Just Released! GreyNoise 2026 State Of The Edge Report
.png){kind=spacer}
At The Edge is GreyNoise's weekly intelligence brief produced exclusively for customers incorporating complete IOCs, infrastructure attribution, detection guidance, and role-based recommendations. At The Edge Clear is a preview highlighting a couple insights and is available to the public.
Analysis Period: March 9-16, 2026
A single Hong Kong cloud provider surged nearly sevenfold to become the dominant source of internet scanning. RDP operators rotate faster than blocklists. Edge device exploitation enters its fourth month — and it's re-accelerating.
A single Hong Kong cloud provider surged nearly sevenfold, deploying a new tunneled fingerprint at 29.3M sessions. Western providers declined simultaneously.
Sophos CVE-2022-1040 nearly doubled for the 4th consecutive week. SonicWall VPN doubled. Dell NetExtender appeared for the first time. Two Cisco CVSS 10.0 CVEs on CISA KEV. State-aligned and financially motivated actors converging on the same attack surface.
MEVSPACE collapsed. Its replacement disappeared. RDP scanning surged 157%. The criminal ecosystem treats infrastructure as disposable.
After weeks of contraction, CVE-2025-55182 surged 56.2%. New proxy infrastructure linked to known operators suggests campaign refresh.
.png)
GreyNoise customers get detailed briefs with complete IOCs, infrastructure attribution, detection guidance, and role-based recommendations every week.
Request a demo to learn more about GreyNoise's data and intelligence.
At The Edge is GreyNoise's weekly intelligence brief produced exclusively for customers incorporating complete IOCs, infrastructure attribution, detection guidance, and role-based recommendations. At The Edge Clear is a preview highlighting a couple insights and is available to the public.
Analysis Period: March 9-16, 2026
A single Hong Kong cloud provider surged nearly sevenfold to become the dominant source of internet scanning. RDP operators rotate faster than blocklists. Edge device exploitation enters its fourth month — and it's re-accelerating.
A single Hong Kong cloud provider surged nearly sevenfold, deploying a new tunneled fingerprint at 29.3M sessions. Western providers declined simultaneously.
Sophos CVE-2022-1040 nearly doubled for the 4th consecutive week. SonicWall VPN doubled. Dell NetExtender appeared for the first time. Two Cisco CVSS 10.0 CVEs on CISA KEV. State-aligned and financially motivated actors converging on the same attack surface.
MEVSPACE collapsed. Its replacement disappeared. RDP scanning surged 157%. The criminal ecosystem treats infrastructure as disposable.
After weeks of contraction, CVE-2025-55182 surged 56.2%. New proxy infrastructure linked to known operators suggests campaign refresh.
GreyNoise customers get detailed briefs with complete IOCs, infrastructure attribution, detection guidance, and role-based recommendations every week.
Request a demo to learn more about GreyNoise's data and intelligence.
