:

GLASSWORM BOTNET DISRUPTED IN C2 TAKEDOWN

INDUSTRY DESK1 MIN READ
WED, MAY 27, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

Researchers have dismantled the Glassworm botnet's command-and-control infrastructure after targeting developers in supply-chain attacks. The operation exploited Solana blockchain transactions and BitTorrent DHT networks for resilient communications.

Security researchers successfully disrupted Glassworm, a botnet that attacked software developers as part of supply-chain compromise campaigns. The threat actors used an innovative dual-layer infrastructure combining Solana blockchain transactions with BitTorrent Distributed Hash Table (DHT) networks to maintain control over infected systems. The blockchain-based approach allowed attackers to publish C2 commands as Solana transactions, while the DHT network provided a decentralized fallback mechanism. This redundancy made traditional takedown efforts difficult. The coordinated disruption targeted both layers of the infrastructure, effectively severing communications between the botnet operators and compromised endpoints. Researchers did not disclose additional details about the operation's scope or the number of affected systems. The incident highlights evolving tactics among threat actors leveraging blockchain and peer-to-peer networks to build resilient attack infrastructure that circumvents conventional law enforcement and security responses.

■ SOURCES

Bleeping Computer

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

Kaseya is hosting a webinar on strengthening MSP resilience through SaaS backups and business continuity strategies. The session focuses on how recovery capabilities prove critical when security defenses are breached.

1H AGOSecurity Desk

A new variant of RedHook Android malware abuses Wireless ADB (Android Wireless Debugging) to gain shell-level privileges without requiring a computer connection. This represents a significant escalation in the malware's capabilities.

1H AGOSecurity Desk

Fraudsters are creating convincing counterfeit news articles impersonating major publishers like the Guardian to direct social media users to bogus investment sites. The fake stories feature fabricated celebrity endorsements and financial narratives designed to establish credibility.

6H AGOIndustry Desk

A security analysis reveals xAI's Grok Build command-line tool transmits complete source code and project files to xAI's servers. The discovery raises data privacy questions for developers using the tool.

12H AGOAI Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.