This week’s cyber stories show how fast the online world can turn risky. Hackers are sneaking malware into movie downloads, browser add-ons, and even software updates people trust. Tech giants and governments are racing to plug new holes while arguing over privacy and control. And researchers keep uncovering just how much of our digital life is still wide open.
The new Threatsday Bulletin brings it all together—big hacks, quiet exploits, bold arrests, and smart discoveries that explain where cyber threats are headed next.
It’s your quick, plain-spoken look at the week’s biggest security moves before they become tomorrow’s headlines.
-
Maritime IoT under siege
A new Mirai botnet variant dubbed Broadside has been exploiting a critical-severity vulnerability in TBK DVR (CVE-2024-3721) in attacks targeting the maritime logistics sector. “Unlike previous Mirai variants, Broadside employs a custom C2 protocol, a unique ‘Magic Header; signature, and an advanced ‘Judge, Jury, and Executioner’ module for exclusivity,” Cydome said. “Technically, it diverges from standard Mirai by utilizing Netlink kernel sockets for stealthy, event-driven process monitoring (replacing noisy filesystem polling), and employing payload polymorphism to evade static defenses.” Specifically, it tries to maintain exclusive control over the host by terminating other processes that match specific path patterns, fail internal checks, or have already been classified as hostile. Broadside extends beyond denial-of-service attacks, as it attempts to harvest system credential files (/etc/passwd and /etc/shadow) with an aim to establish a strategic foothold into compromised devices. Mirai is a formidable botnet that has spawned several variants since its source code was leaked in 2016.
-
LLM flaws persist indefinitely
The U.K. National Cyber Security Centre said prompt injections – which refer to flaws in generative artificial intelligence (GenAI) applications that allow them to parse malicious instructions to generate content that’s otherwise not possible – “will never be properly mitigated” and that it’s important to raise awareness about the class of vulnerability, as well as designing systems that “constrain the actions of the system, rather than just attempting to prevent malicious content reaching the LLM.”
-
VaaS crackdown nets 193 arrests
Europol’s Operational Taskforce (OTF) GRIMM has arrested 193 individuals and disrupted criminal networks that have fueled the growth of violence-as-a-service (VaaS). The task force was launched in April 2025 to combat the threat, which involves recruiting young, inexperienced perpetrators to commit violent acts. “These individuals are groomed or coerced into committing a range of violent crimes, from acts of intimidation and torture to murder,” Europol said. Many of the criminals involved in the…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
