New malware exploits 56 flaws across routers, cameras, and servers.

RondoDox botnet uses over 50 exploits to compromise routers, DVRs, cameras, and networking equipment from more than 30 vendors, with 18 of the targeted vulnerabilities lacking CVE identifiers. The botnet emerged in mid-2025 and experienced a 230% surge in attacks by September, infecting devices to conduct cryptocurrency mining, DDoS attacks, and enterprise network breaches. RondoDox operators rapidly rotate infrastructure and distribute their malware alongside Mirai and Morte payloads through loader-as-a-service platforms. The botnet targets ARM, MIPS, and Linux architectures while disguising malicious traffic by impersonating gaming platforms and VPN services.

Read more:

https://www.securityweek.com/rondodox-botnet-takes-exploit-shotgun-approach/