THREATSDAY Bulletin covers a broad spread of issues, from a resilient hybrid botnet to long‑standing software flaws being weaponised anew.
A new variant of the Phorpiex botnet, known as Twizt, uses a hybrid C2 model combining HTTP polling with a P2P protocol over TCP and UDP to maintain operations after takedowns, and it is described as dropping a clipper that reroutes cryptocurrency transactions while enabling high‑volume sextortion emails and ransomware deployment; researchers report about 125,000 infections daily, with Iran, Uzbekistan, China, Kazakhstan and Pakistan as the most affected countries.
A 13‑year‑old Apache ActiveMQ Classic RCE, tracked as CVE‑2026‑34197, can be chained with CVE‑2024‑32114 to bypass authentication and execute commands via Jolokia, with some versions offering unauthenticated RCE due to CVE‑2024‑32114, according to Horizon3[.]ai.
The bulletin notes cybercrime costs reaching $17.7 billion in 2025, with total losses exceeding $20.87 billion and crypto investment fraud accounting for $7.2 billion of losses, while ransomware variants including Akira and Ransomhub feature among top threats. It also highlights over 8 million DDoS attacks across 203 countries in H2 2025, driven by the TurboMirai family and AI‑assisted capabilities forming new attack surfaces.
In sum, the week’s trends show old problems resurfacing with new angles across malware, misconfigurations, supply chains and adversaries using trusted platforms to broaden their reach.