The “Ballista” botnet campaign is exploiting a high-level security flaw to infect unpatched TP-Link routers. Detected by Cato CTRL researchers in January 2025, it has affected over 6,000 devices in countries including Brazil, the UK, and Turkey, with its main targets being the US, Australia, China, and Mexico, where it targets manufacturing, healthcare, and tech organizations. Once installed, Ballista can run remote commands, launch DoS attacks, and scour through sensitive files.
Lazarus Infects New Batch of JavaScript Packages With Crypto Stealing Malware: Researchers
North Korea’s Lazarus hacking group has been linked to six new disruptive npm packages, which appear to target specific developers and could extract cryptocurrency data.
