Google dismantles a 316-cluster residential proxy botnet tied to a public company, while ransomware hits Apple's supply chain partner Tata Electronics and Oracle E-Business Suite faces active exploitation. Today's briefing also covers Linux kernel privilege escalation, a compromised Chrome ad blocker, and FBI warnings about Russian Signal phishing.
Audio is available on Spreaker — see link below.
Google just tore down a residential proxy network that was quietly routing criminal traffic through hundreds of thousands of home internet connections. The action on July second targeted NetNut, a service operated by Israeli public company Alarum Technologies.
The key uncertainty now is whether this disruption holds. When Google disrupted the IPIDEA network in January this year, operators responded by purchasing capacity from rival providers and rebuilding quickly.
Moving to the second major story. Tata Electronics, Apple's manufacturing partner in India, was hit by ransomware on July second and third.
On the vulnerability front, several disclosures landed within the same twenty-four hour window. A Linux kernel flaw called DirtyClone allows local users to gain root privileges through cloned packets.
Three more items warrant attention. Oracle E-Business Suite vulnerability CVE-2026-46817 is confirmed actively exploited in the wild.
Amazon Q Developer also disclosed a vulnerability allowing malicious repositories to execute code through misconfigured Model Context Protocol settings. That fits a pattern that's been building: AI coding assistants and LLM integrations are expanding the attack surface in ways that traditional security models weren't built to catch.
Chapter summary auto-generated from the verified script. Listen to the full episode for the complete content.