
SystemBC resurfaces as resilient proxy botnet, infecting over 10,000 hosts
Read Our Expert Analysis
Create an account or login for free to unlock our expert analysis and key takeaways for this development.
By continuing, you agree to receive marketing communications and our weekly newsletter. You can opt-out at any time.
Recommended for you

Google GTIG Disrupts IPIDEA Residential Proxy Network in the United States
Google's Threat Intelligence Group, allied with infrastructure partners, dismantled the IPIDEA residential proxy operation that hijacked Android phones and Windows PCs to relay adversary traffic. The takedown targeted command-and-control points, shut down domains and updated detection signals to hinder future reuse of the same toolset.

Malware Campaign Used Hugging Face to Host Android RAT Payloads
Security researchers discovered an Android remote-access Trojan distributed via a dropper that redirected victims to Hugging Face-hosted payloads. The campaign used short-lived repositories and frequent payload updates to evade takedowns while abusing a popular model-sharing platform as a file host.
Investigation Links ShinyHunters to Broad Vishing Campaign Targeting Over 100 Organizations
Researchers say a coordinated campaign combined telephone-based social engineering with browser-resident phishing toolkits to target more than 100 organisations across sectors, manipulating live authentication sessions to bypass MFA and SSO protections. A contemporaneous but separate infostealer disclosure — an unsecured cache of roughly 149 million credential pairs captured from endpoints — heightens the risk of credential-stuffing and targeted vishing, complicating response and containment.
Massive 149M credential trove exposes risks from infostealer malware to crypto and government accounts
A researcher found a publicly accessible collection of roughly 149 million stolen logins harvested by credential-stealing malware, including hundreds of thousands tied to major crypto platforms and numerous government-related accounts. The exposure stems from infected end-user devices rather than platform breaches, but it raises urgent questions about account hygiene, phishing risk, and detection across the crypto and social-media ecosystems.

Industrial Control Systems: Rising pre‑positioning and ransomware force OT resilience shift
By 2026, adversaries will increasingly combine quiet, long‑dwell reconnaissance with financially motivated ransomware and faster weaponization to exploit ICS. Defenders must adopt CTEM, identity‑centric controls (including comprehensive machine‑identity inventories and rapid revocation), OT‑aware zero trust, SBOM-driven supply‑chain visibility, and conservative AI-based anomaly detection to preserve uptime and compress remediation windows.
Operation Bizarre Bazaar: Criminal Network Hijacks Exposed LLM Endpoints for Profit and Access
A coordinated criminal campaign scans for unauthenticated LLM and model-control endpoints, then validates and monetizes access—running costly inference workloads, selling API access, and probing internal networks. Some exposed targets are agentic connectors and admin interfaces that can leak tokens, credentials, or execute commands, dramatically raising the stakes beyond billable inference.

China-linked actors exploited hosting compromise to hijack Notepad++ updater
Notepad++ disclosed that attackers, likely backed by China, used a compromised shared hosting environment to reroute selective users to malicious update servers. The project moved hosting and added client-side update verification after the intrusion, which persisted in parts from June through December 2025.
Security firm uncovers 150-plus cloned law-firm websites used in coordinated recovery scams
Sygnia traced a resilient network of more than 150 cloned law-firm websites built to solicit victims with promises of recovering lost funds; the infrastructure uses distributed registrations, distinct certificates and privacy/CDN services to frustrate takedowns. Researchers warn the threat is amplified by contemporaneous trends — large infostealer credential dumps, automated phishing kits and telephone-based social engineering — which together lower effort and raise success rates for financially motivated impersonation campaigns.