📣 Big thanks to MalwareBazaar Top Contributor JAMESWT 🙇 First seen: 30 March 2020 and since then, they’ve shared 45,994 malware samples. In the last 30 days alone, they have dropped 1,472 new samples, that’s +30% ⬆️ from the previous month, with 631 samples shared on

Looks like this #Mirai threat actor is a BIG fan of our URLhaus platform 😜 👉 hXXp://45.141.215.196/FuckYou0urlhaus0abuse0ch/ We thought we'd send a little love back to the threat actor... their server’s been taken down, and their #botnet C2 domain is now sinkholed. 😘

Over the last 30 days URLhaus sent out 41,270 abuse reports to hosting providers and network owners - that's up +48.88% on the previous month! 📈 That’s all you. That’s the power of our #community🤘 #AmazingWork #SharingIsCaring

🌐 DOMAIN REPORT APR - SEPT 2025 | 43.5 million new domains registered - 75% gTLDs - with .top (+94%) and .xyz (+103%) in the🔝 3 gTLDs. 📈 Domains listed are up +48.3% 😱 ! One registry in particular saw huge increases 🩳🔵 - can you guess which one? Read the full story in the

Interesting bash script that spreads through 89.110.95.186 (VDSINA 🇷🇺), fully undetected (FUD) by any AV 🔥. The script conducts various modifications on Linux based systems ⚙️ and uses iptables to forward certain ports to the following remote server 🔀, turning the victim's

🎉 Thanks to our AMAZING community, MalwareBazaar has reached a significant milestone - over 1 MILLION malware samples shared!! We simply couldn't achieve this without the efforts of our contributors and we want to say a massive THANK YOU 🙏🙏 #milestone #community #grateful

Like all other internet abuse, bulletproof hosting does not just happen - it is enabled by facilitators such as network carriers, datacenter operators, IP brokers and domain registrars. Sometimes, malicious infrastructure agglomerates in the internet vicinity of such facilitators

Over the past 30 days, our community shared 27,165 new #IOCs on ThreatFox 🦊 — an 18% increase from the previous month.👏 Huge shoutout to 'juroots', our top contributor with 2,746 IOCs submitted. 💀The most-shared malware family (or in this case framework)? Clearfake, with

We are excited that we were once again part in the coordinated international operation #OpEndgame 📣, taking action against the notorious information and credential stealer #Rhadamanthys 🕵️ We assisted in the takedown of threat actor infrastructure and share a full list of

Yet another new stealer in town: #ArkanixStealer 🔥 %AppData%\Arkanix_lol\history.json %AppData%\Arkanix_lol\system_info.json %AppData%\Arkanix_lol\screenshot_monitor_1.png Akranix botnet C2: 📡https://arkanix .pw/api/session/create 📡https://arkanix .pw/delivery

📣 NEW FROM CISA Cyber: 'Mitigating Risks From Bulletproof Hosting Providers' CISA’s latest publication gives networks practical steps to mitigate and protect themselves from the activities coming from bulletproof hosts — notorious cybercrime enablers. Link to publication:

Taking down the infrastructure is only half the battle, supporting those affected is just as important. We’re pleased to see @Spamhaus stepping in again to help remediate machines infected with the Rhadamanthys malware. 👏👏 #Community #Endgame3 #Remediation

This week, everywhere you look, bulletproof hosting (BPH) is in cyber news headlines. From the CrazyRDP takedown, to sanctions against entities adjacent to Aeza, and most recently Media Land LLC and ML[.]Cloud] LLC (do these measures actually move the needle?), to new CISA