Threat actors are actively exploiting CVE-2025-29635, a command injection vulnerability in end-of-life D-Link DIR-823X routers, to deploy a Mirai botnet variant. The campaign utilizes malicious HTTP POST requests to download and execute shell scripts that fetch the final Mirai payload, while also targeting vulnerabilities in TP-Link and ZTE devices.