The Untold Stories: North Korean Hacks, Exploited Vulnerabilities & Cybersecurity Legends
Storm Watch by GreyNoise Intelligence
Release Date: 02/18/2025
Cyber Threat Showdown: TikTok Malware, Exploit Scoring Wars & Real-World Attacks
Storm Watch by GreyNoise Intelligence
Forecast = Stormy with a chance of TikTok malware showers—exploit scoring systems hot, but patch management outlook remains partly cloudy. Welcome to Storm⚡️Watch! In this episode, we’re diving into the current state of cyber weather with a mix of news, analysis, and practical insights. This week, we tackle a fundamental question: are all exploit scoring systems bad, or are some actually useful? We break down the major frameworks: **CVSS (Common Vulnerability Scoring System):** The industry standard for assessing vulnerability severity, CVSS uses base, temporal, and environmental...
info_outline
ASUS Router Botnet Attack: AI Uncovers Hidden Backdoor
Storm Watch by GreyNoise Intelligence
Forecast = Mostly cloudy with a chance of rogue SSH access—keep your patches up to avoid a phishy forecast! Welcome to Storm⚡️Watch, where we unpack the latest in cybersecurity threats, research, and the tools that keep the digital world safe. In this episode, we invite GreyNoise Security Architect and researcher Matthew Remacle (a.k.a., Remy) to kick things off with a deep dive into a fascinating and highly sophisticated botnet campaign targeting ASUS routers—a story that starts with a little help from machine learning and ends with some hard lessons for defenders everywhere....
info_outline
AI Layoffs, Bug Bounty Fails & Cyber Workforce Crisis
Storm Watch by GreyNoise Intelligence
Forecast = Expect scattered AI layoffs, a flurry of bogus bug bounties, and a persistent workforce drought-so keep your firewalls up and your résumés handy! On this episode of GreyNoise Storm⚡️Watch, we kick things off with our usual round of introductions before diving into the latest cyber weather and threat landscape. If you’re new here, Storm⚡️Watch is where we break down what’s moving the needle in cybersecurity, spotlighting the people, tools, and trends shaping the field. For , we’re feeling nostalgic and asking: What do you miss most from the Slow Internet days?...
info_outline
Biggest Cybersecurity Threats EXPOSED: Zero-Day Attacks, Chinese Hackers & Enterprise Breaches
Storm Watch by GreyNoise Intelligence
Forecast = Cloudy with a chance of zero-days-watch for Spellbinder storms and scattered Git leaks! On this episode of Storm⚡️Watch, the crew dives into the fast-moving world of vulnerability tracking and threat intelligence, spotlighting how defenders are moving beyond the traditional CVE system to keep pace with real-world attacks. The show kicks off with a look at the latest listener poll, always a source of lively debate, before jumping into some of the most pressing cybersecurity stories of the week. A major focus of this episode is the recent revelation that a China-aligned APT...
info_outline
2025 Cybersecurity Report Breakdown: FBI, Mandiant, GreyNoise, VulnCheck
Storm Watch by GreyNoise Intelligence
Forecast = Scattered phishing attempts with a 90% chance of encrypted clouds. In this episode of Storm⚡️Watch, the crew dissects the evolving vulnerability tracking landscape and the challenges facing defenders as they move beyond the aging CVE system. The show also highlights the rise of sophisticated bot traffic, the expansion of GreyNoise’s Global Observation Grid, and fresh tools from VulnCheck and Censys that are helping security teams stay ahead of real-time threats. In our listener poll this week, we ask: what would you do if you found a USB stick? It’s a classic scenario...
info_outline
CVE Chaos: The Fragmented Future of Vulnerability Tracking, Bad Bots & Real-Time Threat Intel
Storm Watch by GreyNoise Intelligence
Forecast = Prepare for scattered CVEs, rising bot storms, and real-time threat lightning. Keep your digital umbrellas handy! On this episode of Storm⚡️Watch, we’re breaking down the latest shifts in the vulnerability tracking landscape, starting with the ongoing turbulence in the As the MITRE-run CVE system faces funding uncertainty and a potential transition to nonprofit status, the global security community is rapidly adapting. New standards and databases are emerging to fill the gaps—Europe’s ENISA is rolling out the to ensure regional control, while China continues to...
info_outline
Cyber Threat Horizon: InfosecSherpa Interview, Ukraine Drone Malware, & VulnCon Recap
Storm Watch by GreyNoise Intelligence
Forecast = Scattered exploits, Mirai storms brewing, and rogue drones dropping malware over Russia. Keep your firewalls up—a vulnerability front is rolling in fast! On this episode of Storm⚡️Watch, we’re bringing you a packed episode that covers the latest in cyber threat intelligence, industry news, and a few stories you won’t want to miss. We kick things off with our usual round of introductions and a quick look at the cyber weather, setting the stage for what’s happening across the threat landscape. In our first segment, Tod shares his wrap-up from , highlighting the...
info_outline
2025 Cyber Breakdown: CrushFTP Chaos, NVD Crisis & North Korean Threats
Storm Watch by GreyNoise Intelligence
Forecast: Patchy with a 32% backlog surge, CVE squalls causing auth bypass showers, and Lazarus fronts looming—keep your threat umbrellas handy!" 🌩️☔ We’re kicking things off with a deep dive into the chaotic world of CVEs. The vulnerability saga is a case study in how bureaucracy can collide with real-world threats. When a critical auth bypass flaw emerged in March 2025, patches rolled out quickly, but the CVE process stumbled—two different identifiers (CVE-2025-2825 and CVE-2025-31161) were assigned by competing firms, VulnCheck and Outpost24. The resulting confusion left...
info_outline
Cybercrime Evolution: Robot Dog Backdoors & Mob's Digital Takeover
Storm Watch by GreyNoise Intelligence
Forecast = Cloudy with a chance of cyber meatballs. We're not fooling around in this episode of Storm⚡️Watch! The show kicks off with some positive news about the returning to full operations following a cyberattack. This is followed by important information for VMware users regarding Broadcom's significant licensing changes effective April 10, including an increase in minimum core requirements from 16 to 72 cores per command line and a new 20% penalty for late subscription renewals that will be applied retroactively. The crew then reviews results from their recent poll asking...
info_outline
OpenAI 'Attack' Debunked: The Real Threat Lurking in Third-Party Wrappers
Storm Watch by GreyNoise Intelligence
Forecast: Cloudy with a chance of SSRF attacks. OpenAI's skies clear, but third-party wrappers bring storms. This week’s episode kicks off with a asking listeners which virtual assistant they use—Alexa, Siri, Google Assistant, or none at all due to privacy concerns. The results give us a snapshot of how people feel about these ubiquitous technologies and their trust levels in them. We then tackle the headlines surrounding and the alleged "attack" on its systems. While media outlets are buzzing with claims of vulnerabilities in ChatGPT, the reality is less dramatic. A third-party...
info_outlineForecast: Expect increased malicious activity targeting enterprise network infrastructure and remote work platforms.
In this episode of Storm⚡️Watch, the crew tackles some of the most pressing stories in cybersecurity and tech.
First, we explore the case of Christian Marie Chapman, an Arizona woman who faces federal prison time for orchestrating a scheme that allowed North Korean IT workers to pose as U.S.-based employees. This operation, which generated over $17 million for North Korea, involved Chapman running a "laptop farm" that enabled remote access to U.S. company networks. The scheme not only compromised sensitive company data but also funneled money to North Korea’s weapons programs. This story underscores the critical need for robust identity verification and background checks in hiring processes, especially in remote IT roles, to avoid inadvertently aiding malicious actors.
Next, we discuss GreyNoise's findings on the active exploitation of a high-severity vulnerability in Palo Alto Networks PAN-OS (CVE-2025-0108). This authentication bypass flaw allows attackers to execute unauthorized PHP scripts, posing significant risks to unpatched systems. Organizations are urged to apply security patches immediately and restrict access to firewall management interfaces to mitigate potential breaches. GreyNoise’s real-time intelligence highlights the importance of staying vigilant against evolving threats.
In our featured segment, we sit down with Dennis Fisher, a celebrated journalist with over two decades of experience in cybersecurity reporting. Fisher shares insights from his career, including his work as co-founder of *Threatpost* and Editor-in-Chief at *Decipher*. Known for his analytical approach, Fisher has covered major cybersecurity events and delved into the motivations behind both attackers and defenders. His expertise offers a unique perspective on the complexities of information security.
Finally, we touch on broader issues in vulnerability management and encryption policies. From GreyNoise’s observations of exploitation surges in vulnerabilities like ThinkPHP and ownCloud to Censys’ argument against weakening encryption standards, these discussions emphasize the need for proactive measures and smarter prioritization in cybersecurity strategies. Whether it's patching overlooked vulnerabilities or resisting calls to weaken encryption under the guise of security, staying informed is key to navigating today’s threat landscape.