Cybersecurity researchers have disclosed details of a persistent nine-month-long campaign that has targeted Internet of Things (IoT) devices and web applications to enroll them into a botnet known as RondoDox. As of December 2025, the activity has been observed leveraging the recently disclosed React2Shell (CVE-2025-55182, CVSS score: 10.0) flaw as an initial access vector, CloudSEK said in an
Cybersecurity companies must adapt their AI-powered threat detection and prevention tools to address botnets leveraging vulnerabilities in IoT devices and web applications. The government sector requires policy that supports a baseline of cybersecurity with the increase of AI driven botnets.
Businesses need to invest in AI-powered cybersecurity tools to automate the detection and remediation of botnet infections, reducing the workload on security teams and minimizing the potential damage from successful attacks. Integrating AI-driven threat intelligence platforms can proactively identify and block malicious activity before it impacts critical systems.