Key Findings * RondoDox botnet targeting 174 different vulnerabilities between May 2025 and February 2026 * Daily exploit attempts peaked at 49, stabilized around 40, then sharply declined in early 2026 * Nearly half of exploited flaws used only once, indicating rapid testing and selection * Quickly adopts newly disclosed vulnerabilities, sometimes within weeks * Targets diverse device types including routers, DVRs, NVRs, CCTV systems, and web servers * Demonstrates inconsist
