VulnHub

Real-time Cybersecurity News

SSHStalker botnet targets Linux servers with legacy exploits and SSH scanning

Security Affairs
Actively Exploited
LinuxMalwareBotnet

Overview

A new botnet named SSHStalker has emerged, targeting Linux servers and infecting around 7,000 systems. This botnet exploits vulnerabilities from older 2009-era software, utilizing IRC bots and mass-scanning techniques to gain access. Researchers from Flare discovered SSHStalker while monitoring SSH honeypots over a two-month period, specifically using weak credentials to attract attackers. The presence of this botnet underscores the ongoing risk posed by outdated security measures, especially for systems that have not been updated in years. Users and administrators of Linux servers need to be vigilant and ensure their systems are secure against such legacy exploits.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Linux servers using outdated software and weak SSH credentials
  • Action Required: Users should update their Linux systems to the latest versions, strengthen SSH credentials, and implement security measures such as firewalls and connection limits.
  • Timeline: Newly disclosed

Original Article Summary

A new Linux botnet, SSHStalker, has infected about 7,000 systems using old 2009-era exploits, IRC bots, and mass-scanning malware. Flare researchers uncovered a previously undocumented Linux botnet dubbed SSHStalker, observed via SSH honeypots over two months. Researchers ran an SSH honeypot with weak credentials starting in early 2026 and spotted a set of intrusions unlike […]

Impact

Linux servers using outdated software and weak SSH credentials

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Users should update their Linux systems to the latest versions, strengthen SSH credentials, and implement security measures such as firewalls and connection limits.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Linux, Malware, Botnet.

Read Original Article

Related Coverage

Your AI doctor doesn’t have to follow the same privacy rules as your real one

CyberScoop

AI applications are increasingly entering the healthcare space, but they may not be required to follow the same privacy regulations that traditional healthcare providers must adhere to. This raises concerns about how patient data is handled, as there is no guarantee that these AI tools will implement stringent data security measures. Patients using AI for medical advice might be at risk of their personal health information being mismanaged or inadequately protected. As healthcare technology evolves, it's crucial for users to be aware of the potential privacy implications and for regulators to consider updating laws to keep pace with these advancements. The situation calls for careful scrutiny to ensure that patient rights are upheld in an increasingly digital healthcare environment.

Feb 11, 2026

North Korean Hackers Use Deepfake Video Calls to Target Crypto Firms

Infosecurity Magazine

North Korean hackers have launched a sophisticated campaign targeting cryptocurrency firms by using deepfake video calls to impersonate legitimate company representatives. These attackers have stolen Telegram accounts and are conducting fake Zoom meetings to trick users into installing infostealer malware. This malware is designed to harvest sensitive information, which could lead to significant financial losses for the affected companies. The use of deepfake technology in these scams highlights a concerning trend in cybercrime, where attackers are becoming increasingly adept at using advanced tactics to deceive their targets. Cryptocurrency firms, already vulnerable to various cyber threats, must remain vigilant against such innovative attack methods.

Feb 11, 2026

AI-generated React2Shell malware infects 90-plus hosts

SCM feed for Latest

Researchers have recently identified a new strain of malware named React2Shell, which has infected over 90 hosts. This malware, discovered through a Docker honeypot, is primarily used for cryptojacking, a practice where attackers hijack computing resources to mine cryptocurrency without the owner's consent. The emergence of React2Shell signals a growing trend in the use of artificial intelligence to create more sophisticated malware. Organizations need to be vigilant about their Docker environments and ensure they have robust security measures in place to protect against such threats. The impact of this malware could lead to significant financial losses for businesses if their systems are compromised.

Feb 11, 2026

Is spyware hiding on your phone? How to find out and remove it - fast

Latest news

The article discusses the possibility of spyware infecting smartphones, alerting users to signs that their devices may be compromised. It emphasizes that unusual behavior, such as faster battery drain, unexpected data usage, and unfamiliar apps, can indicate spyware presence. The piece provides guidance on how to identify and remove such malicious software quickly. Given the rise in cyber threats, this information is crucial for users to protect their personal data and maintain their device security. Understanding how to detect and eliminate spyware can help individuals avoid potential privacy breaches and unauthorized access to sensitive information.

Feb 11, 2026

Conduent Breach Hits Volvo Group: Nearly 17,000 Employees’ Data Exposed

SecurityWeek

A recent data breach involving Conduent has compromised the personal information of nearly 17,000 employees at Volvo Group, part of a much larger incident affecting at least 25 million individuals. Initially thought to involve only 10 million people, the breach has expanded significantly, raising concerns about data security across numerous organizations. The exposed data could include sensitive information, putting affected employees at risk for identity theft and other malicious activities. This incident emphasizes the need for companies to bolster their cybersecurity measures and protect sensitive employee data. The breach's scale indicates a potential vulnerability in third-party vendor systems, which can have widespread implications for many businesses relying on such services.

Feb 11, 2026

Ivanti Patches Endpoint Manager Vulnerabilities Disclosed in October 2025

SecurityWeek

Ivanti has addressed a serious security flaw in its Endpoint Manager software, which was disclosed in October 2025. A high-severity authentication bypass vulnerability was identified, allowing attackers to remotely exploit the system without needing any form of authentication. This means that unauthorized users could potentially gain access to sensitive credentials. The implications of this vulnerability are significant, as it could expose organizations to data breaches and unauthorized access. Users of Ivanti Endpoint Manager are strongly encouraged to apply the latest patches to secure their systems and safeguard their information.

Feb 11, 2026