Tag: botnet
-
Aisuru botnet sets new record with 31.4 Tbps DDoS attack
The Aisuru/Kimwolf botnet launched a new massive distributed denial of service (DDoS) attack in December 2025, peaking at 31.4 Tbps and 200 million requests per second. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/aisuru-botnet-sets-new-record-with-314-tbps-ddos-attack/
-
Hackers Exploit React2Shell Vulnerability to Deploy Miners and Botnets Worldwide
Threat actors have been actively exploiting a critical vulnerability in React Server Components, tracked as CVE-2025-55182 and commonly referred to as React2Shell, to compromise systems across multiple industry sectors worldwide. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cve-2025-55182-react2shell-active-exploitation/
-
Botnet Spotlight: Pressure rises on botnets, but the fight is far from over
Momentum is building in the fight against botnets, as network operators and law enforcement ramp up crackdowns on botnet infrastructure, malware, and bulletproof hosting providers. While major takedowns show progress, cybercriminals are still adapting, learn more in this latest edition of the Botnet Spotlight. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/botnet-spotlight-pressure-rises-on-botnets-but-the-fight-is-far-from-over/
-
Critical Vivotek Flaw Enables Remote Arbitrary Code Execution
Tags: ai, botnet, cctv, cve, cyber, flaw, injection, intelligence, iot, reverse-engineering, vulnerabilityAkamai’s Security Intelligence and Response Team (SIRT) uncovered a serious command injection vulnerability in legacy Vivotek IoT camera firmware. Tracked as CVE-2026-22755, the flaw lets remote attackers inject and run arbitrary code as root without authentication. Researchers used AI-driven reverse engineering to find it, confirming impact on dozens of older camera models. This boosts botnet…
-
What’s On the Tube Or Rather in the Tube: Kimwolf Targets Android-based TVs and Streaming Devices
Kimwolf botnet exploits smart gadgets for DDoS attacks, highlighting security lapses in device protection and supply chains. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/whats-on-the-tube-or-rather-in-the-tube-kimwolf-targets-android-based-tvs-and-streaming-devices/
-
Kritische Schwachstelle in HPE-Oneview ausgenutzt
Check Point Research (CPR), die Sicherheitsforschungs-abteilung von Check Point Software Technologies, hat eine aktive und koordinierte Exploit-Kampagne identifiziert, die auf eine kritische Sicherheitslücke in HPE-Oneview abzielt: CVE-2025-37164 ermöglicht die Ausführung von Remote-Code. Check Point hat derartige Aktivitäten in seiner Telemetrie beobachtet und dem Rondodox-Botnetz zugeschrieben. Die Kampagne stellt eine deutliche Eskalation dar: von frühen Sondierungsoperationen…
-
RondoDox Botnet Targets HPE OneView Vulnerability in Exploitation Wave
Check Point Research has reported a surge in attacks on a vulnerability in HPE OneView, driven by the Linux-based RondoDox botnet First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/rondodox-botnet-targets-hpe/
-
Lumen disrupts AISURU and Kimwolf botnet by blocking over 550 C2 servers
Lumen’s Black Lotus Labs blocked over 550 C2 servers tied to the AISURU/Kimwolf botnet used for DDoS attacks and proxy abuse. Lumen’s Black Lotus Labs disrupted over 550 command-and-control servers linked to the AISURU and Kimwolf botnet, a major network used for DDoS attacks and proxy abuse. Acting as a DDoS-for-hire service, Aisuru avoids government…
-
Kimwolf botnet’s swift rise to 2M infected devices agitates security researchers
The botnet took an unusual path by abusing residential proxy networks, allowing it to control an untapped collection of unofficial Android TV devices. First seen on cyberscoop.com Jump to article: cyberscoop.com/kimwolf-aisuru-botnet-lumen-technologies/
-
Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers
The Black Lotus Labs team at Lumen Technologies said it null-routed traffic to more than 550 command-and-control (C2) nodes associated with the AISURU/Kimwolf botnet since early October 2025.AISURU and its Android counterpart, Kimwolf, have emerged as some of the biggest botnets in recent times, capable of directing enslaved devices to participate in distributed denial-of-service (DDoS)…
-
Multipurpose GoBruteforcer Botnet Targets 50K+ Linux Servers
Researchers detailed a souped-up version of the GoBruteforcer botnet that preys on servers with weak credentials and AI-generated configurations. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/gobruteforcer-botnet-targets-50k-plus-linux-servers
-
Botnet Threat Update July to December 2025
Botnet Command & Controller (C&C) activity increased 24% this period, with Remote Access Trojans (RATs) accounting for 42% of the Top 20 malware associated with botnets. Learn which Russia-based registrar saw a +9,608% surge in botnet C&C domains”, and which major cloud providers are taking action. Read the full report. First seen on securityboulevard.com Jump…
-
<> Modulares Botnetz nutzt Standard-Zugangsdaten für Angriffe auf Webserver
Check Point Research (CPR), die Sicherheitsforschungsabteilung von Check Point Software Technologies, hat eine neue, hochaktive Malware-Kampagne analysiert: GoBruteforcer (auch ‘GoBrut” genannt). Dabei handelt es sich um ein in der Programmiersprache Go (Golang) entwickeltes, modulares Botnetz, das systematisch öffentlich erreichbare Web- und Datenbank-Services angreift darunter FTP, MySQL, PostgreSQL und phpMyAdmin auf Linux-Servern. Die Kampagne nutzt […]…
-
GoBruteforcer Botnet Targets 50K-plus Linux Servers
Researchers detailed a souped-up version of the GoBruteforcer botnet that preys on servers with weak credentials and AI-generated configurations. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/gobruteforcer-botnet-targets-50k-plus-linux-servers
-
GoBruteforcer: Modulares Botnetz nutzt Standard-Zugangsdaten für Angriffe
Eine aktuelle Analyse von Check Point Research zeigt, wie anfällig öffentlich erreichbare Server nach wie vor sind. Im Mittelpunkt steht eine neue Malware Kampagne mit dem Namen GoBruteforcer. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/gobruteforcer-botnetz
-
Check Point Research enttarnt modulares Botnetz GoBruteforcer
Dabei handelt es sich um ein in der Programmiersprache Go (Golang) entwickeltes, modulares Botnetz, das systematisch öffentlich erreichbare Web- und Datenbank-Services angreift darunter FTP, MySQL, PostgreSQL und phpMyAdmin auf Linux-Servern. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/check-point-research-enttarnt-modulares-botnetz-gobruteforcer/a43330/
-
GoBruteforcer Botnet Targets Crypto Project Databases by Exploiting Weak Credentials
A new wave of GoBruteforcer attacks has targeted databases of cryptocurrency and blockchain projects to co-opt them into a botnet that’s capable of brute-forcing user passwords for services such as FTP, MySQL, PostgreSQL, and phpMyAdmin on Linux servers.”The current wave of campaigns is driven by two factors: the mass reuse of AI-generated server deployment examples…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 79
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter VVS Discord Stealer Using Pyarmor for Obfuscation and Detection Evasion A Broken System Fueling Botnets Malicious NPM Packages Deliver NodeCordRAT Boto-Cor-de-Rosa campaign reveals Astaroth WhatsApp-based worm activity in Brazil CNCERT: Risk Warning Regarding…
-
Botnets, Breaches, and Critical Flaws Define This Week in Cybersecurity
Weekly summary of Cybersecurity Insider newsletters First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/weekly-roundup/botnets-breaches-and-critical-flaws-define-this-week-in-cybersecurity/
-
GoBruteforcer Botnet Targets Linux Servers
The GoBruteforcer botnet has been observed targeting exposed Linux servers on services like FTP and MySQL First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/gobruteforcer-botnet-linux-servers/
-
Global GoBruteforcer Botnet Campaign Threatens 50,000 Linux Servers
A sophisticated modular botnet known as GoBruteforcer is actively targeting Linux servers worldwide, with researchers estimating that more than 50,000 internet-facing servers remain vulnerable to these coordinated attacks. The threat, which has evolved significantly since its initial discovery in 2023, poses a growing danger to organizations that rely on exposed database and file-transfer services.”‹ GoBruteforcer,…
-
New GoBruteforcer attack wave targets crypto, blockchain projects
A new wave of GoBruteforcer botnet malware attacks is targeting databases of cryptocurrency and blockchain projects on exposed servers believed to be configured using AI-generated examples. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-gobruteforcer-attack-wave-targets-crypto-blockchain-projects/
-
Millions of Android Powered TVs and Streaming Devices Infected by Kimwolf Botnet
Synthient discovers over 2 million Android TV boxes and smart TVs hijacked by the Kimwolf botnet. Learn how hackers are using home devices to launch DDoS attacks and how you can protect your home network. First seen on hackread.com Jump to article: hackread.com/android-tv-streaming-devices-infected-kimwolf-botnet/
-
RondoDox Botnet Operators Set React2Shell Flaw in Their Sights
The operators behind the highly adaptable RondoDox botnet campaign that kicked off in late March have proven to be ready to embrace the latest attack trends. Most recently, in December they began targeting Next.js servers that are vulnerable to the maximum-severity React2Shell flaw, which was disclosed December 3. First seen on securityboulevard.com Jump to article:…
-
Kimwolf Android botnet abuses residential proxies to infect internal devices
The Kimwolf botnet, an Android variant of the Aisuru malware, has grown to more than two million hosts, most of them infected by exploiting vulnerabilities in residential proxy networks to target devices on internal networks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/kimwolf-android-botnet-abuses-residential-proxies-to-infect-internal-devices/
-
Why Arbor Edge Defense and CDN-Based DDoS protection are better together
Tags: ai, attack, botnet, cloud, control, data, ddos, defense, firewall, infrastructure, intelligence, Internet, mitigation, network, router, threat, vulnerabilityLow-volume, stealthy application-layer attacksTransmission Control Protocol (TCP) state exhaustion attacksOutbound threats from compromised internal hostsAttacks that bypass CDN routing (for example, direct-to-IP attacks)These gaps leave critical infrastructure vulnerable, especially when attackers use dynamic, multivector techniques designed to evade upstream defenses. Arbor Edge Defense: The first and last line of defense: NETSCOUT’s AED is uniquely positioned…
-
Kimwolf Android Botnet Infects Over 2 Million Devices via Exposed ADB and Proxy Networks
The botnet known as Kimwolf has infected more than 2 million Android devices by tunneling through residential proxy networks, according to findings from Synthient.”Key actors involved in the Kimwolf botnet are observed monetizing the botnet through app installs, selling residential proxy bandwidth, and selling its DDoS functionality,” the company said in an analysis published last…
-
Kimwolf Android Botnet Infects Over 2 Million Devices via Exposed ADB and Proxy Networks
The botnet known as Kimwolf has infected more than 2 million Android devices by tunneling through residential proxy networks, according to findings from Synthient.”Key actors involved in the Kimwolf botnet are observed monetizing the botnet through app installs, selling residential proxy bandwidth, and selling its DDoS functionality,” the company said in an analysis published last…
-
Kimwolf Android Botnet Infects Over 2 Million Devices via Exposed ADB and Proxy Networks
The botnet known as Kimwolf has infected more than 2 million Android devices by tunneling through residential proxy networks, according to findings from Synthient.”Key actors involved in the Kimwolf botnet are observed monetizing the botnet through app installs, selling residential proxy bandwidth, and selling its DDoS functionality,” the company said in an analysis published last…