June 22, 2026
about 17 hours ago
Summary
- The Censys Platform now supports bulk asset tagging via API and SCIM provisioning via Okta for automated user provisioning and de-provisioning.
- 8 new protocol scanners and 15 new software and threat fingerprints were added to Platform.
- 1 new risk fingerprint was added to ASM.
Platform
- Asset tagging in Platform now supports bulk operations via API. This enables users to assign a tag in bulk to every asset matching a CenQL query. Users can also bulk un-assign a tag via API.
- SCIM (System for Cross-domain Identity Management) provisioning (managed by Okta) is now available for the Censys Platform. SCIM allows Platform Admins to automatically provision and de-provision users in Censys based on assignments in their identity provider (IdP).
New protocols and application scanners
Platform added scanning support for the following 8 protocols.
| Protocol/application | Query | Data availability |
|---|---|---|
Clickhouse_Native | Platform Query | Available to Starter, Search, and Core users. |
Openflow | Platform Query | Available to all users. |
Reolink_Baichuan | Platform Query | Available to Starter, Search, and Core users. |
RTMP | Platform Query | Available to all user. |
Synergy | Platform Query | Available to Starter, Search, and Core users. |
WinCE_CerDisp | Platform Query | Available to Starter, Search, and Core users. |
Clickhouse_HTTP | Platform Query | Available to Starter, Search, and Core users. |
Wordpress | Platform Query | Available to Starter, Search, and Core users. |
New Fingerprints and Risks
Added 15 new fingerprints and 1 new risk fingerprint to ASM.
Note that new ASM risk fingerprints may be disabled by default in your workspace. Reference your risk type configuration in the ASM web console to review new risk types.
New Fingerprints
| Type | Name | Description | Query |
|---|---|---|---|
| software | REDCap | Web application for building and managing online surveys and databases used in academic and clinical research (developed by Vanderbilt University). | Platform query |
| threat | 3x-ui | Web panel for managing Xray-core proxy inbounds (VLESS / VMess / Trojan / Shadowsocks) commonly observed as adversarial tunneling infrastructure. | Platform query |
| software | Joomla | Open-source PHP content management system. | Platform query |
| software | Joomla Content Editor (JCE) | Joomla-only extension by Widget Factory Limited | Platform query |
| threat | Alfa Red Fox | Remote access trojan C2 server | Platform query |
| threat | CyberSpike | Remote access trojan C2 server | Platform query |
| threat | DarkRAT | Remote access trojan C2 server | Platform query |
| threat | Dumpling RAT | Remote access trojan C2 server | Platform query |
| threat | EchoRAT | Remote access trojan C2 server | Platform query |
| threat | JasonRAT | Remote access trojan C2 server | Platform query |
| threat | LMTeamRAT | Remote access trojan C2 server | Platform query |
| threat | ElegyRAT | Remote access trojan C2 server | Platform query |
| software | WooCommerce | Open-source e-commerce plugin for WordPress. | Platform query |
| software | ChromaDB Admin | Open-source web UI for browsing and managing a ChromaDB vector database instance. | Platform query |
| software | Splunk | Platform for searching and monitoring machine-generated data and logs. | Platform query |
New Risks
| Name | Description | Query |
|---|---|---|
| Vulnerable Splunk Enterprise [CVE-2026-20253] | This Splunk Enterprise instance reports a version (10.0.0-10.0.6 or 10.2.0-10.2.3) that may be vulnerable to CVE-2026-20253, an unauthenticated arbitrary file creation and truncation flaw in the PostgreSQL sidecar service endpoint that can lead to remote code execution. Exploitability also depends on the PostgreSQL sidecar service being reachable. | risks.name:Vulnerable Splunk Enterprise [CVE-2026-20253] |