Researchers have warned of active exploitation of a critical vulnerability in the Wazuh security solution, tracked as CVE-2025-24016. Since disclosed in February, there have been active botnet attacks utilizing this vulnerability to target IoT devices. Akamai researchers observed the earliest signs of exploitation in March, showcasing the rapidly decreasing time between vulnerability disclosure and active attacks. The attackers are using multiple Mirai variants and also exploiting older vulnerabilities found in various router models. Another observed botnet, Resbot, notably utilized Italian domain names similar to those used in phishing, adding a layer of deception to its operations.
Researchers at Akamai detected the earliest attempts to pop servers using CVE-2025-24016 in early March. This reflects tight time-to-attack times among botnets.
One interesting observation from the Resbot botnet was its use of Italian-named domains for spreading malware, resembling phishing domain tactics often used to appear legitimate.
Collection
[
|
...
]