Mirai botnets deployed via Wazuh Server exploit

Attacks exploiting the recently addressed critical unsafe deserialization vulnerability in Wazuh Server, tracked as CVE-2025-24016, have been launched to deploy a pair of Mirai botnet variants just weeks following disclosure and proof-of-concept release, The Hacker News reports.

Threat actors behind the initial intrusion leveraged the flaw to facilitate execution of a shell script that downloaded the LZRD Mirai botnet version, which has also been used in attacks involving deprecated GeoVision IoT devices, according to findings from Akamai. Another Mirai variant dubbed "Resbot", also known as Resentual, was also distributed using a nefarious shell script, noted researchers, who observed the said botnet version to have targeted Huawei and TrueOnline ZyXEL router and Realtek SDK exploits. "The propagation of Mirai continues relatively unabated, as it remains rather straightforward to repurpose and reuse old source code to set up or create new botnet. And botnet operators can often find success with simply leveraging newly published exploits," said researchers.