⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos

Linux kernel vulnerabilities resurfaced this week, forcing organisations to revisit patching backlogs on systems they believed secure. Microsoft Defender zero-day flaws emerged, exposing a critical gap where the security product itself required urgent patching. Router botnets expanded their footprint through unpatched networking equipment, while supply chain attacks leveraged compromised development tools to distribute malware at scale.

The week revealed a pattern familiar to security teams: legacy systems running outdated software became entry points for attackers. Companies discovered forgotten servers and infrastructure components still connected to production networks, lacking patches released years ago. The discovery underscores how technical debt compounds across organisations, leaving attack surface area that grows invisibly over time.

Microsoft Defender vulnerabilities proved particularly problematic because security tools occupy trusted positions within enterprise networks. Flaws in endpoint protection software create dual damage. They expose the very systems designed to block threats while potentially invalidating previous threat detection and response assumptions.

Supply chain compromise through development tools represents an escalating pattern. Threat actors target software build pipelines, injecting malicious code upstream so distributions reach multiple organisations simultaneously. This approach bypasses perimeter defences entirely, leveraging trust relationships between vendors and customers.

Phishing campaigns demonstrated increased sophistication. Attackers moved away from obvious mass-market scams toward targeted attacks with contextual accuracy. These spear-phishing attempts exploit reconnaissance data gathered from previous breaches, job listings, and social engineering, creating convincing pretexts that bypass user awareness training.

Router botnet activity expanded through exploitation of unpatched firmware. Network equipment typically receives lower priority in patch management cycles than servers or endpoints, yet routers control traffic flows and can intercept, modify, or redirect data. Compromised routers become persistent network footholds that survive endpoint reimaging and OS reinstalls.

The week's incidents reveal organisations face mounting pressure across multiple attack vectors