The FBI has seized hundreds of domains belonging to NetNut, a residential proxy service operated by Israeli firm Alarum Technologies, following discoveries linking the platform to the Popa botnet comprising millions of compromised devices.
The action represents a coordinated effort between federal law enforcement and industry partners to dismantle infrastructure connected to malicious activity. NetNut operated as a proxy service offering users the ability to route internet traffic through residential IP addresses, a capability that can mask user identity and location.
Security researchers identified NetNut's connection to the Popa botnet roughly two weeks before the seizure, according to findings published by KrebsOnSecurity. The botnet comprises at least two million compromised devices infected with malicious software.
Alarums Technologies, the parent company of NetNut, is publicly traded on NASDAQ under ticker symbol ALAR. The seizure marks a significant enforcement action against a company operating in the proxy service sector, which has faced increasing scrutiny over potential misuse for cybercrime, fraud, and evading security systems.
The FBI's action underscores ongoing tensions between legitimate proxy service operations and their exploitation by malicious actors. Residential proxies route traffic through actual home internet connections, making detection and blocking more difficult than traditional data center proxies.
The seizure included hundreds of domains, suggesting NetNut maintained extensive infrastructure to support its operations. The takedown likely disrupts services for both legitimate and illicit users relying on the platform.
This enforcement action follows a broader pattern of law enforcement targeting proxy services and botnet infrastructure. Earlier cases have demonstrated the challenges in distinguishing between legitimate privacy tools and platforms facilitating criminal activity.
U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.
Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.
A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.