Threat Intelligence, Vulnerability Management

RondoDox botnet intrusions become more focused, report finds

Attacks by the RondoDox botnet between May 25, 2025 and Feb. 16, 2026 have been aimed at 174 security flaws, with threat actors launching up to 15,000 exploitation attempts daily as part of a more targeted campaign, according to Security Affairs.

Vulnerabilities targeted by RondoDox have been continuously rotated, with threat actors weaponizing a maximum of 49 bugs in a day in October before significantly dropping from almost 40 flaws to only a pair by early January, a report from BitSight showed. Operators of the botnet were also observed to have implemented newly reported flaws within weeks, with one even used prior to publication due to proof-of-concept availability. While RondoDox operators are believed to have been tracking vulnerability research, improper adoption of certain exploits has hindered effectiveness.

"The threat landscape keeps changing at a rapid pace, with new threats like RondoDox making themselves notable for how they operate," said researchers, who noted the botnet's evolution from sweeping vulnerability exploitation to greater prioritization of critical bugs.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds