// #botnet
2 articles
Five Eyes Advisory: China-Nexus Volt Typhoon and Flax Typhoon Using SOHO Router Botnets to Pre-Position in Critical Infrastructure
A joint advisory from CISA, NCSC-UK, the Australian Signals Directorate, and Four Eyes partners confirms that China-linked threat actors including Volt Typhoon and Flax Typhoon are systematically compromising small-office and home-office routers to build operational relay networks for espionage and pre-positioned attacks against critical national infrastructure. Organisations should audit edge device inventories and enforce firmware update policies.
D-Link DIR-823X Command Injection CVE-2025-29635 Added to CISA KEV — Mirai Botnet Exploiting Actively
CVE-2025-29635, an authenticated command injection in D-Link DIR-823X routers, has been added to CISA's Known Exploited Vulnerabilities catalogue following an active Mirai botnet campaign documented by Akamai. CVSS 7.2 understates the real risk: D-Link DIR-823X reached end of life, meaning no patch will be issued. Organisations with these routers must replace them. Federal deadline: May 19, 2026.