Tag: botnet
-
RapperBot Targets DVRs to Hijack Surveillance Cameras and Record Video
When the NICT CSRI analysis team presented their three-year investigation into the RapperBot virus at Botconf 1, an international conference on botnets and malware hosted in Angers, France in May 2025, they made a startling discovery. This Mirai variant has evolved into a sophisticated threat specifically targeting Digital Video Recorders (DVRs), devices connected to surveillance…
-
Chinese “LapDogs” ORB Network Targets US and Asia
SecurityScorecard has discovered a covert cyber-espionage botnet dubbed “LapDogs” linked to China First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chinese-lapdogs-orb-network/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 50
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet Predator Still Active, with New Client and Corporate Links Identified Threat Group Targets Companies in Taiwan Feeling Blue(Noroff): Inside a Sophisticated DPRK Web3 Intrusion Anubis: A…
-
Prometei Botnet Targets Linux Servers for Cryptocurrency Mining Operations
Unit 42 researchers from Palo Alto Networks have identified a renewed wave of attacks by the Prometei botnet, specifically targeting Linux servers, as of March 2025. Initially discovered in July 2020 with a focus on Windows systems, Prometei has since evolved, with its Linux variant gaining prominence since December 2020. Resurgence of a Persistent Threat…
-
AntiDot 31 Android Botnet Malware Grants Attackers Full Control Over Victim Devices
A new Android botnet malware named AntiDot has emerged as a formidable threat, granting cybercriminals unprecedented control over infected devices. Operated and sold by LARVA-398 as a Malware-as-a-Service (MaaS) on underground forums like XSS, AntiDot is marketed as a >>3-in-1
-
FBI warnt vor BadBox-2.0-Botnetz – Millionen Android-Geräte mit vorinstallierter Malware ausgeliefert
First seen on security-insider.de Jump to article: www.security-insider.de/badbox-2-malware-auf-android-geraeten-a-b7893e69dd61db58f22c914d108f946e/
-
Flodrix botnet deployed via Langflow security issue
Tags: botnetFirst seen on scworld.com Jump to article: www.scworld.com/brief/flodrix-botnet-deployed-via-langflow-security-issue
-
Critical Zyxel vulnerability under active exploitation after long period of quiet
Researchers say a sudden burst of activity could be linked to a Mirai botnet variant. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/vulnerability-zyxel-exploitation/750922/
-
Hackers Exploit Critical Langflow Flaw to Unleash Flodrix Botnet
A vulnerability in the popular Python-based tool for building AI agents and workflows is under active exploitation, allowing for full system compromise, DDoS attacks, and potential loss or theft of sensitive data First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/hackers-exploit-langflow-flaw-flodrix-botnet
-
New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks
Tags: ai, attack, botnet, cybersecurity, ddos, exploit, flaw, malware, rce, remote-code-execution, vulnerabilityCybersecurity researchers have called attention to a new campaign that’s actively exploiting a recently disclosed critical security flaw in Langflow to deliver the Flodrix botnet malware.”Attackers use the vulnerability to execute downloader scripts on compromised Langflow servers, which in turn fetch and install the Flodrix malware,” Trend Micro researchers Aliakbar Zahravi, Ahmed Mohamed First seen…
-
Hackers Weaponize Langflow Vulnerability to Launch Flodrix Botnet
Tags: ai, botnet, cve, cvss, cyber, cybercrime, exploit, flaw, framework, hacker, remote-code-execution, vulnerabilityA critical security flaw in Langflow, a widely adopted Python-based AI prototyping framework, is being actively exploited by cybercriminals to deploy the rapidly evolving Flodrix botnet. Security researchers have confirmed that attackers are exploiting CVE-2025-3248, a remote code execution (RCE) vulnerability rated 9.8 on the CVSS scale, to compromise unpatched Langflow servers and enlist them…
-
Week in review: Microsoft fixes exploited zero-day, Mirai botnets target unpatched Wazuh servers
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes zero-day exploited for cyber espionage (CVE-2025-33053) For … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/15/week-in-review-microsoft-fixes-exploited-zero-day-mirai-botnets-target-unpatched-wazuh-servers/
-
Mirai Botnets Exploit Flaw in Wazuh Security Platform
The two campaigns are good examples of the ever-shrinking time-to-exploit timelines that botnet operators have adopted for newly published CVEs. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/mirai-botnets-exploit-wazuh-security-platform
-
CISO who helped unmask Badbox warns: Version 3 is coming
The botnet’s still alive and evolving First seen on theregister.com Jump to article: www.theregister.com/2025/06/11/badbox_round_three/
-
Mirai botnet weaponizes PoC to exploit Wazuh open-source XDR flaw
Two Mirai variants integrate the exploit: The first botnet exploiting CVE-2025-24016 was detected by Akamai in March and used a proof-of-concept (PoC) exploit that was published for the vulnerability in late February. That exploit targets the /security/user/authenticate/run_as API endpoint.The second botnet was detected in early May and targeted the /Wazuh endpoint, but the exploit payload…
-
Two Mirai Botnets, Lzrd and Resgod Spotted Exploiting Wazuh Flaw
Akamai’s latest report reveals two Mirai botnets exploiting the critical CVE-2025-24016 flaw in Wazuh. Learn about these fast-spreading IoT threats and urgent patching advice. First seen on hackread.com Jump to article: hackread.com/two-mirai-botnets-lzrd-resgod-exploiting-wazuh-flaw/
-
Mirai botnets deployed via Wazuh Server exploit
First seen on scworld.com Jump to article: www.scworld.com/brief/mirai-botnets-deployed-via-wazuh-server-exploit
-
Critical Wazuh bug exploited in growing Mirai botnet infection
The open-source XDR/SIEM provider’s servers are in other botnets’ crosshairs too First seen on theregister.com Jump to article: www.theregister.com/2025/06/10/critical_wazuh_bug_exploited_in/
-
Mirai botnets exploit Wazuh RCE, Akamai warned
Tags: botnet, compliance, cve, data, detection, exploit, flaw, open-source, rce, remote-code-execution, threat, vulnerabilityMirai botnets are exploiting CVE-2025-24016, a critical remote code execution flaw in Wazuh servers, Akamai warned. Akamai researchers warn that multiple Mirai botnets exploit the critical remote code execution vulnerability CVE-2025-24016 (CVSS score of 9.9) affecting Wazuh servers. Wazuh is an open-source security platform used for threat detection, intrusion detection, log data analysis, and compliance…
-
Unpatched Wazuh servers targeted by Mirai botnets (CVE-2025-24016)
Two Mirai botnets are exploiting a critical remote code execution vulnerability (CVE-2025-24016) in the open-source Wazuh XDR/SIEM platform, Akamai researchers have warned. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/10/unpatched-wazuh-servers-targeted-by-mirai-botnets-cve-2025-24016/
-
Aufbau eines Botnets? – Tausende Asus-Router durch Backdoor kompromittiert
First seen on security-insider.de Jump to article: www.security-insider.de/asus-router-angriff-botnetz-vorbereitung-a-70ee525d302b84a03049426a5af80aec/
-
Mirai Botnet Variant Exploits DVR Flaw to Build Swarm
A Mirai Offshoot Uses DVR Command Injection Bug to Spread, Hitting 50,000 Devices. A Mirai botnet malware variant is targeting a command injection vulnerability in internet-connected digital video recorders used for CCTV surveillance, enabling attackers to take control of the devices and add them to a botnet. A security researcher first identified the vulnerability in…
-
TBK DVRs targeted by updated Mirai botnet
Tags: botnetFirst seen on scworld.com Jump to article: www.scworld.com/brief/tbk-dvrs-targeted-by-updated-mirai-botnet
-
BadBox 2.0 Botnet Infects Million-Plus Devices, FBI Says
BadBox 2.0, which emerged two years after the initial iteration launched and a year after it was disrupted by vendors, has infected more than 1 million IoT consumer devices, prompting a warning to such systems from the FBI. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/badbox-2-0-botnet-infects-million-plus-devices-fbi-says/
-
Mirai Botnets Exploit Flaw in Unpatched Wazuh Servers
Modular Mirai Malware Code Strikes Again. No fewer than two separate Mirai botnets are on the hunt for unpatched servers hosting open source SIEM solution Wazuh, an unusual variation of hackers’ typical focus on Internet of Things devices for stringing together infected computers. Akamai dates the first campaign to March, the other to May. First…
-
Two Distinct Botnets Exploit Wazuh Server Vulnerability to Launch Mirai-Based Attacks
A now-patched critical security flaw in the Wazur Server is being exploited by threat actors to drop two different Mirai botnet variants and use them to conduct distributed denial-of-service (DDoS) attacks.Akamai, which first discovered the exploitation efforts in late March 2025, said the malicious campaign targets CVE-2025-24016 (CVSS score: 9.9), an unsafe deserialization vulnerability that…
-
New Mirai botnet targets TBK DVRs by exploiting CVE-2024-3721
A new variant of the Mirai botnet exploits CVE-2024-3721 to target DVR systems, using a new infection method. Researchers from Russian cybersecurity firm Kaspersky discovered a new variant of the Mirai botnet that exploits a command injection vulnerability (CVE-2024-3721) in TBK DVR-4104 and DVR-4216 digital video recording devices. During a review of the logs in…
-
FBI Warns Smart Home Users of Badbox 2.0 Botnet Threat
The FBI says mainly Chinese-made IoT devices pose a threat from Badbox 2.0 malware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fbi-smart-home-users-badbox-20/
-
BadBox 2.0 botnet infects millions of IoT devices worldwide, FBI warns
BadBox 2.0 malware has infected millions of IoT devices globally, creating a botnet used for cyber criminal activities, the FBI warns. The FBI published a Public Service Announcement (PSA) to warn that cybercriminals are using the BADBOX 2.0 botnet to exploit IoT devices on home networks, like streaming devices, projectors, and infotainment systems, mostly made…
-
New Mirai botnet infect TBK DVR devices via command injection flaw
A new variant of the Mirai malware botnet is exploiting a command injection vulnerability in TBK DVR-4104 and DVR-4216 digital video recording devices to hijack them. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-mirai-botnet-infect-tbk-dvr-devices-via-command-injection-flaw/