Tag: botnet
-
Weekly Recap: Outlook Add-Ins Hijack, 0-Day Patches, Wormable Botnet & AI Malware
This week’s recap shows how small gaps are turning into big entry points. Not always through new exploits, often through tools, add-ons, cloud setups, or workflows that people already trust and rarely question.Another signal: attackers are mixing old and new methods. Legacy botnet tactics, modern cloud abuse, AI assistance, and supply-chain exposure are being used…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 84
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Stan Ghouls targeting Russia and Uzbekistan with NetSupport RAT Breaking Down ZeroDayRAT New Spyware Targeting Android and iOS Old-School IRC, New Victims: Inside the Newly Discovered SSHStalker Linux Botnet Reynolds: Defense Evasion Capability […]…
-
Feiniu NAS Devices Hit in Massive Netdragon Botnet Attack Exploiting Unpatched Vulnerabilities
Tags: attack, backdoor, botnet, cyber, ddos, exploit, infrastructure, malware, network, vulnerabilityFeiniu fnOS network-attached storage (NAS) devices have been pulled into a large Netdragon botnet after attackers exploited still-unpatched vulnerabilities, turning home and small”‘business storage into infrastructure for DDoS attacks.”‹ The malware opens an HTTP backdoor on port 57132, letting attackers run arbitrary system commands remotely via crafted GET requests to the /api path. Using traffic fingerprints from…
-
Kimwolf Botnet Swamps Anonymity Network I2P
For the past week, the massive “Internet of Things” (IoT) botnet known as Kimwolf has been disrupting the The Invisible Internet Project (I2P), a decentralized, encrypted communications network designed to anonymize and secure online communications. I2P users started reporting disruptions in the network around the same time the Kimwolf botmasters began relying on it to…
-
New Linux botnet SSHStalker uses old-school IRC for C2 comms
A newly documented Linux botnet named SSHStalker is using the IRC (Internet Relay Chat) communication protocol for command-and-control (C2) operations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-linux-botnet-sshstalker-uses-old-school-irc-for-c2-comms/
-
Windows shortcut weaponized in Phorpiex-linked ransomware campaign
Phorpiex as the distribution layer: Forcepoint attributed the email distribution in this campaign to the Phorpiex botnet, also known as Trik. Phorpiex has been operating for more than a decade and is known for maintaining a large global footprint capable of delivering spam at scale. In this campaign, infected systems within the botnet are used…
-
Windows shortcut weaponized in Phorpiex-linked ransomware campaign
Phorpiex as the distribution layer: Forcepoint attributed the email distribution in this campaign to the Phorpiex botnet, also known as Trik. Phorpiex has been operating for more than a decade and is known for maintaining a large global footprint capable of delivering spam at scale. In this campaign, infected systems within the botnet are used…
-
Attackers Weaponize Windows Shortcut Files to Deploy Global Group Ransomware
A high-volume phishing campaign leveraging the Phorpiex botnet has been distributing GLOBAL GROUP ransomware through weaponized Windows shortcut files. The attack begins with an email attachment named Document.doc.lnk. Windows’ default behavior of hiding known file extensions makes this shortcut appear as a legitimate Word document to unsuspecting users. Attackers enhance deception by borrowing icons from…
-
GoBruteforcer – Botnetz nutzt schwache Passwörter für Angriffe auf Webserver
First seen on security-insider.de Jump to article: www.security-insider.de/gobruteforcer-botnetz-angriffe-linux-webserver-a-20f0c9bfd20c7b62612537e2a98d9199/
-
UK Construction Firm Hit by Prometei Botnet Hiding in Windows Server
Cybersecurity firm eSentire’s TRU break down the Russian Prometei botnet attack on a UK firm, detailing its TOR usage, password theft and decoy tactics. First seen on hackread.com Jump to article: hackread.com/uk-construction-firm-prometei-botnet-windows-server/
-
DDoS deluge: Brit biz battered as botnet blitzes break records
UK leaps to sixth in global flood charts as mega-swarm unleashes 31.4 Tbps Yuletide pummeling First seen on theregister.com Jump to article: www.theregister.com/2026/02/06/uk_climbs_up_ddos_hit/
-
Record-breaking 31.4 Tbps DDoS attack hits in November 2025, stopped by Cloudflare
AISURU/Kimwolf botnet hit a record 31.4 Tbps DDoS attack lasting 35 seconds in Nov 2025, which Cloudflare automatically detected and blocked. The AISURU/Kimwolf botnet was linked to a record-breaking DDoS attack that peaked at 31.4 Tbps and lasted just 35 seconds. Cloudflare said the November 2025 incident was part of a surge in hyper-volumetric HTTP…
-
AI Threats, Botnets, and Cloud Exploits Define This Week’s Cyber Risks
Weekly summary of Cybersecurity Insider newsletters First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/weekly-roundup/ai-threats-botnets-and-cloud-exploits-define-this-weeks-cyber-risks/
-
10,000+ Active Infections Traced to SystemBC Botnet
Researchers identified over 10,000 active infections linked to the SystemBC proxy malware. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/10000-active-infections-traced-to-systembc-botnet/
-
AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack
The distributed denial-of-service (DDoS) botnet known as AISURU/Kimwolf has been attributed to a record-setting attack that peaked at 31.4 Terabits per second (Tbps) and lasted only 35 seconds.Cloudflare, which automatically detected and mitigated the activity, said it’s part of a growing number of hyper-volumetric HTTP DDoS attacks mounted by the botnet in the fourth quarter…
-
Global SystemBC Botnet Found Active Across 10,000 Infected Systems
SystemBC malware linked to 10,000 infected IPs, posing risks to sensitive government infrastructure First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/global-systembc-botnet-10000/
-
Polish cops bail 20-year-old bedroom botnet operator
Tags: botnetDDoSer of ‘strategically important’ websites admitted to most charges First seen on theregister.com Jump to article: www.theregister.com/2026/02/03/polish_cops_ddos_arrest/
-
IPIDEA Proxy Network Dismantled: Global Cybercrime and Botnet Risks Exposed
Researchers have found what they believe is one of the world’s largest residential proxy networks: the IPIDEA proxy operation. The action targeted a little-known but deeply embedded component of the online ecosystem that has been quietly enabling large-scale cybercrime, espionage, and botnet activity. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/ipidea-proxy-residential-network-disruption/
-
âš¡ Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats
Every week brings new discoveries, attacks, and defenses that shape the state of cybersecurity. Some threats are stopped quickly, while others go unseen until they cause real damage.Sometimes a single update, exploit, or mistake changes how we think about risk and protection. Every incident shows how defenders adapt, and how fast attackers try to stay…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 82
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter KONNI Adopts AI to Generate PowerShell Backdoors Who Operates the Badbox 2.0 Botnet? Weaponized in China, Deployed in India: The SyncFuture Espionage Targeted Campaign Android Trojan Campaign Uses Hugging Face Hosting for RAT Payload…
-
Aisuru botnet sets new record with 31.4 Tbps DDoS attack
The Aisuru/Kimwolf botnet launched a new massive distributed denial of service (DDoS) attack in December 2025, peaking at 31.4 Tbps and 200 million requests per second. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/aisuru-botnet-sets-new-record-with-314-tbps-ddos-attack/
-
Hackers Exploit React2Shell Vulnerability to Deploy Miners and Botnets Worldwide
Threat actors have been actively exploiting a critical vulnerability in React Server Components, tracked as CVE-2025-55182 and commonly referred to as React2Shell, to compromise systems across multiple industry sectors worldwide. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cve-2025-55182-react2shell-active-exploitation/
-
Botnet Spotlight: Pressure rises on botnets, but the fight is far from over
Momentum is building in the fight against botnets, as network operators and law enforcement ramp up crackdowns on botnet infrastructure, malware, and bulletproof hosting providers. While major takedowns show progress, cybercriminals are still adapting, learn more in this latest edition of the Botnet Spotlight. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/botnet-spotlight-pressure-rises-on-botnets-but-the-fight-is-far-from-over/
-
Critical Vivotek Flaw Enables Remote Arbitrary Code Execution
Tags: ai, botnet, cctv, cve, cyber, flaw, injection, intelligence, iot, reverse-engineering, vulnerabilityAkamai’s Security Intelligence and Response Team (SIRT) uncovered a serious command injection vulnerability in legacy Vivotek IoT camera firmware. Tracked as CVE-2026-22755, the flaw lets remote attackers inject and run arbitrary code as root without authentication. Researchers used AI-driven reverse engineering to find it, confirming impact on dozens of older camera models. This boosts botnet…
-
What’s On the Tube Or Rather in the Tube: Kimwolf Targets Android-based TVs and Streaming Devices
Kimwolf botnet exploits smart gadgets for DDoS attacks, highlighting security lapses in device protection and supply chains. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/whats-on-the-tube-or-rather-in-the-tube-kimwolf-targets-android-based-tvs-and-streaming-devices/
-
Kritische Schwachstelle in HPE-Oneview ausgenutzt
Check Point Research (CPR), die Sicherheitsforschungs-abteilung von Check Point Software Technologies, hat eine aktive und koordinierte Exploit-Kampagne identifiziert, die auf eine kritische Sicherheitslücke in HPE-Oneview abzielt: CVE-2025-37164 ermöglicht die Ausführung von Remote-Code. Check Point hat derartige Aktivitäten in seiner Telemetrie beobachtet und dem Rondodox-Botnetz zugeschrieben. Die Kampagne stellt eine deutliche Eskalation dar: von frühen Sondierungsoperationen…
-
RondoDox Botnet Targets HPE OneView Vulnerability in Exploitation Wave
Check Point Research has reported a surge in attacks on a vulnerability in HPE OneView, driven by the Linux-based RondoDox botnet First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/rondodox-botnet-targets-hpe/
-
Lumen disrupts AISURU and Kimwolf botnet by blocking over 550 C2 servers
Lumen’s Black Lotus Labs blocked over 550 C2 servers tied to the AISURU/Kimwolf botnet used for DDoS attacks and proxy abuse. Lumen’s Black Lotus Labs disrupted over 550 command-and-control servers linked to the AISURU and Kimwolf botnet, a major network used for DDoS attacks and proxy abuse. Acting as a DDoS-for-hire service, Aisuru avoids government…
-
Kimwolf botnet’s swift rise to 2M infected devices agitates security researchers
The botnet took an unusual path by abusing residential proxy networks, allowing it to control an untapped collection of unofficial Android TV devices. First seen on cyberscoop.com Jump to article: cyberscoop.com/kimwolf-aisuru-botnet-lumen-technologies/