RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers

Updated on January 1, 2026

Cybersecurity researchers have disclosed details of a persistent nine-month-long campaign that has targeted Internet of Things (IoT) devices and web applications to enroll them into a botnet known as RondoDox.
As of December 2025, the activity has been observed leveraging the recently disclosed React2Shell (CVE-2025-55182, CVSS score: 10.0) flaw as an initial access vector, CloudSEK said in an…

Read the rest of the story at Read More

Source: The Hacker News

January 10, 2026 Uncategorized

MuddyWater Launches RustyWater RAT via S...

August 30, 2024 Uncategorized

Iranian Hackers Set Up New Network to Ta...

September 24, 2024 Uncategorized

RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers

Related posts

MuddyWater Launches RustyWater RAT via S...

Iranian Hackers Set Up New Network to Ta...

Telegram Agrees to Share User Data With ...

Leave a Comment Cancel reply

Recent News

MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors

Europol Arrests 34 Black Axe Members in Spain Over €5.9M Fraud and Organized Crime

China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines

Russian APT28 Runs Credential-Stealing Campaign Targeting Energy and Policy Organizations

Cybersecurity Predictions 2026: The Hype We Can Ignore (And the Risks We Can’t)

Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions

CISA Retires 10 Emergency Cybersecurity Directives Issued Between 2019 and 2024

FBI Warns North Korean Hackers Using Malicious QR Codes in Spear-Phishing

WhatsApp Worm Spreads Astaroth Banking Trojan Across Brazil via Contact Auto-Messaging

China-Linked UAT-7290 Targets Telecoms with Linux Malware and ORB Nodes