Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

JDY botnet expanded reconnaissance and flaw-focused scanning activity

Malware Activity
First reported
Last updated
Happening score
H score 27
1 unique sources, 1 articles

Summary

Hide ▲

The JDY botnet has expanded its reconnaissance and flaw-focused scanning, increasing the risk that exposed infrastructure will be rapidly identified and targeted. Researchers say it remains heavily focused on the United States, especially U.S. military and associated networks, while operating through compromised SOHO and IoT devices. The botnet's scanning workflow helps operators locate systems vulnerable to newly disclosed flaws and quickly operationalize the results. Its growth from January 2024 to today also shows the network is becoming a more capable discovery platform.

Related Happenings

Calypso telecommunications espionage campaign using Showboat and JFMBackdoor

Campaign
H score36 First: 21.05.2026 17:00 Last: 21.05.2026 17:00 Sources 1

About this happening: A **Calypso / Red Lamassu** espionage campaign is targeting **telecommunications providers** with new **Showboat** and **JFMBackdoor** malware, increasing the risk of long-term co...

Open Happening

AVRecon malware for Linux powering SocksEscort proxy network

Malware Activity
H score28 First: 12.03.2026 18:19 Last: 12.03.2026 18:19 Sources 1

About this happening: The **AVRecon** malware for Linux powered the **SocksEscort** proxy network, turning compromised **Linux-based SOHO routers** into traffic-routing nodes at scale. It was believed...

Open Happening

GoBruteforcer botnet brute-forces exposed Linux servers with a more capable mid-2025 variant

Malware Activity
H score36 First: 08.01.2026 19:30 Last: 08.01.2026 19:30 Sources 1

About this happening: **GoBruteforcer** is actively brute-forcing **Linux servers exposed to the internet**, creating a broad risk of compromise, **data theft** and **botnet expansion**. The operation...

Open Happening

RondoDox botnet React2Shell malware deployment against Next.js servers

Malware Activity
H score47 First: 31.12.2025 16:58 Last: 31.12.2025 16:58 Sources 1

About this happening: The **RondoDox botnet** is exploiting **CVE-2025-55182 (React2Shell)** to compromise **Next.js servers**, turning exposed systems into malware hosts and expanding botnet reach. Ac...

Open Happening

Timeline

  1. 10.06.2026 18:00 2 articles · 2h ago

    JDY botnet expands reconnaissance against U.S. military networks

    Campaign Scope Update

    Black Lotus Labs by Lumen says JDY has expanded its reconnaissance and flaw-focused scanning, maintains a strong focus on the United States, and heavily targets military and associated networks. The botnet has grown from roughly 650 active bots in January 2024 to over 1,500 compromised SOHO and IoT devices, and its operators are using the network to identify vulnerable infrastructure shortly after public vulnerability disclosures, including scans against CVE-2026-35616.

    Show sources
    Open in new tab