ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories

Attackers this week exploited trusted infrastructure rather than targeting novel vulnerabilities. A leaked authentication token facilitated unauthorized access, while a malicious software package bypassed detection through legitimate supply chains. Social engineering campaigns succeeded through login manipulation tactics. Notably, dormant attack tools resurface in active campaigns, indicating attackers recycle proven techniques against organizations with incomplete detection capabilities.

The threat pattern reveals a shift in attacker methodology. Rather than pursuing zero-day exploits or sophisticated malware development, threat actors prioritize compromising existing trust relationships. Linux rootkits persist in targeting infrastructure. Unpatched router vulnerabilities enable network-wide compromise. AI-powered intrusion vectors expand reconnaissance and lateral movement capabilities. Scam kit distribution networks proliferate across underground forums.

Organizations face escalating risk from supply chain contamination. Legitimate package repositories, software updates, and cloud service integrations now serve as infection vectors. Attackers blend into normal operational activity. A compromised update delivers rootkit functionality. A trusted vendor account distributes malware. Support chat systems enable credential harvesting without triggering traditional alerts.

The 25 stories tracked this week span multiple attack categories: authentication bypass, dependency injection, cloud misconfiguration, and social engineering. Common thread connects them. Each exploits assumed trustworthiness. Each bypasses perimeter defenses by operating within the envelope of normal business processes.

Detection becomes harder. Security teams cannot simply block suspicious traffic or flag unusual binaries when attacks arrive through trusted channels with valid signatures. This requires shifting from perimeter-focused defense to continuous verification of software provenance, stricter authentication controls, and behavioral anomaly detection within trusted systems.

Organizations should prioritize supply chain security assessments, implement software bill of materials tracking, enforce code signing verification, and isolate critical systems from automatic update mechanisms pending security review. The attackers winning this week are not the most sophisticated. They are the most patient