Weekly Threat Roundup: APTs, Zero-Days, and IoT Botnets

Cyber Threat Intelligence, in its latest roundup, highlighted a flurry of activity spanning sophisticated state-sponsored campaigns to widespread IoT botnet operations. Censys, for instance, uncovered over 5,200 devices vulnerable to attacks from Iranian APTs, with a significant concentration in the U.S. This isn’t just a numbers game; it speaks volumes about the persistent targeting of critical infrastructure and strategic assets by nation-state actors. Meanwhile, the GlassWorm malware continues to evolve, now leveraging a Zig dropper to compromise multiple developer tools. This particular vector is a nightmare, as it can inject malicious code directly into the software supply chain, affecting numerous downstream users.

The roundup also flagged a Marimo RCE (CVE-2026-39987) that was exploited mere hours after its disclosure—a stark reminder of how quickly threat actors weaponize new vulnerabilities. Furthermore, UAT-10362 has been linked to LucidRook attacks specifically targeting institutions in Taiwan, indicating a clear geopolitical motivation behind these campaigns. On the mobile front, a critical flaw in the EngageLab SDK has reportedly exposed private data from over 50 million Android devices, underscoring the pervasive risks in third-party mobile components. Even the crypto world isn’t safe, with a $3.6 million Bitcoin theft at Bitcoin Depot attributed to stolen credentials. These incidents, coupled with a Eurail data breach impacting nearly 309,000 individuals and an active Adobe Reader zero-day, paint a grim picture of the current threat landscape. To top it off, the Masjesu botnet is actively targeting IoT devices, effectively evading detection on high-profile networks—a classic move to build a massive attack surface under the radar.