The Trend Zero Day Initiative (ZDI) Threat Hunting and Trend Research teams have identified a significant RondoDox botnet campaign that targets a wide range of internet-exposed infrastructure.
This campaign consists of over 50 exploits, including unpatched router flaws across over 30 vendors, targeting vulnerabilities found in routers, digital video recorders (DVRs), network video recorders (NVRs), CCTV systems, web servers, and various other network devices. While the exploits specifically exploit vulnerabilities in routers, DVRs, NVRs, CCTV systems, web servers, and networking equipment, the latest RondoDox campaign uses an “exploit shotgun”, using multiple exploits and seeing what hits.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- The Golden Scale: ‘Tis the Season for Unwanted Gifts
November 26, 2025
In October 2025, we published two Insights blogs on threat activity affiliated with the cybercriminal alliance known as Scattered LAPSUS$ Hunters (SLSH). After a few weeks of apparent inactivity, the threat actors have returned with a vengeance based on open-source reporting and conversations obtained from a new Telegram channel (scattered LAPSUS$ hunters part 7). This latest ...
- Bug in jury systems used by several US states exposed sensitive personal data
November 26, 2025
Several public websites designed to allow courts across the United States and Canada to manage the personal information of potential jurors had a simple security flaw that easily exposed their sensitive data, including names and home addresses, TechCrunch has exclusively learned. A security researcher, who asked not to be named for this story, contacted TechCrunch with ...
- New macOS malware chain could cause a major security headache
November 26, 2025
North Korean state-sponsored threat actors are targeting macOS users with new malware, utilizing a strategy that combines two popular approaches – fake job ads, and ClickFix, experts have warned. Security researchers Jamf confirmed they have spotted attacks in the wild using ClickFix, an attack method in which the victim is presented with a fake problem, and ...
- Multiple London councils hit by ‘cyber attack’
November 26, 2025
Several London councils have been hit by a “cyber attack” which could have compromised residents’ data. Kensington and Chelsea, Hammersmith and Fulham, and Westminster City councils said they have been responding to a “cyber security issue” since Monday morning. The councils, which share a number of IT systems, added they are working with the “help of ...
- FBI: Account Takeover Fraud via Impersonation of Financial Institution Support
November 25, 2025
The FBI warns of cyber criminals impersonating financial institutions to steal money or information in Account Takeover (ATO) fraud schemes. The cyber criminals target individuals, businesses, and organizations of varied sizes and across sectors. In ATO fraud, cyber criminals gain unauthorized access to the targeted online financial institution, payroll, or health savings account, with the ...
- The Dual-Use Dilemma of AI: Malicious LLMs
November 25, 2025
A fundamental challenge with large language models (LLMs) in a security context is that their greatest strengths as defensive tools are precisely what enable their offensive power. This issue is known as the dual-use dilemma, a concept typically applied to technologies like nuclear physics or biotechnology, but now also central to AI. Any tool powerful enough ...