U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

A new round of Europol’s Operation Endgame dismantled Rhadamanthys, Venom RAT, and Elysium botnet

Europol’s Operation Endgame dismantles Rhadamanthys, Venom RAT, and Elysium botnet in a global crackdown on cybercriminal infrastructures. Europol and Eurojust have launched a new phase of Operation Endgame, carried out between November 10 and 13, 2025, dismantling major malware families including Rhadamanthys Stealer, Venom RAT, and the Elysium botnet as part of a global effort […]

Operation Endgame

Europol’s Operation Endgame dismantles Rhadamanthys, Venom RAT, and Elysium botnet in a global crackdown on cybercriminal infrastructures.

Europol and Eurojust have launched a new phase of Operation Endgame, carried out between November 10 and 13, 2025, dismantling major malware families including Rhadamanthys Stealer, Venom RAT, and the Elysium botnet as part of a global effort to disrupt cybercriminal infrastructures and ransomware enablers worldwide.

“The infrastructure dismantled during the action days was responsible for infecting hundreds of thousands of victims worldwide with malware. Operation Endgame, coordinated by Europol and Eurojust, is a joint effort between law enforcement and judicial authorities of Australia, Belgium, Canada, Denmark, France, Germany, Greece, Lithuania, the Netherlands, the United Kingdom and the United States to tackle ransomware enablers.” reads the press release published by Europol.

The international law enforcement operation has taken down over 1,025 servers worldwide and led to the seizure of 20 domains used by malware operators.

The coordinated operation also resulted in one arrest in Greece, searches across eleven locations in Germany, Greece, and the Netherlands, worldwide.

The dismantled infrastructure infected hundreds of thousands of systems worldwide, stealing millions of credentials and over 100,000 crypto wallets worth millions of euros.

“Many of the victims were not aware of the infection of their systems. The main suspect behind the infostealer had access to over 100 000 crypto wallets belonging to these victims, potentially worth millions of euros. Check if your computer has been infected and what to do if so at politie.nl/checkyourhack and haveibeenpwned.com” continues the press release.

“There were actions aimed at criminal services and their criminal users. These users were directly contacted by the police and asked to share relevant information regarding infostealers via the Operation Endgame Telegram channel. In addition, the failing criminal services are exposed via the Operation Endgame website.”

Operation Endgame involved a broad international coalition. EU participants included law enforcement and judicial bodies from Denmark, France, Germany, Greece, Lithuania, and the Netherlands. Beyond Europe, Australia, Canada, and the United States also took part, with agencies such as the FBI, DOJ, and Australian Federal Police contributing to the coordinated crackdown.

From May 19 to 22, 2025, another round of the Operation ENDGAME disrupted global ransomware infrastructure. Law enforcement took down 300 servers and 650 domains, and issuing 20 international arrest warrants. Authorities also seized €3.5M in cryptocurrency, bringing the total to over €21.2M. This follows the 2024 botnet crackdown, targeting evolving malware threats and cybercriminal groups.

The operation targeted initial access malware used by threat actors to infiltrate systems prior to ransomware deployment. Neutralized strains include Bumblebee, Lactrodectus, QakbotHijackloaderDanaBotTrickbot, and Warmcookie, all commonly used in ransomware-as-a-service schemes. Authorities also issued 20 international arrest warrants for key operators.

Several key suspects behind malware operations are now under international and public alerts. Germany will list 18 of them on the EU Most Wanted list from May 23. They allegedly provided or operated tools used in major ransomware attacks.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Operation Endgame)