VERY IMPORTANT

A critical vulnerability named DanaBleed was discovered in DanaBot's C2 server, causing memory leaks from June 2022 to early 2025. This bug, introduced in version 2380, exposed sensitive information including threat actor details, server data, and victim credentials. The leak resulted from uninitialized memory in the C2 protocol update. Researchers gained insights into DanaBot's operations, infrastructure, and affiliates. In May 2025, law enforcement dismantled DanaBot's infrastructure and indicted 16 individuals in Operation Endgame. The blog details the technical analysis of the vulnerability, its impact, and the type of data exposed through the memory leak.