Cisco security flaw exploited to build botnet of thousands of devices

When you buy through links on our articles, Future and its syndication partners may earn a commission.
Sekoia researchers warn of new ViciousTrap botnet
So far, it compromised more than 5,000 dated Cisco routers
The devices are vulnerable to an old improper validation bug
A high-severity vulnerability plaguing old Cisco routers is being used to build a malicious, global botnet, experts have warned.
Cybersecurity researchers Sekoia published an in-depth report on the threat actor - dubbed ViciousTrap - which is using a vulnerability tracked as CVE-2023-20118, to target Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers.
This flaw, found in the web-based management interface, allows an authenticated, remote attacker to execute arbitrary commands on an affected device, made possible due to improper validation of user input within incoming HTTP packets.
Unfortunately, Cisco won't be patching the bug since the affected devices are past their end-of-life date, WNE Security reported.
The vulnerability allowed ViciousTrap to execute a shell script named NetGhost, 'which redirects incoming traffic from specific ports of the compromised router to a honeypot-like infrastructure under the attacker's control allowing them to intercept network flows,' Sekoia explained.
So far, almost 5,300 devices, found in 84 countries around the world, were assimilated into the botnet. The majority of the victims are located in - Macau (850).
This is not the first time Sekoia is ringing the alarm on CVE-2023-20118. In late February 2025, TechRadar Pro reported Sekoia was warning about a botnet named PolarEdge, using the same vulnerability to target a range of devices from Cisco, ASUS, QNAP, and Synology. At the time, roughly 2,000 devices were said to have been affected.
For ViciousTrap's work, all exploitation attempts came from a single IP address, the researchers further discovered, stating that the attacks started in March 2025. It was also said the threat actors repurposed an undocumented web shell previously used in PolarEdge attacks.
Although these things are always difficult to confirm, Sekoia believes the attackers are Chinese in origin.
Via The Hacker News
IoT's botnet problem is up 500% – three things admins must do now
Take a look at our guide to the best authenticator app
We've rounded up the best password managers

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Forbes

2 hours ago

• Forbes

CMO And CISO: The Strategic Alliance Every B2B Tech Company Needs

Shashi Kiran is the Chief Marketing Officer (CMO) at Check Point Software, with prior executive roles at companies like Cisco and Broadcom. I recently participated in a CMO-CISO panel that explored these two roles. The discussion was healthy, and I was pleasantly surprised at the questions from the audience to both roles. As I shared some insights with members of my team, it made sense to capture some of these thoughts in an article for broader consumption. In general, the article reflects some of my own observations in roles that I've held over the past few years. Let's start with the obvious. In the fast-evolving world of B2B technology, roles in the C-suite are blurring. Among the most interesting of these convergences is the increasingly intertwined relationship between the chief marketing officer (CMO) and the chief information security officer (CISO). What used to be two very distinct domains—one driving growth, the other defending infrastructure—are now deeply linked. Today, both roles sit at the nexus of digital transformation, customer experience, data trust and corporate reputation. And in B2B tech, where deals are large, cycles are long and relationships are sacred, that partnership is no longer optional—it's strategic. B2B Marketing Is Now A Data Business For B2B marketers, storytelling has gone digital. Buying journeys unfold across multiple touchpoints—webinars, white papers, email campaigns, ABM platforms and more—all of which collect vast amounts of data. Whether it's firmographic enrichment, behavioral scoring or personalized content delivery, modern B2B marketing runs on data. And this data isn't just internal anymore. It often comes from integrations with third-party tools, shared CRM systems, intent providers or cookie-based ad platforms. That means exposure. That means risk. And increasingly, that means marketers must have a seat at the table in security conversations—not as bystanders, but as data owners. Cybersecurity Is A Revenue Issue On the flip side, the CISO's role in B2B tech has expanded from securing endpoints to protecting the entire digital business—including the customer-facing side. In a world where vendors are scrutinized not just on capabilities but on how they handle customer data, security is no longer a back-office function. It's a critical pillar in the sales process. One security questionnaire mishandled, one subpar response in an RFP or one breach in the news, and a multimillion-dollar deal could evaporate. Trust is a currency in B2B tech. And CISOs now help protect it at every stage—from pre-sales diligence to onboarding to ongoing customer success. Why CMOs And CISOs Must Collaborate B2B tech companies thrive on long-term relationships, not one-off transactions. This makes the alignment between marketing and security even more crucial. The blurred boundaries between marketing and security mean these two leaders must work together like never before. Here's why: Shared responsibility for customer trust: Both roles are now on the front lines of protecting (and enhancing) trust—marketing through messaging and engagement, security through privacy and protection. Joint ownership of the digital experience: Every new app, web form, personalization tool or data-driven initiative must be both engaging and secure. That requires marketing and security to co-design digital experiences, not work in silos. Regulatory and reputational alignment: CMOs need to understand the security implications of their data usage. CISOs need to understand the business impact of risk. Together, they can build strategies that are both innovative and compliant. Speed with safety: Marketing moves fast—campaigns launch overnight, trends shift in days. Security, traditionally slower and more methodical, must adapt to support this speed without compromising protection. That requires true partnership. Making The Partnership Work For B2B tech companies looking to foster tighter alignment between CMO and CISO, here's where to start: Speak each other's language: CMOs should gain a working knowledge of cybersecurity fundamentals, while CISOs should appreciate the urgency and agility of modern marketing. Embed security early in go-to-market initiatives: Don't bolt security on after the fact. Bring the CISO in at the planning stage of new campaigns, platforms or tools. Create shared dashboards: Jointly monitor metrics that matter—from lead quality to consent rates to customer data access audits. Make trust measurable. Build a culture of co-ownership: Encourage teams to work cross-functionally. Let marketers learn basic infosec hygiene. Let security teams understand martech architectures and lead scoring models. Tell the trust story—together: Marketing should celebrate security as a differentiator, not just a checkbox. CISOs should partner with marketing to craft narratives that showcase the company's commitment to privacy, governance and resilience. Foster a culture of collaboration: Cross-functional teams, joint workshops and shared road maps can help dissolve organizational barriers and align objectives. Final Thought: Building Secure Brands Takes Two To Tango In many ways, the CMO and the CISO are the new power couple of the digital age. One builds brand love, the other protects it. One generates data, the other safeguards it. Both are now stewards of customer trust—and that's the ultimate strategic asset. Admittedly, in many organizations the CISO and CIO roles are conjoined, but the matter outlined here still applies, and forward thinking CIOs partnering with marketing can drive substantial differentiation, as I've experienced firsthand. So if your marketing and security teams still operate in parallel, it's time to change the game. The future belongs to organizations where creativity and security work hand in hand—because in the end, nothing builds a brand like trust, and nothing erodes it faster than a breach. Forbes Communications Council is an invitation-only community for executives in successful public relations, media strategy, creative and advertising agencies. Do I qualify?

Yahoo

4 hours ago

• Yahoo

Social Security Benefits Are an Estimated 8 Years Away From Being Slashed -- and the Cuts Are Even Bigger Than Initially Forecast

Most retirees rely on their Social Security income, to some varied degree, to make ends meet. The 2025 Social Security Board of Trustees Report is calling for an even steeper reduction to retired-worker and survivor benefits come 2033 than was forecast last year. Ongoing demographic shifts are (mostly) responsible for Social Security's financial woes. However, the longer Congress waits to implement reforms, the costlier it'll be on working Americans. The $23,760 Social Security bonus most retirees completely overlook › Social Security represents more than just a monthly check for most retirees. To many, it's a financial lifeline that surveys and studies have shown they'd struggle to make do without. For 23 consecutive years, national pollster Gallup surveyed retirees to determine how important their Social Security income was to covering their expenses. Every year, no fewer than 80% of respondents noted it was necessary, in some capacity, to cover their costs. A separate analysis from the Center on Budget and Policy Priorities found that Social Security pulled 22 million people above the federal poverty line in 2023, including 16.3 million adults aged 65 and above. If the Social Security program didn't exist, the poverty rate for this group would be nearly four times higher (37.3%, estimated) than it was in 2023 (10.1%). For lawmakers, ensuring the financial health of Social Security should be of paramount importance. But based on the latest Social Security Board of Trustees Report, America's leading retirement program is on anything but stable ground. In January 1940, the Social Security program doled out its very first retired-worker benefit. Since then, the Social Security Board of Trustees has published an annual report intricately detailing how the program generates income, as well as where every dollar in outlays ends up. But what tends to garner even more attention is the Trustees' forecasts of what's to come for Social Security. Specifically, the short- (10-year) and long-term (75-year) projections, which are regularly updated to reflect fiscal policy changes, monetary policy shifts, and an assortment of demographic adjustments. Last week, the 2025 Social Security Board of Trustees Report was released -- and it contained some rather chilling news for current and future retirees. To begin with, the program's long-term unfunded obligation continues to widen. Every annual report since 1985 has pointed to a 75-year funding deficit between projected income to be collected and forecast outlays, which includes annual cost-of-living adjustments (COLAs). In present-day dollars, discounted to Jan. 1, 2025, this 75-year deficit stood at a staggering $25.1 trillion. However, the more worrisome news is the short-term forecast for the Old-Age and Survivors Insurance trust fund (OASI). This is the fund responsible for doling out monthly benefits to retired workers and survivors of deceased beneficiaries. Beginning in 2021, the OASI began outlaying more in benefits than was being collected in income. This outflow from the OASI's asset reserves is expected to grow with each passing year. By 2033, the OASI's asset reserves are projected to be completely exhausted. Before going any further, let's make clear that the OASI doesn't need a penny in asset reserves to remain solvent and continue to pay benefits to eligible recipients. With the lion's share of Social Security income collected from the 12.4% payroll tax on wages and salary, there will always be income to disburse to qualified beneficiaries. But if the OASI's asset reserves are depleted in eight years, as the latest Trustees Report predicts, the current payout schedule, inclusive of COLAs, won't be sustainable. The Trustees are forecasting a 23% cut to payouts may be necessary for retired workers and survivor beneficiaries by 2033 -- this is up from an estimated 21% cut outlined in the 2024 Trustees Report -- to sustain monthly benefits without the need for any further reductions through 2099. With Social Security providing a financial foundation to retirees for more than eight decades, the obvious question for current and future retirees is simple: How did Social Security get into this mess? What can be said with certainty is that "congressional theft" and "undocumented migrants receiving traditional Social Security benefits," which are two common myths/scapegoats mentioned by some people online, are the wrong answers. Rather, Social Security's worsening financial outlook is a function of numerous ongoing demographic shifts, as well as inaction on Capitol Hill. Some of these shifts are well-documented and understood by the public. For example, baby boomers reaching retirement age and leaving the workforce in larger numbers are weighing down the worker-to-beneficiary ratio. Likewise, people are living longer today than they were when Social Security initially began paying retired-worker benefits in 1940. To be somewhat blunt, the program wasn't designed to dish out payments to retirees for two or more decades, as is somewhat commonplace today. But a number of these demographic shifts aren't nearly as visible -- nevertheless, they're playing a key role in weakening the program. For starters, the U.S. fertility rate (i.e., hypothetical lifetime births per woman) hit an all-time low in 2023. A laundry list of factors, ranging from people waiting longer to get married and have children, to concerns about the health of the U.S. economy, have reduced the number of children being born and will, eventually, weigh down the worker-to-beneficiary ratio. Rising income inequality is another issue for Social Security. Based on data from the Social Security Administration, approximately 90% of all earned income (wages and salary, but not investment income) was subject to the 12.4% payroll tax in 1983. By 2023, only 83% of earned income was subject to this program-funding tax. In simple terms, the wages and salaries for high earners have been increasing at a faster pace than the National Average Wage Index, which determines the upper range of earned income exposed to the payroll tax. In short, more earned income is escaping the payroll tax as time passes. Insufficient net migration into the U.S. has been problematic, too. Social Security relies on younger people migrating to the U.S. and contributing to the program for decades via the payroll tax before earning a retirement benefit for themselves one day. Since 1997, the net migration rate into the U.S. has dropped off dramatically. The final culprit is the aforementioned lack of action by lawmakers in Washington, D.C. Although plenty of bills have been proposed, the cavernous ideological gap between Democrats and Republicans on Capitol Hill as to how best to strengthen Social Security has led to an ongoing stalemate. If there's a silver lining here, it's that lawmakers do have a knack for coming to Social Security's rescue in the 11th hour. But the longer Congress waits to tackle this issue, the costlier it's going to be on working Americans to fix. If you're like most Americans, you're a few years (or more) behind on your retirement savings. But a handful of little-known could help ensure a boost in your retirement income. One easy trick could pay you as much as $23,760 more... each year! Once you learn how to maximize your Social Security benefits, we think you could retire confidently with the peace of mind we're all after. Join Stock Advisor to learn more about these Motley Fool has a disclosure policy. Social Security Benefits Are an Estimated 8 Years Away From Being Slashed -- and the Cuts Are Even Bigger Than Initially Forecast was originally published by The Motley Fool Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data

Yahoo

13 hours ago

• Yahoo

I use these 3 ChatGPT prompts to work smarter and stay competitive — here's how

When you buy through links on our articles, Future and its syndication partners may earn a commission. If you've been following the news, you've probably seen it: AI-driven layoffs are on the rise. From newsroom cuts to tech giants automating tasks once handled by entire teams, AI is getting smarter and changing the job market faster than anyone expected. Whether you're trying to protect your current job or looking for your next role, the uncertainty is real. Even though I test AI tools for a living, I found myself asking: Could AI replace me, too? That's when I tried a simple exercise with ChatGPT — using just a few prompts to assess my career risk and figure out how to stay ahead of AI. Here's exactly how you can do the same. Start by copying and pasting your current resume into ChatGPT (or your preferred chatbot). You can also upload it directly, just be sure you have removed all personal, confidential or sensitive information first. If you don't have a formal resume handy, you could use ChatGPT to write one, or you can also provide a summary of your current role, responsibilities, and major skills. Once you've shared your background, type this prompt:"Based on my resume and skills, how soon will AI take my job?" You might be surprised by the response. AI can provide a candid, and often eye-opening, assessment of how vulnerable your role is to automation — and which aspects of your job are still uniquely human. It may flag parts of your skill set that are becoming less valuable in the current market. But, it may also give you reassurance based on your skills and ability to adapt. This is also a good time to enter the description of a job you're hoping to land in the next few years. Will it even exist? Next, follow up with this prompt: "What skills do I need to learn to pivot and future-proof my career?" The chatbot will typically generate a list of in-demand skills that can help you adapt, pivot to more secure roles or even transition into entirely new career paths. These often include areas where human expertise still has an edge — think creativity, emotional intelligence, leadership, strategy, problem-solving and relationship-building. Based on what the chatbot told you, go ahead and take your prompting a step further by asking ChatGPT: "What's the best way for me to start learning these skills?" In seconds, you'll get suggestions for online courses, certifications, books, podcasts and communities that can help you upskill — often tailored to your current industry or experience level. This quick exercise won't eliminate the risks of an AI-driven job market, but it will give you clarity and maybe even peace of mind as you discover new ways to use your skills. These prompts turn an overwhelming question (will AI take my job?) into an actionable plan. More importantly, it serves as a wake-up call: never stop learning. There are numerous ways you can elevate your human skillset and even develop skills to use AI to do your job better. The best way to stay relevant is to continuously evolve your skills and, where possible, double down on the human qualities AI can't easily replicate. That's your edge in an AI-powered ChatGPT the tough questions is a habit I now recommend to anyone, in any industry. I use the 'blank line' prompt every day now in ChatGPT — here's why Google just launched 'Search Live' — here's why you'll want to try it Midjourney video generation is here — but there's a problem holding it back