Ddos

The Kimwolf botnet, a new distributed denial of service (DDoS) threat, has recruited a massive army of at least 1.8 million infected devices, primarily Android-based TVs, set-top boxes, and tablets. According to research by QiAnXin XLab, the botnet is associated with the infamous AISURU botnet. Kimwolf Threat Summary Massive reach: Kimwolf has infected 1.8 million devices, primarily Android TV boxes, set-top boxes, and tablets. Advanced Capabilities: In addition to typical DDoS attack capabilities, Kimwolf integrates proxy forwarding, reverse shell, and file management features. It is compiled using the Android NDK (Native Development Kit). Attack Activity: The botnet issued an estimated 1.7 billion DDoS attack commands over a three-day period (November 19-22, 2025). Primary Targets: The most affected devices include popular models such as TV BOX, SuperBOX, HiDPTAndroid, P200, X96Q, XBOX, SmartTV and MX10. The global spread is notable, with high concentrations in Brazil, India, the USA, Argentina, South Africa and the Philippines. Ties with the AISURU Botnet and TTPs XLab research has uncovered significant links between Kimwolf and the AISURU botnet, known for record-breaking DDoS attacks over the past year. Researchers suspect that the same hacking group reused code from AISURU in the early stages of Kimwolf. ...

Cloudflare has announced the detection and mitigation of a distributed denial of service (DDoS) attack that peaked at 29.7 terabits per second (Tbps), the largest ever recorded by the company. The attack, lasting 69 seconds, was launched by the botnet for hire known as AISURU. The AISURU Botnet: The Engine of the Attack Cloudflare identified that the attack came from the AISURU botnet, a cybercrime network that has been linked to numerous hypervolume DDoS attacks over the past year. The AISURU botnet is estimated to be powered by a massive network of between 1 and 4 million infected hosts worldwide. ...

The RondoDox botnet malware is actively exploiting unpatched XWiki servers via the critical vulnerability CVE-2025-24893 (CVSS 9.8), allowing arbitrary remote code execution. 🔍 CVE-2025-24893 Evaluation injection bug that allows any guest user to execute remote code via the /bin/get/Main/SolrSearch endpoint. Affected versions: All before XWiki 15.10.11, 16.4.1 or 16.5.0RC1 Patch available from: February 2025 🤖 RondoDox: Expanding Botnet RondoDox incorporates vulnerable devices to: DDoS attacks (HTTP, UDP, TCP) Cryptocurrency mining Persistent access (reverse shells, backdoors) Chronology: March 2025 (first evidence) → Nov 3 (first RondoDox exploitation) → Nov 7 (maximum peak) → Nov 11 (new wave) ...