Cybersecurity researchers have uncovered a nine-month campaign where the RondoDox botnet exploited the critical React2Shell vulnerability (CVE-2025-55182) to hijack IoT devices and web servers, deploying malware, cryptocurrency miners, and Mirai variants, with the threat still active as of December 2025. Organizations are urged to update vulnerable software, segment IoT devices, and enhance monitoring to prevent infection.
NIST has finalized a new lightweight cryptography standard based on Ascon algorithms to protect small, resource-constrained devices like IoT gadgets, RFID tags, and medical implants from cyberattacks, offering various options for encryption, hashing, and future expandability.
The FBI warns that over 10 million Android devices, including IoT gadgets and smart devices, are infected with the BadBox 2.0 botnet, which is used for criminal activities. Google has taken legal action and updated protections, but users are advised to disconnect suspicious devices from their networks to prevent further harm.
