The JDY botnet, linked with medium-high confidence to Chinese state-sponsored actors including Volt Typhoon, is actively scanning and targeting Ubiquiti, DrayTek, Hikvision, Araknis, Mimosa Networks, and Linksys SOHO and IoT devices alongside the Cisco RV320/RV325 family. The same campaign, vulnerability classes (CWE-912, CWE-306, CWE-78), and exploitation objectives apply across all these device families. CVE-2026-35616’s specific mapping to these products carries medium confidence pending NVD confirmation; device hardening actions are warranted regardless.