frontpage.

Hey HN,

I’m a pentester and recently came across a new Mirai-based botnet called Gayfemboy (yes, the name sounds like a meme, but the threat is real). It’s currently infecting over 15,000 devices daily, mostly targeting routers and network gear from Cisco, TP-Link, DrayTek, and Raisecom.

What it does:

Launches DDoS attacks (UDP, TCP, ICMP) Mines Monero using XMRig Acts as a proxy for malicious traffic Installs backdoors and evades analysis (e.g., UPX header tampering, nanosecond delays)

Vulnerabilities exploited (At this moment):

CVE-2025-20281 (Cisco ISE) CVE-2023-1389 (TP-Link AX21) CVE-2020-8515 (DrayTek) CVE-2024-7120 (Raisecom MSG)

Mitigation ideas I’m testing:

Scanning client networks for vulnerable firmware Blocking known malicious domains and IPs at the firewall level Writing scripts to detect outbound traffic to those IOCs Recommending disabling remote admin access on routers I’d love to hear what others are doing to detect or contain this botnet. Has anyone seen it in enterprise environments? Any creative or effective mitigation strategies you’d recommend?

Discuss – Do AI agents deserve all the hype they are getting?

Ask HN: Anyone Using a Mac Studio for Local AI/LLM?

Ask HN: Non AI-obsessed tech forums

Ask HN: Ideas for small ways to make the world a better place

LLMs are powerful, but enterprises are deterministic by nature

Ask HN: 10 months since the Llama-4 release: what happened to Meta AI?

Ask HN: Who wants to be hired? (February 2026)

Ask HN: Who is hiring? (February 2026)

AI Regex Scientist: A self-improving regex solver

Ask HN: Non-profit, volunteers run org needs CRM. Is Odoo Community a good sol.?

Tell HN: Another round of Zendesk email spam

Ask HN: Is Connecting via SSH Risky?

Ask HN: Has your whole engineering team gone big into AI coding? How's it going?

Ask HN: Why LLM providers sell access instead of consulting services?

Ask HN: How does ChatGPT decide which websites to recommend?

Ask HN: What is the most complicated Algorithm you came up with yourself?

Ask HN: Is it just me or are most businesses insane?

Ask HN: Mem0 stores memories, but doesn't learn user patterns

Ask HN: Is there anyone here who still uses slide rules?

Kernighan on Programming

Ask HN: Anyone Seeing YT ads related to chats on ChatGPT?

Ask HN: Does global decoupling from the USA signal comeback of the desktop app?

We built a serverless GPU inference platform with predictable latency

Ask HN: Any International Job Boards for International Workers?

Ask HN: Does a good "read it later" app exist?

Ask HN: Have you been fired because of AI?

Ask HN: Anyone have a "sovereign" solution for phone calls?

Ask HN: Cheap laptop for Linux without GUI (for writing)

Ask HN: How Did You Validate?

Ask HN: OpenClaw users, what is your token spend?