Weekly Recap: Cisco 0-Day, Record DDoS, LockBit 5.0, BMC Bugs, ShadowV2 Botnet & More
Briefly

 Weekly Recap: Cisco 0-Day, Record DDoS, LockBit 5.0, BMC Bugs, ShadowV2 Botnet & More
"Cisco 0-Day Flaws Under Attack - Cybersecurity agencies warned that threat actors have exploited two security flaws affecting Cisco firewalls as part of zero-day attacks to deliver previously undocumented malware families like RayInitiator and LINE VIPER. The RayInitiator and LINE VIPER malware represent a significant evolution on that used in the previous campaign, both in sophistication and its ability to evade detection. The activity involves the exploitation of CVE-2025-20362 (CVSS score: 6.5) and CVE-2025-20333 (CVSS score: 9.9) to bypass authentication and execute malicious code on susceptible appliances."
"Nimbus Manticore Uses MiniJunk in Critical Infra Attacks - An Iran-linked cyber-espionage group has expanded its operations beyond its traditional Middle Eastern hunting grounds to target critical infrastructure organizations across Western Europe using constantly improving malware variants and attack tactics. Nimbus Manticore, which overlaps with UNC1549 or Smoke Sandstorm, has been observed targeting defense manufacturing, telecommunications, and aviation companies in Denmark, Portugal, and Sweden."
Multiple advanced threat actors are actively exploiting zero-day vulnerabilities and deploying evolving malware to compromise network and infrastructure systems. Two Cisco firewall flaws (CVE-2025-20362, CVSS 6.5; CVE-2025-20333, CVSS 9.9) are being used to bypass authentication and execute code, delivering RayInitiator and LINE VIPER and linked to an ArcaneDoor cluster attributed to UAT4356 (aka Storm-1849). An Iran-linked group, Nimbus Manticore (overlapping UNC1549/Smoke Sandstorm), has expanded strikes into Western Europe, targeting defense manufacturing, telecommunications, and aviation with MiniJunk backdoors and MiniBrowse stealers. Additional threats include DDoS campaigns, new ransomware tactics, and increasing cloud-app targeting.
Read at The Hacker News
Unable to calculate read time
[
|
]