Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers

Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.

Pulse ID: 6a0199674dd4cf450633dd32
Pulse Link: https://otx.alienvault.com/pulse/6a0199674dd4cf450633dd32
Pulse Author: AlienVault
Created: 2026-05-11 08:55:03

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DDoS #DoS #HTTP #HoneyPot #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #RemoteCodeExecution #TCP #UDP #Vietnam #Windows #Word #bot #botnet #AlienVault

Just released!

UDP Client for python: https://pypi.org/project/mudpack/

#Python #UDP #PurePython

New high-performance GStreamer UDP source element and SMPTE ST2110 capture

New Centricular devlog post by Sebastian Dröge

https://centricular.com/devlog/2026-05/udpsrc2/

#gstreamer #centricular #udp #st2110 #rtp #sdi #smpte291

DDoS Malware Exploiting Jenkins Servers to Attack Valve Source Gaming Infrastructure

A newly discovered DDoS botnet campaign abuses exposed Jenkins servers with weak authentication to deliver Windows and Linux payloads. The malware turns compromised hosts into bots and targets Valve Source Engine game servers using UDP floods, TCP push attacks, HTTP floods and query-based amplification attacks.

Pulse ID: 69f735ac2403f4a4cb9ca4c3
Pulse Link: https://otx.alienvault.com/pulse/69f735ac2403f4a4cb9ca4c3
Pulse Author: cryptocti
Created: 2026-05-03 11:46:52

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DDoS #DoS #HTTP #InfoSec #Linux #Malware #OTX #OpenThreatExchange #RCE #TCP #UDP #Windows #bot #botnet #cryptocti

UDP Network Monitoring with C++: A Comprehensive Guide

In this guide, I demonstrate how to build a UDP packet sniffer in C++ using raw sockets, parse packet headers, and extract key data like source/destination IPs and ports.
https://denizhalil.com/2025/07/14/udp-network-monitoring-cpp-packet-sniffer/

#CyberSecurity #NetworkMonitoring #PacketSniffer #UDP #Cpp #NetworkSecurity #InfoSec #BlueTeam #RedTeam #InfoSec #securityengineering #denizhalil

Dites, les mastonautes, vous qui connaissez tout sur les internets, les réseaux et les ip ! (oui je balaye large)
Est-ce qu'on peut savoir sur un mac quels sont les ports utilisés par quel logiciel ?

J'utilise un soft pour envoyer/recevoir des données en udp d'un ordinateur à l'autre, dans un bête réseau local.

Et quand je me suis mis sur le port 2222 pour recevoir, mais il y avait un comportement très bizarre que j'ai mis très longtemps à comprendre :

edit : trouvé !

#reseau #udp #help

Tracking Mirai Variant Nexcorium: A Vulnerability-Driven IoT Botnet Campaign

Nexcorium is a multi-architecture Mirai variant exploiting CVE-2024-3721 in TBK DVR devices to build a botnet for distributed denial-of-service attacks. The campaign, attributed to Nexus Team based on custom HTTP headers, uses OS command injection to deliver malware across ARM, MIPS, and x86-64 architectures. The malware implements multiple persistence mechanisms including init configuration, startup scripts, systemd services, and cron jobs. It features XOR-encoded configurations, self-integrity checks, and self-replication capabilities. Attack capabilities include UDP flood, TCP SYN flood, TCP ACK flood, and VSE query flood among others. The botnet spreads through brute-force attacks using default credentials and exploits CVE-2017-17215 targeting Huawei HG532 devices, demonstrating typical IoT-focused botnet characteristics.

Pulse ID: 69e2824d25c0dbc3e1de156b
Pulse Link: https://otx.alienvault.com/pulse/69e2824d25c0dbc3e1de156b
Pulse Author: AlienVault
Created: 2026-04-17 18:56:13

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ELF #GRIT #HTTP #ICS #InfoSec #IoT #Malware #Mirai #OTX #OpenThreatExchange #RAT #RCE #SMS #TCP #UDP #Vulnerability #bot #botnet #AlienVault

You are not a bloody noob if you understand this #meme ;)

#udp #network #osi #connection #internet #online #package #send #information #software #problem #bandwidth #joke #technology #nerd #humor #lol #lmao #rotfl #joke #just4fun