Shadowserver
Coverage of Shadowserver in the Nexus archive.
- NetNut cracked as Google and FBI target 2 million-device botnet
Google, the FBI, and other tech companies have significantly disrupted the NetNut residential proxy network, which had at least 2 million devices in its botnet, primarily small TV-streaming hardware. The operation aims to hinder cybercriminals who use residential proxies to mask malicious activities by making traffic appear legitimate.
- CrowdStrike disrupts Glassworm botnet that preyed on open-source supply chain
CrowdStrike, with assistance from Google and Shadowserver, dismantled the Glassworm botnet, which had infected hundreds of open-source software packages since 2025. The operation disrupted four attacker-controlled servers and infrastructure layers, including Solana blockchain, BitTorrent, and Google Calendar, to halt malware distribution and credential theft.
- Actively exploited Apache ActiveMQ flaw impacts 6,400 servers
A high-severity code injection vulnerability in Apache ActiveMQ is being actively exploited, with over 6,400 exposed servers at risk. The nonprofit security organization Shadowserver identified the ongoing attacks.