The Hacker News

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Compromised dYdX npm and PyPI packages delivered wallet-stealing malware and a RAT via poisoned updates in a software supply chain attack.
Microsoft

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable Python to evade detection and persist on high‑value systems.
Hosted on MSN

Patch now - this new botnet is targeting HPR OneView vulnerabilities

Critical HPE OneView RCE flaw (CVE-2025-37164) exploited despite patch release Over 40,000 botnet-driven attacks observed, mainly from RondoDox targeting key sectors CPR and CISA urge immediate ...
Forbes

How We Accidentally Built The World’s Largest Botnet Supply Chain

Many of you probably unwrapped a smart device this Christmas. Operated via Wi-Fi, it cooks, cleans, heats, cools, etc. But did you know it could also be moonlighting as a bot? The likelihood is ...
Krebs on Security

Kimwolf Botnet Lurking in Corporate, Govt. Networks

A new Internet-of-Things (IoT) botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and to ...
Dark Reading

RondoDox Botnet Expands Scope With React2Shell Exploitation

The threat actors behind the RondoDox botnet are among the latest attackers to take advantage of the React2Shell flaw, weaponizing the vulnerability as an initial access vector to deploy other ...
Bleeping Computer

RondoDox botnet exploits React2Shell flaw to breach Next.js servers

The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers. First documented by Fortinet in July ...
PC Magazine

5 Cybersecurity Disasters You Missed This Week: Airport Wi-Fi Hacks, Botnets, Spyware Extensions, and More

From record-breaking DDoS attacks to millions infected by malicious extensions, this week delivered some of the most alarming cyber incidents of the year. I've been writing and editing stories for ...
Forbes

Millions Of Androids Hijacked By Botnets—Click Here To Check Yours

Attacks on smart devices at home have “exploded” in the past year, turning your innocent looking tech into “exit points for other people’s traffic.” You won’t know until it’s too late. “Your internet ...
HotHardware

Botnet Warning: Budget Android TV Boxes Could Be Secretly Hijacking Your Internet

A growing number of off-brand Android TV boxes promise unlimited ad-free streaming for a one-time fee, but there's a catch. Security experts have found that these devices are being used for botnets ...
Ars Technica

Massive Cloudflare outage was triggered by file that suddenly doubled in size

When a Cloudflare outage disrupted large numbers of websites and online services yesterday, the company initially thought it was hit by a “hyper-scale” DDoS (distributed denial-of-service) attack. “I ...
WSPA

PREVIEW - Botnets: Could your devices be part of a malicious network?

PREVIEW – Botnets: Could your devices be part of … News / Nov 18, 2025 / 04:42 PM EST One of the hardest types of hacks to detect are botnets, a network of devices infected with malware. Whether it’s ...