Langflow, an open-source AI framework, is now being weaponized in a botnet campaign. A new variant of the Flodrix botnet is exploiting a critical vulnerability in unpatched Langflow servers, allowing attackers to run arbitrary code and deploy encrypted DDoS malware. Despite a fix released in March, many systems remain exposed, and threat actors are using publicly available exploits to scale their attacks.

A simple "I'm not a robot" click is being used to launch a fileless RAT. A deceptive campaign targeting German-speaking users delivers AsyncRAT via obfuscated PowerShell triggered through fake CAPTCHA prompts. The malware runs entirely in memory, establishes persistence through registry edits, and communicates with a remote C2 server on TCP port 4444—all while avoiding traditional detection methods.

A zero-day in Chrome is letting attackers break out of the browser and into the system. The TaxOff (Team46) group is actively exploiting CVE-2025-2783, a flaw in Chrome’s Mojo IPC component, through phishing emails masked as event invites. Once inside, they deploy a layered backdoor called Trinper, using encryption and anti-debugging techniques to maintain control and gather intel.

Top Malware Reported in the Last 24 Hours

Flodrix botnet abuses Langflow bug

A new variant of the Flodrix botnet exploits a critical vulnerability (CVE-2025-3248, CVSS score: 9.8) in Langflow, a Python-based AI framework, to execute DDoS attacks. The vulnerability, caused by missing authentication, allows unauthenticated attackers to execute arbitrary code via crafted HTTP requests. Langflow patched this issue in March 2025 with version 1.3.0. Threat actors use a publicly available PoC to target unpatched Langflow servers, deploying downloader scripts that fetch and install Flodrix malware. The botnet introduces new encrypted DDoS attack types, complicating analysis, and enumerates running processes to identify high-value targets. The campaign is still under active development, with threat actors hosting multiple downloader scripts on the same server.

Fileless AsyncRAT deployed via Clickfix

A fileless AsyncRAT malware campaign is targeting German-speaking users through a deceptive “I’m not a robot” prompt on Clickfix-themed websites. The attack leverages obfuscated PowerShell commands executed via `conhost.exe`, which download and run malicious payloads from a remote server. This payload establishes persistence by modifying registry keys and communicates with a C2 server on TCP port 4444. The malware employs in-memory C# code that is compiled using PowerShell's `Add-Type`, allowing it to evade traditional detection methods. The campaign has been linked to additional infrastructure, indicating it has been active since at least April.

Wave of attacks drop HijackLoader and DeerStealer

Cybercriminals are using HijackLoader and DeerStealer in phishing campaigns, redirecting victims to malicious pages that execute PowerShell commands to download malware. HijackLoader employs steganography to hide configuration data in PNG images and exploits legitimate binaries to run unsigned malicious code, injecting DeerStealer into memory. DeerStealer is an advanced infostealer capable of extracting data from over 50 web browsers, hijacking cryptocurrency wallets, and stealing credentials from various applications. It also features stealthy remote access and encrypted communication. The attack process involves the use of a signed binary from COMODO, which loads a manipulated DLL to decrypt and inject DeerStealer into legitimate processes.

Top Vulnerabilities Reported in the Last 24 Hours

ASUS patches Armoury Crate vulnerability

Asus patched a high-severity vulnerability (CVE-2025-3464) in Armoury Crate software, which could lead to full system compromise. The flaw stems from an authorization bypass related to the AsIO3.sys driver, allowing attackers to exploit the system by creating a crafted hard link. Exploiting the vulnerability enables attackers to map physical memory, access I/O ports, and escalate privileges, posing critical security risks. Affected Armoury Crate versions are between 5.9.9.0 and 6.1.18.0; users must update to the latest version to secure their systems.

Team46 exploits Chrome zero-day

A zero-day vulnerability in Google Chrome (CVE-2025-2783) is being exploited by Team46 (TaxOff). The attack involves phishing emails disguised as event invitations, redirecting victims to malicious websites hosting the exploit. The vulnerability stems from an issue in Chrome's Mojo IPC component, allowing sandbox escape and arbitrary code execution. The Trinper backdoor loader used by TaxOff employs multiple encryption layers, UUID-based decryption, and anti-debugging techniques. The groups used auxiliary tools like dirlist.exe, ProcessList.exe, and ScreenShot.exe for reconnaissance. 

Active exploitation of TP-Link router flaw

The TP-Link vulnerability, identified as CVE-2023-33538, is a high-severity command injection flaw with a CVSS score of 8.8. It affects several TP-Link router models, specifically the TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2. The flaw allows attackers to execute arbitrary system commands by manipulating the `ssid1` parameter in specially crafted HTTP GET requests. CISA has issued an alert due to evidence of active exploitation, emphasizing that affected devices may no longer receive support or updates, potentially being end-of-life (EoL) or end-of-service (EoS). Users are advised to discontinue the use of these routers if no mitigations are available.