Tag: router
-
Solarstrom, Router und staatlich gelenkte Hacktivisten – Cyberangriffe auf vernetzte Infrastrukturen nehmen 2025 rasant zu
First seen on security-insider.de Jump to article: www.security-insider.de/cybersicherheit-kritische-infrastrukturen-angriff-2025-a-8ca3b652ea1d7435728bc835f0434e5c/
-
Next.js Dev Server Vulnerability Leads to Developer Data Exposure
A recently disclosed vulnerability, CVE-2025-48068, has raised concerns among developers using the popular Next.js framework. This flaw, affecting versions 13.0.0 through 15.2.1 when the App Router is enabled, allows attackers to exploit the development server via Cross-site WebSocket Hijacking (CSWSH), potentially exposing sensitive application source code. The issue has been addressed in version 15.2.2, but…
-
Over 9,000 Routers Hijacked: ASUS Users Caught in Ongoing Cyber Operation
Over 9,000 ASUS routers were hacked in a stealth cyberattack exploiting CVE-2023-39780. Learn how it works and what ASUS users should do to stay safe. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/asus-routers-hijacked-2025/
-
New Botnet Plants Persistent Backdoors in ASUS Routers
Thousands of ASUS routers have been infected and are believed to be part of a wide-ranging ORB network affecting devices from Linksys, D-Link, QNAP, and Araknis Network. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/botnet-persistent-backdoors-asus-routers
-
ASUS router backdoors affect 9K devices, persist after firmware updates
First seen on scworld.com Jump to article: www.scworld.com/news/asus-router-backdoors-affect-9k-devices-persist-after-firmware-updates
-
Thousands of ASUS Routers Hit by Persistent Backdoor
Persistent Attack Grants Remote SSH Access via Exploit. Someone – possibly nation-state hackers – appears to be constructing a botnet from thousands of Asus routers in hacking that survives a firmware patch and reboots. Nearly 9,000 routers have been compromised and the number is growing, say researchers. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/thousands-asus-routers-hit-by-persistent-backdoor-a-28539
-
Thousands of ASUS routers compromised in sophisticated hacking campaign
Researchers have previously linked the suspected threat actor, dubbed ViciousTrap, to the exploitation of Cisco routers. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/thousands-asus-routers-compromised-hacking/749259/
-
8,000+ Asus routers popped in ‘advanced’ mystery botnet plot
No formal attribution made but two separate probes hint at the same suspect First seen on theregister.com Jump to article: www.theregister.com/2025/05/29/8000_asus_routers_popped_in/
-
Thousands of ASUS Routers Hijacked in Stealthy Backdoor Campaign
A threat actor has used ASUS routers’ legitimate features to create persistent backdoors that survive firmware updates and reboots First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/thousands-asus-routers-compromised/
-
New AyySSHush botnet compromised over 9,000 ASUS routers, adding a persistent SSH backdoor.
GreyNoise researchers warn of a new AyySSHush botnet compromised over 9,000 ASUS routers, adding a persistent SSH backdoor. GreyNoise discovered the AyySSHush botnet has hacked over 9,000 ASUS routers, adding a persistent SSH backdoor. >>Using an AI powered network traffic analysis tool we built called SIFT, GreyNoise has caught multiple anomalous network payloads with zero-effort that…
-
Thousands of Asus routers are being hit with stealthy, persistent backdoors
Backdoor giving full administrative control can survive reboots and firmware updates. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/05/thousands-of-asus-routers-are-being-hit-with-stealthy-persistent-backdoors/
-
BSidesLV24 PasswordsCon CVE Hunting: Wi-Fi Routers, OSINT ‘The Tyranny Of The Default’
Author/Presenter: Actuator Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/bsideslv24-passwordscon-cve-hunting-wi-fi-routers-osint-the-tyranny-of-the-default/
-
Botnet hacks 9,000+ ASUS routers to add persistent SSH backdoor
Over 9,000 ASUS routers are compromised by a novel botnet dubbed “AyySSHush” that was also observed targeting SOHO routers from Cisco, D-Link, and Linksys. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/botnet-hacks-9-000-plus-asus-routers-to-add-persistent-ssh-backdoor/
-
D-Link Routers Exposed by Hard-Coded Telnet Credential
A recently disclosed vulnerability (CVE-2025-46176) exposes critical security flaws in D-Link’s DIR-605L and DIR-816L routers, revealing hardcoded Telnet credentials that enable remote command execution. The vulnerability affects firmware versions 2.13B01 (DIR-605L) and 2.06B01 (DIR-816L), scoring 6.5 on the CVSS v3.1 scale with medium severity. Security researchers identified improper command neutralization (CWE-77) as the root cause,…
-
ViciousTrap Uses Cisco Flaw to Build Global Honeypot from 5,300 Compromised Devices
Cybersecurity researchers have disclosed that a threat actor codenamed ViciousTrap has compromised nearly 5,300 unique network edge devices across 84 countries and turned them into a honeypot-like network.The threat actor has been observed exploiting a critical security flaw impacting Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers (CVE-2023-20118) to corral them into…
-
NETGEAR Router Flaw Allows Full Admin Access by Attackers
Tags: access, authentication, backdoor, control, cyber, exploit, firmware, flaw, router, vulnerabilityA severe authentication bypass vulnerability (CVE-2025-4978) has been uncovered in NETGEAR’s DGND3700v2 wireless routers, enabling unauthenticated attackers to gain full administrative control over affected devices. The flaw, rated with a critical CVSSv4 score of 9.3, stems from a hidden backdoor mechanism in the router’s firmware and impacts versions V1.1.00.15_1.00.15NA. Security researchers warn that exploitation could…
-
ViciousTrap Hackers Breaches 5,500+ Edge Devices from 50+ Brands, Turns Them into Honeypots
A sophisticated cyber threat actor, dubbed ViciousTrap by Sekoia.io’s Threat Detection & Research (TDR) team, has compromised over 5,500 edge devices across more than 50 brands, transforming them into a massive honeypot-like network. This alarming operation, detailed in Sekoia.io’s latest investigation, targets a wide array of internet-facing equipment, including Small Office/Home Office (SOHO) routers, SSL…
-
U.S. CISA adds Ivanti EPMM, MDaemon Email Server, Srimax Output Messenger, Zimbra Collaboration, and ZKTeco BioTime flaws to its Known Exploited Vulnerabilities catalog
Tags: cisa, cybersecurity, email, exploit, flaw, google, infrastructure, ivanti, kev, router, sap, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti EPMM, MDaemon Email Server, Srimax Output Messenger, Zimbra Collaboration, and ZKTeco BioTime flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium, DrayTek routers, and SAP NetWeaver flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions…
-
U.S. CISA adds Google Chromium, DrayTek routers, and SAP NetWeaver flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium, DrayTek routers, and SAP NetWeaver flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added Google Chromium, DrayTek routers, and SAP NetWeaver flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: According toBinding Operational…
-
TP-Link router ban urged by Republican legislators
Tags: routerFirst seen on scworld.com Jump to article: www.scworld.com/brief/tp-link-router-ban-urged-by-republican-legislators
-
Four Hackers Caught Exploiting Old Routers as Proxy Servers
U.S. authorities unsealed charges against four foreign nationals accused of operating a global cybercrime scheme that hijacked outdated wireless routers to create malicious proxy networks. Russian nationals Alexey Viktorovich Chertkov (37), Kirill Vladimirovich Morozov (41), Aleksandr Aleksandrovich Shishkin (36), and Kazakhstani Dmitriy Rubtsov (38) face conspiracy and computer crime charges for allegedly profiting from botnets…
-
US seizes Anyproxy, 5socks botnets and indicts alleged administrators
The long-running botnet operation used malware that infected older wireless internet routers over a 20-year period, according to federal prosecutors. First seen on cyberscoop.com Jump to article: cyberscoop.com/anyproxy-5socks-botnets-seized/
-
Als Proxy missbraucht: 20 Jahre altes Router-Botnetz zerschlagen
Ein Botnetz aus Tausenden von Routern soll den Betreibern mehr als 46 Millionen US-Dollar eingebracht haben. Doch damit ist jetzt Schluss. First seen on golem.de Jump to article: www.golem.de/news/als-proxy-missbraucht-20-jahre-altes-router-botnetz-zerschlagen-2505-196100.html
-
Feds disrupt proxyhire botnet, indict four alleged net miscreants
The FBI also issued a list of end-of-life routers you need to replace First seen on theregister.com Jump to article: www.theregister.com/2025/05/10/router_botnet_crashed/
-
FBI warns that end of life devices are being actively targeted by threat actors
Tags: access, antivirus, attack, authentication, botnet, china, cisco, control, credentials, cve, data-breach, exploit, firewall, firmware, Hardware, identity, infection, intelligence, Internet, malware, network, password, router, sans, service, software, technology, threat, tool, update, vulnerabilityLinksys E1200, E2500, E1000, E4200, E1500, E300, E3200, E1550, WRT320N, WRT310N, WRT610NCradlepoint E100Cisco M10Threat actors, notably Chinese state-sponsored actors, are successfully exploiting known vulnerabilities in routers exposed to the web through pre-installed remote management software, according to the FBI. They then install malware, set up a botnet, and sell proxy services or launch coordinated attacks.”The…
-
Attacks surge against antiquated routers, FBI warns
First seen on scworld.com Jump to article: www.scworld.com/news/attacks-surge-against-antiquated-routers-fbi-warns
-
Feds Seize Domains in Global Proxy Botnet Crackdown
Russian, Kazakh Hackers Charged in $46M Proxy Botnet Scheme. Federal prosecutors charged four hackers for running a proxy botnet that exploited infected routers, using domains like Anyproxy.net to resell U.S. network access globally – and generating over $46M before a coordinated international takedown, according to a Friday indictment. First seen on govinfosecurity.com Jump to article:…
-
FBI and Dutch police seize and shut down botnet of hacked routers
U.S. authorities indicted three Russians and one Kazakhstan national for hacking and selling access to a botnet made of vulnerable internet-connected devices. First seen on techcrunch.com Jump to article: techcrunch.com/2025/05/09/fbi-and-dutch-police-seize-and-shut-down-botnet-of-hacked-routers/