RondoDox Exploits Unpatched XWiki Servers to Pull More Devices Into Its Botnet

Published on November 15, 2025

The botnet malware known as RondoDox has been observed targeting unpatched XWiki instances against a critical security flaw that could allow attackers to achieve arbitrary code execution. The vulnerability in question is CVE-2025-24893 (CVSS score: 9.8), an eval injection bug that could allow any guest user to perform arbitrary remote code execution through a request to the "/bin/get/Main/

Continue reading on website
Other news

Jaguar Land Rover cyberattack cost the company over $220 million

November 15, 2025
Jaguar Land Rover (JLR) published its financial results for July 1 to September 30, warning that the cost of a recent cyberattack totaled £196 million ($220 million) in the quarter. [...]

Decades-old ‘Finger’ protocol abused in ClickFix malware attacks

November 15, 2025
The decades-old "finger" command is making a comeback,, with threat actors using the protocol to retrieve remote commands to execute on Windows devices. [...]