Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks

The U.S. Department of Justice DoJ on Thursday announced the arrest of a Canadian man in connection with allegedly operating a distributed denial-of-service DDoS botnet known as Kimwolf. In tandem, Jacob Butler aka Dort, 23, Ottawa, Canada, has been charged with offenses related to the developmen...

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

Threat actors are exploiting security flaws in TBK DVR and end‑of‑life EoL TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices, according to findings from Fortinet FortiGuard Labs and Palo Alto Networks Unit 42. The attack targeting TBK DVR devices has been found to explo...

Update, March 13: Talos on the developing situation in the Middle East

Update history Date | Description of updates ---|--- March 13, 2026 | Talos' assessment of the cyber attack on Stryker and the elevated threat landscape. Key findings and background on Handala, the Iranian-linked threat group. March 10, 2026 | Updated guidance and recommendations, IOCs, and...

CVE-2026-2507

When BIG-IP AFM or BIG-IP DDoS is provisioned, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

Kimwolf Botnet Swamps Anonymity Network I2P

For the past week, the massive "Internet of Things" IoT botnet known as Kimwolf has been disrupting The Invisible Internet Project I2P, a decentralized, encrypted communications network designed to anonymize and secure online communications. I2P users started reporting disruptions in the network...

Tenda AC9 安全漏洞

The Tenda AC9 is a wireless router produced by the Chinese company Tenda. The Tenda AC9 15.03.06.42multi version has a security vulnerability. This vulnerability stems from improper handling of the security.ddos.map parameter in the formGetDdosDefenceList function, which may lead to a stack buffe...

I Am in the Epstein Files

Once. Someone named "Vincenzo lozzo" wrote to Epstein in email, in 2016: "I wouldn't pay too much attention to this, Schneier has a long tradition of dramatizing and misunderstanding things." The topic of the email is DDoS attacks, and it is unclear what I am dramatizing and misunderstanding. Rab...

ICE Agent Doxxing Platform was Crippled After Coordinated DDoS Attack

The activist website called "ICE List" was offline after a massive DDoS attack. The crash followed a leak of 4,500 federal agent names linked to the Renee Nicole Good shooting...

Who Benefited from the Aisuru and Kimwolf Botnets?

Our first story of 2026 revealed how a destructive new botnet called Kimwolf has infected more than two million devices by mass-compromising a vast number of unofficial Android TV streaming boxes. Today, we'll dig through digital clues left behind by the hackers, network operators and services th...

SD-CGAN: Conditional Sinkhorn Divergence GAN for DDoS Anomaly Detection in IoT Networks

The increasing complexity of IoT edge networks presents significant challenges for anomaly detection, particularly in identifying sophisticated Denial-of-Service DoS attacks and zero-day exploits under highly dynamic and imbalanced traffic conditions. This paper proposes SD-CGAN, a Conditional...

PT-2025-42217

VestaCP commit a3f0fa1 2018-05-31 up to commit ee03eff 2018-06-13 contain embedded malicious code that resulted in a supply-chain compromise. New installations created from the compromised installer since at least May 2018 were subject to installation of Linux/ChachaDDoS, a multi-stage DDoS bot...

hackingtool

This is an offensive tool for penetration testing and hacking. It is a collection of various tools for different types of attacks, including information gathering, web attacks, SQL injection, phishing, and more. The tool is written in Python and is designed to be run on Linux systems, including...

When You’re Always Under #DDoS Attack

We recently mitigated a 1.55 terabit per second Tbps, DDoS attack for a steady customer of ours. This particular customer is a reputable domain name service DNS provider. I’ve personally used them for over a decade to register domains for all the projects I will never complete or, tbh, start. But...

DOJ Charges 22-Year-Old for Running RapperBot Botnet Behind 370,000 DDoS Attacks

A 22-year-old man from the U.S. state of Oregon has been charged with allegedly developing and overseeing a distributed denial-of-service DDoS-for-hire botnet called RapperBot. Ethan Foltz of Eugene, Oregon, has been identified as the administrator of the service, the U.S. Department of Justice D...

PT-2025-34149

Name of the Vulnerable Software and Affected Versions: Eclipse Jetty versions =9.4.57 Eclipse Jetty versions =10.0.25 Eclipse Jetty versions =11.0.25 Eclipse Jetty versions =12.0.21 Eclipse Jetty version 12.1.0.alpha2 Description: An HTTP/2 client can trigger the server to send RST STREAM frames ...

Ransomware Groups Demystified: CyberVolk Ransomware

As part of our ongoing efforts to monitor emerging cyber threats, we have analyzed the activities of CyberVolk, a politically motivated hacktivist group that transitioned into using ransomware and has been active since June 2024. Unlike traditional ransomware groups, CyberVolk initially positione...

New Condi Malware Hijacking TP-Link Wi-Fi Routers for DDoS Botnet Attacks

A new malware called Condi has been observed exploiting a security vulnerability in TP-Link Archer AX21 AX1800 Wi-Fi routers to rope the devices into a distributed denial-of-service DDoS botnet. Fortinet FortiGuard Labs said the campaign has ramped up since the end of May 2023. Condi is the work ...

From Cryptojacking to DDoS Attacks: Diicot Expands Tactics with Cayosin Botnet

Cybersecurity researchers have discovered previously undocumented payloads associated with a Romanian threat actor named Diicot , revealing its potential for launching distributed denial-of-service DDoS attacks. "The Diicot name is significant, as it's also the name of the Romanian organized crim...

The vulnerability of the iControl REST API interface for access control and remote authentication, the BIG-IP Access Policy Manager, the virtual server for application protection, the BIG-IP Advanced Web Application Firewall, the BIG-IP Advanced Firewall Manager, the infrastructure status analysis tool, the BIG-IP Application Acceleration Manager, the DDoS protection module, the BIG-IP Fraud Protection Service, the Internet traffic balancing system, the BIG-IP Link Controller, and the local traffic balancing system – all of these allow a perpetrator to cause service interruptions.

The vulnerabilities of the iControl REST API interface for access control and remote authentication, the BIG-IP Access Policy Manager, the virtual server for application protection, the BIG-IP Advanced Web Application Firewall, the BIG-IP Advanced Firewall Manager, the infrastructure status...

Telegram Suffers 'Powerful DDoS Attack' From China During Hong Kong Protests

Telegram, one of the most popular encrypted messaging app, briefly went offline yesterday for hundreds of thousands of users worldwide after a powerful distributed denial-of-service DDoS attack hit its servers. Telegram founder Pavel Durov later revealed that the attack was mainly coming from the...