Censys’ mission is to be the one place to understand everything on the internet. Frustrated by the lack of trustworthy Internet intelligence, we set out to create the industry's most comprehensive, accurate, and up-to-date map of the Internet. Today, Censys delivers real-time Internet intelligence and actionable threat insights to global governments, over 50% of the Fortune 500, and leading threat intelligence providers worldwide. Learn more at Censys.com.
We used the new Censys Threat Hunting Module to investigate a Colombian threat actor, uncovering a series of remote access trojan (RAT) C2 servers.
We also show how to use this information to create a set of IOCs for defensive measures:
https://censys.com/blog/unmasking-the-infrastructure-of-a-spearphishing-campaign
A defining moment for Censys - We are excited to announce that the Threat Hunting Module in the new Censys Platform is now #ga
https://www.censys.com/blog/internet-scale-proactive-threat-hunting-and-detection
In October 2024, Censys researchers discovered ~400 U.S. water facility web-based HMIs exposed online. Within a month of sharing data with the EPA and the vendor, 58% of systems were protected. Read more here:
Thousands of compromised ASUS routers are being co-opted into a volatile but persistent botnet. Our latest blog takes IoCs from @greynoise and breaks down how the AyySSHush campaign has evolved over the past 5 months — and what makes it stand out:
https://censys.com/blog/tracking-ayysshush-a-newly-discovered-asus-router-botnet-campaign
Trend Micro recently uncovered a campaign leveraging TikTok to distribute malware via AI-generated videos, tricking users into installing Vidar and StealC infostealers instead of the promised pirated software.
Using IOCs provided by Trend Micro, we used Censys to find more related infrastructure, including a relatively new bulletproof service provider. Read our analysis here:
🚩 May 7 Advisory: Unauthenticated Code Injection Vulnerability in Langflow [CVE-2025-3248] https://censys.com/advisory/cve-2025-3248
If you think Salt Typhoon has moved on—you might want to double-check your attack surface. We’re still seeing critical telecom infrastructure exposed to active targeting. Find out what we uncovered (and what you should be looking for) https://censys.com/blog/salt-typhoon-attacks-highlight-need-for-advanced-defenses
May 6 Advisory: Critical RCE Vulnerability Identified in Craft CMS [CVE-2025-32432] https://censys.com/advisory/cve-2025-32432
Censys was a proud contributor to the 2025 Verizon Data Breach Investigations Report, shedding light on the growing threat to firewalls, VPNs, and other perimeter gear. See that this sharp increase in targeting edge security devices means ➡️ https://censys.com/blog/postcards-from-the-edge-verizon-dbir-reveals-sharp-increase-in-targeting-of-edge-security-devices
Security advisory update for this week. April 28 Advisory: SAP NetWeaver Actively Exploited Unauthenticated File Upload Vuln [CVE-2025-31324]
This is an especially severe issue that combines several of the worst-case risk factors. Read more: https://censys.com/advisory/cve-2025-31324
Threat hunters, this is your inside track. 🎥 We just dropped an exclusive threat intelligence briefing from malware analyst Silas Cutler. Get insight into the BeaverTail malware campaign, North Korea’s infiltration of global tech, and more. Watch now. https://censys.com/podcasts-videos/inside-north-korea-cyber-ops-with-silas-cutler
🚨 Launch Alert 🚨Censys just redefined threat hunting. Our new Threat Hunting Module delivers unmatched visibility and context from real-time Internet Intelligence that empowers you to proactively hunt emerging threats. See it in action: https://censys.com/solutions/threat-hunting #cybersecurity #threathunting
CISA's SCuBA reminds us: strong government cloud security starts with strong fundamentals. 🔐 Censys' lead federal solutions engineer calls for a return to basics in a brand new Federal News Network article.
https://federalnewsnetwork.com/commentary/2025/04/securing-federal-cloud-environments-cisa-scuba-reminds-cloud-service-providers-of-the-basics/
The botnets 👾 out there; you just have to know how to grab them. We know how to grab them. Together with @greynoise, we've brought threat hunting to the next level. https://censys.com/blog/hunting-botnets-with-cursorai-greynoise-censys-and-censeye
👀 It has been quite a wild week in the land of CVEs. Get the Censys research team perspective in our latest blog, "Now You CVE, Now You Don't: How the MITRE CVE Program Nearly Went Dark". https://censys.com/blog/now-you-cve-now-you-dont-how-the-cve-program-nearly-went-dark
“Salt Typhoon will happen again unless we make radical changes."
https://censys.com/blog/salt-typhoon-attacks-highlight-need-for-advanced-defenses
🆕 April 10 Advisory: Vulnerability in FortiSwitch Allows Unauthenticated Attackers to Change Admin Passwords [CVE-2024-48887] https://censys.com/advisory/cve-2024-48887
Two critical vulnerabilities have dominated the security conversation this week: Ivanti Connect Secure CVE-2025-22457 and CrushFTP CVE-2025-31161. Censys security researcher Jackson Rolf explains the details of the two flaws and how attackers are exploiting them. Watch here: https://www.youtube.com/watch?v=9DEeWwou7wY
In a brand new blog post, the Censys research team talks about the tactics behind the new Lucid phishing-as-a-service (PhAAS) platform driving the toll scam texting campaigns 📱 https://censys.com/blog/lucid-phishing-platform-drives-toll-scam-campaigns
🔬 New research team updates. See the newest security advisory for this week.
April 1 Advisory: Arbitrary File Read Vulnerability in NAKIVO Backup & Replication Added to CISA KEV https://censys.com/advisory/cve-2024-48248