Reconnaissance - Geek Feed

Wave of Citrix NetScaler scans use thousands of residential proxies

February 5, 2026February 5, 2026 geekfeed0Tagged Citrix, Citrix ADC, Citrix Gateway, Reconnaissance, Scanner

A coordinated reconnaissance campaign targeting Citrix NetScaler infrastructure over the past week used tens of thousands of residential proxies to discover login panels. The activity was observed between January 28 and February 2, and it also focused on enumerating versions of the product, indicating an organized discovery effort. Threat monitoring platform GreyNoise traced the source of the […]

2 mins read

Surge in networks scans targeting Cisco ASA devices raise concerns

September 12, 2025September 12, 2025 geekfeed0Tagged cisco, Cisco ASA, Defense, Reconnaissance, Scanner, vulnerability

Large network scans have been targeting Cisco ASA devices, prompting warnings from cybersecurity researchers that it could indicate an upcoming flaw in the products. GreyNoise has recorded two significant scanning spikes in late August, with up to 25,000 unique IP addresses probing ASA login portals and also Cisco IOS Telnet/SSH. The second wave, logged on August 26, 2025, was […]

2 mins read

Coyote malware abuses Windows accessibility framework for data theft

July 25, 2025July 25, 2025 geekfeed0Tagged Accessibility, banking trojan, Data Theft, malware, Microsoft UIA, Reconnaissance

A new variant of the banking trojan ‘Coyote’ has begun abusing a Windows accessibility feature, Microsoft’s UI Automation framework, to identify which banking and cryptocurrency exchange sites are accessed on the device for potential credential theft. Microsoft UIA is a Windows accessibility framework designed to allow assistive technologies to interact with, inspect, and control user interface […]

3 mins read

Microsoft: New RAT malware used for crypto theft, reconnaissance

March 22, 2025March 22, 2025 geekfeed0Tagged Credential Theft, credentials, CryptoCurrency, malware, microsoft, RAT, RAT malware, Reconnaissance, remote access trojan, StilachiRAT

Microsoft has discovered a new remote access trojan (RAT) that employs “sophisticated techniques” to avoid detection, maintain persistence, and extract sensitive data. While the malware (dubbed StilachiRAT) hasn’t yet reached widespread distribution, Microsoft says it decided to publicly share indicators of compromise and mitigation guidance to help network defenders detect this threat and reduce its […]

3 mins read

CISA: Hackers abuse F5 BIG-IP cookies to map internal servers

October 11, 2024October 11, 2024 geekfeed0Tagged BIG-IP, CISA, cookies, cybersecurity, F5, F5 BIG-IP, hackers, network, Reconnaissance

CISA is warning that threat actors have been observed abusing unencrypted persistent F5 BIG-IP cookies to identify and target other internal devices on the targeted network. By mapping out internal devices, threat actors can potentially identify vulnerable devices on the network as part of the planning stages in cyberattacks. “CISA has observed cyber threat actors leveraging […]

3 mins read