For years, gray-market services known as “bulletproof” hosts have been a key tool for cybercriminals looking to anonymously maintain web infrastructure with no questions asked. But as global law enforcement scrambles to crack down on digital threats, they have developed strategies for getting customer information from these hosts and have increasingly targeted the people behind the services with indictments. At the cybercrime-focused conference Sleuthcon in in Arlington, Virginia, today, researcher Thibault Seret outlined how this shift has pushed both bulletproof hosting companies and criminal customers toward an alternative approach.Rather than relying on web hosts to find ways of operating outside law enforcement’s reach, some service providers have turned to offering purpose-built VPNs and other proxy services as a way of rotating and masking customer IP addresses and offering infrastructure that either intentionally doesn’t log traffic or mixes traffic from many sources together. And while the technology isn’t new, Seret and other researchers emphasized to WIRED that the transition to using proxies among cybercrminals over the last couple of years is significant.“The issue is, you cannot technically distinguish which traffic in a node is bad and which traffic is good,” Seret, a researcher at the threat intelligence firm Team Cymru, told WIRED ahead of his talk. “That’s the magic of a proxy service—you cannot tell who’s who. It’s good in terms of internet freedom, but it’s super, super tough to analyze what’s happening and identify bad activity.”The core challenge of addressing cybercriminal activity hidden by proxies is that the services may also, even primarily, be facilitating legitimate, benign traffic. Criminals and companies that don’t want to lose them as clients have particularly been leaning on what are known as “residential proxies,” an array of decentralized nodes that can run on consumer devices—even old Android phones or low-end laptops—offering real, rotating IP addresses assigned to homes and offices. Such services offer anonymity and privacy, but can also shield malicious traffic.By making malicious traffic look like it comes from trusted consumer IP addresses, attackers make it much more difficult for organizations’ scanners and other threat detection tools to spot suspicious activity. And, crucially, residential proxies and other decentralized platforms that run on disparate consumer hardware reduce a service provider’s insight and control, making it more difficult for law enforcement to get anything useful from them.“Attackers have been ramping up their use of residential networks for attacks over the last two to three years,” says Ronnie Tokazowski, a longtime digital scams researcher and cofounder of the nonprofit Intelligence for Good. “If attackers are coming from the same residential ranges as, say, employees of a target organization, it’s harder to track.”Criminal use of proxies isn’t new. In 2016, for example, the US Department of Justice said that one of the obstacles in a years-long investigation of the notorious “Avalanche” cybercriminal platform was the service’s use of a “fast-flux” hosting method that concealed the platform’s malicious activity using constantly changing proxy IP addresses. But the rise of proxies as a gray-market service rather than something attackers must develop in-house is an important shift.“I don’t know yet how we can improve the proxy issue,” Team Cymru’s Seret told WIRED. “I guess law enforcement could target known malicious proxy providers like they did with bulletproof hosts. But in general, proxies are whole internet services used by everyone. Even if you take down one malicious service, that doesn’t solve the larger challenge.”
Source: wired.com
QNAP NetBak Replicator Vulnerability Let Attackers Execute Unauthorized Code
QNAP has released a security advisory detailing a vulnerability in its NetBak Replicator utility that could allow local attackers to execute unauthorized code. The flaw, identified as CVE-2025-57714, has been rated as “Important” and affects specific versions of the backup and restore software. The company has already issued a patch and is urging users to update their systems to prevent … [Read More...]
How Windows Command-line Utility PsExec Can Be Abused To Execute Malicious Code
PsExec represents one of the most contradictory tools in the cybersecurity landscape, a legitimate system administration utility that has become a cornerstone of malicious lateral movement campaigns. Recent threat intelligence reports indicate that PsExec remains among the top five tools used in cyberattacks as of 2025, with ransomware groups like Medusa, LockBit, and Kasseika actively … [Read More...]
You'd think this was a real Stream Deck, but this genius DIYer 3D printed it and made it smart-home ready
Elgato's Stream Deck isn't meant for everyone, but it's one of the most widely adopted devices in recent years, especially among streamers, content creators, and productivity enthusiasts. Stream Deck's growing popularity also led to other players entering the space to compete with Corsair and giving users more choices. However, these aren't the only options, as it's pretty simple to build your own … [Read More...]
PoC Exploit Released for Remotely Exploitable Oracle E-Business Suite 0-Day Vulnerability
A critical zero-day vulnerability in Oracle E-Business Suite has emerged as a significant threat to enterprise environments, with proof-of-concept (PoC) exploit code now publicly available. CVE-2025-61882 presents a severe security risk, achieving a maximum CVSS 3.1 score of 9.8 and enabling remote code execution without authentication across multiple Oracle E-Business Suite … [Read More...]
Zimbra Zero-Day Exploited to Target Brazilian Military via Malicious ICS Files
Oct 06, 2025Ravie LakshmananEmail Security / Zero-Day A now patched security vulnerability in Zimbra Collaboration was exploited as a zero-day earlier this year in cyber attacks targeting the Brazilian military. Tracked as CVE-2025-27915 (CVSS score: 5.4), the vulnerability is a stored cross-site scripting (XSS) vulnerability in the Classic Web Client that arises as a result of insufficient … [Read More...]
Oppo Reno 15 Series Key Specifications and India Launch Timeline Leaked
Oppo Reno 15 series, which is expected to comprise the Oppo Reno 15, Reno Pro, and Reno 15 Pro+, might debut in China in the second half of 2025. This means that its launch could be weeks away, or it might debut in a couple of months. A tipster has now revealed that the smartphone lineup has entered the testing phase in global markets, including India. The India launch timeline of the Oppo Reno 15 … [Read More...]
iQOO Neo 11 Key Specifications Leaked; Could Feature Snapdragon 8 Elite Chipset, 7,500mAh Battery
iQOO appears to be preparing for the launch of the iQOO Neo 11, which could arrive in China and eventually make its way to global markets. Although the Vivo sub-brand has yet to reveal any plans for a new Neo series smartphone, a tipster has leaked key specifications that point to a significant upgrade over the existing Neo 10 model. The purported iQOO Neo 11 is expected to feature a … [Read More...]
This cozy medieval city builder with 85% positive Steam reviews is still on discount
Well, that's another big Steam seasonal sale in the books. How did yours go? I didn't pick up a ton of titles this time around, but I still scored some nice discounts on games like The Roottrees Are Dead, so I'm still pleased. Source: xda-developers.com … [Read More...]
Moto G06 Power India Launch Date Announced; Key Features, Flipkart Availability Confirmed
Moto G06 Power was unveiled at IFA 2025 alongside the standard Moto G06 and Motorola Edge 60 Neo in September. The company has now announced that the Power variant will arrive in India soon. Alongside confirming the launch date, Motorola has revealed some key features of the upcoming handset. The Indian version is expected to share similarities with its global counterpart. It will be available in … [Read More...]
Who Will Be Apple’s Next CEO After Tim Cook? John Ternus Could Reportedly Take Charge
Apple's list of senior executives who have left the company is growing long. From former design chief Jony Ive and retail head Angela Ahrendts in 2019 to former Chief Financial Officer, Luca Maestri, and former Chief Operating Officer, Jeff Williams, in the last two years, the company has lost a significant part of its vanguard. While the Cupertino-based tech giant has been able to find … [Read More...]