D-Link Routers Discontinued Affected by Mirai Botnet Attacks

Post Views: 7

Mirai Botnet Targets Discontinued D-Link Routers

Security researchers have discovered that discontinued D-Link DIR-823X routers are being targeted by the Mirai botnet due to a previously known command injection flaw (CVE-2025-29635).

Vulnerability Exploitation

This vulnerability has been present since early March, roughly a year after it was first disclosed. The affected devices, which were discontinued last year, allow attackers to load a shell script that retrieves the Mirai variant “tuxnokill.” This variant utilizes XOR encoding and features typical Mirai strings.

According to Akamai researchers, many threat actors frequently target older vulnerabilities, especially those with publicly available proof-of-concept (PoC) exploits.

Organizations are urged to promptly address disclosed security flaws to prevent such attacks. In related news, over 1,300 internet-exposed Microsoft SharePoint servers remain vulnerable to ongoing intrusions exploiting a zero-day spoofing flaw (CVE-2026-32201). Only a few hundred online SharePoint instances have been patched since last week’s Patch Tuesday release. Additionally, Microsoft has addressed a critical ASP.NET Core privilege escalation vulnerability through recent patches. Furthermore, Apple has patched a vulnerability (CVE-2026-28950) that allowed users to recover deleted data on iPhones.

Importance of Security Measures

The Mirai botnet has been linked to various high-profile attacks, causing significant disruptions to networks worldwide. As seen in previous cases, threat actors often exploit existing vulnerabilities to gain access to systems and launch attacks. It is crucial for organizations to stay vigilant and implement robust security measures to protect themselves against such threats.