Find notable cyber news and cases, enriched with sources, timelines, and signals.

Unattributed operators campaign expands across multiple victims

Campaign
First reported
Last updated
Happening score
H score 37
1 unique sources, 1 articles

Summary

Hide ▲

The Operation WrtHug campaign is hijacking ASUS WRT routers worldwide by exploiting six vulnerabilities and abusing AiCloud, creating a large pool of compromised devices that can be reused for follow-on access. Researchers tied the activity to roughly 50,000 unique IPs across Taiwan, Southeast Asia, Russia, Central Europe, and the United States. The scope matters because many affected devices are end-of-life or outdated and may remain open to further takeover if they are not patched or replaced.

Related Happenings

Tenda firmware hidden admin backdoor security flaw (CVE-2026-11405)

Vulnerability
H score33 First: 07.07.2026 09:40 Last: 07.07.2026 09:40 Sources 1

About this happening: An **undocumented authentication backdoor** in **Tenda firmware** now exposes multiple router builds to **full administrative takeover without valid credentials**. The flaw is tra...

AVRecon malware for Linux powering SocksEscort proxy network

Malware Activity
H score19 First: 12.03.2026 18:19 Last: 12.03.2026 18:19 Sources 1

About this happening: The **AVRecon** malware for Linux powered the **SocksEscort** proxy network, turning compromised **Linux-based SOHO routers** into traffic-routing nodes at scale. It was believed...

Motherboard firmware updates for UEFI DMA flaw (ASUS, Gigabyte, MSI, ASRock)

Security Patch Release
H score16 First: 19.12.2025 17:54 Last: 19.12.2025 17:54 Sources 1

About this happening: **ASUS**, **Gigabyte**, **MSI**, and **ASRock** issued **security bulletins** and **firmware updates** for impacted **motherboard models** after a disclosed **UEFI DMA flaw** expo...

ASUS AiCloud routers firmware patch release (CVE-2025-59366 and others)

Security Patch Release
H score36 First: 26.11.2025 13:41 Last: 26.11.2025 13:41 Sources 1

About this happening: **ASUS** released **new firmware** for **AiCloud-enabled routers** to fix **nine vulnerabilities**, including **CVE-2025-59366**, a **critical authentication bypass** that can let...

ASUS AiCloud routers critical authentication bypass (CVE-2025-59366)

Vulnerability
H score37 First: 26.11.2025 13:41 Last: 26.11.2025 13:41 Sources 1

About this happening: **CVE-2025-59366** is a **critical authentication bypass** in **ASUS AiCloud-enabled routers** that can let remote, unauthenticated attackers execute functions without proper auth...

Timeline

  1. 19.11.2025 16:35 2 articles · 7mo ago

    Operation WrtHug affects ASUS WRT routers worldwide

    Campaign Scope Update

    SecurityScorecard STRIKE identified Operation WrtHug as a global campaign hijacking thousands of ASUS WRT routers, mostly end-of-life or outdated devices, by exploiting CVE-2025-2492 and other ASUS command-injection flaws. Scanners found roughly 50,000 unique IPs across Taiwan, Southeast Asia, Russia, Central Europe, and the United States, and ASUS has issued security updates for the leveraged vulnerabilities while advising router owners to upgrade firmware, replace unsupported devices, or disable remote access features.

    Show sources