Mirai botnet
-
Mirai-based xlabs_v1 botnet targets Android devices with exposed ADB
A Mirai-derived botnet called xlabs_v1 is targeting Android devices with exposed ADB services, using them for DDoS attacks and bandwidth-based profiling, according to a technical analysis from Hunt.io.
-
Mirai campaign targets unpatched D-Link router flaw
A Mirai-based malware campaign is exploiting CVE-2025-29635 in end-of-life D-Link DIR-823X routers, according to Akamai. The attacks download a shell script that installs botnet malware and also target other router flaws.
-
Mirai variant Nexcorium targets TBK DVRs and outdated TP-Link routers
Threat actors are exploiting flaws in TBK DVR devices and unsupported TP-Link routers to spread a Mirai variant called Nexcorium, according to a Fortinet technical analysis and a Unit 42 disclosure. The malware adds persistence, brute-force and DDoS functions.
-
Authorities disrupt command servers for IoT botnets behind record DDoS attacks
U.S. authorities disrupted command servers for multiple IoT botnets on Thursday, targeting networks that infected at least 3 million devices and launched DDoS attacks peaking near 30 terabits per second.
-
Bloody Wolf campaign installs NetSupport RAT in Uzbekistan and Russia
A spear-phishing campaign installed NetSupport RAT on about 50 devices in Uzbekistan and 10 in Russia using PDF-based loaders that enforce install limits and set persistent autorun scripts while Mirai payloads were staged.
-
Trend Micro: RondoDox botnet campaign expands to exploit more than 50 flaws across 30 vendors
Trend Micro said RondoDox campaigns have widened to exploit more than 50 vulnerabilities across over 30 vendors, using a loader-as-a-service model that bundles RondoDox with Mirai and Morte, and researchers linked the activity to large-scale botnet operations and coordinated RDP attacks.
-
Serious Vulnerability Found in Zyxel Devices Sparks Security Concerns
A serious vulnerability, CVE-2023-28771, affects Zyxel devices, prompting warnings from cybersecurity experts after a spike in exploit attempts was detected. Owners are urged to secure their devices against potential threats.
