Tag: botnet
-
New PumaBot botnet brute forces SSH credentials to breach devices
A newly discovered Go-based Linux botnet malware named PumaBot is brute-forcing SSH credentials on embedded IoT devices to deploy malicious payloads. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-pumabot-botnet-brute-forces-ssh-credentials-to-breach-devices/
-
Botnet hacks 9,000+ ASUS routers to add persistent SSH backdoor
Over 9,000 ASUS routers are compromised by a novel botnet dubbed “AyySSHush” that was also observed targeting SOHO routers from Cisco, D-Link, and Linksys. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/botnet-hacks-9-000-plus-asus-routers-to-add-persistent-ssh-backdoor/
-
New PumaBot targets Linux IoT surveillance devices
PumaBot targets Linux IoT devices, using SSH brute-force attacks to steal credentials, spread malware, and mine crypto. Darktrace researchers discovered a new botnet called PumaBot targets Linux-based IoT devices, using SSH brute-force attacks to steal credentials, spread malware, and mine cryptocurrency. PumaBot skips broad internet scans and instead pulls a list of targets from its…
-
New PumaBot Botnet Targets Linux IoT Devices to Steal SSH Credentials and Mine Crypto
Embedded Linux-based Internet of Things (IoT) devices have become the target of a new botnet dubbed PumaBot.Written in Go, the botnet is designed to conduct brute-force attacks against SSH instances to expand in size and scale and deliver additional malware to the infected hosts.”Rather than scanning the internet, the malware retrieves a list of targets…
-
Danabot Takedown Deals Blow to Russian Cybercrime
A multiyear investigation by a public-private partnership has resulted in the seizure of the botnet’s US-based infrastructure and indictments for its key players, significantly disrupting a vast cybercriminal enterprise. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/danabot-takedown-russian-cybercrime
-
Initial Access Brokers Targeted in Operation Endgame 2.0
Police Take Down 300 Servers Worldwide, Neutralize 650 Domains. Law enforcement in a European-led operation against malware often used as a precursor to ransomware took down 300 servers worldwide, police said Friday. The crackdown is the latest action under Operation Endgame targeting ransomware and botnet ecosystem. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/initial-access-brokers-targeted-in-operation-endgame-20-a-28476
-
Initial Access Brokers Targeted in Operation End Game 2.0
Police Take Down 300 Servers Worldwide, Neutralize 650 Domains. Law enforcement in a European-led operation against malware often used as a precursor to ransomware took down 300 servers worldwide, police said Friday. The crackdown is the latest action under Operation Endgame targeting ransomware and botnet ecosystem. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/initial-access-brokers-targeted-in-operation-end-game-20-a-28476
-
Leader of Qakbot cybercrime network indicted in U.S. crackdown
The U.S. indicted Russian Rustam Gallyamov for leading the Qakbot botnet, which infected 700K+ devices and was used in ransomware attacks. The U.S. authorities have indicted Russian national Rustam Gallyamov, the leader of the Qakbot operation, which infected over 700,000 computers and facilitated ransomware attacks. Qakbot, also known as QBot, QuackBot and Pinkslipbot, is an…
-
Feds charge 16 Russians allegedly tied to botnets used in cyberattacks and spying
An example of how a single malware operation can enable both criminal and state-sponsored hacking. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/05/feds-charge-16-russians-allegedly-tied-to-botnets-used-in-cyberattacks-and-spying/
-
Botnets disrupted worldwide…Operation Endgame is BACK!
Operation Endgame, “Season 2”, is officially announced as of Friday, May 23rd, 2025. International law enforcement agencies and their partners have once again joined forces to disrupt and dismantle botnet infrastructure and their operators. In this post, get details of the take-down itself and Spamhaus’ role in victim account remediation. First seen on securityboulevard.com Jump…
-
DanaBot botnet disrupted, QakBot leader indicted
Operation Endgame, mounted by law enforcement and judicial authorities from the US, Canada and the EU, continues to deliver positive results by disrupting the DanaBot botnet … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/23/operation-endgame-danabot-botnet-disrupted-qakbot-leader-indicted/
-
Suspected creeps behind DanaBot malware that hit 300K+ computers revealed
And the associated fraud’n’spy botnet is about to be shut down First seen on theregister.com Jump to article: www.theregister.com/2025/05/23/300000_machine_danabot_endgame/
-
Feds Charge 16 Russians Allegedly Tied to Botnets Used in Ransomware, Cyberattacks, and Spying
A new US indictment against a group of Russian nationals offers a clear example of how, authorities say, a single malware operation can enable both criminal and state-sponsored hacking. First seen on wired.com Jump to article: www.wired.com/story/us-charges-16-russians-danabot-malware/
-
US indicts leader of Qakbot botnet linked to ransomware attacks
The U.S. government has indicted Russian national Rustam Rafailevich Gallyamov, the leader of the Qakbot botnet malware operation that compromised over 700,000 computers and enabled ransomware attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-indicts-leader-of-qakbot-botnet-linked-to-ransomware-attacks/
-
KrebsOnSecurity Hit with 6.3 Tbps DDoS Attack via Aisuru Botnet
KrebsOnSecurity hit and survided a record-breaking 6.3 Tbps DDoS attack linked to the Aisuru IoT botnet, but it shows the vulnerable state of IoT devices. First seen on hackread.com Jump to article: hackread.com/krebsonsecurity-6-3-tbps-ddos-attack-aisuru-botnet/
-
Attacks with new HTTPBot botnet bombard gaming, tech sectors
First seen on scworld.com Jump to article: www.scworld.com/brief/attacks-with-new-httpbot-botnet-bombard-gaming-tech-sectors
-
âš¡ Weekly Recap: Zero-Day Exploits, Insider Threats, APT Targeting, Botnets and More
Cybersecurity leaders aren’t just dealing with attacks”, they’re also protecting trust, keeping systems running, and maintaining their organization’s reputation. This week’s developments highlight a bigger issue: as we rely more on digital tools, hidden weaknesses can quietly grow. Just fixing problems isn’t enough anymore”, resilience needs to be built into everything from the ground up.…
-
New botnet HTTPBot targets gaming and tech industries with surgical attacks
New botnet HTTPBot is targeting China’s gaming, tech, and education sectors, cybersecurity researchers warn. NSFOCUS cybersecurity discovered a new botnet called HTTPBot that has been used to target the gaming industry, technology firms, and educational institutions in China. HTTPBot is a Go-based botnet first detected in August 2024, however, its activity surged by April 2025. The botnet…
-
New HTTPBot Botnet Launches 200+ Precision DDoS Attacks on Gaming and Tech Sectors
Cybersecurity researchers are calling attention to a new botnet malware called HTTPBot that has been used to primarily single out the gaming industry, as well as technology companies and educational institutions in China.”Over the past few months, it has expanded aggressively, continuously leveraging infected devices to launch external attacks,” NSFOCUS said in a report published…
-
Critical Samsung MagicINFO flaw tapped for Mirai botnet distribution patched
First seen on scworld.com Jump to article: www.scworld.com/brief/critical-samsung-magicinfo-flaw-tapped-for-mirai-botnet-distribution-patched
-
Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit
Samsung has released software updates to address a critical security flaw in MagicINFO 9 Server that has been actively exploited in the wild.The vulnerability, tracked as CVE-2025-4632 (CVSS score: 9.8), has been described as a path traversal flaw.”Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052…
-
New HTTPBot Botnet Rapidly Expands to Target Windows Machines
The HTTPBot Botnet, a novel Trojan developed in the Go programming language, has seen a sharp rise in activity since its first detection in August 2024. According to the latest findings from NSFOCUS Fuying Lab’s Global Threat Hunting system, HTTPBot has rapidly expanded its reach, particularly in April 2025, with over 200 attack instructions issued.…
-
Anyproxy, 5socks botnets disrupted in US crackdown
Tags: botnetFirst seen on scworld.com Jump to article: www.scworld.com/brief/anyproxy-5socks-botnets-disrupted-in-us-crackdown
-
Four Hackers Caught Exploiting Old Routers as Proxy Servers
U.S. authorities unsealed charges against four foreign nationals accused of operating a global cybercrime scheme that hijacked outdated wireless routers to create malicious proxy networks. Russian nationals Alexey Viktorovich Chertkov (37), Kirill Vladimirovich Morozov (41), Aleksandr Aleksandrovich Shishkin (36), and Kazakhstani Dmitriy Rubtsov (38) face conspiracy and computer crime charges for allegedly profiting from botnets…
-
US seizes Anyproxy, 5socks botnets and indicts alleged administrators
The long-running botnet operation used malware that infected older wireless internet routers over a 20-year period, according to federal prosecutors. First seen on cyberscoop.com Jump to article: cyberscoop.com/anyproxy-5socks-botnets-seized/
-
Criminal Proxy Network Infects Thousands of IoT Devices
The criminal proxy network infected thousands of IoT and end-of-life devices, creating dangerous botnet First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/proxy-network-infects-iot-devices/
-
20-Year-Old Proxy Botnet Network Dismantled After Exploiting 1,000 Unpatched Devices Each Week
A 20-year-old criminal proxy network has been disrupted through a joint operation involving Lumen’s Black Lotus Labs, the U.S. Department of Justice, the Federal Bureau of Investigation (FBI), and the Dutch National Police. This botnet, operational since 2004 according to its own claims, exploited an average of 1,000 unique Internet of Things (IoT) and end-of-life…
-
âš¡ Weekly Recap: Zero-Day Exploits, Developer Malware, IoT Botnets, and AI-Powered Scams
What do a source code editor, a smart billboard, and a web server have in common? They’ve all become launchpads for attacks”, because cybercriminals are rethinking what counts as “infrastructure.” Instead of chasing high-value targets directly, threat actors are now quietly taking over the overlooked: outdated software, unpatched IoT devices, and open-source packages. It’s not…
-
Als Proxy missbraucht: 20 Jahre altes Router-Botnetz zerschlagen
Ein Botnetz aus Tausenden von Routern soll den Betreibern mehr als 46 Millionen US-Dollar eingebracht haben. Doch damit ist jetzt Schluss. First seen on golem.de Jump to article: www.golem.de/news/als-proxy-missbraucht-20-jahre-altes-router-botnetz-zerschlagen-2505-196100.html
-
Security Affairs newsletter Round 523 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Ascension reveals personal data of 437,329 patients exposed in cyberattack Operation Moonlander dismantled the botnet behind Anyproxy and…