Cybersecurity experts have revealed a nine-month-long campaign targeting IoT devices and web apps, involving the exploitation of React2Shell vulnerability to build the RondoDox botnet. The campaign progressed through advanced phases, including malware deployment and infection persistence tactics, emphasizing the importance of timely updates and network segmentation. #React2Shell #RondoDox #IoTThreats #NextjsVulnerability
Keypoints
- The RondoDox botnet campaign lasted nine months, attacking IoT devices and web applications.
- The campaign exploited the critical React2Shell vulnerability (CVE-2025-55182) to gain initial access.
- Approximately 90,300 susceptible instances remain, mainly in the U.S., Germany, France, and India.
- Threat actors used automated scans to deploy cryptocurrency miners and Mirai variants on infected systems.
- Mitigation strategies include updating affected software, network segmentation, deploying WAFs, and blocking C2 servers.
Read More: https://thehackernews.com/2026/01/rondodox-botnet-exploits-critical.html