A global law enforcement effort has taken root to combat The Com, a sprawling nihilistic network of thousands of minors and young adults engaged in various forms of cybercrime, including physical violence and extortion.

Project Compass, an operation coordinated by Europol with support from 28 countries, including all members of the Five Eyes, has resulted in the arrest of 30 perpetrators since the initiative got underway in January 2025, authorities said in a news release Thursday. 

Officials said sustained countermeasures have contributed to the full and partial identification of 179 perpetrators, while the operation has also safeguarded four victims and identified up to 62 victims. 

The Com is splintered into three primary subsets with different objectives the FBI describes as Hacker Com, In Real Life Com and Extortion Com. Crimes attributed to group members have grown increasingly complex, with perpetrators going to great lengths to mask identities, hide financial transactions and launder money. 

“These networks deliberately target children in the digital spaces where they feel most at ease,” Anna Sjöberg, head of Europol’s European Counter Terrorism Centre, said in a statement.

Various branches of The Com have been linked to high-profile crimes over the past few years, and law enforcement has responded with heightened activity and interest in the group’s activities. 

The Com is vast — many perpetrators remain at large and even more victims are still suffering and awaiting aid. 

This growing global effort to thwart shifting crime trends with appropriate resources has built a foundation that will foster results beyond those achieved to date, said Allison Nixon, chief research officer at Unit 221B.

“How do you eat an elephant? One bite at a time,” she told CyberScoop. “The Com represents a major social problem impacting youth, and peoples’ expectations need to be realistic. These early numbers and ramping up effort over time is what success looks like and we need to encourage that.”

An effective police response to The Com requires a different way of thinking and retooling, “but it is more solvable than crime originating from hostile nations,” Nixon said.

Project Compass is built around an information-sharing network, which enables each of the partner nations to assist with investigations across various specialized units. Countries are also sharing advice for preventative measures and mobilizing data sprints to bring intelligence together for ongoing cases.

“Project Compass allows us to intervene earlier, safeguard victims and disrupt those who exploit vulnerability for extremist purposes,” Sjöberg said. “No country can address this threat alone — and through this cooperation, we are closing the gaps they try to hide in.”

Europol did not identify the 30 people arrested under Project Compass thus far. Yet, at least some of those cases are public. 

Authorities during the past year have arrested multiple members of a Com offshoot known as 764, which is a growing online threat to coerce vulnerable children to produce child sexual abuse material of themselves, gor material, self mutilation, sibling abuse, animal abuses and other acts of violence. 

Two alleged leaders of 764, Leonidas Varagiannis and Prasan Nepal, were arrested and charged for directing and distributing CSAM in April.

Tony Christoper Long and Alexis Aldair Chavez both pleaded guilty late last year to multiple crimes linked to their involvement with the extremist group. Other alleged 764 members have been arrested in the United States more recently, including Erik Lee Madison and Aaron Corey.

The post Project Compass is Europol’s new playbook for taking on The Com appeared first on CyberScoop.

Attackers have been exploiting a pair of zero-day vulnerabilities in Cisco’s network edge software for at least three years, and the global campaign is ongoing, authorities said across a series of warnings released Wednesday.

The Cybersecurity and Infrastructure Security Agency issued an emergency directive about the global attacks and issued joint guidance with the Five Eyes to help defenders respond and hunt for evidence of compromise.

This marks the second series of multiple actively exploited zero-day vulnerabilities in Cisco edge technology since last spring. Both campaigns resulted in CISA emergency directives months after the attacks were first detected, and both attack sprees were underway for at least a year before they were identified.

Authorities refrained from attributing the attacks to any nation state or threat group. Cisco Talos researchers assigned the exploits and post-compromise activity to UAT-8616, which they only described as a “highly sophisticated threat actor.”

The activity cluster’s “attempted exploitation indicates a continuing trend of the targeting of network edge devices by cyber threat actors to establish persistent footholds into high-value organizations including critical infrastructure sectors,” Cisco Talos said in a threat advisory.

Malicious activity linked to this campaign is far reaching and attackers have exploited vulnerabilities in targeted systems to access and potentially compromise federal networks, Nick Andersen, CISA’s executive assistant director for cybersecurity, said during a media briefing Wednesday. 

Andersen declined to say when CISA was first aware of this activity and did not provide details about potential victims, adding that officials are working through the beginning stages of mitigation.

In the jointly issued threat hunt guide, the Five Eyes said all members were aware that the most recent zero-day — CVE-2026-20127 — was identified and confirmed actively exploited in late 2025. Officials and Cisco did not explain why it took at least two months to disclose and patch the vulnerability, and share emergency mitigation guidance. 

Attackers are gaining full control of a system in a chain by exploiting CVE-2026-20127 to bypass authentication, then downgrading software to a version vulnerable to CVE-2022-20775 to escalate privileges, said Douglas McKee, director of vulnerability intelligence at Rapid7.

“That second step allows them to move from administrative control to root on the underlying operating system. That downgrade step shows deliberate knowledge of product versioning and patch history,” he told CyberScoop. “This is not opportunistic scanning. This is structured tradecraft.”

CISA added CVE-2022-20775 and CVE-2026-20127 to its known exploited vulnerabilities catalog Wednesday.

The three-year gap between known initial attacks and detected exploitation of the zero-days showcases the attackers’ surgical use of vulnerabilities and the highly targeted nature of their campaign, said Ben Harris, founder and CEO of watchTowr. 

The timeline and known attack path also indicates operational discipline that allowed attackers to maintain long-term access in critical network infrastructure without triggering alarms, McKee said. Those activities align “more closely with state-sponsored espionage tradecraft than financially motivated crime,” he added.

CISA’s emergency directive requires federal agencies to take inventory of all vulnerable Cisco SD-WAN systems, collect logs from those systems, apply Cisco’s security updates, hunt for evidence of compromise and follow Cisco’s guidance by Friday. 

The latest campaign targeting Cisco network edge technology shares many similarities with another string of attacks officials and Cisco warned about in September. Those attacks, which involved at least two actively exploited zero-days, were underway for at least a year before they were first discovered in May. 

Cisco did not answer questions about any potential connections between the campaigns. The vendor and officials have also thus far avoided sharing any details about what occurred behind the scenes during these sustained attacks.

A spokesperson for Cisco urged customers to upgrade software and follow guidance from its advisory. 

Unfortunately, it’s too late for some Cisco SD-WAN customers to patch, Harris said. “Cisco’s advice to fully rebuild and look for prior signs of intrusion should be taken seriously.”

The post Governments issue warning over Cisco zero-day attacks dating back to 2023 appeared first on CyberScoop.