Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

RondoDox persistent IoT and web app botnet campaign

Campaign
First reported
Last updated
Happening score
H score 58
2 unique sources, 2 articles

Summary

Hide ▲

Scattered Lapsus$ Hunters claimed they breached Resecurity and stole internal chats, logs, employee data, threat intelligence reports, and a complete client list, but Resecurity says the accessed environment was a deliberately deployed honeypot with fake data used to monitor the actor. Resecurity says it first detected probing on November 21, 2025, then observed December 2025 automation and exfiltration attempts before sharing intelligence with law enforcement.

Cases

RondoDox botnet pressure on IoT devices and web apps (1)

Related Happenings

TA416 European government espionage campaign

Campaign
First: 01.04.2026 15:05 Last: 01.04.2026 15:05 Sources 1

About this happening: TA416 has resumed **cyber espionage** activity, targeting **European governments** and **EU/NATO diplomatic missions** with a renewed malware-delivery operation that raises cross-...

Latest development: 03.04.2026 20:34

TA416 expanded its espionage campaign to Middle Eastern government and diplomatic entities after the outbreak of the U.S.-Israel-Iran conflict in late February 2026, while linking to archives hosted on Google Drive or a compromised SharePoint instance to refine its PlugX delivery chain and collect regional intelligence.

Open Happening

MuddyWater U.S. network intrusion campaign targeting banks, airports, and a software company arm

Campaign
First: 06.03.2026 12:23 Last: 06.03.2026 12:23 Sources 1

About this happening: **MuddyWater (Seedworm)** is running a **state-linked intrusion campaign** that has embedded itself in **U.S. banks, airports, a non-profit, and an Israeli software company arm**,...

Open Happening

Ariomex leaked database exposing 11,826 verified user records

Data Leak
First: 03.03.2026 16:30 Last: 03.03.2026 16:30 Sources 1

About this happening: A **newly obtained Ariomex database** exposed **11,826 verified user records**, creating a concrete view of activity tied to **sanctions evasion** and **large-scale capital transf...

Open Happening

React2Shell (CVE-2025-55182) mass scanning and exploitation wave

Exploitation Wave
First: 20.02.2026 23:07 Last: 20.02.2026 23:07 Sources 1

About this happening: **CVE-2025-55182 (React2Shell)** is being **actively exploited** across **React Server Components (RSC)** and **Next.js** environments, with reports now adding a **ransomware gang...

Open Happening

BlueNoroff spear-phishing campaign uses typosquatted Zoom, Teams, and Calendly lures against crypto firms

Campaign
First: 11.02.2026 00:17 Last: 11.02.2026 00:17 Sources 1

About this happening: **BlueNoroff**, a **North Korea-linked Lazarus Group** subgroup, ran a **large-scale spear-phishing campaign** against **100+ cryptocurrency organizations** in **20+ countries** b...

Open Happening

Timeline

  1. 03.01.2026 22:34 1 articles · 4mo ago

    Scattered Lapsus$ Hunters claim breach of Resecurity systems

    Initial Disclosure

    Scattered Lapsus$ Hunters claimed they gained full access to Resecurity systems and stole internal chats, logs, employee data, threat intelligence reports, and a complete client list, while Resecurity said the accessed environment was a deliberately deployed honeypot with fake employee, customer, and payment data used to monitor the actor.

    Show sources
    Open in new tab
  2. 01.01.2026 11:19 2 articles · 4mo ago

    RondoDox persistent IoT and web app botnet campaign

    Initial Disclosure

    In **March-April 2025**, the operation began with **initial reconnaissance and manual vulnerability scanning** against exposed IoT devices and web applications.

    Show sources
    Open in new tab