ZCyberNews
中文

#botnet

9 articles

Over the 16 days from April 14 to April 30, 2026, ZCyberNews covered 12 articles tagged under botnet. The top threat actors observed were Dort, Mirai, and The Gentlemen. Key vulnerabilities included CVE-2025-29635 (CVSS 8.8), CVE-2024-3721 (CVSS 6.3), and CVE-2023-33538. Affected sectors spanned telecommunications, technology, corporate, cybersecurity services, and finance, with notable activity in Brazil, Canada, the Czech Republic, Germany, and globally. The severity mix comprised 9 high, 2 medium, and 1 critical incident.

Brazilian DDoS Firm Behind Botnet Attacks on ISPsHIGH
Industry News

Brazilian DDoS Firm Behind Botnet Attacks on ISPs

Brazilian anti-DDoS firm's infrastructure used to launch massive botnet attacks against rival ISPs. CEO claims breach by competitor caused the abuse.

2 min read
Dort Identified as Kimwolf Botmaster Behind Record DDoS AttacksHIGH
Threat Intel

Dort Identified as Kimwolf Botmaster Behind Record DDoS Attacks

KrebsOnSecurity traces Kimwolf botmaster 'Dort' to a real identity after the botnet launched DDoS, doxing, and email flood attacks against a security researcher who disclosed its…

2 min readDort
Feds Disrupt IoT Botnets Behind Record DDoS AttacksHIGH
Industry News

Feds Disrupt IoT Botnets Behind Record DDoS Attacks

US DOJ, Canada, and Germany dismantled four IoT botnets — Aisuru, Kimwolf, JackSkid, Mossad — compromising 3M+ devices, enabling record-breaking DDoS attacks.

2 min read
Mirai Botnet Exploits D-Link Router Flaw CVE-2025-29635HIGH
Malware

Mirai Botnet Exploits D-Link Router Flaw CVE-2025-29635

Mirai botnet operators exploit CVE-2025-29635, a CVSS 8.8 command injection flaw in end-of-life D-Link DIR-823X routers, to deploy malware and launch DDoS attacks.

CVE-2025-29635
3 min readMirai
The Gentlemen Ransomware Botnet Infects 1,570+ Systems via SystemBC ProxyHIGH
Threat Intel

The Gentlemen Ransomware Botnet Infects 1,570+ Systems via SystemBC Proxy

Check Point Research uncovers a 1,570-victim botnet linked to The Gentlemen ransomware, using the SystemBC proxy malware to establish stealthy SOCKS5 tunnels for command and control.

2 min readThe Gentlemen
Mirai Variant Nexcorium Exploits DVR Flaw to Build DDoS BotnetMEDIUM
Malware

Mirai Variant Nexcorium Exploits DVR Flaw to Build DDoS Botnet

A new Mirai botnet variant, 'Nexcorium,' is exploiting a command injection flaw (CVE-2024-3721) in TBK DVRs and end-of-life TP-Link routers to conscript devices into a distributed denial-of-service (DDoS) swarm.

CVE-2024-3721
4 min read
TP-Link Router Flaw Exploited by Mirai Botnet VariantCRITICAL
Threat Intel

TP-Link Router Flaw Exploited by Mirai Botnet Variant

Attackers are exploiting CVE-2023-33538, a command injection flaw in TP-Link Archer AX21 routers, to deploy a Mirai botnet variant. The campaign hijacks devices for DDoS attacks and credential theft.

CVE-2023-33538
4 min read
W3LL Phishing Platform Disrupted in International Law Enforcement OperationHIGH
Threat Intel

W3LL Phishing Platform Disrupted in International Law Enforcement Operation

A coordinated law enforcement operation has disrupted the W3LL phishing-as-a-service platform, which was used to target over 800,000 corporate Microsoft 365 accounts globally.

4 min readW3LL
PowMix Botnet Targets Czech Workforce with Randomized C2 TrafficHIGH
Malware

PowMix Botnet Targets Czech Workforce with Randomized C2 Traffic

Cisco Talos researchers identify the PowMix botnet, active since December 2025, targeting Czech workers with randomized C2 beaconing to evade detection and deploy additional payloads.

3 min read

Stay Updated

Get the latest cybersecurity news delivered to your inbox.