DOJ Charges 22-Year-Old for Running RapperBot Botnet Behind 370,000 DDoS Attacks

A 22-year-old man from the U.S. state of Oregon has been charged with allegedly developing and overseeing a distributed denial-of-service DDoS-for-hire botnet called RapperBot. Ethan Foltz of Eugene, Oregon, has been identified as the administrator of the service, the U.S. Department of Justice D...

Oregon Man Charged in ‘Rapper Bot’ DDoS Service

A 22-year-old Oregon man has been arrested on suspicion of operating "Rapper Bot ," a massive botnet used to power a service for launching distributed denial-of-service DDoS attacks against targets -- including a March 2025 DDoS that knocked Twitter/X offline. The Justice Department asserts the...

Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems

Threat actors are exploiting a nearly two-year-old security flaw in Apache ActiveMQ to gain persistent access to cloud Linux systems and deploy malware called DripDropper. But in an unusual twist, the unknown attackers have been observed patching the exploited vulnerability after securing initial...

New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP

A novel attack technique could be weaponized to rope thousands of public domain controllers DCs around the world to create a malicious botnet and use it to conduct powerful distributed denial-of-service DDoS attacks. The approach has been codenamed Win-DDoS by SafeBreach researchers Or Yair and...

Analyzing the Mirai IoT Botnet and Its Recent Variants: Satori, Mukashi, Moobot, and Sonic

Mirai is undoubtedly one of the most significant Internet of Things IoT botnet attacks in history. In terms of its detrimental effects, seamless spread, and low detection rate, it surpassed its predecessors. Its developers released the source code, which triggered the development of several...

Leveraging Machine Learning for Botnet Attack Detection in Edge-Computing Assisted IoT Networks

The increase of IoT devices, driven by advancements in hardware technologies, has led to widespread deployment in large-scale networks that process massive amounts of data daily. However, the reliance on Edge Computing to manage these devices has introduced significant security vulnerabilities, a...

Google Sues the Badbox Botnet Operators

It will be interesting to watch what will come of this private lawsuit: Google on Thursday announced filing a lawsuit against the operators of the Badbox 2.0 botnet, which has ensnared more than 10 million devices running Android open source software. These devices lack Google's security...

CVE-2025-34130

An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the /z/zbin/nethtml.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml, which can then be used to...

How to Mitigate and Defend against DDoS Attacks in IoT Devices

Distributed Denial of Service DDoS attacks have become increasingly prevalent and dangerous in the context of Internet of Things IoT networks, primarily due to the low-security configurations of many connected devices. This paper analyzes the nature and impact of DDoS attacks such as those launch...

CVE-2025-34130

An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the /z/zbin/nethtml.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml, which can then be used to...

CVE-2025-34130

CVE-2025-34130 affects LILIN Digital Video Recorder (DVR) devices up to firmware version 2.0b60_20200207. An unauthenticated arbitrary file read via the endpoint /z/zbin/net_html.cgi allows reading sensitive files such as /zconf/service.xml , enabling further attacks including command injection. ...

CVE-2013-3307

Linksys E1000 devices through 2.1.02, E1200 devices before 2.0.05, and E3200 devices through 1.0.04 allow OS command injection via shell metacharacters in the apply.cgi pingip parameter on TCP port 52000. Recent assessments: gwillcox-r7 at November 21, 2021 10:11pm UTC reported: Bug in Linksys...

RondoDox Botnet Exploits Flaws in TBK DVRs and Four-Faith Routers to Launch DDoS Attacks

Cybersecurity researchers are calling attention to a malware campaign that's targeting security flaws in TBK digital video recorders DVRs and Four-Faith routers to rope the devices into a new botnet called RondoDox. The vulnerabilities in question include CVE-2024-3721, a medium-severity command...

Androxgh0st Botnet Expands Reach, Exploiting US University Servers

New CloudSEK findings show Androxgh0st botnet evolving. Academic institutions, including UC San Diego, hit. Discover how this sophisticated…...

Researchers Find Way to Shut Down Cryptominer Campaigns Using Bad Shares and XMRogue

Cybersecurity researchers have detailed two novel methods that can be used to disrupt cryptocurrency mining botnets. The methods take advantage of the design of various common mining topologies in order to shut down the mining process, Akamai said in a new report published today. "We developed tw...

Zyxel Devices Hit by Active Exploits Targeting CVE-2023-28771 Vulnerability

Zyxel users beware: A critical remote code execution flaw CVE-2023-28771 in Zyxel devices is under active exploitation by a Mirai-like botnet. GreyNoise observed a surge on June 16, targeting devices globally...

New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks

Cybersecurity researchers have called attention to a new campaign that's actively exploiting a recently disclosed critical security flaw in Langflow to deliver the Flodrix botnet malware. "Attackers use the vulnerability to execute downloader scripts on compromised Langflow servers, which in turn...

Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet

This blog uncovers an active campaign exploiting CVE-2025-3248 in Langflow versions before 1.3.0 that deploys the Flodrix botnet, enabling threat actors to achieve full system compromise, initiate DDoS attacks, and potentially exfiltrate sensitive data...

Two Botnets, One Flaw: Mirai Spreads Through Wazuh Vulnerability

...

Analysis of the latest Mirai wave exploiting TBK DVR devices with CVE-2024-3721

The abuse of known security flaws to deploy bots on vulnerable systems is a widely recognized problem. Many automated bots constantly search the web for known vulnerabilities in servers and devices connected to the internet, especially those running popular services. These bots often carry Remote...