Poking at the Flodrix Botnet

Censys researchers analyzed Trend Micro's disclosure that CVE-2025-3248 (Langflow) is being exploited to install Flodrix, a Mirai-like botnet; by interacting with an online C2 (80.66.75.121) they observed exposed portmapper and NFS services, mounted an /nfs2 share containing ARM malware and scripts, and enumerated 745 hosts (mostly Boa web server–running cameras concentrated in Taiwan) actively mounting the C2—publishing file hashes and a host list.