The Cipher

Daily brief · Cyber · AI · Tech

Daily brief at 7am Melbourne. Unsubscribe any time.

← The Cipher

Monday 1 June 2026

Dutch Police Dismantle a 17-Million-Device Botnet — and It's a Timely Reminder of How Big "Big" Really Is

Dutch police tear down a 17-million-device botnet, a WordPress plugin is handing strangers the keys to your site, and Nvidia's Jensen Huang takes the Computex stage with Microsoft ARM ambitions in tow.

Lead story

Dutch Police Dismantle a 17-Million-Device Botnet — and It's a Timely Reminder of How Big "Big" Really Is

Seventeen million. That's not a typo. Dutch authorities, working with the national NCSC and the Politie cybercrime unit, have announced the takedown of a botnet that had quietly enslaved 17 million devices — computers, tablets, smartphones, and IoT gear — routing them through more than 200 command-and-control servers physically located inside the Netherlands.

To put that number in context: it's roughly equivalent to infecting every single device owned by every single person in the Netherlands, twice over. Or, if you prefer an Australian frame, it's more than half the entire Australian population's worth of compromised endpoints, all operating under someone else's instructions.

What a botnet of this scale actually does is the part that matters most for defenders. At 17 million nodes, operators have essentially built a distributed supercomputer for hire. Common uses include credential-stuffing attacks (flooding login pages with stolen username/password pairs until something opens), DDoS-for-ransom campaigns, spam and phishing distribution at industrial scale, and renting the network's bandwidth to other criminal groups as a proxy service. The infected devices' owners typically have no idea they're participating.

The Dutch operation is notable for a few reasons beyond the headline number. First, the infrastructure was physically hosted in the Netherlands — a country with excellent internet connectivity and, historically, a meaningful share of global hosting infrastructure. That made it both a useful base for operators and, ultimately, a jurisdiction where law enforcement could act decisively. Second, the 200+ server count suggests a sophisticated, redundancy-minded operation — not a hobbyist project.

What we don't yet know is who ran it, what malware family seeded the infections, and whether any arrests have been made. Dutch authorities have not named suspects or linked the botnet to a known criminal group. That gap matters: if the operators are still at large, they can rebuild. History suggests they often do — the Emotet takedown in 2021 bought about ten months before it partially reconstituted.

For Australian organisations, the ACSC's Exercise in a Box program and the Essential Eight's patching and application hardening controls are the clearest mitigations. IoT devices — the hardest to patch and the most likely to sit forgotten on a network — are the soft underbelly of every corporate environment. If your organisation has unmanaged IoT gear (building sensors, printers, cameras, conferencing equipment) and no network segmentation between those devices and your main environment, this story is for you.

The broader trend worth watching: law enforcement botnet takedowns have accelerated significantly since 2022, with operations against Qakbot, ALPHV infrastructure, and now this. But the takedown-to-rebuild cycle is shortening too. The real win isn't just the seizure — it's whether the criminal operators face meaningful prosecution. Watch for follow-up announcements from Dutch authorities on that front over the coming weeks.

Also today

WP Maps Pro Plugin Bug Is Handing Attackers Admin Keys to WordPress Sites

Attackers are actively exploiting a critical authentication-bypass flaw in the WP Maps Pro WordPress plugin, using it to create rogue administrator accounts on vulnerable sites without needing a password. Once an attacker has admin access, the path to full site compromise — injecting malicious code, redirecting visitors, or stealing form data — is trivial. Plugin vulnerabilities remain one of the most reliable ways into WordPress deployments, and this one has no authentication requirement at all, making it particularly dangerous. Site owners running WP Maps Pro should update immediately and audit admin account lists for any unfamiliar entries. WordPress powers a significant share of Australian government and small-business websites, making timely patching here more than good hygiene.

Bleeping Computer

Nvidia's Jensen Huang Takes the Computex Stage — With a Microsoft ARM Surprise Waiting

Nvidia CEO Jensen Huang delivered his GTC Taipei keynote at Computex 2026, with speculation running hot beforehand about a potential partnership with Microsoft on ARM-based PC processors. Microsoft had been teasing a "new era of PC" for its Surface lineup, and pre-show chatter centred on new ARM silicon from Nvidia as the engine behind it. The pairing would represent a significant escalation in the ARM PC push — moving from Qualcomm's near-monopoly on Windows ARM to a second major supplier with Nvidia's GPU architecture expertise in the mix. For the PC industry broadly, more competition in ARM silicon could finally make Windows-on-ARM a mainstream proposition rather than a niche experiment.

The Verge

SoftBank to Pump Up to €75 Billion into French Data Centres

SoftBank has committed up to €75 billion to develop and operate as much as 5 gigawatts of new data centre capacity in France, in what would be one of the largest single-country infrastructure investments in European tech history. The announcement positions France as a significant AI compute hub as hyperscalers and AI labs race to lock in power and physical infrastructure. SoftBank's move follows similar mega-pledges from Microsoft, Google, and Amazon across Europe. For Australia, the race for AI compute infrastructure is also intensifying — the federal government's National AI Centre and state-level investment programs are competing for similar hyperscaler commitments, though at considerably smaller scale than what Europe is now attracting.

TechCrunch

PEXA Locks Down High-Value Property Transactions with Streamlined Identity Controls

Australian property settlement platform PEXA has detailed how it is balancing security with usability in its identity and access management setup, specifically for the high-stakes environment of property transactions where a single fraudulent transfer can mean hundreds of thousands of dollars lost. PEXA's IAM approach tries to thread a needle: strong enough controls to deter the conveyancing fraud that has cost Australian homebuyers millions in recent years, but smooth enough that solicitors and conveyancers don't route around them. With property title fraud remaining a live threat in Australia — and the ACSC flagging business email compromise targeting conveyancing as a persistent vector — how platforms like PEXA design their access controls is a question with real dollar consequences for ordinary Australians.

iTnews

CBA Ships a Decade of Data to the Cloud to Feed Its AI Ambitions

Commonwealth Bank of Australia is migrating more than ten years of historical data to cloud infrastructure to meet growing internal demand for AI-powered analytics. The move reflects a broader pattern among large Australian financial institutions: the value of AI systems scales with the quality and volume of training and inference data, and legacy on-premises data warehouses are increasingly a bottleneck. CBA has been among the more aggressive Australian banks in deploying AI operationally — from fraud detection to customer service — and this migration is designed to give its data science teams faster, cheaper access to the historical data that makes those models useful. Privacy Act obligations on data retention and use will apply throughout.

iTnews

Team Global Express Puts Its First AI Agents into Production

Australian logistics company Team Global Express has moved its first twelve AI agents into live production environments, marking one of the more concrete examples of enterprise agentic AI deployment by a domestic operator. The company has reportedly built out the data and integration infrastructure needed to support autonomous agents — a step many Australian businesses are still in the planning phase for. Logistics is a natural early testing ground for agents: the work is repetitive, data-rich, and the cost of errors is measurable. If TGE's initial deployments perform, it will likely accelerate the timeline for similar moves across Australian freight, warehousing, and supply chain operations.

iTnews

UK Banks Are Still Locked Out of the Mythos AI Model, Six Weeks On

British financial institutions remain without access to the Mythos AI model more than six weeks after access restrictions first drew regulatory concern, according to iTnews. The situation highlights a tension that is increasingly common in heavily regulated industries: AI vendors moving faster than compliance and risk frameworks can accommodate, leaving institutions in a holding pattern while competitors in less regulated sectors push ahead. The delay raises questions about how financial regulators — including, by extension, APRA in Australia — are approaching model risk management for third-party AI systems, particularly where the model's inner workings are opaque and the vendor's obligations to regulators are still being negotiated.

iTnews

The EU's Battery Rules Are Bringing Replaceable Batteries Back to Consumer Tech

Two pieces of EU legislation passed in 2023 are now reshaping how consumer electronics with batteries must be designed — mandating that portable devices be made with user-replaceable batteries, longer software support windows, and improved repairability. The practical result is that manufacturers selling into the EU are quietly redesigning products that have had sealed batteries for a decade. Because the EU market is large enough to set de facto global standards, these changes are likely to flow through to devices sold in Australia too. It's a rare case of regulation producing a consumer benefit that many buyers genuinely want — and a useful counterpoint to the more contested elements of EU digital regulation.

The Verge

The 'This Is Fine' Artist and the AI Startup That Used His Meme Without Asking

KC Green, the cartoonist behind the iconic "This is fine" dog-in-a-burning-room meme, has reached an agreement with AI startup Artisan after the company used his work in advertising without permission. Artisan has removed the ads. The case is a small but illustrative example of the broader tension between AI-era marketing culture — where memes and cultural artefacts are treated as freely available raw material — and the rights of the artists who created them. Green's situation is relatively low-stakes compared to the training-data lawsuits circling the AI industry, but it reflects the same underlying friction: who owns the cultural output that AI companies and their customers are building on?

TechCrunch

Are Tech CEOs Uniquely Susceptible to AI Hype? The Debate Gets a Name

A growing conversation in tech circles has coalesced around the phrase "AI psychosis" — the idea that some technology executives have become so convinced of AI's near-term transformative power that their judgement on product, strategy, and risk is being distorted. TechCrunch's Equity podcast digs into whether this is a genuine cognitive phenomenon, a useful polemical label, or simply what evangelism has always looked like from the outside. The debate matters because CEOs under AI psychosis — if the concept holds — may be making capital allocation and hiring decisions that look rational inside the hype cycle but will look very different in a few years. Australian boards and investors navigating AI strategy commitments should probably read it closely.

TechCrunch

Black Founders Hit Highest Quarterly Funding Since 2022 — But the Structural Gaps Remain

Black-founded startups in the US raised their highest quarterly funding total since 2022 in the most recent period tracked by Crunchbase, according to new data. But the researcher behind the numbers is careful to contextualise the gain: the primary barriers — access to networks, warm introductions, and early-stage relationships — remain largely unchanged. A good quarter doesn't fix a structural problem. The finding is a useful reminder that aggregate VC numbers can obscure persistent inequities in who gets funded, and that the current AI investment boom, for all its capital, is not automatically more equitably distributed than previous waves.

TechCrunch

Sources consulted