2025 State of the Internet: Digging into Residential Proxy Infrastructure

Censys Research Team issues an update clarifying that TLS certificates previously thought to link an RPX server to the PolarEdge malware also appear in older Mbed TLS (PolarSSL) test files, reducing confidence in direct attribution; investigators now believe the actor likely reused publicly available certificates and that the RPX server was either attacker infrastructure or a relay.