Threat Post

Necurs Botnet Evolves to Hide in the Shadows, with New Payloads

Using an on-again, off-again strategy of C2 communication helps it hide from researchers. Necurs, the prolific and globally dispersed spam and malware distribution botnet, has been spotted using a ...
Bleeping Computer

Updated Miori Botnet C2 Server Tells Researchers to F*** Off

A new version of the Miori botnet added protection to the login panel of its command and control server, hanging a "not welcome" message for connections likely coming from a security researcher. Until ...
Threat Post

D-Link, IoT Devices Under Attack By Tor-Based Gafgyt Variant

A new variant of the Gafgyt botnet – that’s actively targeting vulnerable D-Link and Internet of Things devices – is the first variant of the malware to rely on Tor communications, researchers say.
Bleeping Computer

New PurpleFox botnet variant uses WebSockets for C2 communication

The PurpleFox botnet has refreshed its arsenal with new vulnerability exploits and dropped payloads, now also leveraging WebSockets for C2 bidirectional communication. Although it's mainly based in ...
Dark Reading

GoBruteforcer Botnet Targets 50K-plus Linux Servers

Researchers detailed a souped-up version of the GoBruteforcer botnet that preys on servers with weak credentials and ...
The Hacker News

RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers

RondoDox botnet exploits the React2Shell vulnerability in Next.js, with over 90,000 exposed systems used to deploy miners and ...