Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Unattributed operators campaign expands across multiple victims

Campaign
First reported
Last updated
Happening score
H score 52
1 unique sources, 1 articles

Summary

Hide ▲

The Operation WrtHug campaign is hijacking ASUS WRT routers worldwide by exploiting six vulnerabilities and abusing AiCloud, creating a large pool of compromised devices that can be reused for follow-on access. Researchers tied the activity to roughly 50,000 unique IPs across Taiwan, Southeast Asia, Russia, Central Europe, and the United States. The scope matters because many affected devices are end-of-life or outdated and may remain open to further takeover if they are not patched or replaced.

Related Happenings

AVRecon malware for Linux powering SocksEscort proxy network

Malware Activity
First: 12.03.2026 18:19 Last: 12.03.2026 18:19 Sources 1

About this happening: The **AVRecon** malware for Linux powered the **SocksEscort** proxy network, turning compromised **Linux-based SOHO routers** into traffic-routing nodes at scale. It was believed...

Open Happening

Motherboard firmware updates for UEFI DMA flaw (ASUS, Gigabyte, MSI, ASRock)

Security Patch Release
First: 19.12.2025 17:54 Last: 19.12.2025 17:54 Sources 1

About this happening: **ASUS**, **Gigabyte**, **MSI**, and **ASRock** issued **security bulletins** and **firmware updates** for impacted **motherboard models** after a disclosed **UEFI DMA flaw** expo...

Open Happening

ASUS AiCloud routers firmware patch release (CVE-2025-59366 and others)

Security Patch Release
First: 26.11.2025 13:41 Last: 26.11.2025 13:41 Sources 1

About this happening: **ASUS** released **new firmware** for **AiCloud-enabled routers** to fix **nine vulnerabilities**, including **CVE-2025-59366**, a **critical authentication bypass** that can let...

Open Happening

ASUS AiCloud routers critical authentication bypass (CVE-2025-59366)

Vulnerability
First: 26.11.2025 13:41 Last: 26.11.2025 13:41 Sources 1

About this happening: **CVE-2025-59366** is a **critical authentication bypass** in **ASUS AiCloud-enabled routers** that can let remote, unauthenticated attackers execute functions without proper auth...

Open Happening

ASUS WRT routers legacy AiCloud/OS injection flaws (multiple vulnerabilities)

Vulnerability
First: 19.11.2025 12:20 Last: 19.11.2025 12:20 Sources 1

How related: The attacks begin with the exploitation of command injection flaws and other known vulnerabilities in ASUS WRT routers, mostly AC-series and AX-series devices.

About this happening: **ASUS WRT routers** and **ASUS AiCloud** are facing **active exploitation** of **six legacy vulnerabilities**, creating **elevated-privilege** and **persistence** risk for **end-...

Open Happening

Timeline

  1. 19.11.2025 16:35 2 articles · 6mo ago

    Operation WrtHug affects ASUS WRT routers worldwide

    Campaign Scope Update

    SecurityScorecard STRIKE identified Operation WrtHug as a global campaign hijacking thousands of ASUS WRT routers, mostly end-of-life or outdated devices, by exploiting CVE-2025-2492 and other ASUS command-injection flaws. Scanners found roughly 50,000 unique IPs across Taiwan, Southeast Asia, Russia, Central Europe, and the United States, and ASUS has issued security updates for the leveraged vulnerabilities while advising router owners to upgrade firmware, replace unsupported devices, or disable remote access features.

    Show sources
    Open in new tab