Tag: botnet
-
2M Devices at Risk as Kimwolf Botnet Abuses Proxy Networks
The Kimwolf botnet is abusing residential proxies to spread through consumer devices, putting roughly two million systems at risk worldwide. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/2m-devices-at-risk-as-kimwolf-botnet-abuses-proxy-networks/
-
Kimwolf botnet leverages residential proxies to hijack 2M+ Android devices
The Kimwolf botnet has infected over 2 million Android devices, spreading mainly through residential proxy networks, researchers say. The Kimwolf botnet has compromised more than 2 million Android devices, spreading primarily via residential proxy networks, according to cybersecurity firm Synthient. Kimwolf is a newly discovered Android botnet linked to the Aisuru botnet that has infected over 1.8…
-
RondoDox Botnet Expands Scope With React2Shell Exploitation
Recent attacks are targeting Next.js servers and pose a significant threat of cryptomining, botnet payloads, and other malicious activity to IoT networks and enterprises. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/rondodox-botnet-scope-react2shell-exploitation
-
RondoDox Botnet Expands Scope With React2Shell Exploitation
Recent attacks are targeting Next.js servers and pose a significant threat of cryptomining, botnet payloads, and other malicious activity to IoT networks and enterprises. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/rondodox-botnet-scope-react2shell-exploitation
-
Kimwolf Botnet Exploits 2 Million Devices to Build a Global Proxy Infrastructure
A massive new botnet dubbed >>Kimwolf
-
RondoDox Botnet is Using React2Shell to Hijack Thousands of Unpatched Devices
RondoDox hackers exploit the React2Shell flaw in Next.js to target 90,000+ devices, including routers, smart cameras, and small business websites. First seen on hackread.com Jump to article: hackread.com/rondodox-botnet-react2shell-hijack-unpatched-devices/
-
RondoDox Botnet Exploiting Devices With React2Shell Flaw
The Campaign Compromises Open-Source Vulnerability to Hack IoT Devices at Scale. Security firm CloudSEK has uncovered a botnet campaign that is exploiting the React2Shell vulnerability in the Meta-developed, open-source React framework across a variety of devices since December. The security firm attributed the campaign to RondoDox. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/rondodox-botnet-exploiting-devices-react2shell-flaw-a-30436
-
RondoDoX Botnet Abuses React2Shell Vulnerability for Malware Deployment
Tags: attack, botnet, control, cyber, data-breach, exploit, infrastructure, iot, malware, threat, vulnerabilityCloudSEK has uncovered a sustained nine-month campaign by the RondoDoX botnet operation, revealing rapid exploitation of emerging vulnerabilities including the critical React2Shell vulnerability. Analysis of exposed command-and-control logs spanning March through December 2025 demonstrates how threat actors swiftly adapted attack infrastructure following public disclosure, pivoting from traditional IoT targets to weaponizing Next.js applications within days…
-
ThreatsDay Bulletin: GhostAd Drain, macOS Attacks, Proxy Botnets, Cloud Exploits, and 12+ Stories
The first ThreatsDay Bulletin of 2026 lands on a day that already feels symbolic, new year, new breaches, new tricks. If the past twelve months taught defenders anything, it’s that threat actors don’t pause for holidays or resolutions. They just evolve faster. This week’s round-up shows how subtle shifts in behavior, from code tweaks to…
-
React2Shell under attack: RondoDox Botnet spreads miners and malware
RondoDox botnet exploits the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers. CloudSEK researchers warn that the RondoDox botnet is exploiting the critical React2Shell flaw (CVE-2025-55182) to drop malware and cryptominers on vulnerable Next.js servers. >>CloudSEK’s report details a persistent nine-month RondoDoX botnet campaign targeting IoT devices and web applications. Recently, the…
-
RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers
Cybersecurity researchers have disclosed details of a persistent nine-month-long campaign that has targeted Internet of Things (IoT) devices and web applications to enroll them into a botnet known as RondoDox.As of December 2025, the activity has been observed leveraging the recently disclosed React2Shell (CVE-2025-55182, CVSS score: 10.0) flaw as an initial access vector, CloudSEK said…
-
RondoDox botnet exploits React2Shell flaw to breach Next.js servers
The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/rondodox-botnet-exploits-react2shell-flaw-to-breach-nextjs-servers/
-
React2Shell: Anatomy of a max-severity flaw that sent shockwaves through the web
What the research quickly agreed on: Across early reports from Wiz, Palo Alto Networks’ Unit 42, Google AWS, and others, there was a strong alignment on the core mechanics of React2Shell. Researchers independently confirmed that the flaw lives inside React’s server-side rendering pipeline and stems from unsafe deserialization in the protocol used to transmit component…
-
Interpol sweep takes down cybercrooks in 19 countries
Tags: access, antivirus, attack, botnet, business, china, cyber, cyberattack, cybercrime, cybersecurity, data, defense, email, encryption, finance, fraud, group, incident response, infrastructure, intelligence, international, interpol, law, malicious, malware, microsoft, ransomware, russia, scam, service, theft, threatA ‘very good thing’: The fact that the same operation broke ransomware operations and a business email compromise (BEC) operation is “unique,” said DiMaggio, because most people think of Africa as the source of BEC and fraud scams.The fact that authorities are working to disrupt ransomware operations in Africa before they grow to the size…
-
Massive Android botnet Kimwolf infects millions, strikes with DDoS
The Kimwolf Android botnet has infected 1.8M+ devices, launching massive DDoS attacks and boosting its C&C domain, says XLab. Kimwolf is a newly discovered Android botnet linked to the Aisuru botnet that has infected over 1.8 million devices and issued more than 1.7 billion DDoS attack commands, according to XLab. On October 24, 2025, XLab…
-
Kimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS Attacks
A new distributed denial-of-service (DDoS) botnet known as Kimwolf has enlisted a massive army of no less than 1.8 million infected devices comprising Android-based TVs, set-top boxes, and tablets, and may be associated with another botnet known as AISURU, according to findings from QiAnXin XLab.”Kimwolf is a botnet compiled using the NDK [Native Development Kit],”…
-
The Rise of Precision Botnets in DDoS
For a long time, DDoS attacks were easy to recognize. They were loud, messy, and built on raw throughput. Attackers controlled massive botnets and flooded targets until bandwidth or infrastructure collapsed. It was mostly a scale problem, not an engineering one. That era is ending. A quieter and far more refined threat has taken its……
-
Attackers Worldwide are Zeroing In on React2Shell Vulnerability
Bad actors that include nation-state groups to financially-motivated cybercriminals from across the globe are targeting the maximum-severity but easily exploitable React2Shell flaw, with threat researchers see everything from probes and backdoors to botnets and cryptominers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/attackers-worldwide-are-zeroing-in-on-react2shell-vulnerability/
-
Attackers Worldwide are Zeroing In on React2Shell Vulnerability
Bad actors that include nation-state groups to financially-motivated cybercriminals from across the globe are targeting the maximum-severity but easily exploitable React2Shell flaw, with threat researchers see everything from probes and backdoors to botnets and cryptominers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/attackers-worldwide-are-zeroing-in-on-react2shell-vulnerability/
-
Broadside Mirai Botnet Hijacks Ship Cameras for DDoS
The Broadside Mirai variant exploits vulnerable maritime DVRs to gain stealthy access and threaten global shipping. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/broadside-mirai-botnet-hijacks-ship-cameras-for-ddos/
-
Broadside botnet hits TBK DVRs, raising alarms for maritime logistics
Mirai-based Broadside botnet targets vulnerable TBK Vision DVRs, posing a potential threat to the maritime logistics sector, Cydome warns. Cydome researchers have identified a new Mirai botnet variant dubbed Broadside that is targeting the maritime logistics sector by exploiting thecommand injection vulnerabilityCVE-2024-3721 in TBK DVR devices used on vessels. >>Cydome’s Cybersecurity Research Team has identified…
-
New Variant of Mirai Botnet ‘Broadside’ Launches Active Attacks on Users
Cydome’s Cybersecurity Research Team has uncovered a sophisticated new variant of the notorious Mirai botnet, designated as >>Broadside,
-
Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks
A critical security flaw in the Sneeit Framework plugin for WordPress is being actively exploited in the wild, per data from Wordfence.The remote code execution vulnerability in question is CVE-2025-6389 (CVSS score: 9.8), which affects all versions of the plugin prior to and including 8.3. It has been patched in version 8.4, released on August…
-
New Stealthy Linux Malware Merges Mirai-based DDoS Botnet with Fileless Cryptominer
Cybersecurity researchers uncover a sophisticated Linux campaign that blends legacy botnet capabilities with modern evasion techniques. A newly discovered Linux malware campaign is demonstrating the evolving sophistication of threat actors by combining Mirai-derived distributed denial-of-service (DDoS) functionality with a stealthy, fileless cryptocurrency mining operation. According to research from Cyble Research & Intelligence Labs (CRIL), the…
-
DDoS attack volume rises in Q3, fueled by Aisuru botnet
A report by Cloudflare also shows a surge in attacks targeting AI companies. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ddos-rises-q3-aisuru-botnet-record-attack/806922/
-
Aisuru Botnet Shatters Records With 29.7 Tbps DDoS Attack
The Aisuru botnet’s massive DDoS assault marks a new era in which hyper-volumetric attacks are both accessible and harder to defend. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/aisuru-botnet-shatters-records-with-29-7-tbps-ddos-attack/
-
Cloudflare Blocks Aisuru Botnet Powered Largest Ever 29.7 Tbps DDoS Attack
Cloudflare’s Q3 2025 DDoS Threat Report reveals the Aisuru botnet launched a record 29.7 Tbps attack. Learn which sectors were the most targeted, and the key drivers behind the surge in attacks. First seen on hackread.com Jump to article: hackread.com/cloudflare-aisuru-botnet-ddos-attack/