BotNet List - 2026 2025 2024 2023 2021 2020 2019 2018
DATE | NAME |
Info | CATEG. |
WEB |
| 12.5.26 | Why we use CAPTCHAs | A few months ago, I implemented Cloudflare's Turnstile CAPTCHA on some pages. The reason for implementing these CAPTCHAs is obvious: Bots make up a large percentage of traffic and affect site performance. | BotNet | SANS |
| 7.5.26 | Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks | Cybersecurity researchers have exposed a new Mirai -derived botnet that self-identifies as xlabs_v1 and targets internet-exposed devices running | BotNet | The Hacker News |
| 18.4.26 | Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet | Threat actors are exploiting security flaws in TBK DVR and end‑of‑life (EoL) TP-Link Wi-Fi routers to deploy Mirai -botnet variants on compromised devices, | BotNet | The Hacker News |
| 17.4.26 | Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic | Cybersecurity researchers have warned of an active malicious campaign that's targeting the workforce in the Czech Republic with a previously undocumented | BotNet | The Hacker News |
| 10.4.26 | Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices | Cybersecurity researchers have lifted the curtain on a stealthy botnet that's designed for distributed denial-of-service (DDoS) attacks. Called Masjesu , the | BotNet | The Hacker News |
| 28.3.26 | Manager of botnet used in ransomware attacks gets 2 years in prison | A Russian national has been sentenced to two years in prison after admitting that the phishing botnet he managed was used to launch BitPaymer ransomware attacks against 72 U.S. companies. | BotNet | BleepingComputer |
| 22.3.26 | International joint action disrupts world’s largest DDoS botnets | Authorities from the United States, Germany, and Canada have taken down Command and Control (C2) infrastructure used by the Aisuru, KimWolf, JackSkid, and Mossad botnets to infect Internet of Things (IoT) devices. | BotNet | BleepingComputer |
| 20.3.26 | DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks | The U.S. Department of Justice (DoJ) on Thursday announced the disruption of command-and-control (C2) infrastructure used by several Internet of Things | BotNet | The Hacker News |
| 14.3.26 | New KadNap botnet hijacks ASUS routers to fuel cybercrime proxy network | A newly discovered botnet malware called KadNap is targeting ASUS routers and other edge networking devices to turn them into proxies for malicious traffic. | BotNet | BleepingComputer |
| 13.3.26 | Authorities Disrupt SocksEscort Proxy Botnet Exploiting 369,000 IPs Across 163 Countries | A court-authorized international law enforcement operation has dismantled a criminal proxy service named SocksEscort that enslaved thousands of | BotNet | The Hacker News |
| 12.3.26 | Microsoft Teams will tag third-party bots trying to join meetings | Microsoft says Teams will soon automatically tag third-party bots in lobbies, allowing organizers to control whether they can join meetings. | BotNet | |
| 27.2.26 | Aeternum C2 Botnet Stores Encrypted Commands on Polygon Blockchain to Evade Takedown | Cybersecurity researchers have disclosed details of a new botnet loader called Aeternum C2 that uses a blockchain-based command-and-control (C2) | BotNet | The Hacker News |
| 13.2.26 | New Linux botnet SSHStalker uses old-school IRC for C2 comms | A newly documented Linux botnet named SSHStalker is using the IRC (Internet Relay Chat) communication protocol for command-and-control (C2) operations. | BotNet | |
| 11.2.26 | SSHStalker Botnet Uses IRC C2 to Control Linux Systems via Legacy Kernel Exploits | Cybersecurity researchers have disclosed details of a new botnet operation called SSHStalker that relies on the Internet Relay Chat ( IRC ) communication | BotNet | The Hacker News |
| 5.2.26 | 2025 Q4 DDoS threat report: A record-setting 31.4 Tbps attack caps a year of massive DDoS assaults | Welcome to the 24th edition of Cloudflare’s Quarterly DDoS Threat Report. In this report, Cloudforce One offers a comprehensive analysis of the evolving threat landscape of Distributed Denial of Service (DDoS) attacks based on data from the Cloudflare network. In this edition, we focus on the fourth quarter of 2025, as well as share overall 2025 data. | BotNet | CLOUDFLARE |
| 5.2.26 | AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack | The distributed denial-of-service ( DDoS ) botnet known as AISURU/Kimwolf has been attributed to a record-setting attack that peaked at 31.4 Terabits per | BotNet | The Hacker News |
| 3.2.26 | Aisuru botnet sets new record with 31.4 Tbps DDoS attack | The Aisuru/Kimwolf botnet launched a new massive distributed denial of service (DDoS) attack in December 2025, peaking at 31.4 Tbps and 200 million requests per second. | BotNet | |
| 14.1.26 | Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers | The Black Lotus Labs team at Lumen Technologies said it null-routed traffic to more than 550 command-and-control (C2) nodes associated with the AISURU/Kimwolf botnet since early | BotNet | The Hacker News |
| 12.1.26 | GoBruteforcer Botnet Targets Crypto Project Databases by Exploiting Weak Credentials | A new wave of GoBruteforcer attacks has targeted databases of cryptocurrency and blockchain projects to co-opt them into a botnet that's capable of brute-forcing user | BotNet | The Hacker News |
| 10.1.26 | Kimwolf Android botnet abuses residential proxies to infect internal devices | The Kimwolf botnet, an Android variant of the Aisuru malware, has grown to more than two million hosts, most of them infected by exploiting vulnerabilities in residential proxy networks to target devices on internal networks. | BotNet | |
| 6.1.26 | Kimwolf Android Botnet Infects Over 2 Million Devices via Exposed ADB and Proxy Networks | The botnet known as Kimwolf has infected more than 2 million Android devices by tunneling through residential proxy networks, according to findings from Synthient. "Key actors involved | BotNet | The Hacker News |
| 3.1.26 | RondoDox botnet exploits React2Shell flaw to breach Next.js servers | The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers. | BotNet | |
| 2.1.26 | RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers | Cybersecurity researchers have disclosed details of a persistent nine-month-long campaign that has targeted Internet of Things (IoT) devices and web applications to enroll them into a botnet known as RondoDox. | BotNet | The Hacker News |