Palo Alto Scanning Surges ~500% in 48 Hours, Marking 90-Day High
ATT&CK techniques detected
T1110Brute Force
77%
“palo alto scanning surges ~ 500 % in 48 hours, marking 90 - day high update : 8 october 2025 greynoise has identified several links between three recent campaigns : - cisco asa scanning. - elevated login attempts against palo login portals. - spike in brute force attempts against…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.006Vulnerabilities
31%
“an asa scanning surge before cisco ’ s disclosure of two asa zero - days. these similarities indicate the activity may be related through shared tooling or centrally managed infrastructure, but greynoise cannot confirm whether it was carried out by the same operators or with the …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
On October 3, 2025, GreyNoise observed a ~500% increase in IPs scanning Palo Alto Networks login portals, the highest level recorded in the past 90 days. The activity was highly targeted and involved multiple, potentially coordinated scanning clusters.