AI-generated PoCs are flooding security repositories with broken exploits that waste detection engineers’ time and create dangerous blind spots. Learn to identify fake exploits.| GreyNoise Labs
CVE-2025-48927 found in TeleMessage TM SGNL in May, and reported by KEV in July, allows attackers to trivially extract sensitive credentials via an unauthenticated, exposed /heapdump endpoint.| GreyNoise Labs
There’s a new Erlang OTP vulnerability, CVE-2025-4748. It’s an Absolute Path Traversal vulnerability involving a Zip archive, which I have a lot of practice with. It affects Erlang OTP, which a coworker has already written about recently and noted the necessary steps to set up an environment. This is a “local” vulnerability (unless you’re unpacking a Zip archive as part of a network call), but is still fun to play with. Here’s how to reproduce: Setup Similarly to the prior work of...| GreyNoise Labs
How does Suricata’s URL decoding work? It’s more complex than you think!| GreyNoise Labs
Using an AI powered network traffic analysis tool we built called SIFT, GreyNoise has caught multiple anomalous network payloads with zero-effort that are attempting to disable TrendMicro security features in ASUS routers, then exploit vulnerabilities and novel tradecraft in ASUS AiProtection features on those routers.| GreyNoise Labs
Analysis and AI-free™ PoC.| GreyNoise Labs
Ever wondered how to inject code into a process on Linux?| GreyNoise Labs
As GreyNoise researcher, you always have things to write detection rules for. Some of them aren’t always exciting, but they become more interesting as you dive deeper.| GreyNoise Labs
A quick and silly post about a weird exploit situation| GreyNoise Labs
Wow. Nice weapon! Can I hold it? I promise not to break anything. Honest!| GreyNoise Labs
On June 5, 2024, SolarWinds released an advisory regarding a path-traversal vulnerability in their “secure” file-transfer product, Serv-U. I wrote about it here back in mid-June when it was fairly recently released. So here we are, three months later - you might be wondering why we’re still talking about this! When the vulnerability was new, I put a lot of work into crafting a very realistic honeypot that not only looks like the product, it also fakes out the filesystem to make it actua...| GreyNoise Labs
Where I introduce the subject of remotely identifying bluetooth devices, propose that healthcare device oversight is lacking, and exploit a firewall for no reason other than to prove a point.| GreyNoise Labs
The purpose of this article is simple: to make it slightly easier for the complete beginners to pivot around the topic.| GreyNoise Labs
CVE-2024-0769 affects D-Link DIR-859 WiFi routers. All revisions, all firmware, and the product is End-of-Life (EOL) meaning it will never recieve a patch.| GreyNoise Labs
Where we track a SolarWinds Serv-U vulnerability with a new honeypot, including tricking a human attacker into making mistakes| GreyNoise Labs
CVE-2024-4577 is a critical argument-injection vulnerability in PHP that affects Windows deployments and leads to a remote code execution.| GreyNoise Labs
This article steps through decrypting FortiGate FortiOS 7.0.x firmware.| GreyNoise Labs
How do we find vulnerabilities that aren’t making the news right now? By Sifting through the sensor logs!| GreyNoise Labs
Let’s look at current exploitation of CVE-2023-22527 - a Confluence template-injection vulnerability| GreyNoise Labs
This article steps through the process of discovering CVE-2024-21762, a non-disclosed out-of-bounds write vulnerability in Fortinet FortiOS and FortiProxy.| GreyNoise Labs
In 2021, Ivanti patched a vulnerability that they called “code injection”. Rumors say it was a backdoor in an open source project. Let’s find out what actually happened!| GreyNoise Labs
Phase 1: Using a pool of collectors to scan and connect to BTLE devices, shedding light on the intricacies of hardware, radio frequency challenges, and the importance of rate-limiting algorithms.| GreyNoise Labs
