RondoDox botnet targets 56 n-day flaws in worldwide attacks
A new large-scale botnet called RondoDox is targeting 56 vulnerabilities in more than 30 distinct devices, including flaws first disclosed during Pwn2Own hacking competitions. [...]
Pwn2Own is a hacking competition where researchers demonstrate software and device vulnerabilities, helping vendors identify flaws and improve security.
Search across headline titles and summaries.
Background for this topic.
Pwn2Own is a sanctioned hacking competition in which security researchers exploit specified software, devices, or other technology under controlled rules for cash prizes. Targets vary by edition and may include browsers, operating systems, virtualization, mobile devices, enterprise applications, vehicles, or industrial systems. Winning attempts commonly use previously undisclosed vulnerabilities, sometimes chaining several flaws to achieve code execution, sandbox escape, or privilege escalation.
Its security value is that it produces evidence that a vulnerability can be exploited against a real target, rather than merely theoretical findings. Organizers coordinate disclosure with affected developers, who can investigate and issue fixes or mitigations. Security teams should monitor related advisories, identify whether their deployed versions are affected, and prioritize patching when a demonstrated exploit involves an exposed attack surface or requires limited user interaction. Competition results do not mean every instance is exploitable in every environment, and technical exploit details may remain restricted until remediation is available.
A new large-scale botnet called RondoDox is targeting 56 vulnerabilities in more than 30 distinct devices, including flaws first disclosed during Pwn2Own hacking competitions. [...]
Trend™ Research and ZDI Threat Hunters have identified a large-scale RondoDox botnet campaign exploiting over 50 vulnerabilities across more than 30 vendors, including flaws first seen in Pwn2Own contests.