The OSINT reports that a Mirai-based botnet variant named ShadowV2 is exploiting known vulnerabilities in widely deployed IoT devices across multiple countries and industries to build a DDoS-capable botnet, with recent activity during a global AWS outage assessed as a likely test run for future attacks.

The OSINT reports that North Korean state-sponsored operators are running the “Contagious Interview” campaign, using malicious npm packages, GitHub, and Vercel infrastructure, and the OtterCookie malware family to compromise blockchain and Web3 developers, exfiltrate credentials and wallet data, and remotely control infected systems for digital asset theft and espionage.

“Bloody Wolf” is actively expanding spear-phishing campaigns across Central Asia by impersonating Ministries of Justice and using custom JAR loaders to deploy the legitimate NetSupport RAT for persistent remote access and low-profile operations.

The OSINT reports that threat actors deploying Qilin ransomware are using a previously undocumented Windows malware packer, TangleCrypt, to hide and launch the STONESTOP EDR-killer with the ABYSSWORKER driver, using multi-layered encoding and flexible injection techniques but with implementation flaws that can cause crashes and reduce reliability.