Just launched: 𝐂𝐞𝐧𝐬𝐲𝐬 𝐀𝐬𝐬𝐢𝐬𝐭𝐚𝐧𝐭 𝐢𝐧 𝐀𝐒𝐌
Ask it anything about your attack surface in natural language.
Learn more: https://docs.censys.com/docs/asm-censys-assistant #AttackSurfaceManagement #CISO
As of April 2026, Censys observes nearly 6M Internet-facing FTP services. Many show no evidence of encryption.
Intercepted traffic can expose usernames, PWs & sensitive data.
Question worth asking your IT team: is FTP running, and if so, is it encrypted? https://censys.com/blog/ftp-exposure-brief/
What if you could ask researchers about threats in real time?
Introducing Censys ARC Flash - short briefings & live Q&A
Starts April 29
Secure your spot: https://bit.ly/4cmDWKc
#CensysARC
Most SOCs rely on incomplete signals, leading to slower triage & missed risk.
Censys Reputation Score changes that:
• Built on real-time global Internet visibility
• Clearer, defensible risk signal
• Accelerated investigation
➡️ censys.com/blog/reputation-score-in...
MSSP Alert covers how Censys is embedding real-time Internet context and risk scoring directly into SOC workflows—closing the visibility gap that slows investigations.
Read the full article: https://bit.ly/422RYf5
Announcing new capabilities allowing SOCs to move faster. Real-time authoritative Internet context delivered directly into workflows with:
✔️Real-Time Internet Context
✔️Real-Time Adversary Infrastructure Intelligence
✔️Reputation-Based Risk Scoring
✔️Expanded Intelligence
censys.com/blog/censys-...
Censys researchers warned that thousands of devices are exposed to the Iranian government’s campaign targeting energy, water, and U.S. government services and facilities.
via @mattkapko.com www.youtube.com/watch?v=Qe87... | cyberscoop.com/iran-attacke...
🌐 In new research, Censys ARC Principal Security Researcher Andrew Northern shares a technique-based approach to hunting web-delivered malware.
Read for Censys infrastructure analysis, indicators of compromise & practical defense guidance for security teams censys.com/blog/techniq...
Under CTRL: Dissecting a Previously Undocumented Russian .Net Access Framework
Censys
censys.com/blog/under-c...
@censys.bsky.social
Censys raises &70M in strategic funding
Today, we announced $70m in Series D & debt financing to accelerate our Internet Intelligence platform and the next generation of AI-driven security workflows.
We provide first-party, real-time visibility into global Internet infrastructure.
censys.com/blog/70-mill...
⌨️ New from #CensysARC:
Previously undocumented “𝗖𝗧𝗥𝗟” .NET access framework — combining phishing, keylogging, RDP hijacking, and reverse tunneling.
Active infra. No public intel.
censys.com/blog/under-c...
🚨CVE-2026-3055 (CVSS 9.3) Unauth OOB read in Citrix NetScaler (SAML IDP)
🔎 #CensysARC observes 173K exposed Web Properties
⚠️ Attackers could read sensitive memory contents
🛠️ Patch now https://censys.com/advisory/cve-2026-3055/
Cyberattacks on healthcare don’t just hit data - they disrupt operations.
An attack on Stryker (claimed by Iran-linked group #Handala) impacted manufacturing and shipping. www.securityweek.com/iranian-hack...
Protecting healthcare systems starts with visibility: www.censys.com/blog/state-o...
We have introduced additional fingerprints for various remote monitoring and management (RMM) tools, as well as enhanced protocol and application scanners. For more info, please visit: docs.censys.com/changelog
Stay informed by subscribing to our updates via RSS: docs.censys.com/changelog.rss
🚨Critical: CVE-2026-22557 CVSS 10.0 unauthenticated remote path traversal vulnerability in Ubiquiti UniFi Network Application
⚠️ Attacker could access and manipulate system files w/potential for account takeover
🔎 Censys sees 87,196 exposed hosts
🛠️ Patches immediately censys.com/advisory/cve...
Censys map of Critical vulnerability: CVE-2026-32746 is a pre-authentication remote code execution (RCE) in the telnet daemon
Critical vulnerability: CVE-2026-32746 is a pre-authentication remote code execution (RCE) in the telnet daemon
🛠️ Affects GNU Inetutils telnetd through version 2.7
🔎 Censys sees ~3,362 exposed hosts
🔴 Exploitation could grant an attacker control of the host
censys.com/advisory/cve... #CVE202632746
Exposure Brief: Iranian-linked Wiper Attack on Global Medtech Firm Stryker March 2026 The Censys ARC team analyzed the cyberattack attributed to the Iran-linked group Handala. The attack reportedly wiped systems across Stryker’s global Windows environment. Manufacturing operations were disrupted.
New Censys ARC™ Exposure Brief examines cyberattack on Stryker attributed to the Iran-linked group #Handala.
Censys observed ~2,000 internet-facing hosts tied to the company, including 150+ login interfaces — illustrating how complex enterprise attack surfaces can be.
censys.com/blog/iranian...
Screenshot of Censys data in ChatGPT
If your SIEM runs on patchwork enrichment and stale Internet context, AI just produces faster delusions.
First-party Internet visibility is the missing layer.
Censys brings the Internet intelligence layer that helps your AI SOC succeed. More ➡️https://censys.com/blog/what-ai-is-missing-modern-soc/
A dark-themed slide shows a table summarizing the internet exposure of four device types targeted by Iranian threat actors, comparing counts from January 2025 to June 2025 and showing the percentage change. Unitronics, Red Lion, and Tridium Niagara all increased in exposure, while Orpak SiteOmat decreased by nearly 25%.
Multiple US gov agencies have warned orgs to stay vigilant for potential Iran-affiliated cyber activity. We studied exposure of 4 vendors previously known to be of interest to IR-affiliated groups.
Read more: censys.com/blog/ics-ira...
Screenshot of dashboard depicting Censys observed host counts in Iran from June 16 through June 23
🔌 #Iran Internet #Outage Update
----
June 21 marked lowest visibility—but signs of recovery.
📉 Some networks (e.g., DATAK, HAMYAR-AS) remain unstable.
📈 Others (e.g., RESPINA-AS, MOBINNET-AS) are bouncing back strong.
View at #Censys: censys.com/blog/irans-i...
Screenshot of a terminal with white text on black background, showing results of the "showmount -a" command on an IP address
🔍 We looked at the C2 server associated with the Flodrix botnet and used an internet-exposed RPC service to uncover a world-readable NFS mount and 745 compromised hosts!
👀 censys.com/blog/poking-...
Two line graphs depicting scan error and success rates for Iran. Around 12pm UTC on June 18, the bottom graph depicts a sharp increase in scan error rates, while the top depicts a complementary decrease in scan success rates
Around 12PM UTC on June 18, scan error rates in Iran surged to nearly 100%, indicating a sudden, nationwide outage affecting almost all services. Systems that were previously reachable are now timing out or rejecting connections.
Hey there, sorry to hear you're having a problem with your account. Make a post about your issue in our Community forum and we'll try to help! community.censys.com
Screenshot of Censys Platform
We used the new Censys Threat Hunting Module to investigate a Colombian threat actor, uncovering a series of remote access trojan (RAT) C2 servers.
We also show how to use this information to create a set of IOCs for defensive measures: censys.com/blog/unmaski...
A defining moment for Censys - We are excited to announce that the Threat Hunting Module in the new Censys Platform is now #GA!
www.censys.com/blog/interne...
Great research. They found 400 web-based HMIs for US water facilities exposed online. All used same HMI/SCADA software. Some required credentials to access, some were in read-only mode and couldn't be manipulated. But 40 systems didn't require authentication and were fully controllable via internet
In October 2024, Censys researchers discovered ~400 U.S. water facility web-based HMIs exposed online. Within a month of sharing data with the EPA and the vendor, 58% of systems were protected. Read more here: censys.com/blog/turning...
Thousands of compromised ASUS routers are being co-opted into a volatile but persistent botnet. Our latest blog takes IoCs from @greynoise.io and breaks down how the AyySSHush campaign has evolved over the past 5 months — and what makes it stand out: censys.com/blog/trackin...
Trend Micro recently uncovered a campaign abusing TikTok to distribute malware via AI-generated videos, tricking users into installing infostealers. Using IOCs provided by Trend Micro, we found more related infrastructure, including a newer bulletproof service provider: censys.com/blog/tiktok-...
