Skip to content

News
Cybercrime
Risk
Policy
Privacy
Research
Cloud
Insurance

LinkedIn
Facebook

RondoDox

RondoDox botnet exploited React2Shell to enroll IoT devices and web apps

Cybercrime, News, Vulnerabilities

January 2, 2026

A nine month campaign enrolled IoT devices and web applications into the RondoDox botnet by exploiting React2Shell. About 90,300 hosts remained vulnerable at the end of 2025. Researchers advise patching Next.js and segmenting IoT.
Trend Micro: RondoDox botnet campaign expands to exploit more than 50 flaws across 30 vendors

Cybercrime, News, Research, Risk, Vulnerabilities

October 14, 2025

Trend Micro said RondoDox campaigns have widened to exploit more than 50 vulnerabilities across over 30 vendors, using a loader-as-a-service model that bundles RondoDox with Mirai and Morte, and researchers linked the activity to large-scale botnet operations and coordinated RDP attacks.

About
Editorial Policy
Privacy
Contact