BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Spike in Botnet Attacks Targets PHP Servers, IoT Devices, Cloud

  • Automated attacks are increasing against PHP servers, IoT devices, and cloud gateways.
  • Botnets like Mirai, Gafgyt, and Mozi exploit known security flaws and cloud setup errors.
  • PHP-based systems, especially with WordPress and Craft CMS, face high risk due to common vulnerabilities and misconfigurations.
  • Attackers also exploit debugging tools left active in production and seek credentials and API keys on exposed servers.
  • The AISURU botnet can launch massive DDoS attacks and provide residential proxy services for malicious use.

Cybersecurity experts report a surge in automated cyberattacks targeting PHP servers, Internet of Things (IoT) devices, and cloud gateway systems. These attacks, observed worldwide, are carried out by botnets such as Mirai, Gafgyt, and Mozi, which take advantage of known vulnerabilities and cloud misconfigurations to control exposed systems and grow their networks.

- Advertisement -

The Qualys Threat Research Unit detailed in a report shared with The Hacker News that PHP servers are especially targeted because many use popular content management systems like WordPress and Craft CMS. These platforms often have outdated plugins, themes, and insecure storage, making them vulnerable to attacks.

Some major security flaws in PHP frameworks exploited by attackers include CVE-2017-9841 in PHPUnit, CVE-2021-3129 in Laravel, and CVE-2022-47945 in the ThinkPHP Framework. Attackers have also used “/?XDEBUG_SESSION_START=phpstorm” query strings to trigger Xdebug debugging sessions, a tool intended for developers that if left active, can expose sensitive data.

Beyond PHP servers, threat actors search for credentials, API keys, and access tokens on servers exposed to the internet. They also exploit IoT devices using known issues like CVE-2022-22947 in Spring Cloud Gateway, CVE-2024-3721 in TBK DVR models, and misconfigurations in MVPower DVRs that allow unauthorized system command execution.

Much of the scanning activity comes from cloud platforms including Amazon Web Services, Google Cloud, Microsoft Azure, Digital Ocean, and Akamai Cloud. This use of legitimate services helps attackers hide their true locations.

- Advertisement -

James Maude, field CTO at BeyondTrust, explained, “Having access to a vast network of routers and their IP addresses can allow threat actors to perform credential stuffing and password spray attacks at huge scale. Botnets can also evade geolocation controls by stealing a user’s credentials or hijacking a browser session…”

Meanwhile, NETSCOUT identified the AISURU botnet, which can generate distributed denial-of-service (DDoS) attacks exceeding 20 terabits per second. This botnet is mainly composed of consumer broadband routers, CCTV, DVRs, and other customer equipment. According to NETSCOUT, AISURU includes a residential proxy service that allows malicious users to disguise their identity and carry out attacks like HTTPS application-layer DDoS, credential stuffing, spamming, and phishing.

For more details, see the full reports by The Hacker News and NETSCOUT.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Saylor’s ‘Orange Dots’ Signal Fails to Clarify Bitcoin Strategy

Strategy founder Michael Saylor posted a cryptic signal on Sunday, prompting analysts to call...

Crypto’s $2T Crash Awaits BlackRock Shock & FOMO

Bitcoin has stabilized near $60,000 after a downturn erased $2 trillion from the crypto...

Cambridge: Ethereum Energy Intensity Low, Overall Use High

Ethereum consumes roughly 7.87 GWh annually, the second-lowest energy intensity per market value among...

Saylor and Back oppose BIP-110 fork over Bitcoin security fears

Michael Saylor and Adam Back have publicly opposed BIP-110, a temporary Bitcoin fork proposal...

China, India groups target Pakistani police in cyber espionage

Suspected China- and India-aligned threat actors targeted Pakistani law enforcement in a sustained cyber...

Must Read

How to Buy Dedicated Hosting With Crypto

In this article I am going to show you how to buy dedicated hosting with crypto from one of the best European hosting providers...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading