Tag: BOTNET

No Honour Among Thieves: Uncovering a Trojanized XWorm RAT Builder Propagated by Threat Actors and Disrupting Its Operations
A trojanized version of the XWorm RAT builder has been weaponized and disseminated primarily through GitHub and other file-sharing services, targeting novice users in cybersecurity. The malware has compromised over 18,459 devices globally, exfiltrating sensitive data and utilizing Telegram for command-and-control operations. Disruption efforts have been made to mitigate its impact, but challenges remain due to offline devices and rate-limiting on Telegram.…
Read More
Cybersecurity News Review, Week 4 (2025)
This week’s cybersecurity overview includes critical vulnerabilities in various software and hardware, exploits of chained vulnerabilities, record-high DDoS attacks, and a notable ransomware surge, particularly impacting education and utilities. The article emphasizes the necessity for improved security measures across affected sectors. Affected: 7-Zip, Asus, Ivanti Cloud Service Appliances, Cisco, Cambium Networks, ABB, UK Education Sector, PowerSchool, US Utilities, Russia, Iran

Keypoints :

7-Zip has a critical vulnerability (CVE-2025–0411) that allows code execution by bypassing the Mark of the Web security feature.…
Read More
Malicious Software and Its Types
This article explores various types of malware, detailing their characteristics, examples, and consequences in the cybersecurity landscape. It covers viruses, worms, trojans, spyware, rootkits, ransomware, and cryptojacking, highlighting both historical examples and mitigation strategies. Affected: malware, computer systems, data security

Keypoints :

Malware is software developed to harm computer systems, steal data, or gain unauthorized access.…
Read More
Multiple Cybersecurity Giants’ Account Credentials Leaked and Sold on Dark Web; Ministry of Industry and Information Technology Warns: Beware of Androxgh0st Botnet Risks | NiuLan – Security Niu
A recent report reveals that multiple cybersecurity firms have had their account credentials leaked and are being sold on the dark web. This poses risks not only to the companies involved but also to their customers. Additionally, the Ministry of Industry and Information Technology highlights the ongoing threat of the Androxgh0st botnet, which targets IoT devices and network infrastructure.…
Read More
Pivoting for Nosviak
Censys discovered a network of botnet management systems utilizing a modified version of the Nosviak command-and-control service. This network connects over 150 hosts across multiple countries and operates under various aliases, primarily offering DDoS and proxy services marketed as “stress testing.” Evidence suggests a significant infrastructure that leverages shared resources for malicious activities.…
Read More

In recent months, Indonesia has emerged as a significant hotspot in the global cybersecurity landscape, as cybercriminals exploit vulnerabilities in Internet of Things (IoT) devices to launch large-scale distributed denial-of-service (DDoS) attacks. A new variant of the infamous Mirai botnet, dubbed Murdoc Botnet, has been actively targeting IoT devices, including AVTECH IP cameras and Huawei HG532 routers, with Indonesia being one of the most affected countries.…

Read More
This article discusses various high-severity vulnerabilities affecting software and systems, including buffer overflow issues in Rsync, critical security updates from Microsoft, and an authentication bypass in Fortinet’s FortiOS. These vulnerabilities pose significant risks, including potential remote code execution by attackers. Affected: Rsync, Microsoft software products, Fortinet FortiOS, FortiProxy

Keypoints :

Rsync has identified and patched critical buffer overflow and information disclosure vulnerabilities (CVE-2024-12084/CVE-2024-12085).…
Read More
Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Devices
Summary: Cloudflare reported the largest DDoS attack to date, peaking at 5.6 Tbps, which targeted an unnamed ISP in Eastern Asia on October 29, 2024. The attack, originating from a Mirai-variant botnet, lasted only 80 seconds and involved over 13,000 IoT devices. Cloudflare also noted a significant increase in DDoS attacks in 2024, with a 53% rise compared to the previous year.…
Read More
Cloudflare mitigated a record-breaking 5.6 Tbps DDoS attack
Summary: The largest DDoS attack recorded peaked at 5.6 Tbps, utilizing a Mirai-based botnet with 13,000 compromised devices, targeting an ISP in Eastern Asia. Cloudflare reports a significant rise in hyper-volumetric DDoS attacks, with a notable increase in short-lived attacks that complicate human response efforts. The trend indicates a growing threat landscape, particularly during peak usage periods, leading to an increase in ransom DDoS attacks.…
Read More
Mirai Botnet Spinoffs Unleash Global Wave of DDoS Attacks
Summary: Recent spinoffs of the Mirai botnet are causing a surge in distributed denial-of-service (DDoS) attacks worldwide, particularly targeting IoT devices. The Murdoc botnet, which exploits vulnerabilities in specific devices, and another botnet combining Mirai and Bashlite malware, are both contributing to this ongoing threat. Researchers emphasize the importance of robust defenses against these evolving cyberattacks.…
Read More
IoT Botnet Linked to Large-scale DDoS Attacks Since the End of 2024
This article discusses the ongoing large-scale DDoS attacks orchestrated by an IoT botnet that exploits vulnerable devices, primarily targeting companies in Japan and other countries. The botnet utilizes malware derived from Mirai and Bashlite, affecting various sectors and employing multiple DDoS attack methods. Affected: Japan, North America, Europe

Keypoints :

Large-scale DDoS attacks monitored since the end of 2024.…
Read More
MintsLoader: StealC and BOINC Delivery
eSentire’s Threat Response Unit (TRU) has identified a campaign involving MintsLoader malware, which delivers payloads like Stealc through spam emails. This campaign primarily affects organizations in the Electricity, Oil & Gas, and Legal Services sectors in the US and Europe. The malware employs various evasion techniques and utilizes a Domain Generation Algorithm (DGA) to communicate with its command and control servers.…
Read More