Behind the scenes of the Socksescort takedown

In this episode, we sit down with Chris Formosa to break down the Socksescort disruption—a proxy botnet powered by AVRecon that compromised edge devices at scale. Chris walks us through why the operation was so dangerous, how investigators tracked its command-and-control infrastructure, and what changed between the 2023 disclosure and the eventual takedown in coordination with the Department of Justice. We also dig into why edge devices remain prime targets, where most organizations still have visibility gaps, and what the next evolution of this threat could be. In our reporter chat, Greg Otto and Tim Starks break down DarkSword, a iOS exploit kit that could impact hundreds of millions of people.