The Reveal Platform
Intel Name: Rondodox: from targeting pwn2own vulnerabilities to shotgunning exploits
Date of Scan: October 10, 2025
Impact: High
Summary: A major botnet campaign, dubbed RondoDox, is actively exploiting over 50 known vulnerabilities in routers, DVRs, NVRs, CCTV systems, and web servers from more than 30 vendors. Organizations with internet-facing infrastructure face heightened risks of data theft, persistent access, and operational disruption. Exploitation began in June 2025, using known CVEs like CVE-2023-1389, first disclosed during Pwn2Own events and now in CISA’s KEV catalog. Immediate patching of all listed vulnerabilities is critical, along with regular assessments, network segmentation, and continuous monitoring.
