Shadowserver Archives

Attacks pinned to critical React2Shell defect surge, surpass 50 confirmed victims

Researchers warn that half of the exposed vulnerable instances remain unpatched as in-the-wild exploitation grows rapidly.

Dec 10, 2025 By Matt Kapko

A still from a cartoon used to depict the takedown of Rhadamanthys info stealer. (Operation Endgame)

Operation Endgame targets malware networks in global crackdown

Rhadamanthys, VenomRAT, and the Elysium botnet were targeted in the takedowns.

Nov 13, 2025 By Greg Otto

(Photo by John Smith/VIEWpress/Getty Images)

Attackers bypass patch in deprecated Windows Server update tool

Microsoft addressed the critical vulnerability earlier this month, but had to issue an emergency update to resolve issues it previously missed.

Oct 27, 2025 By Matt Kapko

Authorities arrested 1,209 alleged cybercriminals during Operation Serengeti 2.0. (Interpol)

Interpol-led crackdown disrupts cybercrime networks in Africa that caused $485 million in losses

Operation Serengeti 2.0 dismantled almost 11,500 malicious infrastructures between June and August. Officials arrested more than 1,200 alleged cybercriminals.

Aug 22, 2025 By Matt Kapko

Botnet serving as ‘backbone’ of malicious proxy network taken offline

Lumen Technology’s Black Lotus Labs took the ngioweb botnet and NSOCKS proxy offline Tuesday.

Nov 19, 2024 By Greg Otto

Tens of thousands of IPs vulnerable to Fortinet flaw dubbed ‘must patch’ by feds

The Shadowserver Foundation put the figure at around 87,000 for a vulnerability rated as critical and first discovered in February.

Oct 14, 2024 By Tim Starks