The Trend Zero Day Initiative (ZDI) Threat Hunting and Trend Research teams have identified a significant RondoDox botnet campaign that targets a wide range of internet-exposed infrastructure.
This campaign consists of over 50 exploits, including unpatched router flaws across over 30 vendors, targeting vulnerabilities found in routers, digital video recorders (DVRs), network video recorders (NVRs), CCTV systems, web servers, and various other network devices. While the exploits specifically exploit vulnerabilities in routers, DVRs, NVRs, CCTV systems, web servers, and networking equipment, the latest RondoDox campaign uses an “exploit shotgun”, using multiple exploits and seeing what hits.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- GoldenEye Dog(APT-Q-27) gang’s recent use of “Silver Fox” Trojan stealing activities
June 6, 2025
GoldenEyeDog (tracked internally as APT-Q-27 by Qi’anxin) is a hacking group targeting people involved in gaming and dog-pushing in Southeast Asia, as well as the overseas Chinese community, with a range of business activities including remote control, mining, DDoS attacks, etc. It is related to a larger attack group tracked by Qi’anxin, the Miuuti Group. The ...
- Analysis of the latest Mirai wave exploiting TBK DVR devices with CVE-2024-3721
June 6, 2025
The abuse of known security flaws to deploy bots on vulnerable systems is a widely recognized problem. Many automated bots constantly search the web for known vulnerabilities in servers and devices connected to the internet, especially those running popular services. These bots often carry Remote Code Execution (RCE) exploits targeting HTTP services, allowing attackers to embed ...
- Texas: Drivers’ data compromised in TxDOT data breach of nearly 300,000 crash reports
June 6, 2025
The Texas Department of Transportation said it is reaching out to Texans whose personal data was compromised during a data breach that led to the improper download of nearly 300,000 crash reports. Personal data included in crash reports includes: full names, mailing and/or physical addresses, driver license numbers, license plate numbers, car insurance policy numbers and ...
- Cisco Releases Security Advisory Affecting Cisco Identity Service Engine
June 5, 2025
Cisco has released software updates for its Identity Service Engine (ISE). The updates address a critical severity vulnerability in the ISE product. Cisco Identity Services Engine (ISE) is a context-aware policy service to control access and threats across wired, wireless, and VPN networks. CVE-2025-20286 has a CVSSv3 score of 9.9 and is a “use of hard-coded ...
- Ransomware hiding in fake AI, business tools
June 5, 2025
Artificial intelligence (AI) and small business tools are being abused as smokescreens to hit unsuspecting victims with ransomware. In the masquerade campaigns discovered by Cisco Talos, cybercriminals hid malware behind software and install packages that mimicked the websites or names of the lead monetization service Nova Leads, the enormously popular Chat GPT, and an AI-empowered video ...
- More than 3 million records, 12TB of data exposed in major app builder breach
June 5, 2025
Millions of records containing sensitive, personally identifiable information, were sitting online in yet another unencrypted, non-password-protected database, experts have warned. Found by security researcher Jeremiah Fowler, who discovered and reported his findings to vpnMentor, the database contained 3,637,107 records, and was 12.2TB in total size. It belongs to a company called Passion.io, a Delaware-based no-code app-building ...