GreyNoise

Researchers report surge in scans targeting Palo Alto Networks login portals

News, Research, Risk, Vendors, Vulnerabilities

October 6, 2025

GreyNoise reported a roughly 500% rise in IP addresses scanning Palo Alto Networks GlobalProtect and PAN-OS profiles, peaking at over 1,285 addresses on Oct. 3; GreyNoise classed most IPs as suspicious and also flagged separate Grafana exploitation attempts tied to CVE-2021-43798.
Coordinated Cyber Attacks Target Tomcat Manager Interfaces

Cybercrime, News, Privacy, Vulnerabilities

June 12, 2025

GreyNoise has warned of a surge in coordinated brute-force attacks targeting Apache Tomcat Manager interfaces, involving 295 unique malicious IP addresses. As attackers seek to exploit these vulnerabilities, experts recommend strengthening security measures to protect against unauthorized access.
Coordinated Scanning Operation Targets Exposed Systems in Japan

Cybercrime, News, Risk, Vulnerabilities

May 29, 2025

A recent coordinated reconnaissance campaign involving 251 malicious IP addresses aims at exploiting vulnerabilities in web infrastructure, according to cybersecurity firm GreyNoise. The firm warns that organizations should take immediate action to block these IPs to reduce exposure.