The Kimwolf botnet has compromised over 2 million Android devices, primarily targeting streaming boxes to turn them into residential proxies. Recent reports detail its expansion and connection to a network of compromised routers, which allows threat actors to conduct DDoS attacks and sell proxy services. Cybersecurity firms have identified significant increases in bot activity and vulnerabilities in residential proxy networks.

Oligo Security has revealed an ongoing global hacking campaign, ShadowRay 2.0, where attackers exploit a flaw in the Ray AI framework to create a self-propagating botnet. The attackers, known as IronErn440, leverage AI-generated payloads to enhance their methods while competing with other criminal groups for resources. Over 230,000 Ray servers are currently exposed to this threat.

The Aisuru botnet targeted Microsoft's Azure network with a DDoS attack of 15.72 Tbps from over 500,000 IP addresses. This attack, using high-rate UDP floods, is part of a trend of record-breaking DDoS incidents linked to the botnet, which exploits vulnerabilities in IoT devices.

Cydome has identified a new variant of the Mirai botnet, called Broadside, which exploits a vulnerability in TBK DVR devices used in maritime logistics. This variant not only conducts DDoS attacks but also attempts to harvest system credentials, posing a significant threat to shipping operations.

Aisuru botnet domains have been dominating Cloudflare's rankings of top websites, leading to concerns about malicious activity. Cloudflare has begun redacting these domains from its list after realizing they were being used to manipulate DNS query volume. Experts criticize Cloudflare for failing to maintain the integrity of its rankings.

The Kimwolf botnet has overwhelmed the I2P network by attempting to join with infected devices, causing significant disruptions. Despite I2P's design for secure communication, the influx of fake nodes led to a Sybil attack, impacting user connectivity. Recent turmoil within the botnet's operation has reduced its infected systems by over 600,000.

The Kimwolf botnet has infected at least 1.8 million devices, primarily targeting Android-based TVs and set-top boxes. It has demonstrated advanced DDoS capabilities and is linked to the AISURU botnet, suggesting that the same hacker group may be behind both. Recent tactics include using Ethereum Name Service for resilience against takedowns.

A new botnet named Androxgh0st is expanding its operations by exploiting vulnerabilities in university servers in the United States. The botnet is capable of executing various malicious activities, raising concerns about its potential impact on educational institutions and cybersecurity.

Akirabot has been identified as a malicious bot that spammed approximately 80,000 websites, primarily by exploiting vulnerabilities in outdated content management systems. The attack highlights the ongoing threat of automated bots in the cybersecurity landscape and emphasizes the need for regular updates and security measures.

QRator Labs has developed a solution to mitigate Layer 7 DDoS attacks using a botnet of 5.76 million compromised devices. Their approach focuses on enhancing server resilience by employing advanced filtering techniques that distinguish between legitimate traffic and malicious requests, effectively reducing the impact of such attacks on targeted websites.

Operation Moonlander has successfully dismantled a significant botnet responsible for the cybercriminal services AnyProxy and 5Socks. This operation highlights the ongoing efforts to combat malware and cybercrime on a global scale, emphasizing the need for continuous vigilance and collaboration among cybersecurity entities.

KrebsOnSecurity experienced a massive 6.3 Tbps DDoS attack, believed to be a test of the Aisuru botnet, which consists of compromised IoT devices. This attack, lasting less than a minute, highlights the growing threat posed by sophisticated botnets and the involvement of individuals like "Forky," who has connections to multiple DDoS-for-hire services. Despite the attack's scale, KrebsOnSecurity remained operational due to its DDoS protection measures.

Over 9,000 ASUS routers have been compromised by a botnet called "AyySSHush," which exploits an old command injection vulnerability to establish a persistent SSH backdoor. The attackers employ stealth tactics, including bypassing authentication and disabling logging, while the exact purpose of the campaign remains unclear. ASUS has released security updates, urging users to upgrade their firmware and check for unauthorized access.