The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers. First documented by Fortinet in July ...

PowMix targets Czech workforce since Dec 2025 using jittered C2 and ZIP phishing, enabling stealthy remote access and persistence.

The cybercriminals in control of Kimwolf — a disruptive botnet that has infected more than 2 million devices — recently shared a screenshot indicating they’d compromised the control panel for Badbox 2 ...

The story you are reading is a series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been exploited for months already, and it’s time for a ...

Attackers are actively targeting a critical flaw in a popular Python-based Web app for building AI agents and workflows to unleash a powerful botnet that can cause full system compromise, distributed ...

Popular for monitoring Docker containers, Wazuh is being exploited by two Mirai botnet variants — one of which aligns closely with researchers’ previously released proof-of-concept attack against the ...

Two separate Mirai botnet campaigns are exploiting a critical flaw in a somewhat unlikely target. The Akamai Security Intelligence and Response Team recently observed exploitation of CVE-2025-24016, a ...

A newly documented Linux botnet named SSHStalker is using the IRC (Internet Relay Chat) communication protocol for command-and-control (C2) operations. The protocol was invented in 1988, and its ...