VulnHub

Real-time Cybersecurity News

US, allies warn of industrialized Chinese botnets

SCM feed for Latest
Actively Exploited
Critical

Overview

The U.S., UK, and eight other allied nations have issued a warning regarding sophisticated cyber operations linked to Chinese state-sponsored groups. These operations involve the exploitation of hacked routers and Internet of Things (IoT) devices worldwide, forming extensive botnets. These botnets are being utilized for various malicious activities, including data theft and disruptive cyberattacks. The implications of this are significant, as they threaten critical infrastructure and sensitive data on a global scale. Organizations and individuals using vulnerable devices need to be particularly vigilant and take steps to secure their networks against these threats.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Hacked routers, Internet of Things devices
  • Action Required: Ensure all routers and IoT devices are updated to the latest firmware, change default passwords, and implement network security best practices.
  • Timeline: Newly disclosed

Original Article Summary

Hacked routers and Internet of Things devices around the world were noted by the U.S., the UK, and eight other countries to have been tapped by multiple Chinese state-backed threat operations to form botnets that enable data theft intrusions and disruptive cyberattacks, reports The Register.

Impact

Hacked routers, Internet of Things devices

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Ensure all routers and IoT devices are updated to the latest firmware, change default passwords, and implement network security best practices.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Critical.

Read Original Article

Related Coverage

New BlackFile extortion group linked to surge of vishing attacks

BleepingComputer

A new hacking group known as BlackFile has emerged, targeting retail and hospitality organizations since February 2026. This group is primarily focused on data theft and extortion, escalating the risk for businesses in these sectors. Researchers found that BlackFile's tactics include vishing attacks, where attackers use phone calls to manipulate victims into revealing sensitive information. The implications of this surge are significant, as it not only threatens the financial stability of affected companies but also jeopardizes customer data and trust. As organizations in retail and hospitality deal with these threats, they need to enhance their security measures and employee training to mitigate the risks associated with such attacks.

Apr 24, 2026

New ‘Pack2TheRoot’ flaw gives hackers root Linux access

BleepingComputer

A newly discovered vulnerability known as Pack2TheRoot poses a significant risk to Linux systems by allowing local users to gain root access through the PackageKit daemon. This flaw enables unauthorized users to install or remove system packages, potentially compromising the integrity of the system. The vulnerability could be exploited by anyone with local access to a vulnerable Linux machine, making it a concern for both individual users and organizations that rely on Linux environments. As the flaw can lead to full control over the system, it is crucial for affected users to take immediate action to mitigate risks and secure their systems. Researchers are urging users to monitor their systems closely until a patch is available.

Apr 24, 2026

Ransomware supply chain untangled by RAMP forum leak

SCM feed for Latest

The Russian dark web forum and ransomware network known as RAMP has experienced a significant data breach, revealing a trove of user records and activity logs. This leak exposed thousands of details about how the cybercrime community operates, potentially impacting many individuals and organizations involved in or targeted by ransomware activities. Security researchers have noted that the information could help law enforcement and cybersecurity experts better understand the tactics and networks used by cybercriminals. The breach raises concerns about the security of personal data and the ongoing threats posed by ransomware gangs. As these forums often serve as hubs for cybercriminal collaboration, this incident could have far-reaching implications for future ransomware attacks.

Apr 24, 2026

Over $700M in crypto, fake investment sites seized in US clampdown on Southeast Asian scam centers

SCM feed for Latest

The U.S. Scam Center Strike Force has conducted a significant operation, seizing over $700 million in cryptocurrency and shutting down more than 500 fraudulent investment websites linked to large-scale scams in Southeast Asia. These scams included romance fraud and 'pig butchering' schemes, where victims are manipulated into investing large sums of money. The operation aimed to dismantle these scam centers that have been exploiting individuals, often targeting vulnerable populations. By taking these steps, authorities hope to disrupt the financial networks that support such criminal activities and provide a deterrent to future scams. This action underscores the ongoing battle against cybercrime, particularly in regions where these scams have proliferated.

Apr 24, 2026

Pre-Stuxnet Sabotage Malware ‘Fast16’ Linked to US-Iran Cyber Tensions

SecurityWeek

A malware known as 'Fast16' has been linked to ongoing cyber tensions between the US and Iran. This malware specifically targets high-precision calculation software, with the intent to manipulate results. Notably, it includes a self-propagation mechanism, which allows it to spread without user intervention. This discovery raises concerns about the potential for state-sponsored cyberattacks and the implications for critical infrastructure, particularly in sectors reliant on precision calculations. As the geopolitical landscape continues to evolve, understanding threats like Fast16 becomes crucial for organizations to safeguard their operations against cyber sabotage.

Apr 24, 2026

Signal phishing campaign targets Germany’s Bundestag President Julia Klöckner

Security Affairs

Germany's Bundestag President Julia Klöckner was recently targeted in a phishing attack using the Signal messaging app. The attackers created a fake chat group that appeared to be associated with her political party, the CDU, in an attempt to deceive her. This incident highlights the vulnerabilities of even secure messaging platforms, showing that attackers can exploit them to gain access to personal or sensitive information. As political figures become more reliant on digital communication, the risk of such phishing attempts increases. It serves as a reminder for all users to remain vigilant about the authenticity of the contacts they interact with online.

Apr 24, 2026