✨ The Containment Era is here. Secure AI workloads before they breach. →The Containment Era is here. →The Containment Era is here. →Explore ✨
Computer Networking
Breach intelligence, attack campaigns, and threat reports targeting the Computer Networking sector.
Explore Other Sectors
Computer Networking Threat Reports
AryStinger Malware Hijacks 4,300 Legacy Routers in 2026
In June 2026, security researchers at QiAnXin's XLab identified a new malware strain named AryStinger, which has compromised over 4,300 outdated routers, primarily D-Link models like DIR-850L and DIR-818LW. The malware exploits old vulnerabilities—CVE-2013-3307 and CVE-2016-5681—to transform these devices into a distributed network for reconnaissance and proxying malicious traffic. Unlike typical botnets used for DDoS attacks, AryStinger focuses on pre-intrusion activities such as internet scanning, service fingerprinting, subdomain enumeration, and traffic tunneling, effectively masking the attacker's origin. This incident underscores the critical risks posed by unpatched, legacy hardware in both residential and small office environments. The widespread infection, notably concentrated in South Korea and China, highlights the necessity for regular firmware updates and the decommissioning of unsupported devices to prevent their exploitation in sophisticated cyber operations.
3 days ago
Kill Chain
KadNap Malware: Over 14,000 Asus Routers Hijacked into Stealth Botnet
In August 2025, cybersecurity researchers identified a new malware strain named KadNap, which primarily targets Asus routers to conscript them into a botnet used for proxying malicious traffic. By March 2026, over 14,000 devices had been infected, with more than 60% located in the United States. KadNap employs a customized version of the Kademlia Distributed Hash Table (DHT) protocol, enabling it to conceal command-and-control (C2) infrastructure within a peer-to-peer network, thereby evading traditional network monitoring and enhancing resilience against detection and disruption efforts. The malware is distributed through a shell script that establishes persistence via cron jobs, downloads a malicious ELF file, and executes it, effectively integrating the compromised device into the botnet. ([thehackernews.com](https://thehackernews.com/2026/03/kadnap-malware-infects-14000-edge.html?utm_source=openai)) The emergence of KadNap underscores a growing trend of sophisticated malware targeting edge networking devices, exploiting their vulnerabilities to build resilient botnets. This incident highlights the critical need for organizations and individuals to secure their network infrastructure, as such compromised devices can be leveraged for various malicious activities, including anonymizing cybercriminal operations and facilitating large-scale attacks. ([bleepingcomputer.com](https://www.bleepingcomputer.com/news/security/new-kadnap-botnet-hijacks-asus-routers-to-fuel-cybercrime-proxy-network/?utm_source=openai))
3 months ago
Kill Chain
Attackers Exploit GNU InetUtils Telnetd Flaw for Root Access in 2026
In January 2026, researchers discovered active exploitation of a critical eleven-year-old authentication bypass vulnerability (CVE-2026-24061) in the GNU InetUtils telnetd server, affecting versions 1.9.3 through 2.7. Attackers leveraged unsanitized environment variable handling to pass 'USER=-f root' via Telnet connections, trivially gaining root shell access without authentication. While identified exploitation was limited—18 unique IPs targeting 60 sessions over two days—many affected systems are legacy or embedded industrial and IoT devices, complicating patching or replacement and increasing exposure risk in Operational Technology (OT) environments. This incident highlights how long-standing vulnerabilities in rarely updated legacy software can be weaponized by both automated and hands-on attackers. The persistence of Telnet in OT, IoT, and embedded sectors, combined with publicly available exploits, underscores increased urgency for organizations to identify, mitigate, or segment such outdated services before broader exploitation occurs.
5 months ago
Kill Chain
PolarEdge Botnet Targets Cisco, ASUS, QNAP, Synology Routers in 2025 Operation
In February 2025, security researchers uncovered a sophisticated botnet campaign dubbed PolarEdge, targeting router devices produced by Cisco, ASUS, QNAP, and Synology. The attackers leverage a custom TLS-based ELF implant to compromise home and enterprise routers, enlisting them into an expanding botnet. Initial infection vectors are believed to exploit known and zero-day vulnerabilities in router firmware, granting the threat actors persistent access and control over thousands of devices globally. The current purpose of the PolarEdge botnet remains undetermined, but activity suggests ongoing monitoring, traffic manipulation, and possible lateral movement within affected networks. Organizations with exposed or outdated devices face heightened operational risk, including surveillance, DDoS, and data interception. This incident underscores the growing menace of router-based botnets leveraging encrypted payloads and advanced evasion techniques. With a surge in attacks on network edge hardware and the proliferation of Internet of Things (IoT) devices, organizations must prioritize firmware patching, network segmentation, and comprehensive threat detection to mitigate emerging risks.
5 months ago
Kill Chain
Stop Active Cloud Data Exfiltration
Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.
Looking for threats in a different sector?
Browse All Threat Reports