🚨 An unpatched zero-day vulnerability in AsyncOS, the operating system used by Cisco Secure Email Gateway (ESA), allows unauthenticated remote compromise. 🔴 CVSS 10 🔴 Actively exploited in the wild 🔴 No patch available at time of posting — Cisco recommends applying

Some unusual #CobaltStrike activity we observed at Censys before the holiday. At the start of December, we saw a spike in CobaltStrike in AS138415 followed by a matching spike two days after on AS133199. Report: censys.com/blog/recap-of-…

🚨 MongoBleed (CVE-2025-14847) MongoDB w/ zlib enabled (default) may leak uninitialized heap memory to unauthenticated attackers, risking credentials & tokens. 📌 Censys sees 87K+ potentially vulnerable instances. ✅ Patch: 8.2.3+, 8.0.17+, 7.0.28+, 6.0.27+, 5.0.32+, 4.4.30+ 🔗

Censys is observing a notable drop in responsiveness from previously reachable hosts in Iran, consistent with reports of an infrastructure-level outage. We’re seeing this across both IPv4 and IPv6. 📌 For background on what we’ve observed in previous Iran outages:

Wrote up ErrTraffic, a ClickFix panel that corrupts your screen with garbage characters so you believe something's broken. Honestly, the visual chaos stuff is clever. The rest is standard: token downloads, bot detection, CIS blocklist. censys.com/blog/errtraffi…

Incredible work from Andrew, check out his research on Web Injections Living Off the Web

🔎 NEW CENSYS RESEARCH: The SOCKS protocol is the 15th most observed protocol on the Internet. It’s notorious for its ability to mask the true origin of a connection by proxying client traffic to arbitrary servers. Our research team took a closer look at the scan data to

🐀 AsyncRAT is an open-source .NET remote access trojan (RAT) with extensive credential theft capabilities and persistent access mechanisms. Our latest research uncovers methods for detecting AsyncRAT threats and analyzes what these indicators tell us about how they’re configured

New research dropped today showing how prolific AsyncRAT is, how to hunt for it in Censys, and how to extract the config and validate that it’s actually AsyncRAT. 👇👇👇

I wrote up a quick overview of what we are seeing at Censys on OpenClaw🦞 deployments in the wild. censys.com/blog/openclaw-…

💬 New Censys research analyzes an emerging threat that uses fake (but convincing) German-language voicemail messages to convince victims to unknowingly enroll their device into an attacker-controlled environment. 🤝 Attacks like these highlight the effectiveness of a

Motivated by Moonlock Lab’s recent findings on ClickFix attacks surfacing via Google Search results and even LLMs 🤯, I’ve added basic protection against most of these attacks to BlockBlock 🍎🛡️ Read: “ClickFix: Stopped at ⌘+V” objective-see.org/blog/blog_0x85…

🌏 Vshell is a mature post exploitation tool that follows the same logical structure as Cobalt Strike. However, its use of Mandarin Chinese makes it a popular alternative for native speaking adversaries. Learn how it works and what defenders need to know to protect themselves in

🔎 ResidentBat is Belarus KGB Android spyware (RSF Dec 2025) targeting journalists and civil society. The Censys Threat Module surfaces ResidentBat C2 by self-signed CN=server + banner hash. Install requires physical access + ADB. Defenders: use the Platform to hunt and block

vshell😂 censys.com/blog/vshell/

Dropped a quick primer on NetSupport, what it is, how it’s abused, and what functionality it has.

🚨 New Malware Alert I'm extremely proud to share a new report by yours truly. censys.com/blog/under-ctr…

🪶Censys ARC has identified a new threat campaign: BrewJack Key findings: • Non-traditional network transport • C2 over IPoAC (RFC 2549) Full advisory: hubs.ly/Q049fHXY0 #CensysARC #BrewJack