The Trend Zero Day Initiative (ZDI) Threat Hunting and Trend Research teams have identified a significant RondoDox botnet campaign that targets a wide range of internet-exposed infrastructure.
This campaign consists of over 50 exploits, including unpatched router flaws across over 30 vendors, targeting vulnerabilities found in routers, digital video recorders (DVRs), network video recorders (NVRs), CCTV systems, web servers, and various other network devices. While the exploits specifically exploit vulnerabilities in routers, DVRs, NVRs, CCTV systems, web servers, and networking equipment, the latest RondoDox campaign uses an “exploit shotgun”, using multiple exploits and seeing what hits.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Canada: House of Commons hit by cyberattack from ‘threat actor’
August 14, 2025
The House of Commons and Canada’s cybersecurity agency are investigating a significant data breach caused by an unknown “threat actor” targeting employee information. According to an internal email obtained by CBC News, the House of Commons alerted staff on Monday that there was an information breach. It said a malicious actor was able to exploit a ...
- Norway spy chief blames Russian hackers for hijacking dam
August 14, 2025
Russian hackers briefly hijacked a dam in Norway in early April and spilled millions of gallons of water before the attack was stopped, Norway’s spy chief revealed Thursday. The hackers opened a floodgate at the Bremanger dam in western Norway to release the equivalent of about three Olympic-sized swimming pools of water during the four hours ...
- Cyber attack on Nigeria Customs Service disrupts clearance operations
August 14, 2025
A cyber attack on the Information Communication Technology (ICT) platform of the Nigeria Customs Service (NCS) has caused significant disruptions to cargo clearance operations at ports across the country. Licensed Customs agents are already counting their losses to demurrage charges on their consignments as a result of the disruption. Confirming the development, NCS spokesman and Assistant ...
- New trends in phishing and scams: How AI and social media are changing the game
August 13, 2025
Phishing and scams are dynamic types of online fraud that primarily target individuals, with cybercriminals constantly adapting their tactics to deceive people. Scammers invent new methods and improve old ones, adjusting them to fit current news, trends, and major world events: anything to lure in their next victim. Since our last publication on phishing tactics, there ...
- FBI: Fictitious Law Firms Targeting Cryptocurrency Scam Victims Combine Multiple Exploitation Tactics While Offering to Recover Funds
August 13, 2025
This updated advisory provides additional red flag indicators and due diligence measures to help victims who have been in contact with fictitious law firms conducting this fraudulent activity. This scheme combines a number of exploitation tactics including targeting vulnerable populations, particularly the elderly; exploiting victims’ emotional state and financial need to recover funds from a previous ...
- Pandora cyber attack highlights growing threat to ecommerce
August 13, 2025
The global jeweller, Pandora has recently fallen victim to a cyber attack — becoming the latest high-profile cyber incident. Last week, Pandora confirmed that it had been hit by a cyber attack, with customer data being breached as a result. However, the company claimed that no confidential information, such as passwords and credit card details, was ...