#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
AWS EKS Security Best Practices

botnet | Breaking Cybersecurity News | The Hacker News

Category — botnet
Researchers Find Way to Shut Down Cryptominer Campaigns Using Bad Shares and XMRogue

Researchers Find Way to Shut Down Cryptominer Campaigns Using Bad Shares and XMRogue

Jun 24, 2025 Malware / Cryptocurrency
Cybersecurity researchers have detailed two novel methods that can be used to disrupt cryptocurrency mining botnets. The methods take advantage of the design of various common mining topologies in order to shut down the mining process , Akamai said in a new report published today. "We developed two techniques by leveraging the mining topologies and pool policies that enable us to reduce a cryptominer botnet's effectiveness to the point of completely shutting it down, which forces the attacker to make radical changes to their infrastructure or even abandon the entire campaign," security researcher Maor Dahan said . The techniques, the web infrastructure company said, hinge on exploiting the Stratum mining protocol such that it causes an attacker's mining proxy or wallet to be banned, effectively disrupting the operation. The first of the two approaches, dubbed bad shares, entails banning the mining proxy from the network, which, in turn, results in the shutdow...
Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider

Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider

Jun 20, 2025 Cyber Attack / Botnet
Cloudflare on Thursday said it autonomously blocked the largest distributed denial-of-service (DDoS) attack ever recorded, which hit a peak of 7.3 terabits per second (Tbps). The attack, which was detected in mid-May 2025, targeted an unnamed hosting provider. "Hosting providers and critical Internet infrastructure have increasingly become targets of DDoS attacks," Cloudflare's Omer Yoachimik said . "The 7.3 Tbps attack delivered 37.4 terabytes in 45 seconds." Earlier this January, the web infrastructure and security company said it had mitigated a 5.6 Tbps DDoS attack aimed at an unnamed internet service provider (ISP) from Eastern Asia. The attack originated from a Mirai-variant botnet in October 2024. Then in April 2025, Cloudflare revealed it defended against a massive 6.5 Tbps flood that likely emanated from Eleven11bot, a botnet comprising roughly 30,000 webcams and video recorders. The hyper-volumetric attack lasted about 49 seconds. The 7.3 Tbps...
Are Forgotten AD Service Accounts Leaving You at Risk?

Are Forgotten AD Service Accounts Leaving You at Risk?

Jun 17, 2025 Password Security / Active Directory
For many organizations, Active Directory (AD) service accounts are quiet afterthoughts, persisting in the background long after their original purpose has been forgotten. To make matters worse, these orphaned service accounts (created for legacy applications, scheduled tasks, automation scripts, or test environments) are often left active with non-expiring or stale passwords. It's no surprise that AD service accounts often evade routine security oversight. Security teams, overwhelmed by daily demands and lingering technical debt, often overlook service accounts (unlinked to individual users and rarely scrutinized) allowing them to quietly fade into the background. However, this obscurity makes them prime targets for attackers seeking stealthy ways into the network. And left unchecked, forgotten service accounts can serve as silent gateways for attack paths and lateral movement across enterprise environments. In this article, we'll examine the risks that forgotten AD service accounts...
cyber security

SaaS Security Made Simple

websiteAppomniSaaS Security / SSPM
Simplify SaaS security with a vendor checklist, RFP, and expert guidance.
Business Case for Agentic AI SOC Analysts

Business Case for Agentic AI SOC Analysts

Jun 27, 2025Artificial Intelligence / Security Operations
Security operations centers (SOCs) are under pressure from both sides: threats are growing more complex and frequent, while security budgets are no longer keeping pace. Today's security leaders are expected to reduce risk and deliver results without relying on larger teams or increased spending. At the same time, SOC inefficiencies are draining resources. Studies show that up to half of all alerts are false positives, with some reports citing false positive rates as high as 99 percent . This means highly trained analysts spend a disproportionate amount of time chasing down harmless activity, wasting effort, increasing fatigue, and raising the chance of missing real threats. In this environment, the business imperative is clear: maximize the impact of every analyst and every dollar by making security operations faster, smarter, and more focused. Enter the Agentic AI SOC Analyst The agentic AI SOC Analyst is a force multiplier that enables organizations to do more with the team an...
TP-Link Router Flaw CVE-2023-33538 Under Active Exploit, CISA Issues Immediate Alert

TP-Link Router Flaw CVE-2023-33538 Under Active Exploit, CISA Issues Immediate Alert

Jun 17, 2025 Network Security / IoT Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw in TP-Link wireless routers to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation.  The vulnerability in question is CVE-2023-33538 (CVSS score: 8.8), a command injection bug that could result in the execution of arbitrary system commands when processing the ssid1 parameter in a specially crafted HTTP GET request. "TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm," the agency said. CISA has also warned that there is a possibility that affected products could be end-of-life (EoL) and/or end-of-service (EoS), urging users to discontinue their use if no mitigations are available. There is currently no public information available about how the shortcoming is being exploited in the wild, the scale of the attacks, and who is b...
Two Distinct Botnets Exploit Wazuh Server Vulnerability to Launch Mirai-Based Attacks

Two Distinct Botnets Exploit Wazuh Server Vulnerability to Launch Mirai-Based Attacks

Jun 09, 2025 Wazuh Server Vulnerability
A now-patched critical security flaw in the Wazur Server is being exploited by threat actors to drop two different Mirai botnet variants and use them to conduct distributed denial-of-service (DDoS) attacks. Akamai, which first discovered the exploitation efforts in late March 2025, said the malicious campaign targets CVE-2025-24016 (CVSS score: 9.9), an unsafe deserialization vulnerability that allows for remote code execution on Wazuh servers. The security defect , which affects all versions of the server software including and above 4.4.0, was addressed in February 2025 with the release of 4.9.1. A proof-of-concept (PoC) exploit was publicly disclosed around the same time the patches were released. The problem is rooted in the Wazuh API, where parameters in the DistributedAPI are serialized as JSON and deserialized using "as_wazuh_object" in the framework/wazuh/core/cluster/common.py file. A threat actor could weaponize the vulnerability by injecting malicious JSON...
Expert Insights Articles Videos
Cybersecurity Resources