtect login portals has been observed, with researchers concerned it may be a prelude to an upcoming attack or flaw being exploited. According to GreyNoise, which reports the activity, the scanning activity involves over 24,000 unique source IP addresses. The activity peaked at 20,000 unique IP addresses per day on March 17, 2025, and continued at this scale until March 26. Of those IPs, 23,800 are classified as "susp
Keywords: activity greynoise march scanning targeted
Find related items on AmazonPublished on: 2025-10-22 14:26:58
Threat intelligence company GreyNoise warns that a critical PHP remote code execution vulnerability that impacts Windows systems is now under mass exploitation. Tracked as CVE-2024-4577, this PHP-CGI argument injection flaw was patched in June 2024 and affects Windows PHP installations with PHP running in CGI mode. Successful exploitation enables unauthenticated attackers to execute arbitrary code and leads to complete system compromise following successful exploitation. A day after PHP mainta
Keywords: 2024 cve exploitation greynoise php
Find related items on AmazonPublished on: 2025-11-03 00:10:04
A new botnet malware named 'Eleven11bot' has infected over 86,000 IoT devices, primarily security cameras and network video recorders (NVRs), to conduct DDoS attacks. The botnet, which is loosely linked to Iran, has already launched distributed denial of service (DDoS) attacks targeting telecommunication service providers and online gaming servers. Eleven11bot was discovered by Nokia researchers who shared the details with the threat monitoring platform GreyNoise. Nokia's security researcher,
Keywords: botnet ddos devices eleven11bot greynoise
Find related items on AmazonGo K’awiil is a project by nerdhub.co that curates technology news from a variety of trusted sources. We built this site because, although news aggregation is incredibly useful, many platforms are cluttered with intrusive ads and heavy JavaScript that can make mobile browsing a hassle. By hand-selecting our favorite tech news outlets, we’ve created a cleaner, more mobile-friendly experience.
Your privacy is important to us. Go K’awiil does not use analytics tools such as Facebook Pixel or Google Analytics. The only tracking occurs through affiliate links to amazon.com, which are tagged with our Amazon affiliate code, helping us earn a small commission.
We are not currently offering ad space. However, if you’re interested in advertising with us, please get in touch at [email protected] and we’ll be happy to review your submission.