Tag: botnet
-
‘Largest-ever’ cloud DDoS attack pummels Azure with 3.64B packets per second
Aisuru botnet strikes again, bigger and badder First seen on theregister.com Jump to article: www.theregister.com/2025/11/17/biggest_cloud_ddos_attack_azure/
-
Microsoft mitigated the largest cloud DDoS ever recorded, 15.7 Tbps
Microsoft says the Aisuru botnet launched a 15.7 Tbps DDoS on Azure from 500k IPs, using massive UDP floods peaking at 3.6 B pps. On October 24, 2025, Azure DDoS Protection detected and mitigated a massive multi-vector attack peaking at 15.72 Tbps and 3.64 billion pps, the largest cloud DDoS ever recorded, aimed at a…
-
Azure hit by 15 Tbps DDoS attack using 500,000 IP addresses
Microsoft said today that the Aisuru botnet hit its Azure network with a 15.72 terabits per second (Tbps) DDoS attack, launched from over 500,000 IP addresses. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-aisuru-botnet-used-500-000-ips-in-15-tbps-azure-ddos-attack/
-
Azure hit by 15 Tbps DDoS attack using 500,000 IP addresses
Microsoft said today that the Aisuru botnet hit its Azure network with a 15.72 terabits per second (Tbps) DDoS attack, launched from over 500,000 IP addresses. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-aisuru-botnet-used-500-000-ips-in-15-tbps-azure-ddos-attack/
-
Hackers Weaponize XWiki Flaw to Build and Rent Out Botnet Networks
Tags: attack, botnet, crypto, cve, cyber, cybersecurity, exploit, flaw, hacker, intelligence, malware, network, threat, vulnerabilityCybersecurity researchers have observed a dramatic escalation in attacks exploiting a critical XWiki vulnerability, with multiple threat actors now leveraging CVE-2025-24893 to deploy botnets, cryptocurrency miners, and custom malware toolkits.”‹ The vulnerability, initially detected by VulnCheck’s Canary Intelligence system on October 28, 2025, has rapidly evolved from a single attacker’s exploit into a widespread multi-actor…
-
RondoDox expands botnet by exploiting XWiki RCE bug left unpatched since February 2025
RondoDox botnet exploits unpatched XWiki flaw CVE-2025-24893 to gain RCE and infect more servers, despite fixes released in February 2025. RondoDox is targeting unpatched XWiki servers via critical RCE flaw CVE-2025-24893 (CVSS score of 9.8), pulling more devices into its botnet despite patches released in Feb 2025. The XWiki Platform is a generic wiki framework…
-
RondoDox Exploits Unpatched XWiki Servers to Pull More Devices Into Its Botnet
The botnet malware known as RondoDox has been observed targeting unpatched XWiki instances against a critical security flaw that could allow attackers to achieve arbitrary code execution.The vulnerability in question is CVE-2025-24893 (CVSS score: 9.8), an eval injection bug that could allow any guest user to perform arbitrary remote code execution through a request to…
-
Operation Endgame Disrupts More Malware
Rhadamanthys, VenomRAT and Elysium Targeted in Operation. A multinational law enforcement operation resulted in the arrest of a remote access Trojan operator and the seizure of over 1,000 info stealer and botnet servers. Authorities took down 1,025 servers associated with the Rhadamanthys infostealer, the Venom RAT and a botnet dubbed Elysium. First seen on govinfosecurity.com…
-
Operation Endgame Dismantles 1,025 Malware Servers
Europol and Eurojust dismantled major criminal infrastructure powering widespread infostealer, RAT, and botnet operations. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/operation-endgame-dismantles-1025-malware-servers/
-
Operation Endgame targets malware networks in global crackdown
Rhadamanthys, VenomRAT, and the Elysium botnet were targeted in the takedowns. First seen on cyberscoop.com Jump to article: cyberscoop.com/operation-endgame-disrupts-global-malware-networks-rhadamanthys-venomrat-elysium/
-
A new round of Europol’s Operation Endgame dismantled Rhadamanthys, Venom RAT, and Elysium botnet
Europol’s Operation Endgame dismantles Rhadamanthys, Venom RAT, and Elysium botnet in a global crackdown on cybercriminal infrastructures. Europol and Eurojust have launched a new phase of Operation Endgame, carried out between November 10 and 13, 2025, dismantling major malware families including Rhadamanthys Stealer, Venom RAT, and the Elysium botnet as part of a global effort…
-
Operation Endgame: Police reveal takedowns of three key cybercrime tools
The Rhadamanthys infostealer, the VenomRAT remote access trojan and the Elysium botnet were targeted in the latest phase of the international police action known as Operation Endgame. First seen on therecord.media Jump to article: therecord.media/operation-endgame-cybercrime-takedowns-rhadamanthys-venomrat-elysium
-
Operation Endgame 3.0 Dismantles Three Major Malware Networks
A global law enforcement operation has taken down the Rhadamanthys infostealer, VenomRAT trojan and the Elysium botnet First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/operation-endgame-3-dismantles/
-
Police disrupts Rhadamanthys, VenomRAT, and Elysium malware operations
Law enforcement authorities from 9 countries have taken down 1,025 servers used by the Rhadamanthys infolstealer, VenomRAT, and Elysium botnet malware operations in the latest phase of Operation Endgame, an international action targeting cybercrime. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/police-disrupts-rhadamanthys-venomrat-and-elysium-malware-operations/
-
Operation Endgame Dismantles Rhadamanthys, Venom RAT, and Elysium Botnet in Global Crackdown
Malware families like Rhadamanthys Stealer, Venom RAT, and the Elysium botnet have been disrupted as part of a coordinated law enforcement operation led by Europol and Eurojust.The activity, which is taking place between November 10 and 13, 2025, marks the latest phase of Operation Endgame, an ongoing operation designed to take down criminal infrastructures and…
-
ThreatsDay Bulletin: AI Tools in Malware, Botnets, GDI Flaws, Election Attacks & More
Cybercrime has stopped being a problem of just the internet — it’s becoming a problem of the real world. Online scams now fund organized crime, hackers rent violence like a service, and even trusted apps or social platforms are turning into attack vectors.The result is a global system where every digital weakness can be turned…
-
ThreatsDay Bulletin: AI Tools in Malware, Botnets, GDI Flaws, Election Attacks & More
Cybercrime has stopped being a problem of just the internet — it’s becoming a problem of the real world. Online scams now fund organized crime, hackers rent violence like a service, and even trusted apps or social platforms are turning into attack vectors.The result is a global system where every digital weakness can be turned…
-
RondoDox Botnet Swells Its Arsenal, 650% Jump in Enterprise-Focused Exploits
The cybersecurity threat landscape shifted dramatically on October 30, 2025, when security researchers monitoring honeypot infrastructure detected a significantly evolved variant of the RondoDox botnet. The updated malware now features 75 distinct exploitation vectors, a fundamental expansion that transforms the threat from a primarily IoT-focused botnet into a multifaceted enterprise threat capable of targeting everything…
-
RondoDox Botnet Swells Its Arsenal, 650% Jump in Enterprise-Focused Exploits
The cybersecurity threat landscape shifted dramatically on October 30, 2025, when security researchers monitoring honeypot infrastructure detected a significantly evolved variant of the RondoDox botnet. The updated malware now features 75 distinct exploitation vectors, a fundamental expansion that transforms the threat from a primarily IoT-focused botnet into a multifaceted enterprise threat capable of targeting everything…
-
Botnets Step Up Cloud Attacks Via Flaws, Misconfigurations
Infamous botnets like Mirai are exploiting Web-exposed assets such as PHP servers, IoT devices, and cloud gateways to gain control over systems and build strength. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/botnets-cloud-attacks-flaws-misconfigurations
-
Experts Reports Sharp Increase in Automated Botnet Attacks Targeting PHP Servers and IoT Devices
Tags: attack, botnet, cloud, control, cve, cybersecurity, data-breach, exploit, iot, network, threat, vulnerabilityCybersecurity researchers are calling attention to a spike in automated attacks targeting PHP servers, IoT devices, and cloud gateways by various botnets such as Mirai, Gafgyt, and Mozi.”These automated campaigns exploit known CVE vulnerabilities and cloud misconfigurations to gain control over exposed systems and expand botnet networks,” the Qualys Threat Research Unit (TRU) said in…
-
PHP Servers and IoT Devices Face Growing Cyber-Attack Risks
A rise in attacks on PHP servers, IoT devices and cloud gateways is linked to botnets exploiting flaws, according to new research published by Qualys First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/php-servers-and-iot-devices-cyber/
-
PHP Servers and IoT Devices Face Growing Cyber-Attack Risks
A rise in attacks on PHP servers, IoT devices and cloud gateways is linked to botnets exploiting flaws, according to new research published by Qualys First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/php-servers-and-iot-devices-cyber/
-
Aisuru botnet is behind record 20Tb/sec DDoS attacks
A new Mirai-based IoT botnet, dubbed Aisuru, was used to launch multiple high-impact DDoS attacks exceeding 20Tb/sec and/or 4gpps. In October 2025, the Aisuru Mirai-based IoT botnet launched massive DDoS attacks of over 20Tb/sec, mainly targeting online gaming, cybersecurity firm Netscout reports. The botnet uses residential proxies to reflect HTTPS DDoS attacks. Its nodes are…
-
PolarEdge Targets Cisco, ASUS, QNAP, Synology Routers in Expanding Botnet Campaign
Cybersecurity researchers have shed light on the inner workings of a botnet malware called PolarEdge.PolarEdge was first documented by Sekoia in February 2025, attributing it to a campaign targeting routers from Cisco, ASUS, QNAP, and Synology with the goal of corralling them into a network for an as-yet-undetermined purpose.The TLS-based ELF implant, at its core,…
-
Researchers warn of widespread RDP attacks by 100K-node botnet
A botnet of 100K+ IPs from multiple countries is attacking U.S. RDP services in a campaign active since October 8. GreyNoise researchers uncovered a large-scale botnet that is targeting Remote Desktop Protocol (RDP) services in the United States starting on October 8. The company discovered the botnet after detecting an unusual spike in Brazilian IP…
-
RondoDox: From Pwn2Own Vulnerabilities to Global Exploitation
RondoDox is a fast-evolving botnet exploiting over 50 vulnerabilities across 30 vendors First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/rondodox-from-pwn2own-vulnerabilities-to-global-exploitation/
-
PolarEdge C2 Communication via Custom Binary Protocol with Custom TLS Server
In early 2025, security researchers unveiled a sophisticated botnet implant named PolarEdge, which relies on a bespoke TLS server and a proprietary binary protocol to carry out unauthenticated command-and-control operations. PolarEdge first emerged in January 2025 when honeypots monitoring Cisco routers captured suspicious traffic exploiting CVE-2023-20118. Attackers used a crafted HTTP request with the User-Agent…
-
PolarEdge C2 Communication via Custom Binary Protocol with Custom TLS Server
In early 2025, security researchers unveiled a sophisticated botnet implant named PolarEdge, which relies on a bespoke TLS server and a proprietary binary protocol to carry out unauthenticated command-and-control operations. PolarEdge first emerged in January 2025 when honeypots monitoring Cisco routers captured suspicious traffic exploiting CVE-2023-20118. Attackers used a crafted HTTP request with the User-Agent…
-
Massive multi-country botnet targets RDP services in the US
A large-scale botnet is targeting Remote Desktop Protocol (RDP) services in the United States from more than 100,000 IP addresses. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/massive-multi-country-botnet-targets-rdp-services-in-the-us/