RondoDox Botnet Exploits Devices with React2Shell Flaw

RondoDox Botnet Exploits Devices with React2Shell Flaw

The RondoDox botnet has significantly ramped up its activity by exploiting the React2Shell vulnerability. The botnet targets approximately 90,000 unpatched instances worldwide and deploys a multi-stage payload that includes cryptocurrency miners, Mirai-based DDoS components, and a health checker designed to eliminate malware from infected systems. Security researchers warn that the botnet maintains persistence through crontab modifications and employs aggressive process monitoring to defend its foothold on compromised servers.

Source: Security Week, The Hacker News

Sedgwick Confirms Data Breach

Sedgwick has confirmed a data breach at its government-focused subsidiary(Sedgwick Government Solutions) after the TridentLocker ransomware gang claimed to have exfiltrated approximately 3.4 GB of sensitive documents. The incident specifically involved unauthorized access to an isolated file transfer system, potentially impacting federal clients such as the DHS, ICE, and CISA. While the subsidiary is segmented from Sedgwick’s broader corporate network, the company has engaged external experts to investigate the scope of the exposure.

Source: Bleeping Computer

European Space Agency Under Data Breach

The European Space Agency (ESA) has confirmed a data breach involving a limited number of external servers that host unclassified information for scientific collaboration. The confirmation follows claims from a threat actor known as “888” on BreachForums, who alleged they exfiltrated 200GB of data, including JIRA and Bitbucket repositories, after maintaining access for a week. ESA officials stated that their core corporate network and critical mission operations remain unaffected, though they have initiated a forensic analysis and secured the compromised devices.

Source: Infosecurity Magazine

Scattered Lapsus$ Hunters Group Caught in Honeypot

Cybersecurity firm Resecurity was targeted by the “Scattered Lapsus$ Hunters” group. The group claimed to have breached the company’s internal servers and exfiltrated over 200GB of sensitive data, including employee information and threat intelligence. The group also claimed Resecurity employees pretended to be buyers during the sale of an alleged Vietnam financial system database, seeking free samples and additional information. According to Resecurity, the entire incident was a controlled “active defense” operation involving a sophisticated honeypot.

Source: Security Week, Security Affairs

Latest Oracle EBS Victims: Korean Air, University of Phoenix

Victims of the CL0P ransomware group’s August campaign targeting Oracle E-Business Suite vulnerabilities are still coping with the aftermath of the cyberattacks, as Korean Air and the University of Phoenix have become the latest to reveal details of the breach. Other confirmed victims in the Oracle campaign have included The Washington Post, Harvard University, Dartmouth College, the University of Pennsylvania, American Airlines’ Envoy Air, Logitech, Cox, Mazda, Canon, and Hitachi’s GlobalLogic.

Source: The Cyber Express

Click here to subscribe our Newsletter