The Trend Zero Day Initiative (ZDI) Threat Hunting and Trend Research teams have identified a significant RondoDox botnet campaign that targets a wide range of internet-exposed infrastructure.
This campaign consists of over 50 exploits, including unpatched router flaws across over 30 vendors, targeting vulnerabilities found in routers, digital video recorders (DVRs), network video recorders (NVRs), CCTV systems, web servers, and various other network devices. While the exploits specifically exploit vulnerabilities in routers, DVRs, NVRs, CCTV systems, web servers, and networking equipment, the latest RondoDox campaign uses an “exploit shotgun”, using multiple exploits and seeing what hits.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Booking.com confirms hackers accessed customers’ data
April 13, 2026
Booking.com confirmed Monday that hackers may have accessed customers’ personal data, including names, email addresses, phone numbers, and booking details. The global travel and hotel reservation giant notified customers this past week of the breach, according to several online posts. “We’re writing to inform you that unauthorized third parties may have been able to access certain ...
- JanelaRAT: A financial threat targeting users in Latin America
April 13, 2026
JanelaRAT is a malware family that takes its name from the Portuguese word “janela” which means “window”. JanelaRAT looks for financial and cryptocurrency data from specific banks and financial institutions in the Latin America region. JanelaRAT is a modified variant of BX RAT that has targeted users since June 2023. One of the key differences between ...
- Basic-Fit confirms data on a million members stolen in cyberattack
April 13, 2026
Basic-Fit, Europe’s largest gym chain, has confirmed data including the bank details of around a million customers was stolen from its systems. Around 200,000 members in the Netherlands alone had their data snatched in a recent cyberattack, the company confirmed on Monday morning via emails sent to those affected. “Today, Basic-Fit has notified the relevant data ...
- Suspect arrested after incendiary device thrown at OpenAI CEO Sam Altman’s home
April 11, 2026
A 20-year-old man has been arrested after a Molotov cocktail was thrown at the San Francisco home of OpenAI CEO Sam Altman early Friday morning. The incident happened around 4:00 am when a suspect “threw an incendiary destructive device” at Altman’s home, “causing a fire to one exterior gate” before fleeing on foot, according to statement ...
- Hungary: Nearly 800 state logins surfaced in breach data, including defense and NATO-linked accounts
April 11, 2026
Hungary’s government has discovered the hard way that the biggest threat to national security might just be its own password choices. An investigation by Bellingcat has uncovered close to 800 Hungarian government email and password pairings circulating in breach dumps, cutting across nearly every major ministry, from defense and foreign affairs to finance. This doesn’t look ...
- FBI Atlanta, Indonesian Authorities Take Down Global Phishing Network Behind Millions in Fraud Attempts
April 10, 2026
In a first-of-its-kind joint cyber investigation, the FBI Atlanta Field Office and Indonesian law enforcement authorities have dismantled a sophisticated global phishing operation that enabled cybercriminals to steal thousands of victims’ account credentials and attempt more than $20 million in fraud. The operation centered on the W3LL phishing kit, a widely used cybercrime tool that allowed ...