VulnHub

Researchers from Fortinet FortiGuard Labs and Palo Alto Networks Unit 42 have identified that attackers are exploiting a command injection vulnerability, CVE-2024-3721, in TBK DVRs and outdated TP-Link Wi-Fi routers. This medium-severity flaw, which has a CVSS score of 6.3, allows malicious actors to hijack these devices to create a botnet for DDoS attacks. The compromised TBK DVRs and EoL TP-Link routers are particularly concerning as they can be easily targeted due to their lack of ongoing support and security updates. This situation poses a significant risk to users, as their devices can be turned into tools for larger-scale cyberattacks without their knowledge. Users of these devices should take immediate action to secure their systems against potential exploitation.

On April 13, 2026, law enforcement agencies conducted 'Operation PowerOFF,' which successfully identified 75,000 users involved in distributed denial-of-service (DDoS) attacks across 21 countries. The operation led to the takedown of 53 domains associated with these attacks. By targeting the DDoS ecosystem, authorities aim to disrupt the infrastructure that enables these types of cyberattacks, which can overwhelm websites and online services, causing significant downtime and financial losses. This operation is a crucial step in combating the growing threat of DDoS attacks, which have become increasingly sophisticated and harmful to businesses and individuals alike. The large number of identified users highlights the scale of the issue and underscores the need for ongoing vigilance in cybersecurity efforts.

A report from Qrator Labs has revealed a significant increase in a DDoS botnet, which has now ballooned to 13.5 million compromised devices over the past year. The majority of these devices are located in the United States, Brazil, and India. This surge in botnet size has enabled attackers to launch unprecedented distributed denial-of-service attacks, reaching up to 2 terabits per second. The fintech and betting industries appear to be the primary targets of these assaults. This situation raises alarms for businesses in these sectors, as the sheer scale of attacks could disrupt services and lead to substantial financial losses.

A recent report from Qrator Labs indicates that the largest known DDoS botnet has expanded to encompass 13.5 million devices. This massive botnet is capable of launching Distributed Denial of Service (DDoS) attacks reaching up to 2 terabits per second. The primary target of these attacks has been the financial technology sector, raising concerns for companies in that space. With such a vast number of devices potentially under the control of attackers, the threat to both service availability and data security is significant. Companies in the FinTech sector, as well as other industries relying on online services, need to bolster their defenses to mitigate the risks associated with these powerful DDoS attacks.

The Masjesu botnet, also referred to as XorBot, has emerged as a stealthy DDoS-for-hire service that primarily targets Internet of Things (IoT) devices. Unlike many other botnets, Masjesu avoids high-profile targets, such as Department of Defense IP addresses, opting instead for less conspicuous victims. This botnet employs XOR encryption to maintain low visibility and ensure its persistence within compromised systems. As the use of IoT devices continues to rise, the potential for such botnets to disrupt services and cause damage increases, making it crucial for users and organizations to secure their devices against such threats. The activity of Masjesu raises concerns about the growing sophistication of DDoS services that are accessible for hire, which can have widespread implications for network stability and security.

Rostelecom, a major state-run telecommunications company in Russia, reported a significant distributed denial-of-service (DDoS) attack on Monday. This incident disrupted internet access, government services, and online banking for users in 30 cities across the country. The attackers behind the DDoS attack have not yet been identified. This incident is concerning as it affects essential services, highlighting vulnerabilities in critical infrastructure that could have broader implications for national security and public safety. The scale of the attack raises questions about the resilience of state-run systems against cyber threats.

Akamai's latest security report reveals that internet-facing systems are facing increasing levels of malicious traffic, particularly targeting APIs, web applications, and DDoS channels. From January 2024 to December 2025, the number of web attacks aimed at applications and APIs has steadily risen, indicating a growing threat to organizations that rely on these technologies. This uptick in malicious activity suggests that attackers are honing their skills and strategies, making it crucial for companies to enhance their security measures. As APIs become more integral to business operations, understanding and mitigating these risks is essential for protecting sensitive data and maintaining service availability. Organizations should prioritize monitoring and defending their API infrastructures to counter these persistent threats.

Security researchers have identified two new malware strains specifically targeting Linux-based network devices. These malicious programs are being used by financially motivated cybercriminals, marking a shift from their previous association with nation-state espionage. The malware can facilitate distributed denial-of-service (DDoS) attacks and enable unauthorized cryptocurrency mining. This development is concerning as it indicates that attackers are now exploiting vulnerabilities that were once primarily used for geopolitical purposes. Organizations using Linux network devices need to be vigilant and enhance their security measures to protect against these evolving threats.