LNTest: A Testbed for Evaluating Bitcoin Lightning Network-Based Botnets

Bitcoin's Lightning Network LN can be exploited as a covert, low-cost command-and-control C&C channel for botnets, as demonstrated by the LNBot and D-LNBot designs. However, both remain proof-of-concept prototypes evaluated only through simulation, leaving key questions about real-world topology...

China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance

Cybersecurity researchers have warned of a "resurgence and expansion" of JDY , a covert network associated with China-nexus state-sponsored threat actors. "The JDY botnet comprises over 1,500 SOHO small office and home office and IoT devices and operates as a centrally controlled, high-performanc...

Silent Ransom Group Uses Fast Flux Botnet to Hide Law Firm Leak Sites

Cybersecurity firm Resecurity reports Silent Ransom Group is using a fast flux botnet to hide data leak sites while targeting law firms with theft and vishing...

CVE-2024-45257

A Command Injection issue in the payload build page in BYOB Build Your Own Botnet 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. This occurs in freeze in core/generators.py...

MalTree: Tracing Malware Evolution from Embeddings at Scale

Malware detection remains largely reactive: machine learning models trained on known samples degrade as threats evolve. Understanding evolutionary relationships among malware families can inform proactive defense, but traditional reverse engineering can take months to years to uncover such lineag...

MAL-2026-5151 Malicious code in parsimonius (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a5ab85a46a37da928774b1885049b71d40d675c54683b13711f4e371d932394a Clone of a legitimate package with an added RAT running through a Telegram bot. It can e.g. exfiltrate env variables and execute remote commands. The malicious...

Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices

Dutch authorities have announced the takedown of a botnet that enslaved millions of infected devices, including computers, tablets, smartphones, and IoT devices, to carry out malicious attacks. The bot network, per the Dutch Politie and the National Cyber Security Center NCSC, consisted of at lea...

RondoDox Botnet Exploits Critical 2018 Vulnerability to Hijack ASUS Routers

Cybersecurity firm VulnCheck reveals hackers are using a critical 2018 vulnerability to bypass authentication and hack over a million ASUS routers...

Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks

The U.S. Department of Justice DoJ on Thursday announced the arrest of a Canadian man in connection with allegedly operating a distributed denial-of-service DDoS botnet known as Kimwolf. In tandem, Jacob Butler aka Dort, 23, Ottawa, Canada, has been charged with offenses related to the developmen...

Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada

Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf , a fast spreading Internet-of-Things botnet that enslaved millions of devices for use in a series of massive distributed denial-of-service DDoS attacks over the past six months...

Botnet Detection on CTU-13 Using Lightweight Machine Learning Models

Botnets are among the most persistent cyber threats, enabling large-scale attacks such as spam, credential theft, and distributed denial-of-service DDoS. While deep learning approaches have recently been applied to botnet detection, they are computationally intensive and often lack...

Malicious Package

Overview axois-utils is a malicious package. This package contains malicious code that includes infostealer malware, one of which is a Shai-Hulud clone following the TeamPCP open source release, and one DDoS botnet package. While this package might be attempting to impersonate a valid organizatio...

Malicious Package

Overview color-style-utils is a malicious package. This package contains malicious code that includes infostealer malware, one of which is a Shai-Hulud clone following the TeamPCP open source release, and one DDoS botnet package. While this package might be attempting to impersonate a valid...

Malicious Package

Overview chalk-tempalte is a malicious package. This package contains malicious code that includes infostealer malware, one of which is a Shai-Hulud clone following the TeamPCP open source release, and one DDoS botnet package. While this package might be attempting to impersonate a valid...

Malicious Package

Overview @deadcode09284814/axios-util is a malicious package. This package contains malicious code that includes infostealer malware, one of which is a Shai-Hulud clone following the TeamPCP open source release, and one DDoS botnet package. While this package might be attempting to impersonate a...

Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access

The Russian state-sponsored hacking group known as Turla has transformed its custom backdoor Kazuar into a modular peer-to-peer P2P botnet that's engineered for stealth and persistent access to compromised hosts. Turla, per the U.S. Cybersecurity and Infrastructure Security Agency CISA, is assess...

Kazuar: Anatomy of a nation-state botnet

In this article 1. Delivery 2. Module types 3. Botnet operations 4. Who is Secret Blizzard? 5. Mitigation and protection guidance 6. Microsoft Defender detections Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for...

Kazuar: Anatomy of a nation-state botnet

In this article 1. Delivery 2. Module types 3. Botnet operations 4. Who is Secret Blizzard? 5. Mitigation and protection guidance 6. Microsoft Defender detections Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for...

CVE-2024-45257

A Command Injection issue in the payload build page in BYOB Build Your Own Botnet 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. This occurs in freeze in core/generators.py...

CVE-2024-45257

A Command Injection issue in the payload build page in BYOB Build Your Own Botnet 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. This occurs in freeze in core/generators.py...