VulnHub

A UK construction firm has fallen victim to an attack by the Russian Prometei botnet, as detailed by cybersecurity firm eSentire. The attack involved the use of TOR for anonymity, and attackers focused on stealing passwords and employing decoy tactics to mislead security measures. This incident raises concerns about the security of critical infrastructure in the construction sector, which may not be as fortified against cyber threats as other industries. The implications are significant, as compromised systems can lead to operational disruptions and financial losses for businesses. Companies in similar sectors should take note and assess their own cybersecurity defenses to prevent similar attacks.

In November 2025, a massive DDoS attack reached a peak of 31.4 terabits per second, making it one of the largest ever recorded. The attack was executed by the AISURU/Kimwolf botnet and lasted for just 35 seconds. Fortunately, Cloudflare's security systems were able to automatically detect and block the attack before it could cause significant disruption. This incident is part of a worrying trend of increasingly powerful and brief DDoS attacks that can overwhelm even the most robust defenses. Organizations must remain vigilant as such attacks not only threaten individual services but also have the potential to disrupt broader internet infrastructure.

The AISURU/Kimwolf botnet has launched a massive DDoS attack that peaked at an astonishing 31.4 Terabits per second, lasting just 35 seconds. This attack is part of a growing trend of extremely high-volume HTTP DDoS assaults that the botnet has been executing throughout the fourth quarter of 2025. Cloudflare, a cybersecurity company that monitors these incidents, successfully detected and mitigated the attack, preventing potential disruptions to online services. Such high-capacity attacks pose significant risks to internet infrastructure and can overwhelm even the most fortified systems, affecting businesses and users alike. As these types of attacks become more common, organizations need to bolster their defenses against DDoS threats.

Researchers have discovered that the SystemBC botnet has hijacked over 10,000 IP addresses, indicating that the botnet is still being actively developed despite previous efforts to disrupt it through 'Operation Endgame.' This ongoing activity raises concerns for internet security, as the SystemBC botnet is known for facilitating various cybercriminal activities, including the distribution of malware. The persistence of this threat suggests that attackers are adapting and finding new ways to maintain their operations, which could lead to increased risks for businesses and individual users alike. Companies should remain vigilant and consider strengthening their defenses against such botnets to protect their networks and data.

Researchers have identified the SystemBC malware, which is currently active across approximately 10,000 infected systems. This botnet is particularly concerning as it poses risks to sensitive government infrastructure, potentially exposing critical data and functionalities to malicious actors. The malware's widespread presence raises alarms about the security of various networks, especially those that manage important public services. Organizations, particularly in the public sector, need to take immediate action to secure their systems against this threat. Failure to address this could lead to significant operational disruptions and data breaches.

A massive distributed denial-of-service (DDoS) attack has reached a staggering 31.4 terabits per second, setting new records for online attacks. This incident is attributed to a powerful botnet known as the 'apex' botnet, which has been exploiting consumer devices, such as routers and smart home gadgets, to amplify its attack capabilities. As attackers increasingly turn ordinary home devices into tools for cyber warfare, businesses and individuals alike are at risk of service disruptions. The scale of this attack serves as a wake-up call for users to secure their connected devices and for companies to enhance their defenses against such overwhelming assaults. The implications are serious, as these attacks can cripple online services and affect a vast number of users worldwide.

In December 2025, the Aisuru/Kimwolf botnet executed a record-breaking distributed denial of service (DDoS) attack, reaching a staggering peak of 31.4 terabits per second and generating 200 million requests per second. This incident marks one of the largest DDoS attacks recorded to date, raising concerns for internet stability and security. Organizations that rely on online services, including e-commerce and cloud providers, may experience significant disruptions. The attack showcases the growing capabilities of botnets and the need for enhanced defenses against such aggressive tactics. As attackers continue to evolve their methods, companies must prioritize their cybersecurity measures to mitigate the impact of similar threats in the future.

Check Point Research has reported a significant increase in attacks exploiting a vulnerability in HPE OneView, a management tool for Hewlett Packard Enterprise systems. The Linux-based RondoDox botnet is behind this wave of attacks, which raises concerns for organizations using HPE's software. The vulnerability allows attackers to take control of affected systems, potentially leading to data breaches or service disruptions. Companies using HPE OneView should take immediate action to secure their systems. The situation emphasizes the ongoing risk that vulnerabilities pose to enterprise environments and the need for timely patching and vigilance against emerging threats.

Lumen's Black Lotus Labs has successfully disrupted a significant portion of the AISURU and Kimwolf botnet by blocking over 550 command-and-control (C2) servers. This botnet is notorious for facilitating DDoS attacks and proxy abuse, acting as a DDoS-for-hire service that has been used to target various organizations. By taking these C2 servers offline, Lumen aims to reduce the operational capabilities of this botnet, which has been a persistent problem for cybersecurity professionals. The disruption not only impacts the botnet operators but also helps protect potential victims from being targeted in future attacks. This action underscores the ongoing battle against cybercrime and highlights the importance of proactive measures in cybersecurity.

The Black Lotus Labs team at Lumen Technologies has taken significant action against the AISURU and Kimwolf botnets by null-routing over 550 command-and-control (C2) servers since early October 2025. These botnets have gained notoriety for their ability to commandeer devices and use them in distributed denial-of-service (DDoS) attacks. By cutting off access to these C2 nodes, researchers aim to disrupt the operations of these botnets, which primarily target Android devices. This move is crucial as it not only protects potential victims from being exploited but also highlights the ongoing battle against cybercriminals who leverage such networks for malicious activities. The impact of these botnets underscores the need for continued vigilance in cybersecurity practices, especially for users of vulnerable devices.

The GoBruteforcer botnet is currently targeting cryptocurrency and blockchain projects by exploiting weak passwords and outdated web technologies. Researchers have identified that the botnet spreads through automated server deployments that are poorly secured. This means that many organizations within the crypto space could be at risk, as attackers can gain unauthorized access to their systems. The use of AI in the propagation of this botnet raises concerns about the evolving tactics of cybercriminals, making it crucial for affected companies to strengthen their security measures. As the cryptocurrency sector continues to grow, the potential impact of such attacks could be significant, leading to financial losses and data breaches.

Researchers have identified an enhanced version of the GoBruteforcer botnet that is targeting over 50,000 Linux servers. This botnet exploits weak passwords and takes advantage of system configurations generated by AI, making it easier for attackers to gain access. The findings emphasize the risks associated with inadequate security measures on server configurations, which can lead to widespread compromises. As more organizations rely on Linux servers, ensuring strong authentication practices is crucial. This situation serves as a warning for system administrators to review their security protocols and reinforce their defenses against such attacks.

The GoBruteforcer botnet is actively targeting unprotected Linux servers, particularly those running services like FTP and MySQL. This attack focuses on exploiting weak or default credentials, making it crucial for system administrators to secure their servers. Researchers have noted a rise in these attacks, which can lead to unauthorized access and potential data breaches. Affected users include businesses that rely on Linux servers for their operations. The growing prevalence of this botnet highlights the need for stronger authentication measures to protect sensitive data and maintain server integrity.