Here’s a roundup of this week’s cybersecurity landscape, highlighting new threats and defense strategies against increasingly sophisticated cyber attacks.
The Mirai-based ShadowV2 botnet has re-emerged, infecting IoT devices worldwide. Fortinet researchers suggest its activity during a recent AWS outage was a test run for future DDoS attacks, exploiting numerous vulnerabilities. Find more details here: Fortinet Blog.
Another Mirai-based botnet, RondoDox, is also active, weaponizing over a dozen exploits to target IoT devices, emphasizing the continued vulnerability of internet-connected hardware. Read F5’s report: F5 Labs.
Singapore has taken a firm stance against spoofing scams, ordering Apple and Google to implement anti-spoofing protections by December 2025. This aims to block messages impersonating government agencies on iMessage and Android. Read the Straits Times report: Straits Times.
The Tor Project is rolling out a major privacy upgrade called Counter Galois Onion (CGO), replacing its long-standing relay encryption. This new algorithm is designed to resist tampering and enhance network resilience. Discover more on their blog: Tor Project Blog.
A Kaspersky report reveals a massive surge in phishing attacks during the 2025 shopping season, with 6.4 million incidents, a 17% increase from last year. These sophisticated attacks leverage advanced social engineering and deepfake technology. Read Kaspersky’s full report here: Kaspersky Securelist.
ESET researchers identified new malware employing “living off the land” techniques, abusing legitimate system tools to evade detection and conduct malicious activities. More details available on Bluesky: ESET Research.
Zscaler reported on the “Water Gamayun” APT group actively targeting Ukrainian organizations, showcasing persistent state-sponsored cyber threats.
In a significant law enforcement victory, the UK’s National Crime Agency (NCA) exposed a billion-dollar money laundering network. This operation, dubbed “Operation Destabilise,” revealed a scheme that even involved purchasing a bank to fund Russia’s war efforts. Read the NCA’s press release: NCA News.
Microsoft Defender for Office 365 is enhancing calendar security to combat “calendar flooding” attacks, introducing new remediation features to automatically clean up malicious calendar events. Find out more: Microsoft TechCommunity.
Finally, Thailand’s Personal Data Protection Committee (PDPC) has ordered a company to halt its iris scan service due to privacy concerns, reflecting a growing global focus on the careful handling of biometric data. The Bangkok Post has the story: Bangkok Post.
The threat landscape is continuously reshaped, with new vectors like malicious Blender files now spreading data-stealing malware through embedded Python scripts. Such insidious methods underscore the need for constant vigilance. These evolving threats highlight the creativity of cybercriminals.
Meanwhile, sophisticated phishing campaigns, exemplified by JackFix, employ fake Windows update pop-ups on seemingly benign sites to trick users into installing multiple types of malware. This persistent social engineering remains a significant challenge for personal and corporate defenses. Staying ahead of these schemes is paramount.
These advanced attack methodologies further exacerbate the challenges faced by Security Operations Centers, which are grappling with AI-driven threats, an “alert avalanche,” and the need for more proactive detection strategies. Adapting to these shifts is crucial for effective cybersecurity in the coming years.