July 7, 2026

Inside the NetNut Botnet Takedown: 2M Devices Freed

A quiet piece of internet infrastructure just got a lot less useful for cybercriminals. The NetNut botnet takedown, carried out by Google's Threat Intelligence Group, the FBI, Lumen Technologies, and The Shadowserver Foundation, has dismantled a residential proxy network built from roughly 2 million hijacked devices. The network, also known as "Popa," gave hackers a way to disguise malicious traffic

NetNut botnet
June 8, 2026

C0XMO Botnet Exploits DD-WRT Routers to Launch DDoS Attacks

A newly discovered botnet called C0XMO is targeting home and business routers running DD-WRT firmware, using a years-old vulnerability to break in, dig deep, and attack anything in its path. Researchers who analysed the C0XMO botnet found a piece of malware that goes well beyond what most IoT threats are capable of, from killing rival malware to launching DDoS floods

C0XMO Botnet
May 28, 2026

Glassworm Botnet Taken Down in Coordinated Three-Way Strike

A developer-targeting botnet with one of the most resilient command-and-control architectures seen in recent memory has been dismantled. The Glassworm botnet, active since early 2025, was shut down on May 26, 2026 when CrowdStrike, Google, and the Shadowserver Foundation simultaneously cut off all four of its command-and-control channels in a precision operation. For organizations that build or consume software, the

Glassworm botnet
March 10, 2026

KadNap Botnet Turns ASUS Routers into Cybercrime Proxies

Cybersecurity researchers have uncovered a growing KadNap botnet that hijacks ASUS routers and other edge networking devices to power a large proxy network used in cybercrime. The malware quietly infects vulnerable devices and converts them into traffic relays that attackers can rent or use to conceal malicious activity. The campaign demonstrates how home and small-business networking hardware can become valuable

KadNap Botnet
November 28, 2025

GreyNoise IP Scanner Lets Users Check Botnet Exposure

A growing need for simple security tools has pushed GreyNoise Labs to launch a new public scanner that helps users understand how their IP address behaves across the internet. With the GreyNoise IP scanner, anyone can check if their IP appears in datasets linked to botnet activity, mass scanning, or unwanted probing. The tool offers quick insight into possible compromises

GreyNoise IP Scanner