Kaspersky says the attacks use phishing, GitHub-hosted payloads, CVE-2025-9491 LNK abuse, and Go2Tunnel-based tunneling.
Google, the FBI and the IRS Criminal Investigation division disrupted NetNut, a residential proxy network built on two million hijacked devices and used by 316 threat clusters in a single week.
The NetNut proxy network and the ‘Popa’ botnet are known to have infected devices with variants of Mirai DDoS botnets ...