A newly documented Linux botnet named SSHStalker is using the IRC (Internet Relay Chat) communication protocol for command-and-control (C2) operations. The protocol was invented in 1988, and its ...
The Glassworm botnet targeting developers in software supply-chain attacks has been disrupted after researchers took down its resilient command-and-control infrastructure relying on Solana blockchain ...
CrowdStrike, Google, and Shadowserver jointly dismantled the Glassworm botnet on May 26, 2026, by disrupting all four of its resilient C2 channels simultaneously Active since early 2025, Glassworm ...
A novel Go-based Linux botnet, dubbed "PumaBot," has been observed targeting Internet of Things (IoT) devices. PumaBot differentiates itself from typical botnets by remotely retrieving a list of ...
A newly identified botnet loader is shifting command-and-control (C2) operations onto the Polygon blockchain, eliminating the central servers that authorities and security firms have historically ...
A stealthy Linux malware called AVrecon has been infecting over 70,000 small office/home office (SOHO) routers, creating a botnet primarily aimed at stealing bandwidth and operating as a hidden ...
The smart TV or streaming box sitting in your living room may have spent the past several years quietly renting your home internet connection to hackers, password-spraying crews, and government ...
During every quarter last year, between 10% and 16% of organizations had DNS traffic originating on their networks towards command-and-control (C2) servers associated with known botnets and various ...
An industry effort involving CrowdStrike, Google and the Shadowserver Foundation has led to the disruption of the Glassworm botnet. Working together, the three organizations managed to simultaneously ...