🏁 La nouvelle année est déjà entamée, c’est le moment de revenir sur 2025 et de lister ce que nous avons fait chez @onyphe.io. C’est également le moment de parler des évolutions à venir. Et c’est encore une fois ambitieux, comme chaque année chez nous:
blog.onyphe.io/rtrospective...
📣 UPDATE: now scanning 2,600+ ports, weekly refresh.
📣 We have added a new #vulnerability detection to our #ASM #AttackSurfaceManagement solution for #n8n product:
CVE-2026-21858: unauthenticated remote code execution #Ni8mare
search.onyphe.io/search?q=cat...
📣 We have added a new #vulnerability detection to our #ASM #AttackSurfaceManagement solution for #SmarterMail product:
CVE-2025-52691: remote unauthenticated file upload & overwrite
search.onyphe.io/search?q=cat...
📣 UPDATE: new vulnerable IPs count is ~100K. Our first request was not the most suited one and was updated.
👍 That's why it's important for organizations to communicate on such critical issues: it helps everyone improve for the greater good.
📣 ANNOUNCEMENT: we have reached the 2,100+ scanned ports milestone, at Internet scale with a weekly refresh rate.
Next step: 5,000+ ports, weekly refresh. Then 10,000 by end of next year.
We will be the competitor number 1 to @censys.bsky.social in 2026.
#ASM #CTI #ASD
📣 We have added a new #vulnerability detection to our #ASM #AttackSurfaceManagement solution for #MongoDB product:
CVE-2025-14847: remote unauthenticated memory reading #MongoBleed
search.onyphe.io/search?q=cat...
📣 We have added a new #vulnerability detection to our #ASM #AttackSurfaceManagement solution for #WatchGuard Firebox:
CVE-2025-14733: unauthenticated remote code execution through out of bound writes
No one has patched yet, everyone is vulnerable.
For personal use I added a "geolocus" tool to a Deno-based MCP server (that has alot of random tools/functions in it).
It's been useful enough that I started extracting it to a standalone geolocus MCP server I shld be able to release in a couple days.
The @onyphe.io folks are super rad.
📣 We have added a new #vulnerability detection to our #ASM #AttackSurfaceManagement solution for #Ivanti product:
CVE-2025-4427+CVE-2025-4428 unauth RCE
search.onyphe.io/search?q=cat...
Thanks to watchTowr for detection method.
The image shows a block of structured JSON data displayed on a dark background. The JSON object has the following top-level structure: • abuse: A list of four email addresses related to reporting abuse at Amazon and AWS: • amzn-noc-contact@amazon.com • aws-routing-poc@amazon.com • aws-rpki-routing-poc@amazon.com • trustandsafety@support.aws.com • asn: "AS14618" (This is Amazon’s autonomous system number.) • continent: "NA" (North America) • continentname: "North America" • country: "US" (United States) • countryname: "United States" • domain: A list of three domains: • amazon.com • amazonaws.com • aws.com • ip: "3.215.138.152" (The specific IP address being described.) • isineu: 0 (Indicates whether the IP is in the European Union — 0 means no.) • latitude: "37.09024" • longitude: "-95.712891" • location: "37.09024, -95.712891" • netname: "AMAZON-IAD" (The name of the network.) • organization: "Amazon Data Services NoVa" • physical_asn: "AS14618" • physical_continent: "NA" • physical_continentname: "North America" • physical_country: "US" • physical_countryname: "United States" • physical_isineu: 0 • physical_latitude: "37.09024" • physical_longitude: "-95.712891" • physical_location: "37.09024, -95.712891" • physical_organization: "Amazon.com, Inc." • physical_subnet: "3.208.0.0/12" • physical_timezone: "America/Chicago" • subnet: "3.208.0.0/12" • timezone: "America/Chicago"
Usage # Download the latest Geolocus database geolocus-cli download # Look up IPs from a file geolocus-cli lookup -i ips.txt -o results.json # Process IPs from stdin and output to stdout cat ips.txt | geolocus-cli lookup # Output in CSV format geolocus-cli lookup -i ips.txt -f csv -o results.csv # Output in JSONL format (one JSON object per line) geolocus-cli lookup -i ips.txt -f jsonl -o results.jsonl # Disable session caching geolocus-cli lookup -i ips.txt --no-cache Command-line Options Commands: download Download a fresh copy of the geolocus.mmdb database lookup Lookup and enrich IP addresses from a file or stdin Options: -h, --help Show help information -i, --input <file> Input file containing IP addresses (one per line) -o, --output <file> Output file for results (defaults to stdout) -f, --format <format> Output format: json, csv, or jsonl (default: json) --no-cache Disable IP caching for the current session
ONYPHE has a super cool geolocus MMDB — https://www.geolocus.io/ — that gets updated daily and has network-level metadata for IP addresses (ref first image JSON).
Since it's way more efficient to use this than their API, I built a cross-platform CLI tool for […]
[Original post on mastodon.social]
New geolocus-cli For ONYPHE’s Geolocus Database
ONYPHE has made available a free API and free MMDB download of their new Geolocus database. It provided IP address metadata in the form of: { "abuse": [ "amzn-noc-contact@amazon.com", "aws-routing-poc@amazon.com", "aws-rpki-routing…
#hackernews #news
The recovery continues, but things are not yet back to normal
Things are not yet getting better in Spain and Portugal. General downward trend and some visible instability in the remaining networks that are reachable.
#PowerOutage
A chart showing Internet scan data plots for three countries; Spain, Portugal and France. The three lines are stable, with minor variations from 09:00 to 12:30. At 12:30 the lines for Spain and Portugal drop almost vertically to roughly 50% of their original levels. The line for France continues as for the start of the day. The lines for Spain and Portugal have not returned to their original levels.
The electrical power outage in Spain and Portugal as seen from the Internet (France included for reference)
ERRATUM: the CVSS was given, it is a 9.8
#CVE-2025-32432 #0day #CraftCMS discovered by Orange Cyberdefense
💥Unauthenticated Remote Code Execution. No CVSS yet, we suggest to give it a 10
📌40,000 IP addresses representing over 37,000 domain names exposed, 12,168 unique domains vulnerable
Blog:
blog.onyphe.io/en/cve-2025-...
UPDATE: our scan has finished, near 22,000 devices are compromised.
💥Méthode de détection de la #backdoor #symlink sur #fortinet
"nous sommes prêts à la partager, en privé"
Plus de 18,000 équipements compromis
Lire l'article : blog.onyphe.io/backdoor-sym...
💥Detection method for #symlink #backdoor on #fortinet
"we are willing to share it, privately"
More than 18k devices compromised
Read more: blog.onyphe.io/en/symlink-b...
Time to search for a decentralized way to deal with vulnerability identifiers.
You're nice to us, thank you for saying we are honorable ☺️
Many thanks :)
And there's an #RStats package for it—now.
codeberg.org/hrbrmstr/geo...
❓Ever wanted to have an IP geolocation database with 2 locations, one physical for the device and one logical from whois data?
👉We provide a free MMDB file for download and a brand new Website for lookups & even a free API access:
www.geolocus.io
👓La Cyber-revue à bas bruit est de retour ! L'alpha et l'oméga de cette édition : les zero days. C'est... surprenant 😇
Et aussi un podcast (coucou @nolimitsecu.bsky.social), des chiffres passionnants d' @onyphe.io et de La tech est politique et sa nouvelle rubrique.
www.linkedin.com/pulse/zero-d...
The latest version of our cli tool has been released. Get v4.19.0 and find wrappers with sweet new APIs inside.
Available here ➡️
search.onyphe.io/docs/onyphe-...
or here 🐳 hub.docker.com/r/onyphe/ony...
or even here 🥷 metacpan.org/dist/Onyphe
💥 Great news 💥
#ASD #AttackSurfaceDiscovery APIs are on their way to general availability.
It will never be as easy to create an asset inventory for any organization attack surface #EASM
Backed by 10th of billions of informations we collect.
📣 Meet Thomas Damonneville - our founder - at the #M3AAWG organized by the Messaging, Malware, Mobile Anti-Abuse Working Group in Lisbon next week for his presentation entitled: “Hunting for phishing URLs, kits and business”.
👋 In partnership with Signal Spam
#phishing #phishingkit #cybersecurity
