Censys

What if you’re not just wasting time on false positives… but missing adversaries because they’re running services on nonstandard ports? GreyNoise analysis shows Censys provides a completely different level of visibility. Censys delivers the depth and freshness modern SOCs need, because you can’t defend what you can’t see. https://hubs.ly/Q049vC9w0

🌐 In new research, Censys ARC Principal Security Researcher Andrew Northern shares a technique-based approach to hunting web-delivered malware. This method focuses on behavior, combining HTTP body analysis, signal stacking, and iterative filtering to uncover infrastructure that could go undetected. The result: 42 high-confidence findings from across the observable web, with over 20% confirmed as malicious. This approach uncovered a live XWorm campaign delivered through a compromised medical equipment site. Head to our blog for the Censys infrastructure analysis, indicators of compromise, and practical defense guidance for security teams to take action▶️ https://hubs.ly/Q049tKdy0 #CensysARC

In a follow-up analysis, Censys ARC researcher Emily A. revisits the exposure of industrial control systems (ICS) previously targeted by Iranian threat actors. While overall global exposure has decreased, a positive sign, critical systems still remain exposed. The Censys ARC team encourages operators to remove these interfaces from the public Internet. Read the full analysis: https://hubs.ly/Q0498Jpk0 #CensysARC

Today, Censys announced $70 million in new Series D and debt financing led by Morgan Stanley Investment Management, with participation from Decibel Partners, Greylock Partners, GV (Google Ventures), Intel Capital, and others, to accelerate our Internet Intelligence platform and the next generation of AI-driven security workflows. AI is accelerating both sides—attackers and defenders. But AI is only as effective as the data behind it. Security teams need better data. That’s where Censys comes in. We provide first-party, real-time visibility into global Internet infrastructure—giving security teams the ground truth they need. Full release here: https://hubs.ly/Q0490G1C0

“Companies should worry about outdated and shadow technology that has been connected to the internet. In addition, they should actively scan for known vulnerable cameras and devices in their networks.” Censys ARC Principal Security Researcher 💻 Silas Cutler spoke with Dark Reading's Robert Lemos on recent exploitations of internet-connected cameras. For security teams, it comes back to visibility: understanding what’s exposed, what’s vulnerable, and what shouldn’t be there in the first place. Read the full coverage: https://hubs.ly/Q048GdKM0 #CensysARC

⌨️ In new research, Censys ARC™ Principal Security Researcher Andrew Northern dissects a 𝗽𝗿𝗲𝘃𝗶𝗼𝘂𝘀𝗹𝘆 𝘂𝗻𝗱𝗼𝗰𝘂𝗺𝗲𝗻𝘁𝗲𝗱 𝗺𝗮𝗹𝘄𝗮𝗿𝗲 “𝗖𝗧𝗥𝗟.” The toolkit combines credential phishing, keylogging, RDP hijacking, and reverse tunneling. All delivered through a single malicious LNK file. At the time of analysis, it was still active, running on newly registered infrastructure, and absent from public threat intelligence sources, suggesting a privately developed toolkit not yet in broad circulation. The Censys ARC blog breaks down how it works, what to look for, and how defenders can respond. Read the full analysis: https://hubs.ly/Q048CNRJ0 #CensysARC

𝟭,𝟱𝟬𝟬+ 𝗦𝗨𝗕𝗦𝗖𝗥𝗜𝗕𝗘𝗥𝗦 𝗜𝗡 𝗧𝗛𝗘 𝗙𝗜𝗥𝗦𝗧 𝟮𝟰 𝗛𝗢𝗨𝗥𝗦. We think this points to something simple: Security teams are looking for signal, not more noise. So we built a brief from what we see across the Internet: →What’s exposed →What’s exploitable →What’s worth investigating Plus detection fingerprints and research from the Censys ARC™ team. If you want a clearer picture of what’s actually happening on the Internet: Subscribe here: https://hubs.ly/Q048xhDQ0

🚨 Critical vulnerability: CVE-2026-3055 (CVSS 9.3) affects Citrix NetScaler ADC and Gateway. This unauthenticated out-of-bounds read vulnerability requires no user interaction and can be exploited when the appliance is configured as a SAML Identity Provider (IDP). 𝗖𝗲𝗻𝘀𝘆𝘀 𝗼𝗯𝘀𝗲𝗿𝘃𝗲𝘀 𝟭𝟳𝟯𝗞 𝗲𝘅𝗽𝗼𝘀𝗲𝗱 𝗪𝗲𝗯 𝗣𝗿𝗼𝗽𝗲𝗿𝘁𝗶𝗲𝘀. An attacker could read sensitive memory contents remotely. No active exploitation observed (as of disclosure) 🛠️ Patches are available — remediation is strongly recommended. ▶️ Full advisory: https://hubs.ly/Q048v76k0 #CensysARC #CVE20263055

𝗧𝗛𝗘 𝗜𝗡𝗧𝗘𝗟 𝗔𝗨𝗧𝗛𝗢𝗥𝗜𝗧𝗬 A Censys Newsletter - Now on LinkedIn Censys provides real-time visibility into the Internet—and the insights to act quickly. Each month, we’ll share: 🔸 Censys ARC research built on the world’s most accurate Internet map 🔸 Product updates to help you uncover risk faster 🔸 Events, insights, and news 🗞️ Read the first edition + don't forget to subscribe

TODAY at #RSAC: the research community takes the stage. Don’t miss these discussions from Alex Pinto Associate Director of Threat Intelligence, Verizon Business DBIR, and Robert Lee CEO & Founder, Dragos, Inc., two leaders shaping how we understand real-world threats. Visibility into data has never been more important. ▶️Verizon: Standards and Techniques for Registering and Quantifying Incident Data [BOF1-W08] https://hubs.ly/Q0486vwD0 ▶️Dragos: The OT/ICS Threat Landscape: New Insights from the Dragos Year in Review [CIT-W08] https://hubs.ly/Q0486R_j0