Now Live! Β Β Project Swarm: Join the Collective. Defend the Edge
.png){kind=spacer}
β
At The Edge is GreyNoise's weekly intelligence brief produced exclusively for customers incorporating complete IOCs, infrastructure attribution, detection guidance, and role-based recommendations. At The Edge Clear is a preview highlighting a couple insights and is available to the public.
β
Analysis Period: June 08 β June 15, 2026
The signal this week was targeting, not volume. One host quietly inventoried the full perimeter stack, a two-node pair shared tooling against an internet-facing camera RCE, and credential pressure on enterprise VPN logins held steady. The infrastructure is rented and rotates fast, so the durable defense is patching the targeted products and detecting on behavior.
β
A single host probed the full perimeter stack, VPN gateways, application delivery controllers, file-transfer appliances, and webmail, in a tight one-week sweep. Per-product volume was low; the breadth is the tell of a target list being built.
β
Two hosts on separate Netherlands networks ran the same Hikvision camera exploit (CVE-2021-36260, CISA KEV) with shared tooling. Despite restrictions by the U.S. and allied governments, Hikvision cameras remain widely deployed across commercial and critical infrastructure networks.
β
Credential attacks on Palo Alto, Cisco, and SonicWall remote-access portals held steady across multiple briefs. The edge portal stays the most consistently targeted entry point GreyNoise observes.
β
β
β
.png)
GreyNoise customers get detailed briefs with complete IOCs, infrastructure attribution, detection guidance, and role-based recommendations every week.
βRequest a demo to learn more about GreyNoise's data and intelligence.
β
β
β
β
β
β
At The Edge is GreyNoise's weekly intelligence brief produced exclusively for customers incorporating complete IOCs, infrastructure attribution, detection guidance, and role-based recommendations. At The Edge Clear is a preview highlighting a couple insights and is available to the public.
β
Analysis Period: June 08 β June 15, 2026
The signal this week was targeting, not volume. One host quietly inventoried the full perimeter stack, a two-node pair shared tooling against an internet-facing camera RCE, and credential pressure on enterprise VPN logins held steady. The infrastructure is rented and rotates fast, so the durable defense is patching the targeted products and detecting on behavior.
β
A single host probed the full perimeter stack, VPN gateways, application delivery controllers, file-transfer appliances, and webmail, in a tight one-week sweep. Per-product volume was low; the breadth is the tell of a target list being built.
β
Two hosts on separate Netherlands networks ran the same Hikvision camera exploit (CVE-2021-36260, CISA KEV) with shared tooling. Despite restrictions by the U.S. and allied governments, Hikvision cameras remain widely deployed across commercial and critical infrastructure networks.
β
Credential attacks on Palo Alto, Cisco, and SonicWall remote-access portals held steady across multiple briefs. The edge portal stays the most consistently targeted entry point GreyNoise observes.
β
β
β
GreyNoise customers get detailed briefs with complete IOCs, infrastructure attribution, detection guidance, and role-based recommendations every week.
βRequest a demo to learn more about GreyNoise's data and intelligence.
β
β
β
β
β
