Tag: botnet
-
RondoDoX Botnet Abuses React2Shell Vulnerability for Malware Deployment
Tags: attack, botnet, control, cyber, data-breach, exploit, infrastructure, iot, malware, threat, vulnerabilityCloudSEK has uncovered a sustained nine-month campaign by the RondoDoX botnet operation, revealing rapid exploitation of emerging vulnerabilities including the critical React2Shell vulnerability. Analysis of exposed command-and-control logs spanning March through December 2025 demonstrates how threat actors swiftly adapted attack infrastructure following public disclosure, pivoting from traditional IoT targets to weaponizing Next.js applications within days…
-
ThreatsDay Bulletin: GhostAd Drain, macOS Attacks, Proxy Botnets, Cloud Exploits, and 12+ Stories
The first ThreatsDay Bulletin of 2026 lands on a day that already feels symbolic, new year, new breaches, new tricks. If the past twelve months taught defenders anything, it’s that threat actors don’t pause for holidays or resolutions. They just evolve faster. This week’s round-up shows how subtle shifts in behavior, from code tweaks to…
-
React2Shell under attack: RondoDox Botnet spreads miners and malware
RondoDox botnet exploits the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers. CloudSEK researchers warn that the RondoDox botnet is exploiting the critical React2Shell flaw (CVE-2025-55182) to drop malware and cryptominers on vulnerable Next.js servers. >>CloudSEK’s report details a persistent nine-month RondoDoX botnet campaign targeting IoT devices and web applications. Recently, the…
-
RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers
Cybersecurity researchers have disclosed details of a persistent nine-month-long campaign that has targeted Internet of Things (IoT) devices and web applications to enroll them into a botnet known as RondoDox.As of December 2025, the activity has been observed leveraging the recently disclosed React2Shell (CVE-2025-55182, CVSS score: 10.0) flaw as an initial access vector, CloudSEK said…
-
RondoDox botnet exploits React2Shell flaw to breach Next.js servers
The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/rondodox-botnet-exploits-react2shell-flaw-to-breach-nextjs-servers/
-
React2Shell: Anatomy of a max-severity flaw that sent shockwaves through the web
What the research quickly agreed on: Across early reports from Wiz, Palo Alto Networks’ Unit 42, Google AWS, and others, there was a strong alignment on the core mechanics of React2Shell. Researchers independently confirmed that the flaw lives inside React’s server-side rendering pipeline and stems from unsafe deserialization in the protocol used to transmit component…
-
Interpol sweep takes down cybercrooks in 19 countries
Tags: access, antivirus, attack, botnet, business, china, cyber, cyberattack, cybercrime, cybersecurity, data, defense, email, encryption, finance, fraud, group, incident response, infrastructure, intelligence, international, interpol, law, malicious, malware, microsoft, ransomware, russia, scam, service, theft, threatA ‘very good thing’: The fact that the same operation broke ransomware operations and a business email compromise (BEC) operation is “unique,” said DiMaggio, because most people think of Africa as the source of BEC and fraud scams.The fact that authorities are working to disrupt ransomware operations in Africa before they grow to the size…
-
Massive Android botnet Kimwolf infects millions, strikes with DDoS
The Kimwolf Android botnet has infected 1.8M+ devices, launching massive DDoS attacks and boosting its C&C domain, says XLab. Kimwolf is a newly discovered Android botnet linked to the Aisuru botnet that has infected over 1.8 million devices and issued more than 1.7 billion DDoS attack commands, according to XLab. On October 24, 2025, XLab…
-
Kimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS Attacks
A new distributed denial-of-service (DDoS) botnet known as Kimwolf has enlisted a massive army of no less than 1.8 million infected devices comprising Android-based TVs, set-top boxes, and tablets, and may be associated with another botnet known as AISURU, according to findings from QiAnXin XLab.”Kimwolf is a botnet compiled using the NDK [Native Development Kit],”…
-
The Rise of Precision Botnets in DDoS
For a long time, DDoS attacks were easy to recognize. They were loud, messy, and built on raw throughput. Attackers controlled massive botnets and flooded targets until bandwidth or infrastructure collapsed. It was mostly a scale problem, not an engineering one. That era is ending. A quieter and far more refined threat has taken its……
-
Attackers Worldwide are Zeroing In on React2Shell Vulnerability
Bad actors that include nation-state groups to financially-motivated cybercriminals from across the globe are targeting the maximum-severity but easily exploitable React2Shell flaw, with threat researchers see everything from probes and backdoors to botnets and cryptominers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/attackers-worldwide-are-zeroing-in-on-react2shell-vulnerability/
-
Attackers Worldwide are Zeroing In on React2Shell Vulnerability
Bad actors that include nation-state groups to financially-motivated cybercriminals from across the globe are targeting the maximum-severity but easily exploitable React2Shell flaw, with threat researchers see everything from probes and backdoors to botnets and cryptominers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/attackers-worldwide-are-zeroing-in-on-react2shell-vulnerability/
-
Broadside Mirai Botnet Hijacks Ship Cameras for DDoS
The Broadside Mirai variant exploits vulnerable maritime DVRs to gain stealthy access and threaten global shipping. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/broadside-mirai-botnet-hijacks-ship-cameras-for-ddos/
-
Broadside botnet hits TBK DVRs, raising alarms for maritime logistics
Mirai-based Broadside botnet targets vulnerable TBK Vision DVRs, posing a potential threat to the maritime logistics sector, Cydome warns. Cydome researchers have identified a new Mirai botnet variant dubbed Broadside that is targeting the maritime logistics sector by exploiting thecommand injection vulnerabilityCVE-2024-3721 in TBK DVR devices used on vessels. >>Cydome’s Cybersecurity Research Team has identified…
-
New Variant of Mirai Botnet ‘Broadside’ Launches Active Attacks on Users
Cydome’s Cybersecurity Research Team has uncovered a sophisticated new variant of the notorious Mirai botnet, designated as >>Broadside,
-
Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks
A critical security flaw in the Sneeit Framework plugin for WordPress is being actively exploited in the wild, per data from Wordfence.The remote code execution vulnerability in question is CVE-2025-6389 (CVSS score: 9.8), which affects all versions of the plugin prior to and including 8.3. It has been patched in version 8.4, released on August…
-
New Stealthy Linux Malware Merges Mirai-based DDoS Botnet with Fileless Cryptominer
Cybersecurity researchers uncover a sophisticated Linux campaign that blends legacy botnet capabilities with modern evasion techniques. A newly discovered Linux malware campaign is demonstrating the evolving sophistication of threat actors by combining Mirai-derived distributed denial-of-service (DDoS) functionality with a stealthy, fileless cryptocurrency mining operation. According to research from Cyble Research & Intelligence Labs (CRIL), the…
-
DDoS attack volume rises in Q3, fueled by Aisuru botnet
A report by Cloudflare also shows a surge in attacks targeting AI companies. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ddos-rises-q3-aisuru-botnet-record-attack/806922/
-
Aisuru Botnet Shatters Records With 29.7 Tbps DDoS Attack
The Aisuru botnet’s massive DDoS assault marks a new era in which hyper-volumetric attacks are both accessible and harder to defend. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/aisuru-botnet-shatters-records-with-29-7-tbps-ddos-attack/
-
Cloudflare Blocks Aisuru Botnet Powered Largest Ever 29.7 Tbps DDoS Attack
Cloudflare’s Q3 2025 DDoS Threat Report reveals the Aisuru botnet launched a record 29.7 Tbps attack. Learn which sectors were the most targeted, and the key drivers behind the surge in attacks. First seen on hackread.com Jump to article: hackread.com/cloudflare-aisuru-botnet-ddos-attack/
-
Aisuru botnet turns Q3 into a terabit-scale stress test for the entire internet
Cloudflare data shows 29.7 Tbps record-breaker landed amid 87% surge in network-layer attacks First seen on theregister.com Jump to article: www.theregister.com/2025/12/04/cloudflare_aisuru_botnet/
-
Neuer DDoS-Rekord: Riesiges Botnetz attackiert mit beispielloser Datenflut
Das Aisuru-Botnetz wächst rasant und befeuert Onlinedienste mit immer größeren Datenfluten. Es hat abermals einen neuen DDoS-Rekord aufgestellt. First seen on golem.de Jump to article: www.golem.de/news/neuer-ddos-rekord-aisuru-botnetz-attackiert-mit-nie-dagewesenen-datenfluten-2512-202900.html
-
Neuer DDoS-Rekord: Riesiges Botnetz attackiert mit beispielloser Datenflut
Das Aisuru-Botnetz wächst rasant und befeuert Onlinedienste mit immer größeren Datenfluten. Es hat abermals einen neuen DDoS-Rekord aufgestellt. First seen on golem.de Jump to article: www.golem.de/news/neuer-ddos-rekord-aisuru-botnetz-attackiert-mit-nie-dagewesenen-datenfluten-2512-202900.html
-
Cloudflare mitigates record 29.7 Tbps DDoS attack by the AISURU botnet
Cloudflare blocked a record 29.7 Tbps DDoS attack from the AISURU botnet. The 69-second attack set a new high, though the target remains undisclosed. Cloudflare stopped a record 29.7 Tbps DDoS attack from the AISURU botnet, a 69-second barrage that set a new volume record. The cybersecurity firm did not disclose the name of the…
-
Neuer DDoS-Rekord: Aisuru-Botnetz attackiert mit nie dagewesenen Datenfluten
Das Aisuru-Botnetz wächst rasant und befeuert Onlinedienste mit immer größeren Datenfluten. Es hat abermals einen neuen DDoS-Rekord aufgestellt. First seen on golem.de Jump to article: www.golem.de/news/neuer-ddos-rekord-aisuru-botnetz-attackiert-mit-nie-dagewesenen-datenfluten-2512-202900.html
-
Aisuru-Botnet auf dem Vormarsch – KI-Unternehmen im Visier
DDoS-Angriffe haben auch im vergangenen Quartal rasant an Komplexität und Umfang zugenommen. Viele Unternehmen haben Schwierigkeiten, mit dieser sich ständig weiterentwickelnden Bedrohungslage Schritt zu halten. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/aisuru-botnet-auf-dem-vormarsch-ki-unternehmen-im-visier/a43062/
-
Record 29.7 Tbps DDoS Attack Linked to AISURU Botnet with up to 4 Million Infected Hosts
Cloudflare on Wednesday said it detected and mitigated the largest ever distributed denial-of-service (DDoS) attack that measured at 29.7 terabits per second (Tbps).The activity, the web infrastructure and security company said, originated from a DDoS botnet-for-hire known as AISURU, which has been linked to a number of hyper-volumetric DDoS attacks over the past year. The…