The latest threat intelligence roundup highlights an increasingly complex cyber landscape where attackers are combining old vulnerabilities, modern automation, and trusted platforms to scale operations. The week’s findings span resilient botnet infrastructure, long standing software flaws, AI assisted exploitation techniques, and a continued rise in global financial losses driven by cyber enabled fraud across industries and regions.
A major focus this week is a hybrid botnet variant of Phorpiex, also known as Trik, which continues to evolve into a multi purpose malware delivery platform. The botnet uses both traditional command and control communication and a peer to peer model to maintain resilience even when infrastructure is disrupted. It is linked to large scale spam distribution, cryptocurrency theft through clipper functionality, ransomware deployment, and worm like propagation across connected systems. Alongside this, researchers disclosed a remote execution chain affecting Apache ActiveMQ Classic where a thirteen year old flaw can be combined with authentication bypass weaknesses to achieve system level command execution, especially in environments using default credentials or exposed management interfaces. At the same time, global cybercrime losses have surged past seventeen billion dollars in 2025, driven largely by investment fraud, business email compromise, and technology support scams, with cryptocurrency related fraud leading reported losses.
Across distributed systems and enterprise environments, attackers are increasingly relying on automation, artificial intelligence, and trusted infrastructure to scale their operations. Over eight million distributed denial of service attacks were recorded in the second half of 2025, with IoT based botnets and AI powered DDoS services lowering the barrier for entry to sophisticated attack campaigns. Threat actors have also been observed abusing legitimate collaboration and SaaS platforms to deliver phishing content, using built in notification systems from widely used services to bypass traditional email filtering. In parallel, campaigns such as UNC6783 have been targeting organizations through business process outsourcing providers and help desk manipulation, using fake login portals and session hijacking techniques to gain persistent access. Additional activity includes Magecart style attacks hiding payment skimmers inside invisible vector elements on e commerce platforms, alongside misuse of emojis in underground communities to encode operational signals and evade detection systems. Malware distribution has also expanded through malicious MSI installers delivering stealthy remote access trojans, while macOS users are being targeted through abuse of system URL handlers that bypass terminal based security controls.
The threat environment further reflects increasing abuse of software supply chains, developer ecosystems, and industrial systems. Malicious Python packages have been found stealing user prompts and redirecting data to external databases, while exposed programmable logic controllers in industrial environments remain vulnerable to nation state activity targeting operational disruption. Research also shows that leaked internal AI development code has been rapidly repurposed for malware distribution, including credential theft and proxy based attacks, while a new stealer variant known as Remus has emerged with enhanced evasion techniques following previous takedowns. Legal and regulatory pressure continues to build in parallel, with AI companies facing national security designations affecting supply chain trust. Additional threats include fake software repositories distributing crypto clipper malware, Linux kernel vulnerabilities capable of exposing encryption keys, prompt injection attacks that turn AI coding tools into exploitation assistants, and AI enabled data leakage risks in enterprise platforms such as analytics and monitoring systems. Mobile ecosystems are also being abused, with Android frameworks leveraged to manipulate payment systems and bypass identity verification controls through system level modification techniques.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
