"A new RondoDox botnet campaign uses an "exploit shotgun" - fire at everything, see what hits - to target 56 vulnerabilities across at least 30 different vendors' routers, DVRs, CCTV systems, web servers, and other network devices, and then infect the buggy gear with malware. RondoDox is a new-ish botnet that first surfaced in mid-2025 and weaponizes command-injection flaws in internet-facing devices. In recent months, it's been spotted delivering multi-architecture payloads that infect vulnerable gear"
"The campaign targets a huge range of infrastructure, including Cisco, D-Link, Linksys, and Netgear routers, along with Apache HTTP servers, Brickcom IP cameras, and AVTECH CCTV systems, among many others, according to Trend Micro's Zero Day Initiative researchers, who spotted the botnet exploiting a bug first disclosed at a previous ZDI Pwn2Own contest. This type of exposure opens up organizations"
RondoDox is a botnet that surfaced in mid-2025 and exploits command-injection flaws in internet-facing devices. The campaign employs an "exploit shotgun" approach to probe and weaponize 56 vulnerabilities across at least 30 vendors' routers, DVRs, CCTV systems, web servers, and other network devices. Trend Micro's Zero Day Initiative observed multi-architecture payloads that deploy a Mirai variant, enabling remote control of infected equipment and large-scale attacks such as DDoS. Confirmed CVEs in the campaign include CVE-2024-3721 (TBK DVRs) and CVE-2024-12856 (Four-Faith routers). The exposure risks data theft, persistent compromise, and operational disruption.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]