Skip to main content
Login
institutional access

You are connecting from
Lake Geneva Public Library,
please login or register to take advantage of your institution's Ground News Plan.

Published loading...Updated

CrowdStrike, Google Shatter Glassworm Botnet

The takedown cut off four command channels and blocked new malware deliveries to infected machines, CrowdStrike said.

  • On Tuesday, May 26, 2026, CrowdStrike, Google, and the Shadowserver Foundation dismantled the Glassworm botnet by simultaneously disrupting all four of its command-and-control channels, severing attackers' access to infected machines.
  • Active since early 2025, Glassworm targeted software developers by propagating through trojanized VSCode extensions, poisoned npm and Python packages, and at least 300 compromised GitHub repositories to steal credentials.
  • The malware deployed a remote access tool called GlasswormRAT, infecting Windows, macOS, and Linux systems; all infected machines now beacon to the benign CrowdStrike-operated IP address 164.92.88.210.
  • Disrupting the four channels "required precision and timing," according to CrowdStrike, as the decentralized infrastructure earned Glassworm the epithet of the "unkillable botnet," highlighting a strategic shift toward targeting developers.
  • Security researchers warn that developers are uniquely high-value targets, as evidenced by the concurrent Mini Shai-Hulud worm compromising open-source projects, urging organizations to remain vigilant against evolving supply-chain threats.
Insights by Ground AI
Podcasts & Opinions

14 Articles

Times of IndiaTimes of India
Lean Right

Google, CrowdStrike take down ‘Glassworm’ Botnet hacking attack targeting software developers

Tech News News: In what can be called a major victory for software supply-chain security, a group of global tech giants and cybersecurity researchers has successfully.

·India
Read Full Article
The RegisterThe Register
Center

CrowdStrike, Google shatter Glassworm botnet

CrowdStrike, working with Google and the Shadowserver Foundation, said it has taken down the Glassworm botnet, a self-propagating, credential-stealing worm that has targeted developers and spread through poisoned software packages since early 2025. The endpoint security giant’s Counter Adversary Operations team and partners hit all four Glassworm command-and-control channels simultaneously at 1400 UTC on Tuesday, “severing the operators from the…

Read Full Article
Tech RadarTech Radar
Center

'Adversaries are no longer just targeting products, they're targeting the developers who build them': CrowdStrike takes down major botnet targeting developers across the world

The Glassworm botnet is no more, thanks to coordinated efforts between CrowdStrike, Google, and the Shadowserver Foundation.

·United Kingdom
Read Full Article
TechCrunchTechCrunch
Center

CrowdStrike and Google take down botnet used by hackers to target open source software developers

Cybercriminals used the Glassworm botnet to infect open source software projects with malware, and in turn hack the developers and companies that use that software.

·United States
Read Full Article
GIGAZINEGIGAZINE

CrowdStrike and Google have blocked 'Glassworm,' a botnet targeting open-source software developers.

CrowdStrike has announced that it has collaborated with Google and the Shadowserver Foundation to launch an operation to block Glassworm , a botnet that targets open-source software distribution networks. Glassworm is considered a threat that can compromise developers' devices and credentials, potentially spreading damage to downstream organizations and users. Inside CrowdStrike's Takedown of a Developer-Targeting Botnet https://www.crowdstrike.…

Read Full Article
it-daily.netit-daily.net

Global GlassWorm Botnet Smashed by Security Companies

CrowdStrike, Google and Shadowserver have smashed the GlassWorm bot network. The malware used nested blockchain and P2P channels. The IT security company CrowdStrike, in cooperation with the technology group Google and the Shadowserver Foundation, has announced a successful smashing of the GlassWorm bot network. The coordinated action took place in May 2026 and aimed to shut down all four active command and control channels, the so-called Comman…

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 75% of the sources are Center
75% Center

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

Numerama broke the news on Wednesday, May 27, 2026.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

CrowdStrike icon

CrowdStrike

Hacking icon

Hacking

Software icon

Software

Cyberattacks icon

Cyberattacks

Technology icon

Technology

Gadgets icon

Gadgets

Artificial Intelligence icon

Artificial Intelligence

News
Feed Dots Icon
For You
Search Icon
SearchBlindspot LogoBlindspotLocal