Tag: router
-
PolarEdge C2 Communication via Custom Binary Protocol with Custom TLS Server
In early 2025, security researchers unveiled a sophisticated botnet implant named PolarEdge, which relies on a bespoke TLS server and a proprietary binary protocol to carry out unauthenticated command-and-control operations. PolarEdge first emerged in January 2025 when honeypots monitoring Cisco routers captured suspicious traffic exploiting CVE-2023-20118. Attackers used a crafted HTTP request with the User-Agent…
-
PolarEdge C2 Communication via Custom Binary Protocol with Custom TLS Server
In early 2025, security researchers unveiled a sophisticated botnet implant named PolarEdge, which relies on a bespoke TLS server and a proprietary binary protocol to carry out unauthenticated command-and-control operations. PolarEdge first emerged in January 2025 when honeypots monitoring Cisco routers captured suspicious traffic exploiting CVE-2023-20118. Attackers used a crafted HTTP request with the User-Agent…
-
Aisuru’s 30 Tbps botnet traffic crashes through major US ISPs
Tags: attack, botnet, breach, cybercrime, data-breach, ddos, firmware, infrastructure, iot, malicious, router, serviceFrom Mirai roots to proxy sales: Aisuru is not new. Its foundations trace back to leaked code of the Mirai IoT botnet from 2016, which held “KrebsOnSecurity,” the investigative blog run by Krebs, offline for four days. “The 2016 assault was so large that Akamai which was providing pro-bono DDoS protection for KrebsOnSecurity at the…
-
Aisuru’s 30 Tbps botnet traffic crashes through major US ISPs
Tags: attack, botnet, breach, cybercrime, data-breach, ddos, firmware, infrastructure, iot, malicious, router, serviceFrom Mirai roots to proxy sales: Aisuru is not new. Its foundations trace back to leaked code of the Mirai IoT botnet from 2016, which held “KrebsOnSecurity,” the investigative blog run by Krebs, offline for four days. “The 2016 assault was so large that Akamai which was providing pro-bono DDoS protection for KrebsOnSecurity at the…
-
Researchers Warn RondoDox Botnet is Weaponizing Over 50 Flaws Across 30+ Vendors
Tags: botnet, cctv, data-breach, exploit, flaw, infrastructure, Internet, malware, network, router, vulnerabilityMalware campaigns distributing the RondoDox botnet have expanded their targeting focus to exploit more than 50 vulnerabilities across over 30 vendors.The activity, described as akin to an “exploit shotgun” approach, has singled out a wide range of internet-exposed infrastructure, including routers, digital video recorders (DVRs), network video recorders (NVRs), CCTV systems, web servers, and First…
-
RondoDox botnet fires ‘exploit shotgun’ at nearly every router and internet-connected home device
56 bugs across routers, DVRs, CCTV systems, web servers “¦ time to run for cover First seen on theregister.com Jump to article: www.theregister.com/2025/10/09/rondodox_botnet_fires_exploit_shotgun/
-
Cisco’s new router unites disparate datacenters into AI training behemoths
With enough routers, Switchzilla says it can link bit barns 1,000 km apart and scale fabrics beyond 3 exabits per second First seen on theregister.com Jump to article: www.theregister.com/2025/10/08/cisco_multi_datacenter/
-
RondoDox Botnet Targets Over 50 Vulnerabilities to Compromise Routers, CCTV Systems, and Web Servers
The RondoDox campaign’s “exploit shotgun” method leverages over 50 vulnerabilities across more than 30 vendors to infiltrate network devices, highlighting the urgent need for rapid patching and continuous monitoring. The first detected RondoDox intrusion on June 15, 2025, reused a command”injection vulnerability disclosed at Pwn2Own Toronto 2022: CVE-2023-1389, which targets the WAN interface of TP-Link…
-
Edge device security: The frontline of your network
Edge devices such as routers, IoT sensors, smart cameras, and industrial controllers are the gateways between your network and the outside world. Their role in processing data closer to the source makes them powerful, but it also places them directly in the line of cyber threats. As businesses rely more on distributed networks, securing edge……
-
Edge device security: The frontline of your network
Edge devices such as routers, IoT sensors, smart cameras, and industrial controllers are the gateways between your network and the outside world. Their role in processing data closer to the source makes them powerful, but it also places them directly in the line of cyber threats. As businesses rely more on distributed networks, securing edge……
-
QNAP verteilt kostenfreies Router-Update gegen Ransomware – QHora Router unterstützen IPS und verbessern Schutz vor Ransomware
First seen on security-insider.de Jump to article: www.security-insider.de/qhora-router-unterstuetzen-ips-und-verbessern-schutz-vor-ransomware-a-f12c04c7e14e479149896e8786a44e20/
-
Silent Smishing: Abuse of Cellular Router APIs in Phishing Campaigns
Attackers exploit vulnerable cellular routers to send large-scale smishing messages that bypass traditional defenses. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/silent-smishing-abuse-of-cellular-router-apis-in-phishing-campaigns/
-
DrayTek warns of remote code execution bug in Vigor routers
Networking hardware maker DrayTek released an advisory to warn about a security vulnerability in several Vigor router models that could allow remote, unauthenticated actors to execute perform arbitrary code. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/draytek-warns-of-remote-code-execution-bug-in-vigor-routers/
-
TOTOLINK X6000R Routers Hit by Three Vulnerabilities Allowing Remote Code Execution
Three critical security flaws were discovered in firmware version V9.4.0cu.1360_B20241207 of the TOTOLINK X6000R router released on March 28, 2025. These vulnerabilities range from argument injection and command injection to a security bypass that can lead to remote code execution. Attackers can crash devices, corrupt system files, and execute arbitrary commands without authentication. Users must…
-
Smishing Campaigns Exploit Cellular Routers to Target Belgium
New smishing attacks exploit Milesight routers to send phishing texts targeting Belgian users First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/smishing-exploit-cellular-routers/
-
Hackers Use Cellular Router API to Send Malicious SMS with Weaponized Links
The monitoring and analysis of vulnerability exploitations are among the primary responsibilities of Sekoia.io’s Threat Detection & Research (TDR) team. Using honeypots, the team monitors traffic targeting edge devices and internet-facing applications. On 22 July 2025, suspicious network traces appeared in our honeypots, reveals that a cellular router’s API was exploited to deliver smishing campaigns…
-
New Botnet ‘Loader-as-a-Service’ Turns Home Routers and IoT into Mirai Farms
CloudSEK has uncovered a sophisticated Loader-as-a-Service botnet campaign spanning the last six months, leveraging exposed command-and-control logs to orchestrate attacks against SOHO routers, embedded Linux devices, and enterprise applications. The threat actors exploit unsanitized POST parameters”, such as NTP, syslog, and hostname fields”, alongside default credentials and known CVEs in WebLogic, WordPress, and vBulletin systems…
-
Critical Cisco Flaw Lets Remote Attackers Execute Code on Firewalls and Routers
Cisco published Security Advisory cisco-sa-http-code-exec-WmfP3h3O revealing a severe flaw in multiple Cisco platforms that handle HTTP-based management. Tracked as CVE-2025-20363, this vulnerability stems from improper validation of user-supplied input in HTTP requests. CVE Affected Products Impact CVSS 3.1 Score CVE-2025-20363 Secure Firewall ASA & FTD with SSL VPN or MUS enabled; IOS/IOS XE with Remote…
-
Critical Cisco Flaw Lets Remote Attackers Execute Code on Firewalls and Routers
Cisco published Security Advisory cisco-sa-http-code-exec-WmfP3h3O revealing a severe flaw in multiple Cisco platforms that handle HTTP-based management. Tracked as CVE-2025-20363, this vulnerability stems from improper validation of user-supplied input in HTTP requests. CVE Affected Products Impact CVSS 3.1 Score CVE-2025-20363 Secure Firewall ASA & FTD with SSL VPN or MUS enabled; IOS/IOS XE with Remote…
-
Patch now: Attacker finds another zero day in Cisco firewall software
Tags: access, attack, best-practice, cisa, cisco, cve, cyber, defense, detection, exploit, firewall, firmware, Hardware, incident response, malware, monitoring, network, resilience, risk, router, software, technology, threat, tool, update, vpn, vulnerability, zero-day, zero-trustroot, which may lead to the complete compromise of the device.Affected are devices running Cisco Secure Firewall Adaptive Security Appliance (ASA) software, Cisco Secure Firewall Threat Defense (FTD) software, as well as devices running Cisco IOS, IOS XE and IOS XR software. There are two attack scenarios:an unauthenticated, remote attacker getting into devices running Cisco…
-
New Botnet Exploits Simple DNS Flaws That Leads to Massive Cyber Attack
Cybersecurity researchers have uncovered a sophisticated Russian botnet operation that leveraged DNS misconfigurations and compromised MikroTik routers to deliver malware through massive spam campaigns. The discovery reveals how threat actors exploited simple DNS errors to bypass email security protections and distribute malicious payloads on a global scale. The investigation began in November 2024 when researchers…
-
SystemBC Powers REM Proxy With 1,500 Daily VPS Victims Across 80 C2 Servers
A proxy network known as REM Proxy is powered by malware known as SystemBC, offering about 80% of the botnet to its users, according to new findings from the Black Lotus Labs team at Lumen Technologies.”REM Proxy is a sizeable network, which also markets a pool of 20,000 Mikrotik routers and a variety of open…
-
Where CISOs need to see Splunk go next
Tags: ai, api, automation, cisco, ciso, cloud, communications, compliance, conference, crowdstrike, cybersecurity, data, data-breach, detection, finance, framework, google, incident response, intelligence, jobs, metric, microsoft, open-source, RedTeam, resilience, risk, router, siem, soar, strategy, tactics, threat, tool, vulnerabilityResilience resides at the confluence of security and observability: There was also a clear message around resilience, the ability to maintain availability and recover quickly from any IT or security event.From a Cisco/Splunk perspective, this means a more tightly coupled relationship between security and observability.I’m reminded of a chat I had with the chief risk…
-
TP-Link Router Zero-Day Lets Attackers Execute Code by Bypassing ASLR
Researchers have uncovered a zero-day vulnerability in TP-Link routers that allows attackers to bypass Address Space Layout Randomization (ASLR) and execute arbitrary code remotely. Tracked as CVE-2025-9961, this flaw resides in the CWMP (TR-069) binary and can be triggered through malformed SOAP requests, granting full control of affected devices. A detailed technical walkthrough of discovery,…
-
AISURU Botnet Fuels Record-Breaking 11.5 Tbps DDoS Attack With 300,000 Hijacked Routers
The newly identified AISURU botnet, leveraging an estimated 300,000 compromised routers worldwide, has been pinpointed as the force behind a record-shattering 11.5 Tbps distributed denial-of-service (DDoS) attack in September 2025. This unprecedented assault eclipses the previous 5.8 Tbps peak seen earlier in the year and underscores a dangerous escalation in botnet scale and sophistication. First…
-
Wurden Router-URLs sphairon.box und zyxel.box gekapert?
Ich stelle mal ein Thema hier in den Blog, das mir jetzt von zwei Lesern gemeldet wurde und mich an einen alten Vorfall bei AVM zur fritz.box-URL erinnert. Es sieht so aus, dass die von Routern (Zyxel, Sphairon) zum Zugriff … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/09/12/wurden-router-urls-sphairon-box-und-zyxel-box-gekapert/
-
Anti-DDoS outfit walloped by record packet flood
FastNetMon says 1.5 Gpps deluge from hijacked routers, IoT kit nearly drowned scrubbing shop First seen on theregister.com Jump to article: www.theregister.com/2025/09/11/fastnetmon_ddos_attack/
-
CISA Warns: TP-Link Vulnerabilities Under Active Exploitation
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding critical vulnerabilities in popular TP-Link router models that are currently being actively exploited by cybercriminals. These security flaws affect widely-used home and small business networking devices, putting millions of users at risk. Critical Vulnerabilities Identified Two severe vulnerabilities have been added to…
-
New TP-Link zero-day surfaces as CISA warns other flaws are exploited
TP-Link has confirmed the existence of an unpatched zero-day vulnerability impacting multiple router models, as CISA warns that other router flaws have been exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-tp-link-zero-day-surfaces-as-cisa-warns-other-flaws-are-exploited/
-
CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited
Tags: authentication, cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, router, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting TP-Link wireless routers to its Known Exploited Vulnerabilities (KEV) catalog, noting that there is evidence of them being exploited in the wild.The vulnerabilities in question are listed below -CVE-2023-50224 (CVSS score: 6.5) – An authentication bypass by spoofing vulnerability First…