A tale of two botnets. [Research Saturday]

17 snips

Jun 28, 2025

Kyle Lefton, a Security Researcher from Akamai, shares insights on two Mirai-based botnets exploiting a critical vulnerability in the Wazuh platform. He highlights how swiftly attackers adapt proof-of-concept exploits, stressing the importance of patching vulnerabilities to prevent widespread malware spread. One botnet even targets Italian users, showcasing tailored strategies in cyber offenses. Lefton emphasizes learning from these incidents to enhance cybersecurity defenses and discusses the balance between transparency and security in addressing vulnerabilities.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

Discovery of Dual Botnet Exploitation

Akamai's honeypot network identifies active exploitation cases not previously reported.
Two distinct Mirai botnets are rapidly exploiting a single vulnerability in Wazuh servers.

INSIGHT

Wazuh's Wide Enterprise Use

Wazuh is an open source cybersecurity platform widely used by enterprises and Fortune 500s.
About 5,000 publicly accessible Wazuh servers were found, making widespread exploitation possible.

INSIGHT

Critical RCE Vulnerability Details

CVE-2025-24016 allows remote code execution via unsafe deserialization in Wazuh versions 4.4 to 4.9.
This critical vulnerability can let attackers run arbitrary Python code on affected servers.

Get the Snipd Podcast app to discover more snips from this episode

Get the app