Dutch authorities have taken offline a botnet of at least 17 million infected computers, tablets, and smartphones, seizing more than 200 servers at a Netherlands-based hosting provider. The action was led by the National Police with the National Cyber Security Centre (NCSC). Local media link the infrastructure to Asocks, a service that advertises itself as a universal residential-proxy provider - the kind of proxy network used to launder malicious traffic, run credential-stuffing and ad fraud, and anonymize attacks. The hosting provider took the botnet offline once it was confirmed to be supporting criminal activity. Authorities have not formally named the botnet or announced arrests.
CrowdStrike, Google, and The Shadowserver Foundation have disrupted the GlassWorm developer-supply-chain botnet by simultaneously cutting four resilient command-and-control channels. Active since October 2025, GlassWorm spread through malicious OpenVSX and VS Code extensions, GitHub repos, and npm packages (one March campaign hit 400+ artifacts), stealing crypto wallets and developer credentials. Its C2 was built to resist takedown: server addresses encoded in Solana transaction memo fields, configuration stored in the BitTorrent DHT, Base64 C2 paths hidden in Google Calendar event titles, and direct VPS connections for payload delivery. All four had to fall at once. Infected hosts now beacon to CrowdStrike's sinkhole at 164.92.88[.]210.