Botnet

A newly discovered cyberattack campaign, dubbed Operation WrtHug, has compromised tens of thousands of ASUS routers that are end-of-life (EoL) or outdated. The operation has recruited these devices into a vast network of botnets. Over the past six months, SecurityScorecard’s STRIKE team identified more than 50,000 unique IP addresses of compromised devices globally. The most affected regions include Taiwan, the United States and Russia, although infections have also been reported in Southeast Asia and European countries. ...

The RondoDox botnet malware is actively exploiting unpatched XWiki servers via the critical vulnerability CVE-2025-24893 (CVSS 9.8), allowing arbitrary remote code execution. 🔍 CVE-2025-24893 Evaluation injection bug that allows any guest user to execute remote code via the /bin/get/Main/SolrSearch endpoint. Affected versions: All before XWiki 15.10.11, 16.4.1 or 16.5.0RC1 Patch available from: February 2025 🤖 RondoDox: Expanding Botnet RondoDox incorporates vulnerable devices to: DDoS attacks (HTTP, UDP, TCP) Cryptocurrency mining Persistent access (reverse shells, backdoors) Chronology: March 2025 (first evidence) → Nov 3 (first RondoDox exploitation) → Nov 7 (maximum peak) → Nov 11 (new wave) ...