MalTree: Tracing Malware Evolution from Embeddings at Scale

Malware detection remains largely reactive: machine learning models trained on known samples degrade as threats evolve. Understanding evolutionary relationships among malware families can inform proactive defense, but traditional reverse engineering can take months to years to uncover such lineag...

Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks

Cybersecurity researchers have exposed a new Mirai-derived botnet that self-identifies as xlabsv1 and targets internet-exposed devices running Android Debug Bridge ADB to enlist them in a network capable of carrying out distributed denial-of-service DDoS attacks. Hunt.io, which detailed the...

⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More

This week, the shadows moved faster than the patches. While most teams were still triaging last month’s alerts, attackers had already turned control panels into kill switches, kernels into open doors, and open-source pipelines into silent delivery systems. The game has shifted from breach to...

Evasion of IoT Malware Detection Via Dummy Code Injection

The Internet of Things IoT has revolutionized connectivity by linking billions of devices worldwide. However, this rapid expansion has also introduced severe security vulnerabilities, making IoT devices attractive targets for malware such as the Mirai botnet. Power side-channel analysis has...

Analyzing the Mirai IoT Botnet and Its Recent Variants: Satori, Mukashi, Moobot, and Sonic

Mirai is undoubtedly one of the most significant Internet of Things IoT botnet attacks in history. In terms of its detrimental effects, seamless spread, and low detection rate, it surpassed its predecessors. Its developers released the source code, which triggered the development of several...

How to Mitigate and Defend against DDoS Attacks in IoT Devices

Distributed Denial of Service DDoS attacks have become increasingly prevalent and dangerous in the context of Internet of Things IoT networks, primarily due to the low-security configurations of many connected devices. This paper analyzes the nature and impact of DDoS attacks such as those launch...

CVE-2013-3307

Linksys E1000 devices through 2.1.02, E1200 devices before 2.0.05, and E3200 devices through 1.0.04 allow OS command injection via shell metacharacters in the apply.cgi pingip parameter on TCP port 52000. Recent assessments: gwillcox-r7 at November 21, 2021 10:11pm UTC reported: Bug in Linksys...

Two Botnets, One Flaw: Mirai Spreads Through Wazuh Vulnerability

...

Analysis of the latest Mirai wave exploiting TBK DVR devices with CVE-2024-3721

The abuse of known security flaws to deploy bots on vulnerable systems is a widely recognized problem. Many automated bots constantly search the web for known vulnerabilities in servers and devices connected to the internet, especially those running popular services. These bots often carry Remote...

CVE-2024-45163

The Mirai botnet through 2024-08-19 mishandles simultaneous TCP connections to the CNC command and control server. Unauthenticated sessions remain open, causing resource consumption. For example, an attacker can send a recognized username such as root, or can send arbitrary data...

Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit

Samsung has released software updates to address a critical security flaw in MagicINFO 9 Server that has been actively exploited in the wild. The vulnerability, tracked as CVE-2025-4632 CVSS score: 9.8, has been described as a path traversal flaw. "Improper limitation of a pathname to a restricte...

PT-2025-20724

Name of the Vulnerable Software and Affected Versions Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones versions through 6.4 SP4 R6.4.0.4006 Mitel 6970 Conference Unit versions through 6.4 SP4 R6.4.0.4006 and version V1 R0.1.0 Description A command injection issue exists in Mitel 6800...

Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet

Threat actors have been observed actively exploiting security flaws in GeoVision end-of-life EoL Internet of Things IoT devices to corral them into a Mirai botnet for conducting distributed denial-of-service DDoS attacks. The activity, first observed by the Akamai Security Intelligence and Respon...

Unpatched Edimax Camera Flaw Exploited for Mirai Botnet Attacks Since Last Year

An unpatched security flaw impacting the Edimax IC-7100 network camera is being exploited by threat actors to deliver Mirat botnet malware variants since at least May 2024. The vulnerability in question is CVE-2025-1316 CVSS v4 score: 9.3, a critical operating system command injection flaw that a...

TP-Link Router Botnet

There is a new botnet that is infecting TP-Link routers: The botnet can lead to command injection which then makes remote code execution RCE possible so that the malware can spread itself across the internet automatically. This high severity security flaw tracked as CVE-2023-1389 has also been us...

Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Devices

Web infrastructure and security company Cloudflare on Tuesday said it detected and blocked a 5.6 Terabit per second Tbps distributed denial-of-service DDoS attack, the largest ever attack to be reported to date. The UDP protocol-based attack took place on October 29, 2024, targeting one of its...

Mirai Variant Murdoc Botnet Exploits AVTECH IP Cameras and Huawei Routers

Cybersecurity researchers have warned of a new large-scale campaign that exploits security flaws in AVTECH IP cameras and Huawei HG532 routers to rope the devices into a Mirai botnet variant dubbed Murdoc Botnet. The ongoing activity "demonstrates enhanced capabilities, exploiting vulnerabilities...

Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks

A Mirai botnet variant has been found exploiting a newly disclosed security flaw impacting Four-Faith industrial routers since early November 2024 with the goal of conducting distributed denial-of-service DDoS attacks. The botnet maintains approximately 15,000 daily active IP addresses, with the...

Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords

Juniper Networks is warning that Session Smart Router SSR products with default passwords are being targeted as part of a malicious campaign that deploys the Mirai botnet malware. The company said it's issuing the advisory after "several customers" reported anomalous behavior on their Session Sma...

New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries

Cybersecurity researchers have discovered a new botnet malware family called Gorilla aka GorillaBot that draws its inspiration from the leaked Mirai botnet source code. Cybersecurity firm NSFOCUS, which identified the activity last month, said the botnet "issued over 300,000 attack commands, with...