Threatsday Bulletin: AI Malware, Voice Bot Flaws, Crypto...

Hackers have been busy again this week. From fake voice calls and AI-powered malware to huge money-laundering busts and new scams, there's a lot happening in the cyber world.

Criminals are getting creative — using smart tricks to steal data, sound real, and hide in plain sight. But they're not the only ones moving fast. Governments and security teams are fighting back, shutting down fake networks, banning risky projects, and tightening digital defenses.

Here's a quick look at what's making waves this week — the biggest hacks, the new threats, and the wins worth knowing about.

The threat actors behind the Mirai-based ShadowV2 botnet have been observed infecting IoT devices across industries and continents. The campaign is said to have been active only during the Amazon Web Services (AWS) outage in late October 2025. It's assessed that the activity was "likely a test run conducted in preparation for future attacks," per Fortinet. The botnet exploited several flaws, including CVE-2009-2765 (DDWRT), CVE-2020-25506, CVE-2022-37055, CVE-2024-10914, CVE-2024-10915 (D-Link), CVE-2023-52163 (DigiEver), CVE-2024-3721 (TBK), and CVE-2024-53375 (TP-Link), to recruit susceptible gear into a zombie army of IoT devices. A successful exploitation is followed by the execution of a downloader shell script that delivers the ShadowV2 malware for subsequent DDoS attacks. "IoT devices remain a weak link in the broader cybersecurity landscape," the company said. "The evolution of ShadowV2 suggests a strategic shift in the targeting behavior of threat actors toward IoT environments." It's not just ShadowV2. Another DDoS botnet named RondoDox, also based on Mirai, has weaponized over a dozen exploits to target IoT devices. "Attackers are not only motivated to target vulnerable IoT devices, but also how, if successful, they will take over previously infected devices to add them to their own botnets," F5 said.

Singapore has ordered Apple and Google to block or filter messages on iMessage and RCS-supported Messages app for Android that masquerade as government agencies, requiring the company to implement new anti-spoofing protections starting December 2025 as part of efforts to curb rising online scams. According to Straits Times, Apple has been issued a directive under the Online Criminal Harms Act, requiring the tech giant to prevent iMessage accounts and group chats from using names that mimic Singapore government agencies or the "gov.sg" sender ID.

The developers behind the

Source: The Hacker News