# Global Cyber Dragnet: Operation Endgame and a Critical U.S. Device Flaw Put Infrastructure on Alert *Thursday, June 25, 2026 at 8:05 AM UTC — Hamer Intelligence Services Desk* **Published**: 2026-06-25T08:05:33.538Z (3h ago) **Category**: cyber | **Region**: Global **Importance**: 7/10 **Sources**: OSINT **Permalink**: https://hamerintel.com/data/articles/8743.md **Source**: https://hamerintel.com/summaries --- **Deck**: Security researchers say a coordinated operation has disrupted the Amadey botnet and Stealc infostealer just as U.S. agencies warn that a critical flaw in Lantronix industrial devices is already under active attack. Together, the developments show how quickly criminal and state-linked actors can weaponize vulnerabilities — and how hard governments must work to keep core networks one step ahead. Two developments on 25 June captured the uneven race between those trying to secure the internet’s plumbing and those intent on abusing it. A global law‑enforcement and industry operation said it had disrupted the Amadey botnet and Stealc information‑stealing malware, while U.S. authorities warned that a critical vulnerability in widely used industrial devices from Lantronix is being actively exploited. Security firm ESET said its researchers had participated in “Operation Endgame,” a multinational effort to take down infrastructure linked to Amadey and Stealc. Amadey is a botnet platform used to compromise and control large numbers of victim machines, while Stealc specializes in stealing sensitive information such as passwords and authentication tokens. By providing technical analysis, tracking infrastructure and mapping affiliates, ESET and its partners aimed to dismantle the command‑and‑control backbone that allows these tools to function at scale. Disrupting a botnet and an infostealer matters because they sit at the base of many other attacks. Compromised machines can be used to send phishing emails, launch distributed denial‑of‑service barrages or act as footholds into corporate and government networks. Stolen credentials harvested by tools like Stealc often end up in the hands of both criminal syndicates and state‑aligned actors, powering everything from ransomware to espionage. Yet even as that campaign claimed success, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) raised a fresh alarm. It placed a critical Lantronix vulnerability, tracked as CVE‑2025‑67038, on its list of actively exploited flaws. The bug affects EDS5000 Series devices, which are often embedded deep in industrial and networking environments, and can allow attackers to execute commands with root privileges — full control over the affected device. Federal civilian agencies were ordered to patch by 26 June 2026, underscoring the seriousness with which Washington views the issue. Devices like the Lantronix EDS range often sit in places where a compromise can cascade: connecting serial equipment in factories, linking legacy machinery to modern networks, or acting as remote access points for technicians. An attacker who seizes control can potentially move laterally into more sensitive systems or disrupt physical processes. For organizations that rely on these devices, from utilities and manufacturers to transport operators, the immediate impact is a scramble to identify where vulnerable hardware is deployed and whether it has already been tampered with. Unlike a compromised laptop, a compromised industrial controller can directly affect production lines, energy distribution or building management systems. Strategically, the juxtaposition of Operation Endgame’s progress with an actively exploited new flaw shows the churn that defines modern cyber defense. Law enforcement can knock down one set of tools and infrastructure, but the incentives for attackers — financial gain, espionage value, strategic leverage — ensure that new exploits are rapidly weaponized elsewhere. Every takedown buys time, not permanent safety. For governments, the lesson is that public‑private cooperation is essential but must be continuous. Security firms like ESET can trace and help disable botnets that threaten citizens and institutions, while agencies like CISA can focus attention on vulnerabilities that may not yet have made headlines but pose systemic risk. The hardest part is often at the end of the chain: convincing every organization that runs obscure but critical devices to patch or replace them before an exploit becomes a breach. A useful way to frame it is this: cyber defense is less a wall and more a race — every time defenders close one door, attackers are testing the next lock. Key signs to watch now include whether additional countries or regulators issue parallel directives on the Lantronix flaw, whether Operation Endgame leads to arrests or only temporary disruption, and whether successor botnets or infostealers quickly fill the gap left by Amadey and Stealc. The answers will indicate not only the effectiveness of this week’s moves, but also the current balance of power between global cyber defenders and their adversaries.