Tag: botnet
-
Smashing Security podcast #423: Operation Endgame, deepfakes, and dead slugs
In this episode of the “Smashing Security” podcast, Graham unravels Operation Endgame – the surprisingly stylish police crackdown that is seizing botnets, mocking malware authors with anime videos, and taunting cybercriminals via Telegram. And BBC cyber correspondent Joe Tidy joins us to talk about “Ctrl-Alt-Chaos”, his new book diving into the murky world of teenage…
-
LapDogs Campaign Shows Chinese Groups’ Growing Use of ORB Networks
A cyberespionage campaign called LapDogs by SecurityScorecard illustrates the growing use of ORB networks by China-nexus threat groups, which use botnet-like techniques to stay undetected while collecting information and establishing persistence in compromised networks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/lapdogs-campaign-shows-chinese-groups-growing-use-of-orb-networks/
-
Akamai Reveals New Strategies for Defenders to Combat Cryptominer Attacks
Akamai has unveiled two proactive strategies to disrupt malicious cryptominer operations, as detailed in the final installment of their Cryptominers’ Anatomy blog series. These techniques exploit the inherent design of common mining topologies, focusing on the Stratum protocol and pool policies to effectively halt botnet-driven cryptomining campaigns. Innovative Techniques Target Mining Topologies While the methods…
-
Disrupting the operations of cryptocurrency mining botnets
Cybersecurity researchers devised two attack techniques to disrupt the operations of cryptocurrency mining botnets. Akamai Researchers uncovered two novel techniques to disrupt cryptocurrency mining botnets by exploiting flaws in common mining topologies. Current methods to stop cryptocurrecy mining botnets are pool bans or infrastructure takedowns, however, both are slow and complex. Researchers developed two faster techniques exploiting…
-
Prometei botnet activity has surged since March 2025
Prometei botnet activity has surged since March 2025, with a new malware variant spreading rapidly, Palo Alto Networks reports. Palo Alto Networks warns of a spike in Prometei botnet activity since March 2025, the researchers observed a new variant spreading rapidly. Since March 2025, Prometei botnet is targeting Linux systems for Monero mining and credential…
-
Akamai proposes tool to defang cryptomining botnets
A new way of thinking: As cyber attacks evolve, it’s important for organizations to have a clear approach to how they want to respond, commented Fernando Montenegro, vice-president and cybersecurity practice lead at The Futurum Group. “That response may be different at the individual organization level when compared to the public response at large. I mention…
-
Androxgh0st Botnet Expands Reach, Exploiting US University Servers
New CloudSEK findings show Androxgh0st botnet evolving. Academic institutions, including UC San Diego, hit. Discover how this sophisticated… First seen on hackread.com Jump to article: hackread.com/androxgh0st-botnet-expand-exploit-us-university-servers/
-
Linux servers subjected to resurgent Prometei botnet intrusions
First seen on scworld.com Jump to article: www.scworld.com/brief/linux-servers-subjected-to-resurgent-prometei-botnet-intrusions
-
RapperBot Targets DVRs to Hijack Surveillance Cameras and Record Video
When the NICT CSRI analysis team presented their three-year investigation into the RapperBot virus at Botconf 1, an international conference on botnets and malware hosted in Angers, France in May 2025, they made a startling discovery. This Mirai variant has evolved into a sophisticated threat specifically targeting Digital Video Recorders (DVRs), devices connected to surveillance…
-
Chinese “LapDogs” ORB Network Targets US and Asia
SecurityScorecard has discovered a covert cyber-espionage botnet dubbed “LapDogs” linked to China First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chinese-lapdogs-orb-network/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 50
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet Predator Still Active, with New Client and Corporate Links Identified Threat Group Targets Companies in Taiwan Feeling Blue(Noroff): Inside a Sophisticated DPRK Web3 Intrusion Anubis: A…
-
Prometei Botnet Targets Linux Servers for Cryptocurrency Mining Operations
Unit 42 researchers from Palo Alto Networks have identified a renewed wave of attacks by the Prometei botnet, specifically targeting Linux servers, as of March 2025. Initially discovered in July 2020 with a focus on Windows systems, Prometei has since evolved, with its Linux variant gaining prominence since December 2020. Resurgence of a Persistent Threat…
-
AntiDot 31 Android Botnet Malware Grants Attackers Full Control Over Victim Devices
A new Android botnet malware named AntiDot has emerged as a formidable threat, granting cybercriminals unprecedented control over infected devices. Operated and sold by LARVA-398 as a Malware-as-a-Service (MaaS) on underground forums like XSS, AntiDot is marketed as a >>3-in-1
-
FBI warnt vor BadBox-2.0-Botnetz – Millionen Android-Geräte mit vorinstallierter Malware ausgeliefert
First seen on security-insider.de Jump to article: www.security-insider.de/badbox-2-malware-auf-android-geraeten-a-b7893e69dd61db58f22c914d108f946e/
-
Flodrix botnet deployed via Langflow security issue
Tags: botnetFirst seen on scworld.com Jump to article: www.scworld.com/brief/flodrix-botnet-deployed-via-langflow-security-issue
-
Critical Zyxel vulnerability under active exploitation after long period of quiet
Researchers say a sudden burst of activity could be linked to a Mirai botnet variant. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/vulnerability-zyxel-exploitation/750922/
-
Hackers Exploit Critical Langflow Flaw to Unleash Flodrix Botnet
A vulnerability in the popular Python-based tool for building AI agents and workflows is under active exploitation, allowing for full system compromise, DDoS attacks, and potential loss or theft of sensitive data First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/hackers-exploit-langflow-flaw-flodrix-botnet
-
New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks
Tags: ai, attack, botnet, cybersecurity, ddos, exploit, flaw, malware, rce, remote-code-execution, vulnerabilityCybersecurity researchers have called attention to a new campaign that’s actively exploiting a recently disclosed critical security flaw in Langflow to deliver the Flodrix botnet malware.”Attackers use the vulnerability to execute downloader scripts on compromised Langflow servers, which in turn fetch and install the Flodrix malware,” Trend Micro researchers Aliakbar Zahravi, Ahmed Mohamed First seen…
-
Hackers Weaponize Langflow Vulnerability to Launch Flodrix Botnet
Tags: ai, botnet, cve, cvss, cyber, cybercrime, exploit, flaw, framework, hacker, remote-code-execution, vulnerabilityA critical security flaw in Langflow, a widely adopted Python-based AI prototyping framework, is being actively exploited by cybercriminals to deploy the rapidly evolving Flodrix botnet. Security researchers have confirmed that attackers are exploiting CVE-2025-3248, a remote code execution (RCE) vulnerability rated 9.8 on the CVSS scale, to compromise unpatched Langflow servers and enlist them…
-
Week in review: Microsoft fixes exploited zero-day, Mirai botnets target unpatched Wazuh servers
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes zero-day exploited for cyber espionage (CVE-2025-33053) For … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/15/week-in-review-microsoft-fixes-exploited-zero-day-mirai-botnets-target-unpatched-wazuh-servers/
-
Mirai Botnets Exploit Flaw in Wazuh Security Platform
The two campaigns are good examples of the ever-shrinking time-to-exploit timelines that botnet operators have adopted for newly published CVEs. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/mirai-botnets-exploit-wazuh-security-platform
-
CISO who helped unmask Badbox warns: Version 3 is coming
The botnet’s still alive and evolving First seen on theregister.com Jump to article: www.theregister.com/2025/06/11/badbox_round_three/
-
Mirai botnet weaponizes PoC to exploit Wazuh open-source XDR flaw
Two Mirai variants integrate the exploit: The first botnet exploiting CVE-2025-24016 was detected by Akamai in March and used a proof-of-concept (PoC) exploit that was published for the vulnerability in late February. That exploit targets the /security/user/authenticate/run_as API endpoint.The second botnet was detected in early May and targeted the /Wazuh endpoint, but the exploit payload…
-
Two Mirai Botnets, Lzrd and Resgod Spotted Exploiting Wazuh Flaw
Akamai’s latest report reveals two Mirai botnets exploiting the critical CVE-2025-24016 flaw in Wazuh. Learn about these fast-spreading IoT threats and urgent patching advice. First seen on hackread.com Jump to article: hackread.com/two-mirai-botnets-lzrd-resgod-exploiting-wazuh-flaw/
-
Mirai botnets deployed via Wazuh Server exploit
First seen on scworld.com Jump to article: www.scworld.com/brief/mirai-botnets-deployed-via-wazuh-server-exploit
-
Critical Wazuh bug exploited in growing Mirai botnet infection
The open-source XDR/SIEM provider’s servers are in other botnets’ crosshairs too First seen on theregister.com Jump to article: www.theregister.com/2025/06/10/critical_wazuh_bug_exploited_in/
-
Mirai botnets exploit Wazuh RCE, Akamai warned
Tags: botnet, compliance, cve, data, detection, exploit, flaw, open-source, rce, remote-code-execution, threat, vulnerabilityMirai botnets are exploiting CVE-2025-24016, a critical remote code execution flaw in Wazuh servers, Akamai warned. Akamai researchers warn that multiple Mirai botnets exploit the critical remote code execution vulnerability CVE-2025-24016 (CVSS score of 9.9) affecting Wazuh servers. Wazuh is an open-source security platform used for threat detection, intrusion detection, log data analysis, and compliance…
-
Unpatched Wazuh servers targeted by Mirai botnets (CVE-2025-24016)
Two Mirai botnets are exploiting a critical remote code execution vulnerability (CVE-2025-24016) in the open-source Wazuh XDR/SIEM platform, Akamai researchers have warned. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/10/unpatched-wazuh-servers-targeted-by-mirai-botnets-cve-2025-24016/
-
Aufbau eines Botnets? – Tausende Asus-Router durch Backdoor kompromittiert
First seen on security-insider.de Jump to article: www.security-insider.de/asus-router-angriff-botnetz-vorbereitung-a-70ee525d302b84a03049426a5af80aec/