Cybersecurity researchers have disclosed details of a
persistent nine-month-long campaign that has targeted Internet of
Things (IoT) devices and web applications to enroll them into a
botnet known as RondoDox. As of December 2025, the activity has
been observed leveraging the recently disclosed React2Shell
(CVE-2025-55182, CVSS score: 10.0) flaw as an initial access
vector, CloudSEK said in an
Read more https://thehackernews.com/2026/01/rondodox-botnet-exploits-critical.html
