Two botnets, FICORA and CAPSAICIN, have been exploiting long-standing vulnerabilities in D-Link routers to spread globally. FICORA, a Mirai variant, uses a shell script to download and execute malware on various Linux architectures, incorporating DDoS attack functions. CAPSAICIN, likely based on the Keksec group's botnets, also targets multiple Linux architectures and includes DDoS capabilities. Both botnets exploit weaknesses in the HNAP interface of affected D-Link devices, demonstrating the persistent threat posed by unpatched vulnerabilities. The attackers use servers in the Netherlands and target countries worldwide, with CAPSAICIN focusing on East Asian countries. Regular device updates and comprehensive monitoring are crucial for mitigating these threats.