.png)
β
At The Edge is GreyNoise's weekly intelligence brief produced exclusively for customers incorporating complete IOCs, infrastructure attribution, detection guidance, and role-based recommendations. At The Edge Clear is a preview highlighting a couple insights and is available to the public.
β
Analysis Period: June 29 to July 06, 2026
GreyNoise recorded a sharp resurgence in exploitation attempts against Palo Alto GlobalProtect CVE-2019-1579 (CISA KEV, unauthenticated RCE): only isolated activity through late June, then more than 120 malicious hosts on the evening of 06 July, almost all from a single hosting network. Separately, two coordinated hosting fleets ran the week's highest-volume web exploitation.
β
β
CVE-2019-1579 (unauthenticated RCE, CISA KEV) drew more than 120 malicious hosts on 06 July after only isolated activity in late June, almost all from a single hosting network. Any internet-facing GlobalProtect portal on vulnerable firmware is in scope.
β
TECHOFF (AS48090, Netherlands) and Bucklog SARL (AS211590, France) together ran roughly 7.5 million connection attempts on a shared web-exploitation and credential-harvesting toolkit, with 129 hosts classified malicious and 30 suspicious. The CVEs are commodity; the coordination runs at provider scale.
β
ENV Crawler, the automated hunt for exposed .env files, logged 4.76 million requests across the sensor network, with Git, cloud-config, and PHP-info file requests close behind. A config file that returns content yields working credentials with no exploitation required.
β
Across all of this week's activity, the source addresses rotate but the exploitation patterns and client fingerprints do not. Patch the GlobalProtect flaw, block the fleets at the network-block level, and detect on behavior rather than a static IP list.
β
β
.png)
GreyNoise customers get detailed briefs with complete IOCs, infrastructure attribution, detection guidance, and role-based recommendations every week.
βRequest a demo to learn more about GreyNoise's data and intelligence.
β
β
β
β
β
β
β
β
At The Edge is GreyNoise's weekly intelligence brief produced exclusively for customers incorporating complete IOCs, infrastructure attribution, detection guidance, and role-based recommendations. At The Edge Clear is a preview highlighting a couple insights and is available to the public.
β
Analysis Period: June 29 to July 06, 2026
GreyNoise recorded a sharp resurgence in exploitation attempts against Palo Alto GlobalProtect CVE-2019-1579 (CISA KEV, unauthenticated RCE): only isolated activity through late June, then more than 120 malicious hosts on the evening of 06 July, almost all from a single hosting network. Separately, two coordinated hosting fleets ran the week's highest-volume web exploitation.
β
β
CVE-2019-1579 (unauthenticated RCE, CISA KEV) drew more than 120 malicious hosts on 06 July after only isolated activity in late June, almost all from a single hosting network. Any internet-facing GlobalProtect portal on vulnerable firmware is in scope.
β
TECHOFF (AS48090, Netherlands) and Bucklog SARL (AS211590, France) together ran roughly 7.5 million connection attempts on a shared web-exploitation and credential-harvesting toolkit, with 129 hosts classified malicious and 30 suspicious. The CVEs are commodity; the coordination runs at provider scale.
β
ENV Crawler, the automated hunt for exposed .env files, logged 4.76 million requests across the sensor network, with Git, cloud-config, and PHP-info file requests close behind. A config file that returns content yields working credentials with no exploitation required.
β
Across all of this week's activity, the source addresses rotate but the exploitation patterns and client fingerprints do not. Patch the GlobalProtect flaw, block the fleets at the network-block level, and detect on behavior rather than a static IP list.
β
β
.png)
GreyNoise customers get detailed briefs with complete IOCs, infrastructure attribution, detection guidance, and role-based recommendations every week.
βRequest a demo to learn more about GreyNoise's data and intelligence.
β
β
β
β
β
β
β