Skip to content
Security

Modular C0XMO Botnet Hijacks DD-WRT Routers and Eliminates Rival Malware

tldr / infosec 20h ago 7

Fortinet researchers discovered C0XMO, an advanced Gafgyt botnet variant that exploits CVE-2021-27137 in DD-WRT firmware to infect routers and IoT devices across multiple CPU architectures. The malware uses Python-based scanners to brute-force SSH/Telnet credentials, laterally move through networks, and terminate competing botnets and red-team tools. It establishes persistence via cron jobs and hidden files, then awaits commands to launch one of 19 DDoS attack methods from its hardcoded C2 server. Defenders should patch routers, disable unnecessary remote access, and use strong, unique admin credentials.

Read full article →

More Security

Anthropic embeds engineers in NSA to deploy Mythos for offensive cyber operations

tldr / ai 20h ago 9

Anthropic embedded engineers in the NSA to deploy its unreleased Mythos AI for offensive cyber operations, even as it sues the Pentagon over military AI restrictions.

GitHub scrubs 70+ Microsoft repos as Miasma worm breaks CI/CD pipelines

theregister / security 6h ago 9

GitHub disabled 70+ Microsoft repos in under two minutes after the Miasma worm infected projects via compromised commits, breaking CI/CD pipelines and triggering RCE in developer tools.

Ubiquiti Patches Critical UniFi OS Flaws Enabling Unauthenticated Root RCE

tldr / infosec 20h ago 9

Ubiquiti patched three critical UniFi OS flaws that chain into unauthenticated root RCE with CVSS 10.0 scores, requiring immediate patching and full credential rotation.