RondoDox Exploits Unpatched XWiki Servers to Pull More Devices Into Its Botnet

Updated on November 15, 2025

The botnet malware known as RondoDox has been observed targeting unpatched XWiki instances against a critical security flaw that could allow attackers to achieve arbitrary code execution.
The vulnerability in question is CVE-2025-24893 (CVSS score: 9.8), an eval injection bug that could allow any guest user to perform arbitrary remote code execution through a request to the “/bin/get/Main/…

Read the rest of the story at Read More

Source: The Hacker News

December 17, 2024 Uncategorized

Attackers Exploit Microsoft Teams and An...

March 4, 2025 Uncategorized

Cisco, Hitachi, Microsoft, and Progress ...

June 24, 2025 Uncategorized

RondoDox Exploits Unpatched XWiki Servers to Pull More Devices Into Its Botnet

Related posts

Attackers Exploit Microsoft Teams and An...

Cisco, Hitachi, Microsoft, and Progress ...

China-linked Salt Typhoon Exploits Criti...

Leave a Comment Cancel reply

Recent News

ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet

Tsundere Botnet Expands Using Game Lures and Ethereum-Based C2 on Windows

ThreatsDay Bulletin: 0-Days, LinkedIn Spies, Crypto Crimes, IoT Flaws and New Malware Waves

CTM360 Exposes a Global WhatsApp Hijacking Campaign: HackOnChat

New Sturnus Android Trojan Quietly Captures Encrypted Chats and Hijacks Devices

Iran-Linked Hackers Mapped Ship AIS Data Days Before Real-World Missile Strike Attempt

TamperedChef Malware Spreads via Fake Software Installers in Ongoing Global Campaign

Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001)

Python-Based WhatsApp Worm Spreads Eternidade Stealer Across Brazilian Devices

WrtHug Exploits Six ASUS WRT Flaws to Hijack Tens of Thousands of EoL Routers Worldwide