@icydus_yaoi cim ping cause . hatebot or enemybot or whatever uou call them

This week’s threat landscape was marked by a series of urgent security updates and active exploitation cases across major platforms: 🔹 Samsung & Google patched zero-day flaws exploited in the wild 🔹 Case Theme Users plugin exploited immediately after disclosure 🔹 WhatsApp & Delmia Apriso vulnerabilities remain actively targeted 🔹 Botnets EnemyBot, Sysrv-k, Andoryu, Androxgh0st, Mirai, Bashlite, Tsunami & BrickerBot ramped campaigns targeting GitLab, cloud gateways, PHP apps & EirD1000 routers 🔹 ESET uncovered HybridPetya ransomware exploiting unpatched systems 🔹 LILIN DVR flaw abused by Chalubo, FBot & Moobot 🔹 Akira ransomware leverages SonicWall vulnerability against Australian orgs Rapid patching, proactive monitoring, and layered defenses remain critical. Full report here: loginsoft.com/reports/weekly… #Cybersecurity #LOVI #Loginsoft #Vulnerability #Intelligence #InfoSec #ThreatIntel #Samsung #Google #Zeroday #WordPress #EnemyBot #DelmiaApriso #WhatsApp #Andoryu #Androxgh0st #Mirai #Bashlite #HybridPetya #Ransomware #Malware #Chalubo #Botnet #FBot #Moobot #Akira #SonicWall

This week's cybersecurity landscape has been marked by continued exploitation of critical vulnerabilities across enterprise and consumer technologies: 🔹 CISA added - Dassault Systèmes DELMIA Apriso vulnerability to its KEV catalog 🔹 SAP S/4HANA flaw under active exploitation 🔹 Vulnerabilities in TP-Link, WhatsApp, Android, and Linux kernel continue to be exploited. 🔹 Botnets EnemyBot, Sysrv-k, Andoryu, Androxgh0st, Mirai, Bashlite, Tsunami & BrickerBot ramped campaigns targeting GitLab, cloud gateways, PHP apps & EirD1000 routers. 🔹 360Netlab flagged LILIN DVR exploits spreading Chalubo, FBot & Moobot. 🔹 ACSC alerts about Akira ransomware intrusions in Australia The message is clear: adversaries are diversifying their targets across enterprise software, consumer devices, and IoT ecosystems. Rapid patching and layered defense remain mission-critical. Full report here: loginsoft.com/reports/weekly… #Cybersecurity #LOVI #Loginsoft #Threat #SAP #CISA #Vulnerabilities #InfoSec #KEV #WhatsApp #Google #Linux #Kernel #TPLink #Botnet #Andoryu #DVR #Androxgh0st #LILIN #Chalubo #FBot #Moobot #SonicWall #SSLVPN

This Week in Cybersecurity: 🔹 CISA expanded its KEV catalog with 7 high-risk vulnerabilities, including flaws in TP-Link, WhatsApp, Android, and Sitecore. 🔹 Confirmed exploit attempts observed against DELMIA Apriso. 🔹 Botnets EnemyBot, Sysrv-k, Andoryu, Androxgh0st, Mirai, Bashlite, Tsunami & BrickerBot ramped campaigns targeting GitLab, cloud gateways, PHP apps & EirD1000 routers. 🔹 Threat intel linked Quad 7 botnet (Storm-0940) to TP-Link chained exploits, while attacks deployed WEEPSTEEL and tools like EARTHWORM, DWAgent & SharpHound on vulnerable Sitecore instances. Stay Patched. Stay resilient!! Check out the full report here : loginsoft.com/reports/weekly… #Cybersecurity #LOVI #Loginsoft #VulnerabilityIntelligence #Vulnerabilities #Threats #InfoSec #CISAKEV #TPLink #Google #Android #Meta #WhatsApp #SitecoreXP #DELMIAApriso #Botnet #Mirai #Andoryu #Androxgh0st #Sekoia #Quad7 #CovertNetwork1658 #Storm0940 #Mandiant #WEEPSTEEL #EARTHWORM #DWAgent

𝗧𝗵𝗶𝘀 𝗪𝗲𝗲𝗸 𝗶𝗻 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆: 🔹CISA added four vulnerabilities to its KEV catalog 🔹Botnets EnemyBot, Sysrv-k, Andoryu, and Androxgh0st targeted GitLab, Cloud Gateway, and PHP, while IoT botnets hit EirD1000 routers. 🔹Gayfemboy Botnet resurges, exploiting flaws in DrayTek, TP-Link, Raisecom, and Cisco. 🔹CrowdStrike linked MURKY PANDA to cloud-based espionage with zero-days, while Glacial Panda targeted telecom providers to steal call records via privilege escalation. Secure your systems. Secure your future Check out the full report here: loginsoft.com/reports/weekly… #Cybersecurity #LOVI #Loginsoft #Vulnerability #Intelligence #CISA #KEV #Threat #Citrix #Netscaler #SessionRecording #Git #Botnet #Andoryu #Androxgh0st #EnemyBot #SysrvK #Mirai #IoT #Fortinet #Gayfemboy #DrayTek #TPLink #Raisecom #Cisco #GlacialPanda #MURKYPANDA

𝗧𝗵𝗶𝘀 𝗪𝗲𝗲𝗸 𝗶𝗻 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆: • CISA added two vulnerabilities to its KEV catalog. • PoC exploits emerged for critical SAP NetWeaver bugs • Botnets EnemyBot, Sysrv-k, Andoryu, and Androxgh0st targeted GitLab, Cloud Gateway, and PHP, while IoT botnets hit EirD1000 routers. • Malware activity surged with SAP web shells, DripDropper, and long-running espionage by Static Tundra. Secure your systems. Secure your future. Check the full report here: loginsoft.com/reports/weekly… #Cybersecurity #LOVI #Loginsoft #Mirai #VulnerabilityIntelligence #InfoSec #ThreatInfo #Malware #Ransomware #Threats #ThreatIntell #CISAKEV #TrendMicro #Apple #Zerodays #Botnet #Andoryu #Androxgh0st #Sysrv_k #EnemyBot #SAPNetWeaver #ApacheActiveMQ #Cisco #DripDropper

This week’s threat landscape saw a sharp rise in exploitation and malware delivery: • CISA adds 3 D-Link vulnerabilities to its KEV catalog • Trend Micro confirmed active attempts to exploit Apex One flaws • Botnets like EnemyBot, Andoryu, and Mirai exploited GitLab, PHP apps, and EirD1000 routers. • Kaspersky uncovered an AV killer used in MedusaLocker attacks; malware included Zenpak & Farfli trojans. • Ransomware deployed via active exploitation of Rejetto HFS servers. Stay patched. Stay ahead. Stay Secured. Check out the full report here: loginsoft.com/reports/weekly… #Cybersecurity #LOVI #Loginsoft #VulnerabilityIntelligence #ThreatIntell #InfoSec #Vulnerabilities #CISAKEV #DLink #Rejetto #HFSserver #Farfli #Zenpak #Ransomware #Malware #AVKiller #MedusaLocker #Botnet #Mirai #Androxgh0st #EnemyBot #TrendMicro #ApexOne

This Week’s threat landscape was marked with intensified exploitation by advanced threat actors: • CISA added 3 vulnerabilities to its KEV catalog. • Active exploitation observed in a WordPress theme • Botnets like Mirai, Andoryu, and EnemyBot hit GitLab and Eir D1000 routers • SAP NetWeaver flaw used to deploy Auto-Color backdoor • China-based APTs hit SharePoint, deploying Warlock Ransomware Patch swiftly. Monitor continuously. Stay secure. Full report here: loginsoft.com/reports/weekly… #Cybersecurity #LOVI #Loginsoft #Vulnerability #Intelligence #Threat #InfoSec #Microsoft #Cisco #Papercut #WordPress #WordFence #CISAKEV #EnemyBot #Mirai #Bashlite #Tsunami #BrickerBot #SharePoint #Storm2603 #WarlockRansomware #SAPNetWeaver #LinenTyphoon #Malware #APT

Summary of Today’s Cyber Attacks and DoS Activities (July 25, 2025) Based on the latest reports, here’s a concise overview of ongoing cyber threats, focused on key incidents. Ongoing Espionage and Targeted Attacks: • Russian aerospace and defense sectors hit by a new backdoor malware called EAGLET, aimed at intelligence gathering. • Chinese APT groups (e.g., Linen Typhoon/APT27 and Violet Typhoon/Storm-2603) exploiting Microsoft SharePoint zero-days, affecting over 400 global organizations in critical infrastructure. • State-sponsored actors like Patchwork (India-linked) and Fire Ant (possibly North Korea-linked) targeting Turkish and Russian defense via spear-phishing and virtualization exploits. Ransomware and Malware Campaigns: • Chaos RaaS group (possibly ex-BlackSuit members) launching big-game hunts with double extortion, using spam, social engineering, and data exfiltration tools. • Soco404 cryptomining campaign exploiting cloud vulnerabilities (Linux/Windows), hiding payloads in fake 404 pages on Google Sites. • New VoIP botnet expanding from rural New Mexico, targeting routers with default passwords and Telnet exploits, impacting IoT devices like Cambium networks. Denial of Service (DoS/DDoS) Incidents: • Moroccan Black Cyber Army claiming DDoS attacks on Algerian sites, including Akhbar Dzair, Gulf Bank Algérie, National Library of Algeria, Algeria-dz.com, and Plant Ecology Lab. • Thai and foreign hackers conducting ongoing DDoS against Cambodian websites. • Escalating DDoS threats to global ports (80% of world trade), involving Russian, Iranian, and Chinese state actors, ransomware groups, and hacktivists targeting vessel traffic and access systems. • Ransomware outfits like Storm-2603 and DragonForce incorporating DDoS in attacks on critical infrastructure. • Pay2Key.I2P RaaS (Tehran-linked) offering bonuses for attacks on U.S./Israeli targets, potentially including DDoS. Other Emerging Threats: • Cybercriminals using purchased malware to hit U.S./EU banks, governments, and corporations via initial access brokers. • Surge in crypto address poisoning attacks, with stolen funds up by $500K in recent weeks and incidents rising to 83.8M. • CISA warnings on hardware vulnerabilities in Honeywell, Medtronic, Mitsubishi, LG devices that could enable DoS. • Botnets (Mirai, Andoryu, EnemyBot) attacking GitLab and Eir D1000 routers; Mimo Loader exploiting Craft CMS for miners and proxyware. Stay vigilant—monitor CISA and threat intel sources for updates. #CyberSecurity #DDoS #Ransomware

𝗧𝗵𝗶𝘀 𝗪𝗲𝗲𝗸 𝗶𝗻 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 • CISA adds 8 new vulns to KEV - including Microsoft, SysAid, Fortinet & Chrome • Cisco ISE exploited via unauthenticated API flaws • Botnets like Mirai, Andoryu, EnemyBot hit GitLab, Eir D1000 routers • Chinese APTs linked to active exploits on SharePoint • Mimo Loader campaign targets Craft CMS via RCE to deploy miner & proxyware Secure swiftly. Monitor closely. Stay resilient. Check out the full report here: loginsoft.com/reports/weekly… #Cybersecurity #LOVI #Loginsoft #ThreatIntel #InfoSec #Vulnerabilities #CISAKEV #CraftCMS #SharePoint #ChinaAPT #EnemyBot #IoTBotnet #SysAid #CiscoISE #Androxgh0st #XMRig #Proxyjacking #APT27 #Storm2603 #MicrosoftSharePoint #LinenTyphoon #VioletTyphoon #Mimo

𝗧𝗵𝗶𝘀 𝗪𝗲𝗲𝗸 𝗼𝗻 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 • CISA adds Wing FTP vulnerability to its KEV • Active exploitations hit Chrome, Citrix, Zimbra and more • Botnets like Mirai & EnemyBot ramp up attacks on GitLab, IoT • UNC6148 deploys stealthy OVERSTEP backdoor on SonicWall EOL devices Secure swiftly. Monitor closely. Stay resilient. Check out the full report here: loginsoft.com/reports/weekly… #Cybersecurity #LOVI #Loginsoft #VulnerabilityIntelligence #ThreatIntel #InfoSec #Vulnerabilities #CISAKEV #Botnet #WingFTPServer #Google #Chrome #Zimbra #PHPMailer #RubyonRails #Andoryu #UNC6148 #SMA100 #SonicWall #OVERSTEP #Backdoor

Here's a breakdown of the latest developments that shaped this week's threat landscape: • CISA added five vulnerabilities to its KEV catalog • Botnet activity spiked, with EnemyBot, Androxgh0st, and Mirai exploiting flaws in GitLab, Cloud Gateway, PHP apps, and IoT devices like Eir D1000. • Espionage campaigns surged, as Fortinet exposed the RondoDox botnet, ASEC reported active GeoServer exploitation, and SentinelLabs detailed a China-linked PurpleHaze campaign using Ivanti, ConnectWise, and GeoTools vulnerabilities. Patch fast. Monitor actively. Stay ahead. Check out the full report here: loginsoft.com/reports/weekly… #Cybersecurity #LOVI #Vulnerability #Intelligence #ThreatIntel #InfoSec #CISAKEV #LookingGlass #PHPMailer #RubyOnRails #Zimbra #Malware #Fortinet #CyberEspionage #RondoDox #Botnet #TBKDVR #GeoServer #XMRig #Ivanti #ConnectWise #Mirai #Andoryu #Androxgh0st #EnemyBot #PurpleHaze #GoReShell #CitrixNetscaler

This Week in Cybersecurity • Four CISA KEV inclusions • Active exploitations reported in Citrix NetScaler • Botnet activity spiked, compromising exposed infrastructure across popular platforms • "LapDogs” espionage campaign hits over a thousand SOHO devices • Houken threat actor exploited Ivanti CSA zero-days Patch fast. Monitor actively. Stay ahead. Check out the report here: loginsoft.com/reports/weekly… #Cybersecurity #LOVI #Vulnerability #Intelligence #ThreatIntel #Malware #Threat #CISAKEV #Google #Chrome #ReliaQuest #Citrix #TeleMessage #TMSGNL #Mirai #EnemyBot #Androxgh0st #LapDogs #ShortLeash #Ivanti #Houken #ThreatActor #ShortLeash #Backdoor

𝗘𝘅𝗽𝗹𝗼𝗶𝘁𝘀 𝗘𝘀𝗰𝗮𝗹𝗮𝘁𝗲: 𝗞𝗘𝗩 𝗜𝗻𝗰𝗹𝘂𝘀𝗶𝗼𝗻𝘀, 𝗕𝗼𝘁𝗻𝗲𝘁 𝗔𝗰𝘁𝗶𝘃𝗶𝘁𝘆, 𝗮𝗻𝗱 𝗠𝗮𝗹𝘄𝗮𝗿𝗲 𝗖𝗮𝗺𝗽𝗮𝗶𝗴𝗻𝘀 𝗞𝗲𝘆 𝗵𝗶𝗴𝗵𝗹𝗶𝗴𝗵𝘁𝘀 𝗼𝗳 𝘁𝗵𝗲 𝘄𝗲𝗲𝗸: • CISA added 3 critical vulnerabilities to the KEV catalog • Active exploitations detected in Motors WordPress theme, Citrix NetScaler ADC/ Gateway and in Linksys E-Series routers. • Botnet activity spiked, with malware families like EnemyBot, Androxgh0st, and Mirai aggressively compromising exposed infrastructure across popular platforms. • APT Action: Salt Typhoon exploited Cisco IOS XE flaw, while TheMoon worm targeted Linksys routers. Meanwhile, vulnerability in FreeType was linked to Graphite spyware. Patch now. Monitor logs. Harden systems. Check out the full report here: loginsoft.com/reports/weekly… #Cybersecurity #LOVI #ActiveExploitation #Threats #Malware #CISAKEV #AMIMegaRAC #DLinkDIR #Botnets #Mirai #EnemyBot #Androxgh0st #TheMoon #Citrix #Fortinet #FortiOS #Spyware #MotorsTheme #WordFence #SaltTyphoon #Graphite #Cisco

The 5th week of May 2025, underscored a sharp rise in both financially motivated and state-sponsored attacks, exploiting critical vulnerabilities at scale. 𝗞𝗲𝘆 𝗵𝗶𝗴𝗵𝗹𝗶𝗴𝗵𝘁𝘀: • Craft CMS under active attack allowing threat actors to deploy cryptominers and proxyware • TI WooCommerce Wishlist Plugin suffers a critical unpatched file upload flaw • ASUS routers exploited to form “AyySSHush” botnet • Botnets like Mirai, EnemyBot, Andoryu, and Androxgh0st ramp up targeting Cloud Gateway, GitLab & IoT. • DragonForce launched a supply chain ransomware attack via SimpleHelp exploitation. • ViciousTrap compromised thousands of Cisco routers to build a honeypot-like surveillance network. • Threat actor “Mimo” leveraged Craft CMS flaws to install miners & proxyware. • China-linked UNC5221 exploited Ivanti EPMM, while UAT-6382 abused a Trimble Cityworks zero-day to infiltrate U.S. local governments. Don’t wait - patch, audit, and monitor before you become the next target. Check out the full report: loginsoft.com/reports/weekly… #Cybersecurity #Threatintelligence #LOVI #Botnets #ActiveExploitation #Andoryu #Androxgh0st #Ivanti #UNC5221 #UAT6382 #TrimbleCityWorks #Mimo #CraftCMS #ViciousTrap #DragonForce #Ransomware #SimpleHelp #Cryptomining #EnemyBot #Botnet #Asus #AyySSHush #WishlistPlugin #WordPress

just recently invented a guy. calling this one "haterbot" / "enemybot". he does not help you he deceives you and is evil. i hope you like him.

This week’s cyber threat landscape is dominated by rapid zero-day exploitation across major enterprise platforms: 𝗛𝗲𝗿𝗲’𝘀 𝘄𝗵𝗮𝘁 𝘆𝗼𝘂 𝗻𝗲𝗲𝗱 𝘁𝗼 𝗸𝗻𝗼𝘄: • 7 new vulnerabilities were added to CISA KEV, including 5 zero-days targeting Microsoft’s core systems for SYSTEM-level access • Fortinet patches an actively exploited zero-day affecting multiple products. • TeleMessage TM SGNL leak exposes sensitive plaintext archives, raising privacy alarms. • Google Chrome & Ivanti also face zero-day exploits • Botnets like Mirai, EnemyBot, Andoryu, and Androxgh0st ramp up targeting Cloud Gateway, GitLab & IoT. • Türkiye-linked espionage group Marbled Dust exploits a zero-day in Output Messenger for stealthy intrusions. • Mirai abuses flaw in MagicINFO 9 Server, triggering urgent Samsung patch. • Multiple threat actors actively exploiting a critical SAP NetWeaver vulnerability, attracting both cybercriminals and state-sponsored groups As threat actors pivot to zero-day exploits at scale, the ability to respond swiftly and build resilient, threat-aware infrastructure is more critical than ever. Check out the full report here: loginsoft.com/reports/weekly… #Cybersecurity #Threatintelligence #Botnets #Mirai #CISA #ActiveExploitation #Andoryu #Androxgh0st #Ransomwares #Microsoft #Windows #Samsung #SAPNetWeaver #TeleMessage #Ivanti #Fortinet #GoogleChrome

Recent exploitation patterns reveal a sharp shift toward targeting vulnerabilities in widely used business infrastructure. 𝗛𝗲𝗿𝗲’𝘀 𝘄𝗵𝗮𝘁 𝘆𝗼𝘂 𝗻𝗲𝗲𝗱 𝘁𝗼 𝗸𝗻𝗼𝘄: • Six vulnerabilities were recently added to the CISA KEV catalog, including two affecting end-of-life GeoVision IoT devices and one each in Commvault Command Center, Langflow, the Yii PHP Framework, and FreeType. • A vulnerability in Ottokit WordPress Plugin was rapidly weaponized by threat actors following its public disclosure. • Samsung MagicINFO 9 Server actively exploited to deploy Mirai malware • Botnets like Mirai, EnemyBot, Andoryu, and Androxgh0st ramp up targeting Cloud Gateway, GitLab & IoT • Play ransomware affiliates exploited a Windows CLFS vulnerability as a zero-day during a targeted attack on a U.S entity. • Discontinued GeoVision IoT devices were actively exploited to deliver Mirai malware. Update your systems quickly, isolate unsupported devices, and stay vigilant on exposed assets. Check out the full report here: loginsoft.com/reports/weekly… #Cybersecurity #Threatintelligence #Botnets #Mirai #CISA #ActiveExploitation #Andoryu #Androxgh0st #Commvault #Ransomwares #Microsoft #Windows #PlayRansomware #EOL #Samsung #Ottokit #WordPress

𝗪𝗲𝗲𝗸 𝗼𝗳 𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: 𝗛𝗶𝗴𝗵-𝗜𝗺𝗽𝗮𝗰𝘁 𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝗶𝗲𝘀 𝗮𝗻𝗱 𝗧𝗵𝗿𝗲𝗮𝘁 𝗧𝗿𝗲𝗻𝗱𝘀 𝗨𝗻𝗳𝗼𝗹𝗱 In a sharp escalation, this week’s threat landscape saw an uptick in active exploitation targeting core infrastructure Here’s what you need to know: • Commvault Web Server - Added to CISA KEV due to in-the-wild attacks. • Craft CMS - Hit by a chained attack targeting developer environments. • SonicWall SMA - Issued a critical alert following live exploitation of remote access vulnerabilities. • Botnets like Mirai, EnemyBot, Andoryu, and Androxgh0st ramp up targeting Cloud Gateway, GitLab & IoT • Attackers deployed DslogdRAT, a stealthy RAT built for persistence and evasion, by exploiting a flaw in Ivanti Connect Secure. In parallel, Fog Ransomware operators chained legacy Microsoft vulnerabilities to achieve full domain compromise. Threat actors are chaining legacy flaws with modern zero-days, actively exploiting both enterprise and IoT systems to maximize reach and control. Attackers Don’t Wait. Neither Should You!! Check out the full report here: loginsoft.com/reports/weekly… #Cybersecurity #Threatintelligence #Botnets #Microsoft #Mirai #CISA #ActiveExploitation #Andoryu #Androxgh0st #SonicWall #CraftCMS #FogRansomware #Commvault #Ransomwares #RAT #DslogdRAT

𝗧𝗵𝗶𝘀 𝘄𝗲𝗲𝗸 𝗶𝗻 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆: Active exploits, Growing botnets, and Nation-state actors Here’s what you need to know: • Active! mail & Brocade Fabric OS flaws exploited in the wild • Botnets like Mirai, EnemyBot, Andoryu, and Androxgh0st ramp up targeting Cloud Gateway, GitLab & IoT • Kimsuky’s Larva-24005 campaign resurfaces via RDP flaws • RustoBot targets TOTOLINK & DrayTek routers across Asia Past Fast! Monitor Faster!! For more details, check out the full report:loginsoft.com/reports/weekly… #Cybersecurity #Threatintelligence #Botnets #Microsoft #Mirai #Malware #Windows #ActiveExploitation #Andoryu #Androxgh0st #ActiveMail #Brocade #Kimsuky #Larva24005 #APTGroup