Rogue Hosting Company Shut Down as Authorities Confiscate Thousands of Servers Used in Cyberattacks
Dutch police and the East Netherlands Cybercrime Team have dismantled a “bulletproof” hosting provider whose infrastructure was allegedly tailored to support criminal activity, including ransomware, phishing, botnet command and control, financial fraud, and distribution of child sexual abuse material. Investigators link the company to more than 80 cases since 2022 and say roughly 250 physical servers hosting thousands of virtual machines were seized in coordinated raids on data centers in The Hague and Zoetermeer, immediately taking the malicious infrastructure offline.
NetApp sues former CTO for alleged data breach
NetApp has filed a federal lawsuit against its former Chief Technology Officer, Jón Thorgrímur Stefánsson, alleging that he misused confidential information while still employed to build a competing startup that was later acquired by rival VAST Data. According to the complaint, Stefánsson had broad access to strategic details about NetApp’s cloud platform, architectures, and partnerships, and is accused of leveraging that knowledge, along with help from a few ex colleagues, to benefit his own company; VAST itself is not named as a defendant.
Lazarus APT Group Unveils ScoringMathTea RAT with Remote Execution Capabilities
Researchers at ESET have documented a new Lazarus Group cyberespionage campaign, tied to the broader “Operation DreamJob,” that targets companies involved in supplying unmanned aerial vehicle technology to Ukraine. The campaign uses a modular C plus plus remote access trojan dubbed ScoringMathTea, delivered as a DLL that relies on encrypted configuration data, API hashing, and other evasion techniques to hide its command and control infrastructure and enable remote execution and data theft on compromised systems.
Everest Ransomware Attack on Under Armour
On November 17, 2025, the Everest ransomware group publicly claimed a cyberattack against Under Armour, saying it had infiltrated the company’s systems and obtained sensitive data and warning that it would leak that data if negotiations do not begin. The report notes that Under Armour has not yet provided technical detail on the intrusion path or data types involved, but frames the incident as part of a broader pattern of ransomware operators targeting well known consumer brands and using leak site pressure to force engagement.
Google fixes new Chrome zero-day flaw exploited in attacks
Google has released an emergency Chrome update to patch CVE-2025-13223, a type confusion vulnerability in the V8 engine that attackers have already been exploiting in the wild for remote code execution. The flaw was reported by Google’s Threat Analysis Group, and the company is urging users on Windows, macOS, and Linux to update to the latest version as the fix rolls out.
