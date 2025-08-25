Threat actors have launched a trio of attack campaigns involving the exploitation of known security flaws for clandestine income generation and botnet fortification, reports The Hacker News. Intrusions aimed at vulnerable GeoServer GeoTools instances impacted by the critical remote code execution bug, tracked as CVE-2024-36401, since March have sought to monetize targeted systems' internet bandwidth without additional malware, according to a report from Palo Alto Networks Unit 42 researchers. China, the U.S., Germany, Great Britain, and Singapore had the most number of internet-exposed GeoServer implementations. Meanwhile, attackers behind the gayfemboy botnet, a more advanced and stealthy variant of Mirai, were reported by Fortinet to have expanded global intrusions against Cisco, TP-Link, DrayTek, and Raisecom products. "This evolution reflects the increasing sophistication of modern malware and reinforces the need for proactive, intelligence-driven defense strategies," said Fortinet researchers. Another study from Censys showed that enterprise-grade firewalls and other consumer IoT devices have been targeted by the massive PolarEdge botnet for custom TLS backdoor distribution.
