Masjesu Rising: The Commercial IoT Botnet Built for Stealth, DDoS, and IoT Evasion

Masjesu Rising: The Commercial IoT Botnet Built for Stealth, DDoS, and IoT Evasion By Mohideen Abdul Khader F · April 7, 2026 Botnet overview The Masjesu botnet, a sophisticated, commercially-run Internet of Things IoT threat, has been operational and evolving since early 2023, continuing into...

K000160327: Protect your network from geopolitical uncertainty with F5

Security Advisory Description While there are many cyber-threats creating a constant need for cybersecurity efforts, history teaches us that geopolitical conflicts often generate increased cyber activity. In recent years the world has seen conflicts in Ukraine, Yemen, Iran, and elsewhere generate...

CVE-2026-2507

When BIG-IP AFM or BIG-IP DDoS is provisioned, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-2507

CVE-2026-2507 affects BIG-IP AFM and BIG-IP DDoS Hybrid Defender where provisioning can trigger Traffic Management Microkernel (TMM) termination due to undisclosed traffic, causing DoS. The advisory notes EoTS-excluded versions. Affected versions are not fully listed in these sources, but F5’s K0...

PT-2026-20463

Name of the Vulnerable Software and Affected Versions BIG-IP AFM and BIG-IP DDoS affected versions not specified Description Undisclosed traffic can cause Traffic Management Microkernel TMM to terminate when BIG-IP Application Firewall AFM or BIG-IP Distributed Denial of Service DDoS is...

MiracleLinux 9 : nghttp2-1.43.0-5.el9.1 (AXSA:2023-6518:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6518:02 advisory. HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 Tenable has extracted the preceding description...

Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers

The Black Lotus Labs team at Lumen Technologies said it null-routed traffic to more than 550 command-and-control C2 nodes associated with the AISURU/Kimwolf botnet since early October 2025. AISURU and its Android counterpart, Kimwolf, have emerged as some of the biggest botnets in recent times,...

CVE-2018-25117

CVE-2018-25117 concerns VestaCP Debian Installer maldocs. From 2018-05-31 to 2018-06-13, the installer was tainted with embedded malicious code causing a supply-chain compromise. New installations from compromised installers since May 2018 installed Linux/ChachaDDoS, a multi-stage DDoS bot that u...

EUVD-2020-6464

Malware in sbrugna...

EUVD-2000-0137

Malware in sbrugna...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: cups-filters (UTSA-2025-669608)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-669608 advisory. CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be...

EUVD-2023-26560

Malicious code in bioql PyPI...

EUVD-2023-30865

Malicious code in bioql PyPI...

EUVD-2025-3677

Malicious code in bioql PyPI...

CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.)

...

CVE-2025-43762

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allow users to upload an unlimited amount of files through the...

U.S. Agencies Warn of Rising Iranian Cyber Attacks on Defense, OT Networks, and Critical Infrastructure

U.S. cybersecurity and intelligence agencies have issued a joint advisory warning of potential cyber attacks from Iranian state-sponsored or affiliated threat actors. "Over the past several months, there has been increasing activity from hacktivists and Iranian government-affiliated actors, which...

DHS Warns Pro-Iranian Hackers Likely to Target U.S. Networks After Iranian Nuclear Strikes

The United States government has warned of cyber attacks mounted by pro-Iranian groups after it launched airstrikes on Iranian nuclear sites as part of the Iran–Israel war that commenced on June 13, 2025. Stating that the ongoing conflict has created a "heightened threat environment" in the...

Two Distinct Botnets Exploit Wazuh Server Vulnerability to Launch Mirai-Based Attacks

A now-patched critical security flaw in the Wazur Server is being exploited by threat actors to drop two different Mirai botnet variants and use them to conduct distributed denial-of-service DDoS attacks. Akamai, which first discovered the exploitation efforts in late March 2025, said the malicio...

CVE-2023-27077

Stack Overflow vulnerability found in 360 D901 allows a remote attacker to cause a Distributed Denial of Service DDOS via a crafted HTTP package...