Cybersecurity researchers have uncovered a nine-month campaign where the RondoDox botnet exploited the critical React2Shell vulnerability (CVE-2025-55182) to hijack IoT devices and web servers, deploying malware, cryptocurrency miners, and Mirai variants, with the threat still active as of December 2025. Organizations are urged to update vulnerable software, segment IoT devices, and enhance monitoring to prevent infection.
A 22-year-old Oregon man, Ethan J. Foltz, was arrested for operating Rapper Bot, a large IoT-based botnet used for launching massive DDoS attacks, including one that disrupted Twitter/X in March 2025. The botnet, which enslaved around 65,000 devices globally, was rented out to extortionists and was responsible for over 370,000 attacks targeting thousands of victims. Foltz admitted to building and controlling the botnet, which was designed to be manageable and stealthy, and he discussed its capabilities and rival threats in encrypted chats. The case highlights the significant financial and operational risks posed by such cybercriminal activities.
The FBI warns that over 10 million Android devices, including IoT gadgets and smart devices, are infected with the BadBox 2.0 botnet, which is used for criminal activities. Google has taken legal action and updated protections, but users are advised to disconnect suspicious devices from their networks to prevent further harm.
The FBI warns that over 10 million Android devices, mainly low-cost IoT products from China, are infected with the malicious BadBox 2.0 malware, which is pre-installed in device firmware and used for criminal activities. Google has taken legal action and updated protections, while the FBI recommends users disconnect suspicious devices from their networks to prevent further harm.
The FBI warns that the BADBOX 2.0 malware has infected over 1 million consumer IoT devices, mainly Android-based smart TVs and streaming devices, turning them into residential proxies for malicious activities like ad fraud and credential stuffing. Despite disruptions, the botnet continues to grow globally, with devices from China shipped worldwide, and consumers are advised to monitor their devices and avoid unofficial app stores.
A security report reveals that around 9,000 Asus routers have been hacked by a sophisticated threat actor aiming to create a botnet. Users can check if their routers are compromised by inspecting SSH access and should perform a factory reset if infected. Updating firmware and blocking specific IPs are recommended to prevent future attacks.
The FBI has issued a warning against 13 specific older router models, mainly from Linksys/Cisco, that are vulnerable to malware called TheMoon, which can be exploited to control devices and hide malicious activity. Users with these models should consider replacing them, especially if they haven't received updates, to avoid security risks.
Thousands of ASUS routers have been compromised by a persistent botnet that survives firmware updates and reboots, potentially controlled by a nation state, with affected models including RT-AC3100, RT-AC3200, and RT-AX55. The only recommended mitigation is to factory reset the routers and then update the firmware, as the infection cannot be removed by updates alone.
A new botnet named 'AyySSHush' has compromised over 9,000 ASUS routers by exploiting an old vulnerability to install a persistent SSH backdoor, allowing attackers to maintain access even after reboots or firmware updates. The campaign, possibly linked to a nation-state actor, also targeted other SOHO routers from Cisco, D-Link, and Linksys, and involves stealthy techniques to evade detection. ASUS has released security patches, and users are advised to update firmware, check for suspicious files, and reset their devices if compromised.
US and European authorities have dismantled the "world's largest botnet," responsible for nearly $6 billion in Covid insurance fraud. The operation, codenamed Endgame, led to the arrest of multiple suspects, including Chinese national YunHe Wang, and the seizure of luxury goods and properties. The botnet, active from 2014 to 2022, spread ransomware via infected emails. The coordinated international effort involved actions in several countries and targeted various malware droppers, significantly disrupting the cybercrime ecosystem.
The FBI has dismantled a massive botnet of 19 million infected computers spread across 190 countries, used for various cybercrimes including financial fraud and identity theft. The operation led to the arrest of the alleged administrator, YunHe Wang, in Singapore, and the seizure of luxury goods, cryptocurrency, and real estate. The botnet, active since 2014, generated millions by leasing access to compromised IP addresses.
The FBI, in collaboration with international partners, dismantled the "911 S5" botnet, the world's largest, which infected 19 million computers and facilitated various cybercrimes. Chinese national YunHe Wang, who profited nearly $100 million from the operation, was arrested in Singapore and faces multiple charges that could lead to a 65-year prison sentence.
The US and Europe have conducted major operations against cybercrime networks, resulting in multiple arrests and the seizure of luxury assets. The US arrested Chinese national YunHe Wang, accused of hacking 19 million devices and causing $5.9 billion in losses, while Europol arrested ringleaders in Armenia and Ukraine, taking control of over 2,000 websites. Both operations targeted botnets used for various criminal activities, including fraud and ransomware.
An international law enforcement team has arrested Chinese national Yunhe Wang, disrupting the "911 S5" botnet, which officials say is the world's largest. Wang allegedly ran the botnet for nearly a decade, amassing $99 million by reselling access to criminals for identity theft, child exploitation, and financial fraud, including pandemic relief scams. Authorities seized $29 million in cryptocurrency and linked Wang to $5.9 billion in fraud losses. Wang managed the botnet through 150 servers and used his gains to purchase properties worldwide.
The U.S. Department of Justice dismantled the world's largest botnet, 911 S5, which infected 19 million devices globally. Chinese national YunHe Wang, the botnet's creator, was arrested and charged with multiple offenses, facing up to 65 years in prison. The botnet facilitated various cybercrimes, including financial fraud and identity theft, generating millions of dollars for Wang. The takedown involved international cooperation and led to the seizure of significant assets.
