Risky Bulletin Risky Bulletin: Another residential proxy provider falls
Mar 13, 2026
Law enforcement takedowns of a large residential proxy network and arrests tied to organized scam operations make waves. Reports cover destructive Iranian hacks hitting a medical device maker and threats to US tech firms. Apple issued patches for old iOS against a leaked exploit kit, while CISA seeks Cisco SD-WAN logs after a critical zero-day. New AI and privacy concerns surface with misconfigured agents and undisclosed router telemetry.
AI Snips
Chapters
Transcript
Episode notes
Residential Proxy Service Dismantled Reveals Large Botnet
- Law enforcement dismantled Sox Escort, a residential proxy service that used malware to sell network access.
- Lumen's Black Lotus Labs tied the service to the AV Recon botnet which had infected ~370,000 devices, revealing scale and criminal infrastructure.
Hacktivists Claimed Intune Remote Wipe Of Medical Maker
- Iranian hacktivist group Handala claimed they wiped Stryker's IT systems and forced a global production shutdown.
- Handala says it accessed Microsoft Intune and used remote wipe, claiming more than 200,000 phones, servers and workstations wiped.
Submit Cisco SD-WAN Logs To CISA Immediately
- CISA ordered federal agencies to submit Cisco SD-WAN logs and configure devices to send future logs to CISA by March 23.
- The push follows a 2023 zero-day against these devices and aims to assess and mitigate compromises across agencies.