CloudSEK’s report details a persistent nine-month RondoDoX botnet campaign targeting IoT devices and web applications. Recently, the threat actors have shifted to weaponizing a critical Next.js vulnerability, deploying malicious payloads like "React2Shell" and cryptominers. This analysis offers crucial insights into their evolving infrastructure and provides defensive recommendations to mitigate these sophisticated attacks.