SOHO routers
-
Authorities dismantle SocksEscort proxy service built from infected residential routers
Court-authorized international law enforcement disrupted the SocksEscort proxy service in March 2026, dismantling a router-based botnet and freezing $3.5 million in cryptocurrency, the U.S. Department of Justice said.
-
Authorities disrupt SocksEscort proxy network powered by AVRecon on Linux routers
Law enforcement disrupted the SocksEscort proxy network that used AVRecon to compromise Linux routers. Lumen’s Black Lotus Labs reported the network averaged about 20,000 infected devices weekly and authorities seized infrastructure and froze funds.
-
Trend Micro: RondoDox botnet campaign expands to exploit more than 50 flaws across 30 vendors
Trend Micro said RondoDox campaigns have widened to exploit more than 50 vulnerabilities across over 30 vendors, using a loader-as-a-service model that bundles RondoDox with Mirai and Morte, and researchers linked the activity to large-scale botnet operations and coordinated RDP attacks.
