logo

Censys Blog

ID: 5bae04de-fe6e-513e-9a84-dae21a4b3734

STIX ID: identity--5bae04de-fe6e-513e-9a84-dae21a4b3734

Feed Type: skeleton

Earliest post: 2019-01-08

Latest post: 2026-03-04

The Censys blog shares research and insights on internet-wide threat visibility, attack surface management, and cybersecurity trends.

01/01/2020
06/04/2026
Title Date Published Describes IncidentAuthorVisible
MCP Servers on the Internet2026-05-27TrueTrue
The Ultimate Guide to Detection Engineering with Censys2026-05-12TrueTrue
Password Manager Infrastructure in the Wild: Surveying Prevalence, Internet Footprint, and Exposure2026-05-06TrueTrue
Microsoft: DigiCert Root Certificates Are Malware? Censys in SOC Triage2026-05-04TrueTrue
The cPanel Situation Is…2026-05-01TrueTrue
Oluomo: Microsoft OAuth AiTM Phishing Using a Naturalization-Form Lure2026-04-22TrueTrue
Beyond The Alert: Smarter and Faster IAM Triage with Censys2026-04-17TrueTrue
Rhadamanthys and the Limits of Private Sector Operations2026-04-15TrueTrue
Iranian-Affiliated APT Targeting of Rockwell/Allen-Bradley PLCs2026-04-08TrueTrue
Hackers Are Attempting to Turn ComfyUI Servers Into a Cryptomining Proxy Botnet2026-04-06TrueTrue
Cutting Through the Noise: A Technique-Based Approach to Hunting Web-Delivered Malware2026-04-02TrueTrue
BrewJack: Censys Researchers Uncover First Malware Campaign Targeting IP over Avian Carriers2026-04-01TrueTrue
ICS & Iran, Part 2: Revisiting Exposure of Previously Targeted Devices2026-03-30TrueTrue
Under CTRL: Dissecting a Previously Undocumented Russian .Net Access Framework2026-03-27TrueTrue
Exposure Brief: Iranian-Linked Wiper Attack on Global Medtech Firm Stryker2026-03-17TrueTrue
NetSupport Manager: Tracking Dual-Use Remote Administration Infrastructure2026-03-12TrueTrue
Hunting Cameras in the Dark: Finding Internet Cameras Before Adversaries Do2026-03-10TrueTrue
ResidentBat: Belarusian KGB Android Spyware at Internet Scale2026-02-24TrueKate Lake; Aidan Holland; Senior Security ResearcherTrue
Vshell: A Chinese-Language Alternative to Cobalt Strike2026-02-24TrueKate Lake; Silas Cutler; Principal Security ResearcherTrue
Odyssey Stealer: Inside a macOS Crypto-Stealing Operation2026-02-11TrueIvonne Francia; Aidan Holland; Senior Security ResearcherTrue
Malicious Notepad++ Network Infrastructure2026-02-03TrueIvonne Francia; The Censys Research TeamTrue
Hiding in Plain Sight: Tracking Bulletproof Hosting and Abused RDP Infrastructure2026-02-03TrueIvonne Francia; Himaja MotheramTrue
Voicemail Trap: German-Language Voicemail Lure Leads to Remote Access2026-02-02TrueIvonne FranciaTrue
AsyncRAT C2 Activity at Internet Scale2026-01-29TrueAndrew Northern; Principal Security ResearcherTrue
Living Off the Web: How Trust Infrastructure Became a Malware Delivery Interface2026-01-22TrueAndrew Northern; Principal Security ResearcherTrue
ErrTraffic: Inside a GlitchFix Attack Panel2026-01-20TrueAidan Holland; Senior Security ResearcherTrue
Unauthenticated Message Queues are a Problem2026-01-06TrueMark Ellzey; Senior Security ResearcherTrue
Recap of a Suspicious Surge in Cobalt Strike2025-12-23TrueMark Ellzey; Senior Security ResearcherTrue
Investigating the Infrastructure Behind DDoSia's Attacks2025-12-15TrueSilas Cutler; Principal Security ResearcherTrue
Using Cobalt Strike to Find (More) Cobalt Strike2025-12-01TrueMark Ellzey; Senior Security ResearcherTrue
EtherHiding: Fake CAPTCHAs, Click-Fix Lures, and Blockchain-Backed Payload Delivery2025-11-21TrueAndrew Northern; Principal Security ResearcherTrue
Censys Threat Overview: Mapping Remcos C2 Activity at Internet Scale2025-11-14TrueAndrew Northern; Principal Security ResearcherTrue
Who's Knocking on Your Door? An Analysis of Exposed Services and Their Risks2025-11-07TrueJean Pierre Ruiz Ocampo; Jonas GyllenhammarTrue
From Evasion to Evidence: Exploiting the Funneling Behavior of Injects2025-11-03TrueJean Pierre Ruiz Ocampo; Andrew Northern; Principal Security ResearcherTrue
Unpacking the Oracle EBS Debacle: Industries, Geography, and MOVEit Comparisons2025-10-23TrueIvonne Francia; Emily AustinTrue
Disallow: /security-research? Crypto Phishing Sites' Failed Attempt to Block Investigators2025-09-29TrueIvonne Francia; Emily AustinTrue
Ollama Drama: Investigating the Prevalence of Ollama Open Instances with Censys2025-09-24TrueIvonne Francia; The Censys Research TeamTrue
A Look at PolarEdge Adjacent Infrastructure2025-09-23TrueIvonne Francia; The Censys Research TeamTrue
Internet Archaeology: A Decade of Defaced Routers?2025-09-03TrueIvonne Francia; Emily AustinTrue
A look at PolarEdge Adjacent Infrastructure2025-08-28TrueJean Pierre Ruiz Ocampo; The Censys Research TeamTrue
2025 State of the Internet Report: Summary and Conclusions2025-08-25TrueIvonne Francia; The Censys Research TeamTrue
2025 State of the Internet: Digging into Residential Proxy Infrastructure2025-08-14TrueJean Pierre Ruiz Ocampo; The Censys Research TeamTrue
2025 State of the Internet: C2 Time to Live2025-08-06TrueIvonne Francia; Ariana Mirian; Senior Security ResearcherTrue
Using the Censys API for Advanced Threat Hunting2025-08-04TrueIvonne Francia; Mark Ellzey; Senior Security ResearcherTrue
2025 State of the Internet: Malware Investigations2025-07-30TrueJean Pierre Ruiz Ocampo; Silas Cutler; Principal Security ResearcherTrue
2025 State of the Internet: Notable Incidents2025-07-24TrueIvonne Francia; Silas Cutler; Principal Security ResearcherTrue
ICS and Iran: Exposure of Previously Targeted Devices2025-06-30TrueIvonne Francia; Emily AustinTrue
Poking at the Flodrix Botnet2025-06-19TrueIvonne Francia; Mark Ellzey; Senior Security ResearcherTrue
Unmasking the Infrastructure of a Spearphishing Campaign2025-06-10TrueIvonne Francia; Mark Ellzey; Senior Security ResearcherTrue
Turning Off the (Information) Flow: Working With the EPA to Secure Hundreds of Exposed Water HMIs2025-06-05TrueIvonne Francia; The Censys Research TeamTrue

1–50 of 174

Built by the dogesec team. Copyright 2026.