Breaking News – Cyber Threats (last 6h)
Generated: 2026-07-02 13:00 PDT
- FBI Seizes NetNut Proxy Platform, Popa Botnet
KrebsOnSecurity • 2026-07-02 12:27 • krebsonsecurity.com
The Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains associated with NetNut, a sprawling residential proxy service operated by the publicly-traded Israeli company Alarum Technologies [NASDAQ: ALAR]. The action comes roughly two weeks after KrebsOnSecurity published findings from multiple security firms connecting NetNut to the Popa botnet, a collection of at least two million devices that have been compromised by malicious software with little or no consent from victims.
https://krebsonsecurity.com/2026/07/fbi-seizes-netnut-proxy-platform-popa-botnet/ - Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices
The Hacker News • 2026-07-02 11:54 • thehackernews.com
Google has significantly degraded NetNut, one of the biggest networks that turns home devices into rented relays for other people’s traffic.Working with the FBI, Lumen, and others, Google’s Threat Intelligence Group (GTIG) said this week it had reduced the network’s pool of usable devices by millions.
Google identifies NetNut, also tracked as Popa, as a network spread across home
https://thehackernews.com/2026/07/google-disrupts-netnut-residential.html - Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials
The Hacker News • 2026-07-02 11:30 • thehackernews.com
Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability to obtain initial access.“Although tactics differ between affiliates, common patterns emerged in tradecraft through use of legitimate Remote Management and Monitoring (RMM) tooling, credential access, and hands-on-keyboard procedures used for lateral
https://thehackernews.com/2026/07/ransomware-groups-turn-to-citrix-bleed.html - The Gentlemen ransomware: what you need to know
Graham Cluley • 2026-07-02 09:50 • www.fortra.com
Who Are The Gentlemen?
Despite the impeccably polite name, there is nothing polite or refined about this particular gang of cybercriminals.Read more in my article on the Fortra blog.
https://www.fortra.com/blog/gentlemen-ransomware-what-you-need-know - ThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 Stories
The Hacker News • 2026-07-02 08:24 • thehackernews.com
This week’s security news is mostly about weak spots.Browsers, bots, sandboxes, AI systems, and email flows all show the same problem in different ways. Everything looks normal until someone tests a small gap and finds a way through.
This is not one big break. It is small permissions, weak checks, open systems, and normal tools doing things they were allowed to do. That same pattern runs
https://thehackernews.com/2026/07/threatsday-ai-compute-hijacking-apple.html - Google loses final appeal to overturn €4.1 billion EU fine
BleepingComputer • 2026-07-02 08:18 • www.bleepingcomputer.com
Court of Justice of the European Union (CJEU) has dismissed Google’s final appeal against a €4.1 billion ($4.7 billion) antitrust fine over the company’s use of Android to promote its Chrome browser and search service. […]
https://www.bleepingcomputer.com/news/legal/google-loses-final-appeal-to-overturn-41-billion-eu-fine/ - ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds
BleepingComputer • 2026-07-02 07:00 • www.bleepingcomputer.com
ConsentFix and ClickFix attacks steal Microsoft 365 tokens in seconds using fake prompts and OAuth flows. Learn how these MFA bypass tactics work and how to defend against them. […]
https://www.bleepingcomputer.com/news/security/consentfix-and-clickfix-how-microsoft-365-accounts-are-hijacked-in-3-seconds/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
