Check Point Research

A Go-based botnet known as GoBruteforcer is scanning and compromising Linux servers globally by brute-forcing weak passwords on exposed services like FTP, MySQL, and PostgreSQL. Check Point Research has identified a 2025 variant that has infected tens of thousands of machines, putting over 50,000 internet-facing servers at risk. The attacks exploit common defaults from AI-generated configurations and legacy setups.