Executive summary The Akamai Security Intelligence and Response Team (SIRT) has identified active exploitation of command injection vulnerabilities CVE-2025-7544 and CVE-2025-68613 against Tenda AC1206 routers and the n8n automation platform. The SIRT first identified this activity in our global network of honeypots in January 2026. This is the first reported active exploitation of these vulnerabilities since their initial disclosures in July 2025 and December 2025, respectively.  We have included a list of indicators of compromise (IOCs) in this blog post to assist in defense against this threat. Introduction The Akamai SIRT discovered an ongoing Mirai-based malware campaign, dubbed Zerobot, targeting a variety of recent CVEs, including those affecting Tenda AC1206 routers and the n8n workflow automation platform.…