ColdFusion++ Christmas Campaign: Catching a Coordinated Callback Calamity
ID: d972bca9-8a4d-576d-ad64-b3ba0555f79b
STIX ID: report--d972bca9-8a4d-576d-ad64-b3ba0555f79b
Feed Name: GreyNoise Labs
**Executive summary:** GreyNoise observed a coordinated ColdFusion exploitation campaign peaking on December 25, 2025, primarily from two CTG Server Limited IPs (134.122.136.119, 134.122.136.96) that systematically targeted 10+ ColdFusion CVEs using JNDI/WDDX deserialization and ProjectDiscovery Interactsh OAST callbacks; the report includes IoCs, JA4 fingerprints, attack timelines, and an expanded analysis showing ~2.5 million requests targeting 767 CVEs across 47+ technology stacks, indicating large-scale automated reconnaissance and probable initial-access brokerage.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.