get in losers, we’re gamifying everything now
> “NoName published a daily leaderboard of volunteers who launched the most attacks… and paid top-ranking volunteers in cryptocurrency”
#Russia #FSB #GRU #putin #vladimirPutin #uspol #cybersecurity #infosec #noName #ukpol #eupol #botnet #DDoS #ukraine #ukrainewar #crypto #cryptocurrency #litecoin #bitcoin #gamification
It didn’t take long: CVE-2025-55182 is now under active exploitation
A critical vulnerability (CVE-2025-55182) affecting React Server Components has been actively exploited since its disclosure on December 4, 2025. The flaw, dubbed React4Shell, allows attackers to execute commands and manipulate files on vulnerable web applications. Kaspersky honeypots detected a surge in exploitation attempts, with attackers deploying various malware, including crypto miners and the RondoDox botnet. The vulnerability affects multiple React-related packages and bundles. Threat actors are leveraging this exploit to steal credentials, compromise cloud infrastructures, and potentially launch supply chain attacks. Immediate patching and implementation of security measures are strongly recommended to mitigate risks associated with this high-severity vulnerability.
Pulse ID: 693ae06402fe5f1d81a2b7c3
Pulse Link: https://otx.alienvault.com/pulse/693ae06402fe5f1d81a2b7c3
Pulse Author: AlienVault
Created: 2025-12-11 15:16:52
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Cloud #CyberSecurity #HoneyPot #InfoSec #Kaspersky #Malware #OTX #OpenThreatExchange #SupplyChain #Vulnerability #bot #botnet #AlienVault
Turns out #TaylorSwift isn't a racist after all. Someone just hired a #BotNet to make you think she is.
PeerBlight Linux Backdoor Exploits React2Shell CVE-2025-55182
A critical vulnerability in React Server Components (CVE-2025-55182) is being exploited across various organizations. Attackers are deploying cryptominer malware, a Linux backdoor called PeerBlight, a reverse proxy tunnel named CowTunnel, and a Go-based post-exploitation implant dubbed ZinFoq. PeerBlight uses the BitTorrent DHT network as a fallback C2 mechanism. CowTunnel initiates outbound connections to attacker-controlled FRP servers. ZinFoq implements interactive shells, SOCKS5 proxying, and timestomping capabilities. A Kaiji botnet variant is also being distributed. The exploitation attempts target multiple industries and use automated tools. Immediate patching is recommended due to the ease of exploitation.
Pulse ID: 69398505e9eef97b07197db2
Pulse Link: https://otx.alienvault.com/pulse/69398505e9eef97b07197db2
Pulse Author: AlienVault
Created: 2025-12-10 14:34:45
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CryptoMiner #CyberSecurity #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Proxy #ReverseProxy #Troll #Vulnerability #bot #botnet #socks5 #AlienVault
📰 New 'Broadside' Botnet Exploits DVRs to Target Maritime Logistics
New 'Broadside' botnet, a Mirai variant, targets the maritime sector by exploiting a critical DVR flaw (CVE-2024-3721). 🚢 Beyond DDoS, it harvests credentials, posing a risk to vessel OT systems. #Botnet #Mirai #Maritime #IoT #CyberSecurity
#Broadside #botnet hits TBK DVRs, raising alarms for #maritime logistics
https://securityaffairs.com/185491/malware/broadside-botnet-hits-tbk-dvrs-raising-alarms-for-maritime-logistics.html
#securityaffairs #hacking
Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks
A critical remote code execution vulnerability (CVE-2025-6389) in the Sneeit Framework WordPress plugin is being actively exploited. The flaw allows unauthenticated attackers to execute code on the server, potentially creating malicious admin accounts or injecting backdoors. Wordfence has blocked over 131,000 attack attempts since November 24, 2025. Concurrently, a separate attack exploiting an ICTBroadcast vulnerability (CVE-2025-2611) is being used to spread the 'Frost' DDoS botnet. This botnet combines DDoS capabilities with spreader logic, including exploits for fifteen CVEs. The attacks appear to be part of a small, targeted operation, given the limited number of vulnerable internet-exposed systems.
Pulse ID: 69381affff384c7c0e973a8e
Pulse Link: https://otx.alienvault.com/pulse/69381affff384c7c0e973a8e
Pulse Author: AlienVault
Created: 2025-12-09 12:50:07
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CyberSecurity #DDoS #DoS #InfoSec #OTX #OpenThreatExchange #RAT #RCE #RDP #RemoteCodeExecution #Vulnerability #Word #Wordpress #bot #botnet #AlienVault
Fajne narzędzie https://check.labs.greynoise.io/ sprawdzisz, czy nie jesteś częścią #botnet
ICTBroadcast‑Fehler ausgenutzt – das neue „Frost“ DDoS‑Botnet
VulnCheck berichtet, wie ein neue Akteure ein DDoS-BotNet aufbauen. Dazu nutzen die Angreifenden eine kritische Schwachstelle im Dienst ICTBroadcast (CVE‑2025‑2611, CVSS 9,3).
Lol what new botnet just dropped a new domain name. There does not seem to be any domain with TLD .st in the top domains list, so I assume #cloudflare just stripped it of their top domain rankings but didn't remove it from TLD popularity.
Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks
Pulse ID: 6936a3506299089730f8c4d2
Pulse Link: https://otx.alienvault.com/pulse/6936a3506299089730f8c4d2
Pulse Author: CyberHunter_NL
Created: 2025-12-08 10:07:12
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #OTX #OpenThreatExchange #RCE #RDP #Word #Wordpress #bot #botnet #CyberHunter_NL
A couple of weeks ago, a new domain name made it's appearance on the domain name ranking of #Cloudflare. Shortly later, the company redacted the name, to avoid promoting a #botnet. Recently, the domain name disappeared from Cloudflare's #Radar. A brief check shows that the domain still exists and is active. Is it simply not resolved by Cloudflare's #DNS resolvers? Or did the company prevent that this domain name makes it into their feeds?
New Hidden Malware Threat Targeting Linux Computers
A new Linux malware campaign combines a Mirai-based DDoS botnet with a fileless attacks and profit generation.
Pulse ID: 6934d4e89f39b692e86ca534
Pulse Link: https://otx.alienvault.com/pulse/6934d4e89f39b692e86ca534
Pulse Author: cryptocti
Created: 2025-12-07 01:14:16
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #DDoS #DoS #InfoSec #Linux #Malware #Mirai #OTX #OpenThreatExchange #RAT #bot #botnet #cryptocti
Cloudflare berichtet von einem neuen "hyper‑volumetrischen" DDoS‑Angriffs-Rekord, durchgeführt durch das AISURU Bot-Netzwerk: 29,7‑Tbps! Die Angriffe richteten sich gegen Telekommunikationsanbieter, Gaming‑Firmen, Hosting‑Provider und Finanzdienstleister.
Mehr: https://maniabel.work/archiv/640
#BotNet #DDoS-Angriff #DDoS
#infosec #infosecnews
⚠️ Aisuru botnet was used in largest ever 29.7 Tbps DDoS attack but Cloudflare blocked it before it could cause wider harm.
Read: https://hackread.com/cloudflare-aisuru-botnet-ddos-attack/
#Cloudflare mitigates record 29.7 Tbps DDoS attack by the #AISURU #botnet
https://securityaffairs.com/185299/security/cloudflare-mitigates-record-29-7-tbps-ddos-attack-by-the-aisuru-botnet.html
#securityaffairs #hacking #malware
Rekord-Botnet Aisuru: DDoS-Angriffe erreichen 29,7 Terabit pro Sekunde
Für wenige hundert bis einige tausend US-Dollar können Angreifer massive Attacken gegen Backbone-Netzwerke lancieren – mit potenziell verheerenden Folgen für Millionen Nutzer und essentielle Dienste.
#ddos #cloudflare #security #cybersecurity #HTTPDDoS #botnet
IPCola: A Tangled Mess
IPCola, a new proxy service, claims to have millions of active IPs sourced from IoT, Desktop, and Mobile devices. Investigation reveals connections to Gaganode, a decentralized bandwidth monetization service with features resembling a botnet. Gaganode's SDK includes remote code execution capabilities, posing significant security risks. The service is widely distributed through various applications, including Chinese TV boxes and free software. IPCola is linked to InstaIP and NuoChen Technology, suggesting a complex network of proxy providers. The investigation exposes the intricate relationships between proxy providers and SDKs, highlighting the methods used to acquire unique IP pools.
Pulse ID: 692f568ace05763e9b6d44a7
Pulse Link: https://otx.alienvault.com/pulse/692f568ace05763e9b6d44a7
Pulse Author: AlienVault
Created: 2025-12-02 21:13:46
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Chinese #CyberSecurity #InfoSec #IoT #OTX #OpenThreatExchange #Proxy #RCE #RemoteCodeExecution #bot #botnet #AlienVault
Neues Tool erkennt Botnetz-Aktivitäten am eigenen Anschluss
https://glm.io/202764?n #Cybercrime #Botnet #Malware #DDOS #Router #GreynoiseIPCheck #IPAdresse
"Your IP Address Might Be Someone Else's Problem (And Here's How to Find Out)" www.greynoise.io/blog/your-ip... #BotNet #cybersec #natsec
"we built GreyNoise IP Check" 👉 check.labs.greynoise.io
RE: https://bsky.app/profile/did:plc:yw6wbtma6fynxiafh5v7j5sf/post/3m6wkwszjqk2e
Your IP Address Might Be Someo...
