Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers

Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.

Pulse ID: 6a0199674dd4cf450633dd32
Pulse Link: https://otx.alienvault.com/pulse/6a0199674dd4cf450633dd32
Pulse Author: AlienVault
Created: 2026-05-11 08:55:03

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DDoS #DoS #HTTP #HoneyPot #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #RemoteCodeExecution #TCP #UDP #Vietnam #Windows #Word #bot #botnet #AlienVault

Just released!

UDP Client for python: https://pypi.org/project/mudpack/

#Python #UDP #PurePython

New high-performance GStreamer UDP source element and SMPTE ST2110 capture

New Centricular devlog post by Sebastian Dröge

https://centricular.com/devlog/2026-05/udpsrc2/

#gstreamer #centricular #udp #st2110 #rtp #sdi #smpte291

DDoS Malware Exploiting Jenkins Servers to Attack Valve Source Gaming Infrastructure

A newly discovered DDoS botnet campaign abuses exposed Jenkins servers with weak authentication to deliver Windows and Linux payloads. The malware turns compromised hosts into bots and targets Valve Source Engine game servers using UDP floods, TCP push attacks, HTTP floods and query-based amplification attacks.

Pulse ID: 69f735ac2403f4a4cb9ca4c3
Pulse Link: https://otx.alienvault.com/pulse/69f735ac2403f4a4cb9ca4c3
Pulse Author: cryptocti
Created: 2026-05-03 11:46:52

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DDoS #DoS #HTTP #InfoSec #Linux #Malware #OTX #OpenThreatExchange #RCE #TCP #UDP #Windows #bot #botnet #cryptocti

UDP Network Monitoring with C++: A Comprehensive Guide

In this guide, I demonstrate how to build a UDP packet sniffer in C++ using raw sockets, parse packet headers, and extract key data like source/destination IPs and ports.
https://denizhalil.com/2025/07/14/udp-network-monitoring-cpp-packet-sniffer/

#CyberSecurity #NetworkMonitoring #PacketSniffer #UDP #Cpp #NetworkSecurity #InfoSec #BlueTeam #RedTeam #InfoSec #securityengineering #denizhalil

Dites, les mastonautes, vous qui connaissez tout sur les internets, les réseaux et les ip ! (oui je balaye large)
Est-ce qu'on peut savoir sur un mac quels sont les ports utilisés par quel logiciel ?

J'utilise un soft pour envoyer/recevoir des données en udp d'un ordinateur à l'autre, dans un bête réseau local.

Et quand je me suis mis sur le port 2222 pour recevoir, mais il y avait un comportement très bizarre que j'ai mis très longtemps à comprendre :

edit : trouvé !

#reseau #udp #help

Tracking Mirai Variant Nexcorium: A Vulnerability-Driven IoT Botnet Campaign

Nexcorium is a multi-architecture Mirai variant exploiting CVE-2024-3721 in TBK DVR devices to build a botnet for distributed denial-of-service attacks. The campaign, attributed to Nexus Team based on custom HTTP headers, uses OS command injection to deliver malware across ARM, MIPS, and x86-64 architectures. The malware implements multiple persistence mechanisms including init configuration, startup scripts, systemd services, and cron jobs. It features XOR-encoded configurations, self-integrity checks, and self-replication capabilities. Attack capabilities include UDP flood, TCP SYN flood, TCP ACK flood, and VSE query flood among others. The botnet spreads through brute-force attacks using default credentials and exploits CVE-2017-17215 targeting Huawei HG532 devices, demonstrating typical IoT-focused botnet characteristics.

Pulse ID: 69e2824d25c0dbc3e1de156b
Pulse Link: https://otx.alienvault.com/pulse/69e2824d25c0dbc3e1de156b
Pulse Author: AlienVault
Created: 2026-04-17 18:56:13

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ELF #GRIT #HTTP #ICS #InfoSec #IoT #Malware #Mirai #OTX #OpenThreatExchange #RAT #RCE #SMS #TCP #UDP #Vulnerability #bot #botnet #AlienVault

#datocurioso

¿Sabían que un puerto de red no es una conexión física, sino una construcción lógica que permite a una sola dirección IP manejar miles de servicios simultáneos?

A diferencia de los puertos físicos (como el conector Ethernet de una computadora), los puertos de red son identificadores numéricos de 16 bits que residen en la capa de transporte del modelo OSI. Este sistema permite que existan exactamente 65,535 puertos disponibles para cada protocolo de transporte, como TCP o UDP. Sin esta división lógica, una computadora solo podría realizar una tarea de red a la vez, ya que no habría forma de distinguir si los datos entrantes pertenecen a un navegador web, a un videojuego o a un cliente de correo electrónico.

El concepto se originó en los albores de ARPANET para permitir la multiplexación, es decir, que un mismo nodo pudiera establecer múltiples conexiones paralelas. Los puertos se clasifican en tres rangos específicos: los puertos bien conocidos (0 al 1023), reservados para servicios universales como HTTP (80) o HTTPS (443); los puertos registrados (1024 al 49151), utilizados por aplicaciones específicas de empresas; y los puertos dinámicos o privados (49152 al 65535), que el sistema operativo asigna de forma temporal para sesiones de usuario.

Esta estructura funciona de manera análoga a un edificio de apartamentos: mientras que la dirección IP es la ubicación del edificio completo, el número de puerto indica el número de departamento específico donde debe entregarse la información. Gracias a esta arquitectura, el sistema operativo puede dirigir cada paquete de datos al proceso correcto basándose únicamente en el número de puerto adjunto a la dirección de destino.

#Redes #Puertos #TCP #UDP #Informática #Historia #Protocolos