The cybersecurity community is currently observing a surge in interest around Olymp Loader, a recently unveiled Malware-as-a-Service (MaaS) platform written entirely in Assembly. First advertised on underground forums and Telegram channels in early June 2025, Olymp Loader has rapidly evolved from a rudimentary botnet concept into a sophisticated loader and crypter suite. Its author, operating
Cybersecurity never stops - and neither do hackers. While you wrapped up last week, new attacks were already underway. From hidden software bugs to massive DDoS attacks and new ransomware tricks, this week's roundup gives you the biggest security moves to know. Whether you're protecting key systems or locking down cloud apps, these are the updates you need before making your next security
A sophisticated botnet operation has emerged, employing a Loader-as-a-Service model to systematically weaponize internet-connected devices across the globe. The campaign exploits SOHO routers, IoT devices, and enterprise applications through command injection vulnerabilities in web interfaces, demonstrating an alarming evolution in cybercriminal tactics. The malicious infrastructure operates by targeting unsanitized POST parameters in network management fields
A sophisticated cybercrime campaign has emerged that transforms legitimate AWS infrastructure into weaponized attack platforms through an innovative combination of containerization and distributed denial-of-service capabilities. The ShadowV2 botnet represents a significant evolution in cyber threats, leveraging exposed Docker daemons on Amazon Web Services EC2 instances to establish persistent footholds for large-scale DDoS operations. This campaign
A previously unseen botnet campaign emerged in late November, using a novel combination of DNS misconfiguration and hijacked networking devices to propel a global malspam operation. Initial reports surfaced when dozens of organizations received what appeared to be legitimate freight invoices, each containing a ZIP archive with a malicious JavaScript payload. Upon execution, the script
A proxy network known as REM Proxy is powered by malware known as SystemBC, offering about 80% of the botnet to its users, according to new findings from the Black Lotus Labs team at Lumen Technologies. "REM Proxy is a sizeable network, which also markets a pool of 20,000 Mikrotik routers and a variety of open proxies it finds freely available online," the company said in a report shared with
The emergence of the SystemBC botnet marks a significant evolution in proxy-based criminal infrastructure. Rather than co-opt residential devices for proxying, SystemBC operators have shifted to compromising large commercial Virtual Private Servers (VPS), enabling high-volume proxy services with minimal disruption to end users. In recent months, Lumen Technologies has observed an average of 1,500 newly
The operators of the SystemBC proxy botnet are hunting for vulnerable commercial virtual private servers (VPS) and maintain an average of 1,500 bots every day that provide a highway for malicious traffic.
Since early 2025, the cybersecurity community has witnessed an unprecedented surge in distributed denial-of-service (DDoS) bandwidth, culminating in a record-shattering 11.5 Tbps assault attributed to a botnet named AISURU. Emerging from XLab's continuous monitoring of global DDoS incidents, this botnet leveraged compromised router firmware to amass approximately 300,000 active devices worldwide. Researchers first detected unusual
submitted by /u/jnazario [link] [comments]
L7 DDoS Botnet Hijacked 5.76M Devices to Launch Massive Attacks In early March 2025, security teams first observed an unprecedented L7 DDoS botnet targeting web applications across multiple sectors. The botnet, rapidly expanding from an initial 1.33 million compromised devices, employed HTTP GET floods to exhaust server resources and circumvent traditional rate limiting. By mid-May,
In early March 2025, security teams first observed an unprecedented L7 DDoS botnet targeting web applications across multiple sectors. The botnet, rapidly expanding from an initial 1.33 million compromised devices, employed HTTP GET floods to exhaust server resources and circumvent traditional rate limiting. By mid-May, the threat escalated as the botnet grew to 4.6 million
A threat actor targeting exposed Docker APIs has updated its malicious tooling with more dangerous functionality that could lay the foundation for a complex botnet.
submitted by /u/digicat [link] [comments]
Security teams began observing a novel botnet strain slipping beneath the radar of standard Windows Defender defenses in early August 2025. Dubbed NightshadeC2, this malware family leverages both C and Python-based payloads to establish persistent, remote-control access on compromised hosts. Initial infection chains often start with customized "ClickFix" landing pages that trick users into executing
Theres a new botnet going around that is doing 10tbps. the old record which cloudflare said was a whopping 7.3 tbps https://blog[.]cloudflare[.]com/ddos-threat-report-for-2025-q2/ the attack was recorded on a telegram bot called t[.]me/ddoscf_bot The photo can be seen here since I can't upload stuff imgur[.]com/a/new-ddos-record-6N1ZJ8k submitted by /u/No_Process_877 [link] [comments]
Federal prosecutors called Rapper Bot one of the most powerful DDoS botnets in history.
Federal investigators have dismantled one of the world's most powerful distributed denial-of-service (DDoS) botnets and charged its alleged administrator with orchestrating cyberattacks that targeted victims across more than 80 countries. Ethan Foltz, 22, of Eugene, Oregon, faces federal charges for allegedly operating the "Rapper Bot" botnet, also known as "Eleven Eleven Botnet" and "CowBot," which
submitted by /u/campuscodi [link] [comments]
The U.S. Department of Justice (DoJ) announced charges against the alleged developer and administrator of the "Rapper Bot" DDoS-for-hire botnet.