PrivacySignal
Breach

FBI Seizes NetNut Proxy Platform, Popa Botnet

Krebs on Security · · International · Data Breaches

The FBI, working with industry partners, seized hundreds of domains tied to NetNut, a residential proxy service run by Nasdaq-listed Israeli firm Alarum Technologies. The seizure follows reporting that linked NetNut to the Popa botnet, a network of at least two million devices infected without meaningful consent from their owners.

Why this matters: Two million devices is not an abstract number. Those are real people's routers, phones, or computers quietly recruited into someone else's infrastructure — their bandwidth sold to paying customers, their hardware used as cover for other people's internet traffic. They almost certainly had no idea. That is the core of what residential proxy networks built on botnets actually are: a business model that depends on taking something from people without asking. The FBI moved after a reporter did the connecting work. That sequence is worth remembering.

Who should care: Cybersecurity · Privacy officers · Administrators · Lawyers · Compliance · General readers · Policy

This summary is AI-assisted and may contain errors. It is an original briefing to help you gauge significance quickly — not a reproduction of the source. Always read the linked original before relying on it. See our methodology.

Related stories

Breach
HIPAA Journal · · US Federal

Greater Rochester Independent Practice Association Settles MOVEit Data Breach Litigation

Greater Rochester Independent Practice Association has agreed to settle litigation stemming from the May 2023 MOVEit data breach, which exposed patient information held by the New York-based physician network. The settlement resolves claims brought against GRIPA under the wave of lawsuits that followed the widespread MOVEit file-transfer vulnerability.

Who should care: Cybersecurity · Privacy officers · Administrators · Lawyers · Compliance · Healthcare professionals

#breach#enforcement#healthcare Read original →
Breach
HIPAA Journal · · US Federal

Serviceaide Pays $1.8 Million to Settle Data Breach Litigation

Serviceaide, an AI-powered IT service management company, has agreed to pay $1.8 million to settle litigation stemming from a data breach. The case was covered by The HIPAA Journal, suggesting the incident involved protected health information.

Who should care: Cybersecurity · Privacy officers · Administrators · Healthcare professionals · Compliance · General readers · AI governance · Policy

#breach#healthcare#ai Read original →
Breach
BleepingComputer · · International

FortiBleed credential-theft campaign linked to Lynx ransomware

The massive FortiBleed credential theft campaign has been linked to the INC and Lynx ransomware operations, suggesting the stolen Fortinet credentials were intended to fuel future network intrusions. [...]

Who should care: Cybersecurity · Privacy officers · Administrators

#breach#security Read original →
Breach
The Record · · International

Teen suspect in Scattered Spider hacks is extradited to US

A 19-year-old suspect linked to the Scattered Spider hacking group has been extradited to the United States, where an unsealed complaint accuses him of involvement in multiple intrusions, including a 2025 breach of a luxury jewelry retailer.

Who should care: Cybersecurity · Privacy officers · Administrators · Lawyers · Compliance

#breach#enforcement Read original →
Breach
WIRED — AI · · International

You Can Now Sound the Alarm on AI Behaving Badly

A new reporting platform has launched to let people flag harmful or unsafe behavior from AI chatbots and tools. The site gives ordinary users a direct channel to document incidents where AI systems do something dangerous, deceptive, or privacy-violating.

Who should care: Cybersecurity · Privacy officers · Administrators · General readers · AI governance · Policy

#breach#ai Read original →