RondoDox botnet exploits the React2Shell vulnerability in Next.js, with over 90,000 exposed systems used to deploy miners and ...

December 2025, the RondoDox botnet operators have been targeting Next.js servers impacted by the React2Shell vulnerability.

Recent attacks are targeting Next.js servers and pose a significant threat of cryptomining and other malicious activity to ...

The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js ...

Security firm CloudSEK has uncovered a botnet campaign that is exploiting the React2Shell vulnerability in the Meta-developed ...

A relatively new Mirai-based botnet has been growing in sophistication and is now leveraging zero-day exploits for security flaws in industrial routers and smart home devices. Exploitation of ...

Androxgh0st’s integration with Mozi amplifies global risks IoT vulnerabilities are the new battleground for cyberattacks Proactive monitoring is essential to combat emerging botnet threats Researchers ...

The first ThreatsDay Bulletin of 2026 tracks GhostAd adware, macOS malware, proxy botnets, cloud exploits, and more emerging ...

A global Internet of Things (IoT) botnet campaign, dubbed "Ballista," has been targeting unpatched TP-Link routers since the beginning of 2025. The botnet exploits a remote code execution ...

Threat actors have been observed exploiting a critical vulnerability, CVE-2023-46604, in Apache systems. Over the past few weeks, Fortiguard Labs identified multiple threat actors leveraging this ...

A critical vulnerability has been discovered in the Linux-based Ruckus access points (AP) that allows remote attackers to take control of vulnerable systems. Tracked CVE-2023-25717 and first ...

Delivering more proof that the Log4Shell vulnerability is endemic, Akamai researchers detected botnet malware updated to use the flaw as an infection vector, supplementing its usual remote login brute ...