{"uuid": "ecab605e-7166-417a-9a11-47a5130f679c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-32746", "type": "seen", "source": "https://infosec.exchange/users/greynoise/statuses/116658633906090628", "content": "GreyNoise At The Edge (May 19\u201326, 2026): a week of rented-infrastructure reconnaissance against the internet's edge \u2014 routers, VPN gateways, container planes, and embedded devices, probed in parallel.\n1. A long-running MikroTik RouterOS brute-force operation (VPSVAULT, AS215925) reversed a multi-week decline, adding a second node and climbing back to ~1.9M sessions against TCP/8728.\n2. A fingerprinted Netherlands cluster cataloged Fortinet, Ivanti, Pulse Secure, Sophos, and F5 appliances, running auth-bypass checks including Palo Alto PAN-OS GlobalProtect (CVE-2020-2034).\n3. Telnet dominated volume; low-level probing continued for the tracked GNU telnetd out-of-bounds write watch item CVE-2026-32746 (CVSS 9.8).\n4. Kubernetes and Docker control-plane recon now runs from a compromised consumer broadband host.\nThe infrastructure rotates constantly \u2014 detect on behavior, not addresses.\nhttps://www.greynoise.io/resources/at-the-edge-clear-052526\n#ThreatIntel #CyberSecurity #InfoSec #GreyNoise", "creation_timestamp": "2026-05-29T15:44:54.657111Z"}