Old tactics are proving just as dangerous as new ones in today’s threat landscape. A recently identified Linux botnet known as SSHStalker is exploiting exposed SSH services and relying on legacy IRC-based C2 infrastructure. In parallel, the RU-linked APT group ChainReaver has been orchestrating sophisticated, multi-stage intrusion campaigns that blend phishing, bespoke loaders, and durable persistence techniques to infiltrate government and enterprise environments. Moreover, researchers uncovered a manipulation effort dubbed “0APT,” in which threat actors deliberately exaggerated victim impact and planted misleading artifacts to distort attribution and shape threat intelligence narratives. Keep reading further.
01
A newly discovered Linux botnet dubbed SSHStalker is abusing exposed SSH services and old-school IRC-based C2 infrastructure to brute-force credentials and conscript servers into a growing botnet.
02
The RU-linked APT group ChainReaver is executing multi-stage intrusion chains combining phishing, custom loaders, and persistence mechanisms to target government and enterprise networks.
03
A spoofed 7-Zip download site is distributing a trojanized installer embedded with a proxy tool used for proxyjacking and covert traffic relaying.
04
The financially motivated threat cluster UNC1069 is conducting social engineering campaigns against cryptocurrency and AI organizations, deploying malware and credential theft tactics for financial gain.
05
Threat actors are weaponizing malicious Signal QR codes to hijack accounts and spy on military and political leaders, exploiting the app’s device-linking feature.
06
A deceptive operation dubbed “0APT” has been identified where attackers inflated perceived victim impact and staged artifacts to manipulate attribution and threat narratives.
07
Google Threat Intelligence reports increased targeting of the Defense Industrial Base by state-backed actors leveraging credential phishing, cloud exploitation, and supply chain compromise for espionage.
08
Cybercriminals are exploiting Pride Month-themed phishing lures delivered via trusted email platforms to bypass security filters and harvest corporate credentials.
09
Microsoft’s latest Patch Tuesday addressed 59 vulnerabilities, including multiple critical RCE flaws and actively exploited zero-days, urging immediate remediation across enterprise environments.
10
The UK’s NCSC issued a warning about escalating risks of severe and disruptive cyberattacks, particularly from state-aligned actors targeting critical infrastructure.
