TP-Link Router Botnet

There is a new botnet that is infecting TP-Link routers: The botnet can lead to command injection which then makes remote code execution RCE possible so that the malware can spread itself across the internet automatically. This high severity security flaw tracked as CVE-2023-1389 has also been us...

New MassJacker Malware Targets Piracy Users, Hijacking Cryptocurrency Transactions

Users searching for pirated software are the target of a new malware campaign that delivers a previously undocumented clipper malware called MassJacker, according to findings from CyberArk. Clipper malware is a type of cryware as coined by Microsoft that's designed to monitor a victim's clipboard...

Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Targets Over 6,000 Devices

Unpatched TP-Link Archer routers have become the target of a new botnet campaign dubbed Ballista, according to new findings from the Cato CTRL team. "The botnet exploits a remote code execution RCE vulnerability in TP-Link Archer routers CVE-2023-1389 to spread itself automatically over the...

A week in security (March 3 – March 9)

Last week on Malwarebytes Labs: TikTok: Major investigation launched into platform’s use of children’s data PayPal scam abuses Docusign API to spread phishy emails Android zero-day vulnerabilities actively abused. Update as soon as you can I spoke to a task scammer. Here’s how it went Android...

A Brand-New Botnet Is Delivering Record-Size DDoS Attacks

Eleven11bot infects webcams and video recorders, with a large concentration in the US...

Android botnet BadBox largely disrupted

Removing 24 malicious apps from the Google Play store and silencing some servers almost halved a botnet known as BadBox. The BadBox botnet focuses on Android devices, but not just phones. It also affects other devices like TV streaming boxes, tablets, and smart TVs. The German BSI Federal Office...

PT-2025-9719

Name of the Vulnerable Software and Affected Versions: Edimax IC-7100 Description: The Edimax IC-7100 IP camera is vulnerable to a command injection flaw that allows for remote code execution. This vulnerability is actively exploited by Mirai-based botnets, beginning in May 2024, leveraging defau...

Vo1d Botnet's Peak Surpasses 1.59M Infected Android TVs, Spanning 226 Countries

Brazil, South Africa, Indonesia, Argentina, and Thailand have become the targets of a campaign that has infected Android TV devices with a botnet malware dubbed Vo1d. The improved variant of Vo1d has been found to encompass 800,000 daily active IP addresses, with the botnet scaling a peak of...

PolarEdge Botnet Exploits Cisco and Other Flaws to Hijack ASUS, QNAP, and Synology Devices

A new malware campaign has been observed targeting edge devices from Cisco, ASUS, QNAP, and Synology to rope them into a botnet named PolarEdge since at least the end of 2023. French cybersecurity company Sekoia said it observed the unknown threat actors deploying a backdoor by leveraging...

Botnet of 130K Devices Targets Microsoft 365 in Password-Spraying Attack

A botnet of 130,000 devices is launching a Password-Spraying attack on Microsoft 365, bypassing MFA and exploiting legacy authentication to access accounts...

CVE-2025-23975

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in cheesefather Botnet Attack Blocker botnet-attack-blocker allows Stored XSS.This issue affects Botnet Attack Blocker: from n/a through = 2.0.0...

CVE-2025-23975 WordPress Botnet Attack Blocker plugin <= 2.0.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in cheesefather Botnet Attack Blocker botnet-attack-blocker allows Stored XSS.This issue affects Botnet Attack Blocker: from n/a through = 2.0.0...

CVE-2025-23975 WordPress Botnet Attack Blocker plugin <= 2.0.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in cheesefather Botnet Attack Blocker botnet-attack-blocker allows Stored XSS.This issue affects Botnet Attack Blocker: from n/a through = 2.0.0...

CVE-2025-23975

CVE-2025-23975 is a Stored XSS in the WordPress Botnet Attack Blocker plugin (vulnerable:

WordPress plugin Botnet Attack Blocker 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2025-7018 · Unknown · Notfound Botnet Attack Blocker

Name of the Vulnerable Software and Affected Versions: NotFound Botnet Attack Blocker versions prior to 2.0.0 Description: The issue is related to improper neutralization of input during web page generation, which allows stored Cross-site Scripting XSS. This means that an attacker can inject...

WordPress Botnet Attack Blocker plugin <= 2.0.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Botnet Attack Blocker versions = 2.0.0...

The vulnerability of the AutoGPT library, related to its failure to take measures to neutralize special elements, allows a violator to bypass the restrictions on shell commands.

The vulnerability of the AutoGPT library is related to the failure to take measures to neutralize certain elements. Exploiting this vulnerability allows a remote attacker to bypass the restrictions in the botnet’s command list...

New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks

A Mirai botnet variant dubbed Aquabot has been observed actively attempting to exploit a medium-severity security flaw impacting Mitel phones in order to ensnare them into a network capable of mounting distributed denial-of-service DDoS attacks. The vulnerability in question is CVE-2024-41710 CVS...

Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet

Threat actors are exploiting an unspecified zero-day vulnerability in Cambium Networks cnPilot routers to deploy a variant of the AISURU botnet called AIRASHI to carry out distributed denial-of-service DDoS attacks. According to QiAnXin XLab, the attacks have leveraged the security flaw since Jun...