VulnHub

Real-time Cybersecurity News

More than 10,000 IPs hijacked by SystemBC botnet

SCM feed for Latest
Actively Exploited
MalwareBotnet

Overview

Researchers have discovered that the SystemBC botnet has hijacked over 10,000 IP addresses, indicating that the botnet is still being actively developed despite previous efforts to disrupt it through 'Operation Endgame.' This ongoing activity raises concerns for internet security, as the SystemBC botnet is known for facilitating various cybercriminal activities, including the distribution of malware. The persistence of this threat suggests that attackers are adapting and finding new ways to maintain their operations, which could lead to increased risks for businesses and individual users alike. Companies should remain vigilant and consider strengthening their defenses against such botnets to protect their networks and data.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Action Required: Companies should strengthen their network defenses and monitor for unusual activity associated with botnet behavior.
  • Timeline: Ongoing since recent months

Original Article Summary

Researchers identified continued development of the botnet despite “Operation Endgame” disruption.

Impact

Not specified

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since recent months

Remediation

Companies should strengthen their network defenses and monitor for unusual activity associated with botnet behavior.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Malware, Botnet.

Read Original Article

Related Coverage

CISA tells agencies to stop using unsupported edge devices

CyberScoop

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a binding operational directive urging federal agencies to stop using unsupported edge devices. This directive aims to address vulnerabilities that have been exploited in significant cyberattacks in recent years. Unsupported edge devices can pose serious security risks, as they no longer receive updates or patches, making them easy targets for attackers. By discontinuing the use of these devices, agencies can better protect their networks and sensitive data. This move is part of a broader effort to enhance cybersecurity across the federal government and ensure that agencies are not exposed to avoidable risks.

Feb 5, 2026

AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack

The Hacker News

The AISURU/Kimwolf botnet has launched a massive DDoS attack that peaked at an astonishing 31.4 Terabits per second, lasting just 35 seconds. This attack is part of a growing trend of extremely high-volume HTTP DDoS assaults that the botnet has been executing throughout the fourth quarter of 2025. Cloudflare, a cybersecurity company that monitors these incidents, successfully detected and mitigated the attack, preventing potential disruptions to online services. Such high-capacity attacks pose significant risks to internet infrastructure and can overwhelm even the most fortified systems, affecting businesses and users alike. As these types of attacks become more common, organizations need to bolster their defenses against DDoS threats.

Feb 5, 2026

AI-assisted cloud breach achieved in record 8 minutes

SCM feed for Latest

A recent cybersecurity incident saw attackers breach a cloud environment in just eight minutes, using exposed test credentials that were found in a public S3 bucket. This rapid breach highlights the dangers of improperly secured cloud storage and the need for better credential management practices. Organizations using cloud services should ensure that sensitive information is not publicly accessible and that test credentials are properly safeguarded. The incident serves as a stark reminder that even minor oversights can lead to significant security breaches, potentially compromising sensitive data. Companies need to take immediate action to review their cloud configurations and implement stricter access controls.

Feb 5, 2026

Alleged 764 member arrested, charged with CSAM possession in New York

CyberScoop

Authorities in New York have arrested a member of the group known as 764, charging him with possession of child sexual abuse material (CSAM). This arrest is part of a broader crackdown on the violent extremist collective, which has seen multiple members detained over the past year. The increased law enforcement activity aims to disrupt the group's operations and reduce the risks associated with its activities. This incident not only highlights the ongoing efforts to combat online exploitation but also raises awareness about the dangers posed by extremist groups that may exploit vulnerable individuals. The implications extend beyond the arrests, as it signals a commitment to addressing child exploitation and extremist violence.

Feb 5, 2026

Pro-Russian group Noname057(16) launched DDoS attacks on Milano Cortina 2026 Winter Olympics

Security Affairs

Italy's Foreign Minister Antonio Tajani announced that the country successfully thwarted a series of cyberattacks linked to a pro-Russian group known as Noname057(16). These attacks targeted various entities, including the Foreign Ministry offices, with one affecting operations in Washington, D.C. Additionally, the group aimed at disrupting websites and hotels associated with the upcoming Milano Cortina 2026 Winter Olympics. This incident highlights ongoing cybersecurity concerns related to geopolitical tensions, particularly as major international events approach. The Italian government’s proactive measures demonstrate the importance of safeguarding critical infrastructure and national security against external threats.

Feb 5, 2026

Romanian oil pipeline operator Conpet discloses cyberattack

BleepingComputer

Conpet, Romania's national oil pipeline operator, reported a cyberattack on Tuesday that disrupted its business operations and took down its website. The attack affected the company’s ability to manage its systems effectively, although details on the type of attack or the perpetrators have not been disclosed. This incident raises concerns about the security of critical infrastructure, particularly in the energy sector, where such attacks can have significant implications for supply chains and national security. As authorities investigate, it’s crucial for companies in similar sectors to review their cybersecurity measures to prevent similar disruptions in the future.

Feb 5, 2026