ResearchBuzz: FirehoseTechCrunch: Law enforcement shuts down VPN service used by two dozen ransomware gangs. “The FBI said in an alert that First VPN was so popular that ‘at least’ 25 ransomware gangs used the service to hide their malicious activity. Cybercriminals also relied on the VPN to scan the internet, run botnets, launch distributed denial-of-service attacks, and for running scams.”
https://rbfirehose.com/2026/05/22/techcrunch-law-enforcement-shuts-down-vpn-service-used-by-two-dozen-ransomware-gangs/
Analyst207US Charges Suspected Kimwolf Botnet Admin in Global Crackdown
In a major global crackdown, 23-year-old Jacob Butler, aka "Dort", has been arrested in Ottawa and charged with running the notorious KimWolf botnet, which infected nearly 2 million devices and fueled some of the largest DDoS attacks on record. Butler now faces extradition to the US and serious consequences for…
#KimwolfBotnet #DdosAttacks #BotnetAdministration #EmergingThreats #DistributedDenialOfService
Botmaster 'Dort' Arrested in Canada, Charged in US Over Kimwolf Botnet
A 23-year-old Canadian man, known online as "Dort," has been arrested and charged for masterminding the massive Kimwolf botnet, which was linked to record-breaking DDoS attacks of nearly 30 Terabits per second. The suspect, Jacob Butler, is now in custody awaiting an initial court hearing.
#KimwolfBotnet #DdosAttacks #Botmaster #EmergingThreats #Canada
Associated Press: Canvas system is online after a cyberattack disrupted thousands of schools. “Tens of thousands of students studying for final exams around the world Friday regained access to a key online learning system after a cyberattack had earlier knocked it offline, throwing schools and universities into turmoil.”
https://rbfirehose.com/2026/05/09/associated-press-canvas-system-is-online-after-a-cyberattack-disrupted-thousands-of-schools/
Associated Press: Canvas system is online after a cyberattack disrupted thousands of schools
Associated Press: Canvas system is online after a cyberattack disrupted thousands of schools. “Tens of thousands of students studying for final exams around the world Friday regained access t…
Pro-Iran Hackers Extort Canonical with Sustained DDoS Attacks
Canonical, the company behind Ubuntu, is battling a relentless cyber assault, with its website crippled by a sustained Distributed Denial of Service (DDoS) attack that has left its main site inaccessible. The Islamic Cyber Resistance in Iraq, also known as 313 Team, has claimed responsibility for the attack.
#DistributedDenialOfService #DdosAttacks #ProiranHackers #TheIslamicCyberResistanceInIraq #313Team
TechCrunch: Mastodon says its flagship server was hit by a DDoS attack. “Mastodon’s flagship server was hit by a distributed denial-of-service attack on Monday, the social networking software maker said, which rendered the instance unusable at times. Much of the site was inaccessible, throwing error messages or displaying a full-screen outage warning.”
https://rbfirehose.com/2026/04/24/techcrunch-mastodon-says-its-flagship-server-was-hit-by-a-ddos-attack/
Rene RobichaudKimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS Attacks
https://thehackernews.com/2025/12/kimwolf-botnet-hijacks-18-million.html
#Infosec #Security #Cybersecurity #CeptBiro #Kimwolf #Botnet #Hijacks #Android #TVs #DDoSAttacks
NERDS.xyz – Real Tech News for Real Nerds [Unofficial]Cloudflare reveals how bots and governments reshaped the internet in 2025
https://fed.brid.gy/r/https://nerds.xyz/2025/12/cloudflare-2025-year-review/
The DefendOps Diaries40 seconds, 22.2 Tbps, and a botnet of 300,000 hijacked devices—enough chaos to stream a million 4K videos at once. How did Cloudflare turn this digital assault into a masterclass in defense? Dive into the story.
AthanasiusFor some reason a LOT of Microsoft-tagged (whois) IPs are **very** interested in the query "IN ANY fysh.org".
I'm seeing *thousands* of TCP connections to the name server at once, all for that same query.
I'm still going through the list of IPs from about 30 minutes ago, but so far whois is mostly saying "Microsoft", sometimes with a "cloud" tag. There's one bunch of Google in there too, but for all I know they're just because the MSFT ones are causing a lot of:
named[2218860]: Accepting TCP connection failed: quota reached
So, are Microsoft cloud IPs known to do something like this, perhaps some web scraper gone wrong? Or is someone leveraging Azure for some sort of DoS attack ? It's not *incredibly* effective if so, no immediate sign of other issues with fysh.org services, but I've not gotten to checking that in detail yet.