AryStinger botnet infected thousands of D-Link routers worldwide

**AryStinger botnet**: Qianxin XLab researchers report a previously undocumented botnet named AryStinger that has infected more than 4,000 outdated routers (notably D-Link DIR-850L and DIR-818LW) using old vulnerabilities (e.g., CVE-2013-3307, CVE-2016-5681, CVE-2025-11837). Infected devices act as distributed “executors” for scanning, proxying/tunneling, DNS hijacking, command and payload execution, and internal reconnaissance; two variants exist (a C-based router-focused variant and a more capable Go-based NAS variant), with infections concentrated in South Korea and China.