The Trend Zero Day Initiative (ZDI) Threat Hunting and Trend Research teams have identified a significant RondoDox botnet campaign that targets a wide range of internet-exposed infrastructure.
This campaign consists of over 50 exploits, including unpatched router flaws across over 30 vendors, targeting vulnerabilities found in routers, digital video recorders (DVRs), network video recorders (NVRs), CCTV systems, web servers, and various other network devices. While the exploits specifically exploit vulnerabilities in routers, DVRs, NVRs, CCTV systems, web servers, and networking equipment, the latest RondoDox campaign uses an “exploit shotgun”, using multiple exploits and seeing what hits.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Pro basketball player and 4 youths arrested in connection to ransomware crimes
July 10, 2025
Authorities in Europe have detained five people, including a former Russian professional basketball player, in connection with crime syndicates responsible for ransomware attacks. Until recently, one of the suspects, Daniil Kasatkin, played for MBA Moscow, a basketball team that’s part of the VTB United League, which includes teams from Russia and other Eastern European countries. Kasatkin ...
- UK: Arrests made after M&S, Co-op and Harrods cyber attacks
July 10, 2025
Four people, including three teenagers and a 20-year-old woman, have been arrested in connection with a wave of cyber attacks that crippled M&S, the Co-op and Harrods. The group allegedly unleashed ransomware that stole millions of customer records, shut down online orders and left supermarket shelves bare. The arrests included a 17-year-old British man from the ...
- GoldMelody’s Hidden Chords: Initial Access Broker In-Memory IIS Modules Revealed
July 8, 2025
Unit 42 researchers uncovered a campaign by an initial access broker (IAB) to exploit leaked Machine Keys — cryptographic keys used on ASP.NET sites — to gain access to targeted organizations. IABs breach organizations and then sell that access to other threat actors. This report analyzes the tools used in these attacks. Palo Alto track this ...
- Impostor uses AI to impersonate Rubio and contact foreign and US officials
July 8, 2025
The State Department is warning U.S. diplomats of attempts to impersonate Secretary of State Marco Rubio and possibly other officials using technology driven by artificial intelligence, according to two senior officials and a cable sent last week to all embassies and consulates. The warning came after the department discovered that an impostor posing as Rubio had ...
- NFC fraud threatens Philippines digital payments security
July 8, 2025
As contactless payments and digital wallets grow quickly in the Philippines, cyber-criminals are now targeting the country by abusing Near Field Communication (NFC) technologies. Resecurity, a global leader in cyber threat intelligence, issued a stark warning, urging Philippine regulators and financial institutions to heighten their defenses amid an alarming increase in NFC-enabled fraud, particularly from ...
- Batavia spyware steals data from Russian organizations
July 7, 2025
Since early March 2025, our systems have recorded an increase in detections of similar files with names like договор-2025-5.vbe, приложение.vbe, and dogovor.vbe (translation: contract, attachment) among employees at various Russian organizations. The targeted attack begins with bait emails containing malicious links, sent under the pretext of signing a contract. The campaign began in July 2024 and ...