Tag: router
-
New AyySSHush botnet compromised over 9,000 ASUS routers, adding a persistent SSH backdoor.
GreyNoise researchers warn of a new AyySSHush botnet compromised over 9,000 ASUS routers, adding a persistent SSH backdoor. GreyNoise discovered the AyySSHush botnet has hacked over 9,000 ASUS routers, adding a persistent SSH backdoor. >>Using an AI powered network traffic analysis tool we built called SIFT, GreyNoise has caught multiple anomalous network payloads with zero-effort that…
-
Thousands of Asus routers are being hit with stealthy, persistent backdoors
Backdoor giving full administrative control can survive reboots and firmware updates. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/05/thousands-of-asus-routers-are-being-hit-with-stealthy-persistent-backdoors/
-
BSidesLV24 PasswordsCon CVE Hunting: Wi-Fi Routers, OSINT ‘The Tyranny Of The Default’
Author/Presenter: Actuator Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/bsideslv24-passwordscon-cve-hunting-wi-fi-routers-osint-the-tyranny-of-the-default/
-
Botnet hacks 9,000+ ASUS routers to add persistent SSH backdoor
Over 9,000 ASUS routers are compromised by a novel botnet dubbed “AyySSHush” that was also observed targeting SOHO routers from Cisco, D-Link, and Linksys. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/botnet-hacks-9-000-plus-asus-routers-to-add-persistent-ssh-backdoor/
-
D-Link Routers Exposed by Hard-Coded Telnet Credential
A recently disclosed vulnerability (CVE-2025-46176) exposes critical security flaws in D-Link’s DIR-605L and DIR-816L routers, revealing hardcoded Telnet credentials that enable remote command execution. The vulnerability affects firmware versions 2.13B01 (DIR-605L) and 2.06B01 (DIR-816L), scoring 6.5 on the CVSS v3.1 scale with medium severity. Security researchers identified improper command neutralization (CWE-77) as the root cause,…
-
ViciousTrap Uses Cisco Flaw to Build Global Honeypot from 5,300 Compromised Devices
Cybersecurity researchers have disclosed that a threat actor codenamed ViciousTrap has compromised nearly 5,300 unique network edge devices across 84 countries and turned them into a honeypot-like network.The threat actor has been observed exploiting a critical security flaw impacting Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers (CVE-2023-20118) to corral them into…
-
NETGEAR Router Flaw Allows Full Admin Access by Attackers
Tags: access, authentication, backdoor, control, cyber, exploit, firmware, flaw, router, vulnerabilityA severe authentication bypass vulnerability (CVE-2025-4978) has been uncovered in NETGEAR’s DGND3700v2 wireless routers, enabling unauthenticated attackers to gain full administrative control over affected devices. The flaw, rated with a critical CVSSv4 score of 9.3, stems from a hidden backdoor mechanism in the router’s firmware and impacts versions V1.1.00.15_1.00.15NA. Security researchers warn that exploitation could…
-
ViciousTrap Hackers Breaches 5,500+ Edge Devices from 50+ Brands, Turns Them into Honeypots
A sophisticated cyber threat actor, dubbed ViciousTrap by Sekoia.io’s Threat Detection & Research (TDR) team, has compromised over 5,500 edge devices across more than 50 brands, transforming them into a massive honeypot-like network. This alarming operation, detailed in Sekoia.io’s latest investigation, targets a wide array of internet-facing equipment, including Small Office/Home Office (SOHO) routers, SSL…
-
U.S. CISA adds Ivanti EPMM, MDaemon Email Server, Srimax Output Messenger, Zimbra Collaboration, and ZKTeco BioTime flaws to its Known Exploited Vulnerabilities catalog
Tags: cisa, cybersecurity, email, exploit, flaw, google, infrastructure, ivanti, kev, router, sap, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti EPMM, MDaemon Email Server, Srimax Output Messenger, Zimbra Collaboration, and ZKTeco BioTime flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium, DrayTek routers, and SAP NetWeaver flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions…
-
U.S. CISA adds Google Chromium, DrayTek routers, and SAP NetWeaver flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium, DrayTek routers, and SAP NetWeaver flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added Google Chromium, DrayTek routers, and SAP NetWeaver flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: According toBinding Operational…
-
TP-Link router ban urged by Republican legislators
Tags: routerFirst seen on scworld.com Jump to article: www.scworld.com/brief/tp-link-router-ban-urged-by-republican-legislators
-
Four Hackers Caught Exploiting Old Routers as Proxy Servers
U.S. authorities unsealed charges against four foreign nationals accused of operating a global cybercrime scheme that hijacked outdated wireless routers to create malicious proxy networks. Russian nationals Alexey Viktorovich Chertkov (37), Kirill Vladimirovich Morozov (41), Aleksandr Aleksandrovich Shishkin (36), and Kazakhstani Dmitriy Rubtsov (38) face conspiracy and computer crime charges for allegedly profiting from botnets…
-
US seizes Anyproxy, 5socks botnets and indicts alleged administrators
The long-running botnet operation used malware that infected older wireless internet routers over a 20-year period, according to federal prosecutors. First seen on cyberscoop.com Jump to article: cyberscoop.com/anyproxy-5socks-botnets-seized/
-
Als Proxy missbraucht: 20 Jahre altes Router-Botnetz zerschlagen
Ein Botnetz aus Tausenden von Routern soll den Betreibern mehr als 46 Millionen US-Dollar eingebracht haben. Doch damit ist jetzt Schluss. First seen on golem.de Jump to article: www.golem.de/news/als-proxy-missbraucht-20-jahre-altes-router-botnetz-zerschlagen-2505-196100.html
-
Feds disrupt proxyhire botnet, indict four alleged net miscreants
The FBI also issued a list of end-of-life routers you need to replace First seen on theregister.com Jump to article: www.theregister.com/2025/05/10/router_botnet_crashed/
-
FBI warns that end of life devices are being actively targeted by threat actors
Tags: access, antivirus, attack, authentication, botnet, china, cisco, control, credentials, cve, data-breach, exploit, firewall, firmware, Hardware, identity, infection, intelligence, Internet, malware, network, password, router, sans, service, software, technology, threat, tool, update, vulnerabilityLinksys E1200, E2500, E1000, E4200, E1500, E300, E3200, E1550, WRT320N, WRT310N, WRT610NCradlepoint E100Cisco M10Threat actors, notably Chinese state-sponsored actors, are successfully exploiting known vulnerabilities in routers exposed to the web through pre-installed remote management software, according to the FBI. They then install malware, set up a botnet, and sell proxy services or launch coordinated attacks.”The…
-
Attacks surge against antiquated routers, FBI warns
First seen on scworld.com Jump to article: www.scworld.com/news/attacks-surge-against-antiquated-routers-fbi-warns
-
Feds Seize Domains in Global Proxy Botnet Crackdown
Russian, Kazakh Hackers Charged in $46M Proxy Botnet Scheme. Federal prosecutors charged four hackers for running a proxy botnet that exploited infected routers, using domains like Anyproxy.net to resell U.S. network access globally – and generating over $46M before a coordinated international takedown, according to a Friday indictment. First seen on govinfosecurity.com Jump to article:…
-
FBI and Dutch police seize and shut down botnet of hacked routers
U.S. authorities indicted three Russians and one Kazakhstan national for hacking and selling access to a botnet made of vulnerable internet-connected devices. First seen on techcrunch.com Jump to article: techcrunch.com/2025/05/09/fbi-and-dutch-police-seize-and-shut-down-botnet-of-hacked-routers/
-
Police dismantles botnet selling hacked routers as residential proxies
Law enforcement authorities have dismantled a botnet that infected thousands of routers over the last 20 years to build two networks of residential proxies known as Anyproxy and 5socks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/police-dismantles-botnet-selling-hacked-routers-as-residential-proxies/
-
Cybercriminal services target endlife routers, FBI warns
The FBI warns that attackers are using end-of-life routers to deploy malware and turn them into proxies sold on 5Socks and Anyproxy networks. The FBI released a FLASH alert warning about 5Socks and Anyproxy malicious services targeting end-of-life (EOL) routers. Attackers target EoL devices to deploy malware by exploiting vulnerabilities and create botnets for attacks…
-
FBI Sounds Alarm on Rogue Cybercrime Services Targeting Obsolete Routers
The FBI has detected indicators of malware targeting end-of-life routers associated with Anyproxy and 5Socks proxy services First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fbi-cybercrime-obsolete-routers/
-
TheMoon Malware Targets Aging Routers, FBI Issues Alert
The Federal Bureau of Investigation (FBI) has issued a warning about the TheMoon malware. The warning also stresses the First seen on thecyberexpress.com Jump to article: thecyberexpress.com/fbi-warns-of-themoon-malware/
-
FBI Warns Hackers Are Using EndLife Routers to Mask Their Tracks
The Federal Bureau of Investigation (FBI) has issued a stark warning to businesses and home users: cybercriminals are actively exploiting outdated, unsupported routers to hide their tracks and launch attacks, making them a favored tool for masking malicious operations. According to a new security advisory released May 7, FBI investigators have observed a troubling spike…
-
FBI: Endlife routers hacked for cybercrime proxy networks
The FBI warns that threat actors are deploying malware on end-of-life (EoL) routers to convert them into proxies sold on the 5Socks and Anyproxy networks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbi-end-of-life-routers-hacked-for-cybercrime-proxy-networks/
-
Multiple Flaws in Tenda RX2 Pro Let Attackers Gain Admin Access
Security researchers have uncovered a series of critical vulnerabilities in the Tenda RX2 Pro Dual-Band Gigabit Wi-Fi 6 Router (Firmware V16.03.30.14), which could allow remote attackers to gain administrative access and, in many cases, full root shell on the device. Despite the notification, Tenda has not responded, and no patches are available. Eleven separate CVEs…
-
Fehler bei Authentifizierung – Kritische Sicherheitslücke bedroht Asus-Router mit AiCloud
First seen on security-insider.de Jump to article: www.security-insider.de/kritische-sicherheitsluecke-asus-router-aicloud-funktion-a-f2773f73bf70af365ebdbd7200c7fb99/
-
Bill mandating router security evaluations receives House OK
Tags: routerFirst seen on scworld.com Jump to article: www.scworld.com/brief/bill-mandating-router-security-evaluations-receives-house-ok