New PumaBot Botnet Targets Linux IoT Devices to Steal SSH Credentials and Mine Crypto

Embedded Linux-based Internet of Things IoT devices have become the target of a new botnet dubbed PumaBot. Written in Go, the botnet is designed to conduct brute-force attacks against SSH instances to expand in size and scale and deliver additional malware to the infected hosts. "Rather than...

CVE-2024-45163

The Mirai botnet through 2024-08-19 mishandles simultaneous TCP connections to the CNC command and control server. Unauthenticated sessions remain open, causing resource consumption. For example, an attacker can send a recognized username such as root, or can send arbitrary data...

KrebsOnSecurity Hit with 6.3 Tbps DDoS Attack via Aisuru Botnet

KrebsOnSecurity hit and survided a record-breaking 6.3 Tbps DDoS attack linked to the Aisuru IoT botnet, but it shows the vulnerable state of IoT devices...

KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS

KrebsOnSecurity last week was hit by a near record distributed denial-of-service DDoS attack that clocked in at more than 6.3 terabits of data per second a terabit is one trillion bits of data. The brief attack appears to have been a test run for a massive new Internet of Things IoT botnet capabl...

Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit

Samsung has released software updates to address a critical security flaw in MagicINFO 9 Server that has been actively exploited in the wild. The vulnerability, tracked as CVE-2025-4632 CVSS score: 9.8, has been described as a path traversal flaw. "Improper limitation of a pathname to a restricte...

PT-2025-20724

Name of the Vulnerable Software and Affected Versions Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones versions through 6.4 SP4 R6.4.0.4006 Mitel 6970 Conference Unit versions through 6.4 SP4 R6.4.0.4006 and version V1 R0.1.0 Description A command injection issue exists in Mitel 6800...

Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet

Threat actors have been observed actively exploiting security flaws in GeoVision end-of-life EoL Internet of Things IoT devices to corral them into a Mirai botnet for conducting distributed denial-of-service DDoS attacks. The activity, first observed by the Akamai Security Intelligence and Respon...

Zero-Day Botnet Attack Detection in IoV: a Modular Approach Using Isolation Forests and Particle Swarm Optimization

The Internet of Vehicles IoV is transforming transportation by enhancing connectivity and enabling autonomous driving. However, this increased interconnectivity introduces new security vulnerabilities. Bot malware and cyberattacks pose significant risks to Connected and Autonomous Vehicles CAVs, ...

Smokeloader Users Identified and Arrested in Operation Endgame

Authorities arrest 5 Smokeloader botnet customers after Operation Endgame; evidence from seized data links customers to malware, ransomware, and more...

CVE-2025-31893

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in cheesefather Botnet Attack Blocker botnet-attack-blocker allows Stored XSS.This issue affects Botnet Attack Blocker: from n/a through = 2.0.0...

CVE-2025-31893

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in cheesefather Botnet Attack Blocker botnet-attack-blocker allows Stored XSS.This issue affects Botnet Attack Blocker: from n/a through = 2.0.0...

CVE-2025-31893 WordPress Botnet Attack Blocker plugin <= 2.0.0 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in cheesefather Botnet Attack Blocker allows Stored XSS. This issue affects Botnet Attack Blocker: from n/a through 2.0.0...

CVE-2025-31893

CVE-2025-31893 is a Stored XSS vulnerability in the WordPress plugin Botnet Attack Blocker (

CVE-2025-31893 WordPress Botnet Attack Blocker plugin <= 2.0.0 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in cheesefather Botnet Attack Blocker botnet-attack-blocker allows Stored XSS.This issue affects Botnet Attack Blocker: from n/a through = 2.0.0...

WordPress plugin Botnet Attack Blocker 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2025-14744 · Unknown · Cheesefather Botnet Attack Blocker

Name of the Vulnerable Software and Affected Versions: cheesefather Botnet Attack Blocker versions n/a through 2.0.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Stored XSS. This means that an...

WordPress Botnet Attack Blocker plugin <= 2.0.0 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Botnet Attack Blocker versions = 2.0.0...

Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers

Cybersecurity researchers have shed light on an "auto-propagating" cryptocurrency mining botnet called Outlaw aka Dota that's known for targeting SSH servers with weak credentials. "Outlaw is a Linux malware that relies on SSH brute-force attacks, cryptocurrency mining, and worm-like propagation ...

BADBOX 2.0 Botnet Infects 1 Million Android Devices for Ad Fraud and Proxy Abuse

At least four different threat actors have been identified as involved in an updated version of a massive ad fraud and residential proxy scheme called BADBOX, painting a picture of an interconnected cybercrime ecosystem. This includes SalesTracker Group, MoYu Group, Lemon Group, and LongTV,...

Unpatched Edimax Camera Flaw Exploited for Mirai Botnet Attacks Since Last Year

An unpatched security flaw impacting the Edimax IC-7100 network camera is being exploited by threat actors to deliver Mirat botnet malware variants since at least May 2024. The vulnerability in question is CVE-2025-1316 CVSS v4 score: 9.3, a critical operating system command injection flaw that a...