Topic: botnet operations
-
RondoDox Botnet Breaches Next.js Servers via React2Shell Flaw
The RondoDox botnet is actively exploiting the critical React2Shell vulnerability (CVE-2025-55182) to compromise Next.js servers, deploying malware and cryptocurrency miners. This campaign is part of the botnet's evolving, aggressive strategy, which also includes large-scale exploitation of vulne...
Read More » -
Google Shuts Down Major Residential Proxy Networks
Google dismantled the IPIDEA residential proxy network, a major tool for cybercriminals to hide malicious traffic by routing it through compromised home and business devices. The operation combined legal action, intelligence sharing, and platform security, with Google Play Protect now blocking ma...
Read More » -
Your Android TV Box Could Be a Botnet
Popular Android TV streaming devices like Superbox secretly incorporate users' home networks into botnets, enabling cybercrime activities without their knowledge. These devices require users to install unofficial app stores and connect to suspicious services, such as Tencent QQ and Grass IO, whic...
Read More » -
Stealth Malware Campaign Infects Thousands via DNS TXT Abuse
The Detour Dog malware campaign has infected over 30,000 websites, using DNS TXT records for server-side attacks that remain hidden from most users, selectively targeting specific visitors for redirection or malware downloads. This attack operates by having compromised servers send DNS queries wi...
Read More » -
D-Link DIR-878 routers have critical RCE flaws
D-Link has issued a critical alert for its unsupported DIR-878 router, revealing three severe vulnerabilities that allow unauthenticated remote command execution, with exploit code already public. The router, discontinued in 2021 but still sold, will not receive patches, and D-Link advises users ...
Read More »