botnet
-
Dutch authorities take down botnet tied to 17 million infected devices
Dutch authorities have taken offline a botnet of at least 17 million infected devices and seized more than 200 servers in the Netherlands, according to a joint disclosure from the National Cyber Security Centre and police.
-
Turla turns Kazuar backdoor into modular P2P botnet
Turla has reworked its Kazuar backdoor into a modular peer-to-peer botnet designed for stealth and persistent access, Microsoft said in a technical analysis published Thursday. The malware now uses separate Kernel, Bridge and Worker components.
-
Mirai-based xlabs_v1 botnet targets Android devices with exposed ADB
A Mirai-derived botnet called xlabs_v1 is targeting Android devices with exposed ADB services, using them for DDoS attacks and bandwidth-based profiling, according to a technical analysis from Hunt.io.
-
Mirai campaign targets unpatched D-Link router flaw
A Mirai-based malware campaign is exploiting CVE-2025-29635 in end-of-life D-Link DIR-823X routers, according to Akamai. The attacks download a shell script that installs botnet malware and also target other router flaws.
-
SystemBC C2 server tied to The Gentlemen exposes 1,570 victims
Check Point Research said a SystemBC command-and-control server linked to The Gentlemen ransomware operation exposed more than 1,570 victims worldwide, underscoring how proxy malware can support larger intrusion campaigns.
-
Researchers spot PowMix botnet targeting Czech workers
Researchers said the PowMix botnet has targeted workers in the Czech Republic since at least December 2025. The malware uses phishing-style ZIP files, in-memory execution and jittered command traffic to avoid detection.
-
Over 1,000 exposed ComfyUI instances targeted in crypto mining botnet campaign
A Censys technical analysis says more than 1,000 exposed ComfyUI instances are being scanned and infected in a campaign that installs crypto miners, a proxy botnet and persistence tools through unsafe custom nodes.
-
Authorities disrupt SocksEscort proxy network powered by AVRecon on Linux routers
Law enforcement disrupted the SocksEscort proxy network that used AVRecon to compromise Linux routers. Lumen’s Black Lotus Labs reported the network averaged about 20,000 infected devices weekly and authorities seized infrastructure and froze funds.
-
KadNap botnet infects over 14,000 routers using peer-to-peer DHT to hide command infrastructure
KadNap, a router malware first seen in August 2025, has infected over 14,000 devices and uses a Kademlia DHT peer-to-peer network to hide command infrastructure and provide anonymized proxy services.
-
GoBruteforcer botnet targets crypto and blockchain databases with credential brute force
A technical analysis found GoBruteforcer campaigns since mid 2025 that turn exposed Linux servers into botnet nodes to brute force FTP and database credentials and to probe blockchain accounts for funds.
