VulnHub

CrowdStrike and Google have successfully dismantled the Glassworm botnet, which has been targeting software developers since early 2025. This botnet is notable for its focus on compromising development environments, potentially allowing attackers to introduce malicious code into legitimate software projects. The operation highlights the risks that developers face, as their tools and platforms can be exploited by cybercriminals. By disrupting this botnet, the companies aim to protect software development processes and ensure the integrity of the applications being created. This incident serves as a reminder of the ongoing cybersecurity challenges in the software development sector.

The Glassworm botnet, which has been targeting software developers through supply-chain attacks, has been disrupted following the dismantling of its command-and-control infrastructure. Researchers focused on the botnet's unique reliance on Solana blockchain transactions and the BitTorrent DHT network for its operations. This disruption is significant as it affects developers who are increasingly targeted in cyberattacks aimed at compromising software supply chains. By taking down these systems, researchers have potentially reduced the risk of further attacks on vulnerable development environments. The incident underscores the ongoing challenges in securing software development processes against advanced threats.

CrowdStrike has successfully disrupted a botnet known as Glassworm, which specifically targeted software developers. This botnet was designed to steal sensitive information and credentials from its victims, posing a significant risk to development environments and associated projects. The operation involved sophisticated techniques to infiltrate and compromise systems, making it a notable threat in the cybersecurity landscape. The takedown not only protects the affected developers but also serves as a warning to other potential targets about the evolving tactics used by cybercriminals. This incident emphasizes the need for developers to adopt stronger security measures to safeguard their tools and data.

Hackers are exploiting a significant vulnerability from 2018 to take control of over a million ASUS routers. According to VulnCheck, this flaw allows attackers to bypass authentication mechanisms, making it easier for them to hijack affected devices. The vulnerability impacts various ASUS router models, posing a risk to users who may unknowingly have their networks compromised. This incident is concerning because it shows how older vulnerabilities can still be leveraged for large-scale attacks, highlighting the need for users to regularly update their devices and apply security patches. Failure to address these vulnerabilities could lead to unauthorized access and further exploitation of personal or sensitive information.

The Russian hacker group known as Secret Blizzard has transformed its Kazuar backdoor into a more sophisticated modular peer-to-peer (P2P) botnet. This new version is designed for long-term stealth and effective data collection, making it a significant threat to targeted organizations. The botnet's P2P structure allows it to operate without relying on a central command server, which complicates detection and mitigation efforts. This development raises concerns for businesses and individuals alike, as it could lead to unauthorized data access and prolonged security breaches. Cybersecurity experts are urging organizations to enhance their defenses against these evolving threats, as the Kazuar botnet is likely to be used for various malicious activities, including espionage and data theft.

A new botnet is targeting gaming servers by exploiting misconfigured Jenkins installations. Attackers accessed the Jenkins server through a vulnerability in the scriptText endpoint, which allowed them to execute remote code using a Groovy script. This incident raises concerns for gaming companies and server administrators, as it can lead to unauthorized access and potential service disruptions. Organizations using Jenkins need to ensure their configurations are secure to prevent similar attacks. The exploitation of this vulnerability could have significant implications for the security of gaming platforms and user data.

Hackers are exploiting poorly configured Jenkins servers to launch a distributed denial-of-service (DDoS) attack against gaming servers, particularly targeting infrastructure associated with Valve Corporation. This attack leverages the Jenkins automation server, which is often used for continuous integration and deployment. Misconfigurations in these servers make it easier for attackers to gain unauthorized access and deploy their botnets. The implications are significant for gamers and the gaming industry, as DDoS attacks can disrupt services and lead to extended downtimes. Companies operating gaming platforms need to ensure their Jenkins servers are properly secured to mitigate the risk of such attacks in the future.

A Brazilian tech company, which specializes in DDoS protection, has been implicated in enabling a botnet that has targeted other internet service providers in Brazil with massive DDoS attacks. The CEO of the firm claims that these attacks stemmed from a security breach and suggested that a rival company might be behind the malicious activities to damage his firm's reputation. This situation raises serious concerns about the integrity of cybersecurity firms and their ability to protect clients. It also highlights the potential for internal issues or competition to lead to significant disruptions in the tech industry. The ongoing attacks could impact the reliability of internet services for many users and businesses in Brazil.

A new campaign linked to the Mirai malware is exploiting a serious command-injection vulnerability in D-Link DIR-823X routers, identified as CVE-2025-29635. This vulnerability allows attackers to take control of the routers and integrate them into a botnet. Users of these routers are at risk as their devices can be hijacked for malicious purposes, including launching distributed denial-of-service (DDoS) attacks. This situation is particularly concerning since the affected routers are at the end of their life cycle, meaning they are unlikely to receive security updates. It’s crucial for users to be aware of this exploit and take necessary precautions to secure their networks.

The Mirai botnet is exploiting a newly discovered vulnerability in older D-Link routers, identified as CVE-2025-29635. This command injection flaw allows attackers to execute arbitrary commands through specially crafted POST requests. The vulnerability is particularly concerning because it affects discontinued models that many users may still have in operation. With the public disclosure of a proof-of-concept (PoC) exploit, the risk of widespread attacks increases, putting users who have not updated their devices at significant risk. It's crucial for affected users to take immediate action to secure their routers to prevent unauthorized access.

The Mirai botnet is exploiting a command injection vulnerability found in certain discontinued D-Link routers. This issue emerged about a year after the vulnerability was publicly disclosed and proof-of-concept exploit code was released. Users of these routers are at risk, as the botnet can take control of the devices, potentially turning them into part of a larger network for launching attacks. The fact that these routers are no longer supported by D-Link means that affected users will not receive any official security updates or patches, leaving them vulnerable. It's crucial for individuals and organizations still using these routers to take immediate action to secure their networks, as the exploitation is ongoing.

Recent research from Check Point has revealed that the command-and-control server associated with the SystemBC malware has been connected to over 1,570 victims of The Gentlemen ransomware operation. SystemBC is a type of proxy malware that allows attackers to establish network tunnels for malicious activities. This discovery underscores the scale of the threat posed by this ransomware-as-a-service operation, which has been actively targeting various organizations. The findings indicate that victims may be vulnerable to further exploitation, as the botnet can facilitate additional attacks. Organizations need to be vigilant and take steps to secure their networks against such threats.