Hackers have been busy again this week. From fake voice calls and AI-powered malware to huge money-laundering busts and new scams, there’s a lot happening in the cyber world.
Criminals are getting creative — using smart tricks to steal data, sound real, and hide in plain sight. But they’re not the only ones moving fast. Governments and security teams are fighting back, shutting down fake networks, banning risky projects, and tightening digital defenses.
Here’s a quick look at what’s making waves this week — the biggest hacks, the new threats, and the wins worth knowing about.
-
Mirai-based malware resurfaces with new IoT campaign
The threat actors behind the Mirai-based ShadowV2 botnet have been observed infecting IoT devices across industries and continents. The campaign is said to have been active only during the Amazon Web Services (AWS) outage in late October 2025. It’s assessed that the activity was “likely a test run conducted in preparation for future attacks,” per Fortinet. The botnet exploited several flaws, including CVE-2009-2765 (DDWRT), CVE-2020-25506, CVE-2022-37055, CVE-2024-10914, CVE-2024-10915 (D-Link), CVE-2023-52163 (DigiEver), CVE-2024-3721 (TBK), and CVE-2024-53375 (TP-Link), to recruit susceptible gear into a zombie army of IoT devices. A successful exploitation is followed by the execution of a downloader shell script that delivers the ShadowV2 malware for subsequent DDoS attacks. “IoT devices remain a weak link in the broader cybersecurity landscape,” the company said. “The evolution of ShadowV2 suggests a strategic shift in the targeting behavior of threat actors toward IoT environments.” It’s not just ShadowV2. Another DDoS botnet named RondoDox, also based on Mirai, has weaponized over a dozen exploits to target IoT devices. “Attackers are not only motivated to target vulnerable IoT devices, but also how, if successful, they will take over previously infected devices to add them to their own botnets,” F5 said.
-
Singapore tightens messaging rules to fight spoof scams
Singapore has ordered Apple and Google to block or filter messages on iMessage and RCS-supported Messages app for Android that masquerade as government agencies, requiring the company to implement new anti-spoofing protections starting December 2025 as part of efforts to curb rising online scams. According to Straits Times, Apple has been issued a directive under the Online Criminal Harms Act, requiring the tech giant to prevent iMessage accounts and group chats from using names that mimic Singapore government agencies or the “gov.sg” sender ID.
-
Tor bolsters privacy with new encryption upgrade
The developers behind the Tor project are preparing a major upgrade called Counter Galois Onion (CGO), which replaces the long-standing relay encryption method used across the anonymity…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
