Botnet
AryStinger Turns 4,300 End-of-Life Routers Into a Reconnaissance Proxy Network
QiAnXin XLab's AryStinger has hijacked 4,300+ legacy Realtek RTL819X routers — mostly D-Link DIR-850L — into a pre-intrusion recon and proxy mesh using decade-old CVEs.
Over 1,000 Exposed ComfyUI Instances Hijacked for Cryptomining and Proxy Botnet
Active campaign targets unauthenticated ComfyUI deployments across cloud providers, enlisting them into Monero mining and a Hysteria V2 proxy botnet via malicious custom nodes.
CVE-2026-0625: Unauthenticated RCE via DNS Config Endpoint Hits Millions of End-of-Life D-Link Routers
A critical command injection flaw in the dnscfg.cgi endpoint of legacy D-Link DSL, DIR, and DNS devices enables unauthenticated RCE — with no patches coming and active exploitation dating back to November 2025.