Threatsday Bulletin: Spyware Alerts, Mirai Strikes, Docker Leaks,...

The new Threatsday Bulletin brings it all together—big hacks, quiet exploits, bold arrests, and smart discoveries that explain where cyber threats are headed next.

It's your quick, plain-spoken look at the week's biggest security moves before they become tomorrow's headlines.

A new Mirai botnet variant dubbed Broadside has been exploiting a critical-severity vulnerability in TBK DVR (CVE-2024-3721) in attacks targeting the maritime logistics sector. "Unlike previous Mirai variants, Broadside employs a custom C2 protocol, a unique 'Magic Header; signature, and an advanced 'Judge, Jury, and Executioner' module for exclusivity," Cydome said. "Technically, it diverges from standard Mirai by utilizing Netlink kernel sockets for stealthy, event-driven process monitoring (replacing noisy filesystem polling), and employing payload polymorphism to evade static defenses." Specifically, it tries to maintain exclusive control over the host by terminating other processes that match specific path patterns, fail internal checks, or have already been classified as hostile. Broadside extends beyond denial-of-service attacks, as it attempts to harvest system credential files (/etc/passwd and /etc/shadow) with an aim to establish a strategic foothold into compromised devices. Mirai is a formidable botnet that has spawned several variants since its source code was leaked in 2016.

The U.K. National Cyber Security Centre said prompt injections – which refer to flaws in generative artificial intelligence (GenAI) applications that allow them to parse malicious instructions to generate content that's otherwise not possible – "will never be properly mitigated" and that it's important to raise awareness about the class of vulnerability, as well as designing systems that "constrain the actions of the system, rather than just attempting to prevent malicious content reaching the LLM."

Europol's Operational Taskforce (OTF) GRIMM has arrested 193 individuals and disrupted criminal networks that have fueled the growth of violence-as-a-service (VaaS). The task force was launched in April 2025 to combat the threat, which involves recruiting young, inexperienced perpetrators to commit violent acts. "These individuals are groomed or coerced into committing a range of violent crimes, from acts of intimidation and torture to murder," Europol said. Many of the criminals involved in the schemes are alleged to be members of The Com, a loosely-knit collective comprising primarily English speake

Source: The Hacker News