SSHStalker botnet uses IRC to target Linux servers

Researchers have identified a new Linux botnet called SSHStalker that relies on the outdated IRC protocol for its command-and-control operations. The botnet spreads through SSH scanning and brute-forcing, targeting cloud infrastructure. It incorporates old vulnerabilities and persistence mechanisms for broad infection.

7. januar 2026 Rapportert av AI

A Go-based botnet known as GoBruteforcer is scanning and compromising Linux servers globally by brute-forcing weak passwords on exposed services like FTP, MySQL, and PostgreSQL. Check Point Research has identified a 2025 variant that has infected tens of thousands of machines, putting over 50,000 internet-facing servers at risk. The attacks exploit common defaults from AI-generated configurations and legacy setups.

Researchers at Check Point have revealed that VoidLink, a sophisticated Linux malware targeting cloud servers, was largely built by a single developer using AI tools. The framework, which includes over 30 modular plugins for long-term system access, reached 88,000 lines of code in under a week despite plans suggesting a 20-30 week timeline. This development highlights AI's potential to accelerate advanced malware creation.

14. januar 2026 Rapportert av AI

Security researchers at Check Point have uncovered VoidLink, a sophisticated new Linux malware framework designed to target cloud infrastructures. Written in Zig and linked to Chinese developers, it features over 30 plugins for stealthy reconnaissance, credential theft, and lateral movement. No real-world infections have been observed yet, but its capabilities signal a growing threat to enterprise cloud environments.

OpenClaw, an open-source AI project formerly known as Moltbot and Clawdbot, has surged to over 100,000 GitHub stars in less than a week. This execution engine enables AI agents to perform actions like sending emails and managing calendars on users' behalf within chat interfaces. Its rise highlights potential to simplify crypto usability while raising security concerns.

10. desember 2025 Rapportert av AI

North Korean hackers have begun exploiting a critical vulnerability known as React2Shell in malware attacks. This follows similar actions by Chinese hackers, indicating a growing interest in this security flaw. The issue poses significant risks to affected systems.