CyberNews: 11/10/2025 Edition

Published by Dunateo on 2025-10-11

Today’s roundup

  • DDoS Botnet Aisuru Blankets US ISPs in Record DDoS
  • More Than DoS (Progress Telerik UI for ASP.NET AJAX Unsafe Reflection CVE-2025-3600)
  • Juniper patched nine critical flaws in Junos Space
  • Chinese Hackers Use Velociraptor IR Tool in Ransomware Attacks
  • Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers
  • FBI takedown banner appears on BreachForums site as Scattered Spider promotes leak
  • Apple doubles maximum bug bounty to $2M for zero-click RCEs

    • Summary

    The Aisuru botnet has significantly escalated its DDoS attacks, now predominantly sourcing power from compromised IoT devices within major U.S. ISPs like AT&T, Comcast, and Verizon. On October 6, 2025, it launched a brief, record-shattering 29.6 Tbps attack, causing widespread disruption to gaming communities and leading some ISPs to withdraw service from affected customers. Aisuru's expansion is linked to exploiting Totolink router vulnerabilities and repurposing assets from the dismantled Rapper Bot.

    Cybersecurity researchers have detailed CVE-2025-3600, an unsafe reflection vulnerability in Progress Telerik UI for ASP.NET AJAX, a widely used library. While initially a DoS flaw, research demonstrates its potential for Remote Code Execution (RCE) in specific environments, as shown in a pre-authentication RCE chain against Sitecore Experience Platform. Affecting versions from 2011 to 2025, patches were released in April 2025, but adoption remains slow.

    Juniper Networks patched nearly 220 vulnerabilities, including nine critical flaws in Junos Space. Noteworthy is CVE-2025-59978 (CVSS 9.0), a critical Cross-Site Scripting (XSS) vulnerability in Junos Space versions prior to 24.1R4, which can lead to administrative compromise. Immediate patching is recommended despite no known active exploitation.

    The China-linked threat group Storm-2603 is abusing Velociraptor, a legitimate digital forensics and incident response (DFIR) tool, in ransomware attacks. This novel tactic allows them to achieve persistent access to victim networks by weaponizing defensive software.

    A new, active malware campaign called Stealit is leveraging Node.js' Single Executable Application (SEA) feature and the Electron framework for payload distribution. The malware is propagated through malicious game and VPN installers, as reported by Fortinet FortiGuard Labs.

    In a significant law enforcement effort, the FBI has placed a seizure notice on BreachForums, the cybercrime platform revived by Scattered Spider for data leaks related to their ongoing corporate extortion spree, particularly against Salesforce customers. This action impacts the group's infrastructure, though threats against victims persist.

    Apple has expanded its Security Bounty program, now offering up to $2 million for zero-click Remote Code Execution (RCE) vulnerabilities, with potential bonuses pushing total payouts over $5 million for iPhone exploits. The program covers more attack surfaces and introduces "Target Flags" for faster payouts, aiming to counter mercenary spyware development.

    Want to dig deeper?

    Vulnerabilities

    CVE-2025-3600 High
    CVE-2025-59978 Medium