#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
AWS EKS Security Best Practices

IP Scanning | Breaking Cybersecurity News | The Hacker News

Category — IP Scanning
MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted

MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted

Jun 27, 2025 Network Security / Vulnerability
Threat intelligence firm GreyNoise is warning of a "notable surge" in scanning activity targeting Progress MOVEit Transfer systems starting May 27, 2025—suggesting that attackers may be preparing for another mass exploitation campaign or probing for unpatched systems. MOVEit Transfer is a popular managed file transfer solution used by businesses and government agencies to share sensitive data securely. Because it often handles high-value information, it has become a favorite target for attackers.  "Prior to this date, scanning was minimal — typically fewer than 10 IPs observed per day," the company said . "But on May 27, that number spiked to over 100 unique IPs, followed by 319 IPs on May 28." Since then, daily scanner IP volume has remained intermittently elevated between 200 to 300 IPs per day, GreyNoise added, stating it marks a "significant deviation" from usual behavior. As many as 682 unique IPs have been flagged in connection with th...
Nearly 24,000 IPs Target PAN-OS GlobalProtect in Coordinated Login Scan Campaign

Nearly 24,000 IPs Target PAN-OS GlobalProtect in Coordinated Login Scan Campaign

Apr 01, 2025 Network Security / Vulnerability
Cybersecurity researchers are warning of a spike in suspicious login scanning activity targeting Palo Alto Networks PAN-OS GlobalProtect gateways, with nearly 24,000 unique IP addresses attempting to access these portals. "This pattern suggests a coordinated effort to probe network defenses and identify exposed or vulnerable systems, potentially as a precursor to targeted exploitation," threat intelligence firm GreyNoise said . The surge is said to have commenced on March 17, 2025, sustaining at nearly 20,000 unique IP addresses per day before dropping off on March 26. At its peak, 23,958 unique IP addresses are estimated to have participated in the activity. Of these, only a smaller subset of 154 IP addresses has been flagged as malicious. The United States and Canada have emerged as the top sources of traffic, followed by Finland, the Netherlands, and Russia. The activity has primarily targeted systems in the United States, the United Kingdom, Ireland, Russia, and Sin...
Expert Insights Articles Videos
Cybersecurity Resources