ThreatsDay Bulletin: Spyware Alerts, Mirai Strikes, Docker Leaks, ValleyRAT Rootkit — and 20 More Stories
These articles are AI-generated summaries. Please check the original sources for full details.
ThreatsDay Bulletin: Spyware Alerts, Mirai Strikes, Docker Leaks, ValleyRAT Rootkit — and 20 More Stories
This week’s cyber stories demonstrate the increasing speed and sophistication of online risks. Hackers are embedding malware in seemingly legitimate files like movie downloads and software updates, while governments and tech companies grapple with balancing security and privacy. The Threatsday Bulletin compiles these critical updates to provide a clear overview of the evolving threat landscape.
The reality of cybersecurity often lags behind idealized models of perfect defense. The continuous discovery of vulnerabilities and exploits – such as the React flaw (CVE-2025-55182) exploited by botnets – highlights the difficulty of achieving complete security, resulting in potential losses exceeding millions of dollars and impacting critical infrastructure.
Key Insights
- Mirai botnet variant Broadside targets maritime logistics (December 2025): A new variant exploits a critical vulnerability (CVE-2024-3721) in TBK DVRs, demonstrating a focus on industrial control systems.
- Prompt injections in LLMs are fundamentally unmitigable: The U.K. National Cyber Security Centre acknowledges that prompt injection flaws in generative AI will likely persist, requiring a shift towards constraining system actions.
- Docker Hub leaks expose thousands of credentials: A Flare study revealed over 10,000 Docker Hub images expose sensitive credentials, including AI model keys, highlighting supply chain security risks.
Working Example
(No code provided in context)
Practical Applications
- Use Case: Europol’s OTF GRIMM disrupted a Violence-as-a-Service (VaaS) network, arresting 193 individuals involved in recruiting perpetrators for violent crimes.
- Pitfall: Relying on outdated software or neglecting vulnerability patching, as demonstrated by the ongoing exploitation of the Log4Shell vulnerability, even years after its discovery.
References:
Continue reading
Next article
Gogs Zero-Day Exploited in 700+ Instances
Related Content
ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories
This week's ThreatsDay Bulletin highlights a surge in threat actor adaptability, with a WhatsApp hijack campaign exploiting legitimate features and 1,000 exposed MCP servers leaking sensitive data.
Cyber Threats Evolve: 25+ Stories of Exploits, Scams, and Emerging Risks
A weekly ThreatsDay Bulletin reveals over 25 cyber attack stories, including major cybercrime forum takedowns, WhatsApp privacy claims challenged, and post-quantum cryptography shifts.
ThreatsDay Bulletin: GhostAd Drain, macOS Attacks, Proxy Botnets, Cloud Exploits, and 12+ Stories
The first ThreatsDay Bulletin of 2026 tracks GhostAd adware, impacting millions of Android devices, alongside macOS malware and emerging cyber threats.