BotNet News

CYBERCRIME STARTS WITH ONE SMALL CIRCUIT. WE FIGHT IT TOGETHER.

Last week’s cyber news was not about one big incident, but many small cracks opening at once. Tools people trust every day behaved in unexpected ways. Old flaws resurfaced, and access meant for updates or support kept getting abused. The damage did not stop when the headlines faded, but quietly resurfaced months or even years later.

This week’s Cyberthreat News brings all those threads together to show how the newest attacks blur the line between “normal tech” and malicious intent. Instead of shouting for attention, they whisper through familiar interfaces, polished code, and AI assistants.

A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting sales and commercial staff at critical infrastructure-adjacent organizations in the U.S. and Allied nations for credential theft.

A critical unauthenticated remote code execution vulnerability in the XSpeeder networking devices allows threat actors to hijack connected smartphones, control cameras, and even change settings. Tracked as CVE-2025-54322, the flaw affects public iked processes on XSpeeder network security appliances running on Windows, Linux, and macOS. Despite its high-severity rating, the flaw was not previously known to be exploited in the wild.