At least one IoT device compromised
December 31, 2025
•[ botnet, iot, vulnerability ]
Security researchers reported that the RondoDox botnet successfully exploited a critical vulnerability to take control of at least one internet-connected networking device, enrolling it into a botnet for malicious activity.
Operation Endgame 3.0
November 14, 2025
•[ infostealer, remote access trojan, botnet ]
Between 10 and 13 November 2025, the latest phase of Operation Endgame was coordinated from Europol's headquarters in The Hague. The actions targeted one of the biggest infostealer Rhadamanthys, the Remote Access Trojan VenomRAT, and the botnet Elysium, all of which played a key role in international cybercrime. Authorities took down these three large cybercrime enablers and provided 2 million impacted email addresses and 7.4 million passwords to HIBP.
Operation Endgame 3.0
November 13, 2025
•[ infostealer, remote access trojan, botnet ]
Between 10 and 13 November 2025, the latest phase of Operation Endgame was coordinated from Europol's headquarters in The Hague. The actions targeted one of the biggest infostealer Rhadamanthys, the Remote Access Trojan VenomRAT, and the botnet Elysium, all of which played a key role in international cybercrime. Authorities took down these three large cybercrime enablers and provided 2 million impacted email addresses and 7.4 million passwords to HIBP.
Abraham Andreu's computer (part of Andromeda botnet)
November 6, 2025
•[ botnet, malware ]
A ComputerHoy journalist describes deliberately infecting a Windows PC in 2025 with the Andrmeda malware, which enrolls machines into a botnet so attackers can download additional payloads and execute arbitrary files remotely. The piece walks through how the author obtained the malware sample, how the infection behaves on the system, the use of Spains INCIBE antibotnet service and security tools to detect and remove Andrmeda, and what readers should do if they discover their own devices are part of the botnet. This is a self-inflicted test infection rather than an unsolicited attack on an organization.
Gcore
October 1, 2025
•[ DDoS attack, botnet, volumetric flood ]
Technology site CDR.cz and an underlying TechRadar report describe how gaming hosting and cloud provider Gcore was hit in October 2025 by one of the largest DDoS attacks ever recorded, a so called short burst volumetric flood that generated roughly 6 terabits per second of traffic and about 5.3 billion packets per second over 30 to 45 seconds. Analysis attributed the event to the AISURU botnet, with more than half of the malicious traffic sourced from Brazil and about a quarter from the United States, suggesting widespread abuse of poorly secured systems in those regions. Gcore stated that its globally distributed DDoS protection network, with over 210 points of presence and more than 200 terabits per second of filtering capacity, absorbed the attack and kept services online, but security experts warned that such brief, intense
University of California San Diego (USArhythms subdomain)
June 22, 2025
•[ botnet, infrastructure compromise, remote code execution ]
CloudSEK and HackRead report the Androxgh0st botnet compromised a UC San Diego subdomain to host command-and-control/logging infrastructure using RCE and web shells; no confirmed data theft or service disruption reported.
ASUS consumer routers
May 29, 2025
•[ botnet, compromised devices ]
Report describes thousands of ASUS routers compromised to build a botnet; this is a broad campaign summary effect.
