The Trend Zero Day Initiative (ZDI) Threat Hunting and Trend Research teams have identified a significant RondoDox botnet campaign that targets a wide range of internet-exposed infrastructure.
This campaign consists of over 50 exploits, including unpatched router flaws across over 30 vendors, targeting vulnerabilities found in routers, digital video recorders (DVRs), network video recorders (NVRs), CCTV systems, web servers, and various other network devices. While the exploits specifically exploit vulnerabilities in routers, DVRs, NVRs, CCTV systems, web servers, and networking equipment, the latest RondoDox campaign uses an “exploit shotgun”, using multiple exploits and seeing what hits.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Fortinet Releases Security Advisory for Authentication Bypass Vulnerability
August 12, 2025
An authentication bypass using an alternate path or channel vulnerability in FortiOS, FortiProxy & FortiPAM may allow an unauthenticated attacker to seize control of a managed device via crafted FGFM requests, if the device is managed by a FortiManager, and if the attacker knows that FortiManager’s serial number. Read more… Source: Fortinet Sign up for the Cyber ...
- Hackers breach and expose a major North Korean spying operation
August 12, 2025
Hackers claim to have compromised the computer of a North Korean government hacker and leaked its contents online, offering a rare window into a hacking operation by the notoriously secretive nation. The two hackers, who go by Saber and cyb0rg, published a report about the breach in the latest issue of Phrack magazine, a legendary cybersecurity ...
- New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises
August 12, 2025
Trend Micro researchers recently identified a new ransomware family called Charon, deployed in a targeted attack observed in the Middle East’s public sector and aviation industry. The threat actor employed a DLL sideloading technique notably similar to tactics previously documented in the Earth Baxia campaigns, which have historically targeted government sectors. The attack chain leveraged a ...
- WinRAR vulnerability exploited by two different groups
August 12, 2025
On July 30, 2025, WinRAR released a new version (7.13 Final) to patch a vulnerability which was used in two separate malware campaigns. WinRAR is a popular file archiving and data compression tool that allows users to compress files into smaller archives, like RAR and ZIP, and can also unpack various archive formats. The vulnerability, tracked ...
- Russian government hackers said to be behind US federal court filing system hack
August 12, 2025
The Russian government is allegedly behind the data breach affecting the U.S. court filing system known as PACER, according to The New York Times. Citing anonymous sources, the newspaper said Russia “is at least in part responsible” for the cyberattack, without saying what part of the Russian government is behind the hack. The hackers searched for ...
- WestJet says some passengers’ personal information stolen in cyberattack
August 11, 2025
WestJet says some personal data including information about travel documents such as passports was stolen in a cyberattack earlier this year, but credit and debit card numbers as well as user passwords were not compromised. In a note to customers, WestJet says the personal information taken varies from person to person but may include name, date ...