Find notable cyber news and cases, enriched with sources, timelines, and signals.

TBK DVR command injection flaw actively exploited (CVE-2024-3721)

Vulnerability
First reported
Last updated
Happening score
H score 1
1 unique sources, 1 articles

Summary

Hide ▲

The CVE-2024-3721 command injection flaw in TBK DVR systems is being actively exploited to gain access and install Nexcorium malware. Attackers abuse crafted requests to trigger a downloader script that pulls malicious Linux binaries for multiple architectures. The result is remote compromise of exposed DVR devices and a foothold for a Mirai-based botnet.

Related Happenings

RustDuck DDoS botnet activity targeting routers and servers

Malware Activity
H score27 First: 30.06.2026 20:45 Last: 30.06.2026 20:45 Sources 1

About this happening: The **RustDuck** malware family is **hijacking routers, cameras, Android boxes, and servers** to assemble a **DDoS botnet** that can flood targets and knock websites and online se...

C0XMO Gafgyt botnet activity on DD-WRT routers

Malware Activity
H score19 First: 07.06.2026 17:17 Last: 07.06.2026 17:17 Sources 1

About this happening: The **C0XMO** botnet is spreading through **DD-WRT router firmware** and other internet-facing devices, increasing the pool of systems available for **DDoS** attacks. It exploits...

Mirai-based CVE-2025-29635 D-Link DIR-823X botnet-enlistment campaign

Campaign
H score38 First: 22.04.2026 23:04 Last: 22.04.2026 23:04 Sources 1

About this happening: The **Mirai-based malware campaign** is **actively exploiting CVE-2025-29635** against **D-Link DIR-823X routers**, turning vulnerable devices into botnet nodes. The activity matt...

Nexcorium Mirai botnet activity on TBK DVR devices

Malware Activity
H score27 First: 18.04.2026 09:01 Last: 18.04.2026 09:01 Sources 1

How related: The activity targets CVE-2024-3721 in TBK DVR systems, enabling attackers to gain access and install a multi-architecture Mirai variant malware known as Nexcorium.

About this happening: **Nexcorium**, a **Mirai variant**, is now being deployed against **TBK DVR-4104** and **DVR-4216** devices by exploiting **CVE-2024-3721**, turning compromised IoT hardware into...

BPFDoor Linux backdoor with HTTPS-hidden trigger packets

Malware Activity
H score23 First: 26.03.2026 19:40 Last: 26.03.2026 19:40 Sources 1

About this happening: A newly disclosed **BPFDoor** variant is hiding trigger packets inside **HTTPS traffic** and using **ICMP** between infected hosts, making the **Linux** backdoor harder to detect...

Timeline

  1. 20.04.2026 16:01 2 articles · 2mo ago

    FortiGuard Labs discloses CVE-2024-3721 exploitation in TBK DVR systems

    Initial Disclosure

    FortiGuard Labs reports active exploitation of CVE-2024-3721 in TBK DVR systems to install the Mirai-based Nexcorium malware; crafted requests abuse vulnerable parameters to launch a downloader script that retrieves Linux binaries for ARM, MIPS and x86-64 systems, and attack traffic includes a custom HTTP header referencing "Nexus Team".

    Show sources