Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Hybrid Botnet Threat and Apache Flaws Uncovered

Hybrid Botnet Threat and Apache Flaws Uncovered

Posted on April 9, 2026 By CWS

This week in cybersecurity, significant threats have emerged across various domains, with a focus on botnets, vulnerabilities, and cyber fraud. The evolving landscape highlights the importance of vigilance and proactive measures in securing sensitive systems and data.

Resilient Hybrid Botnet Emerges

Security researchers have identified a new strain of the notorious Phorpiex botnet, known for its sophisticated hybrid communication model. This latest version utilizes both traditional HTTP polling and a peer-to-peer protocol over TCP and UDP, ensuring its resilience against server disruptions. The botnet primarily aims to exploit cryptocurrency transactions, execute sextortion scams, and deploy ransomware like LockBit. Its worm-like properties enable it to spread via removable and network drives, posing a substantial risk to global cybersecurity.

With approximately 125,000 daily infections, the countries most affected include Iran, Uzbekistan, China, Kazakhstan, and Pakistan. Bitsight has noted Phorpiex’s evolution from a simple spam operation to a complex threat platform, underscoring its ongoing adaptability.

Apache Vulnerability Exploited After 13 Years

An alarming remote code execution (RCE) vulnerability in Apache ActiveMQ Classic, dormant for 13 years, has come to light. This flaw, identified as CVE-2026-34197, can be combined with another older vulnerability to bypass authentication and execute unauthorized commands. The issue, rated with a CVSS score of 8.8, allows attackers to manipulate management operations through the Jolokia API, posing significant security risks.

While the vulnerability requires credentials, default admin credentials are frequently used, making systems particularly susceptible. The vulnerability has been patched in ActiveMQ Classic versions 5.19.4 and 6.2.3, emphasizing the critical need for timely updates.

Cyber Fraud Incurs Substantial Losses

Cyber-enabled fraud continues to surge, with financial losses exceeding $17.7 billion in 2025. The Federal Bureau of Investigation (FBI) attributes nearly 85% of these losses to internet-enabled schemes. Cryptocurrency investment fraud emerged as a significant contributor, with $7.2 billion lost. Additionally, investment scams, business email compromises, and tech support scams collectively account for billions more in losses.

The emergence of 63 new ransomware variants in the past year has further exacerbated the financial toll, affecting critical sectors such as manufacturing, healthcare, and government operations.

AI-Driven DDoS Tactics Intensify

NETSCOUT reports over 8 million DDoS attacks globally in the latter half of 2025. These attacks have grown in sophistication, with the TurboMirai class of IoT botnets leading the charge. DDoS-for-hire services now leverage dark-web AI models, lowering the entry barrier for launching complex attacks.

Even inexperienced threat actors can now orchestrate sophisticated campaigns using natural language prompts, significantly increasing risks across industries worldwide.

Emerging Threats and Security Recommendations

From insider breaches at major tech companies to the abuse of SaaS platforms for phishing, the cybersecurity landscape is fraught with challenges. Organizations are urged to adopt robust security protocols, including FIDO2 authentication, regular audits, and vigilant monitoring of potential vulnerabilities.

As technology evolves, so do the methods employed by cybercriminals. Staying informed and proactive in implementing security measures is essential to mitigate these emerging threats effectively.

The Hacker News Tags:AI security, Android threats, Apache vulnerabilities, Botnet, cyber fraud, Cybersecurity, DDoS attacks, Linux vulnerability, Malware, remote code execution

Post navigation

Previous Post: Hackers Pose as Linux Leader on Slack to Target Developers
Next Post: Apple AI Security Breach Uncovered by Researchers

Related Posts

New “Cavalry Werewolf” Attack Hits Russian Agencies with FoalShell and StallionRAT New “Cavalry Werewolf” Attack Hits Russian Agencies with FoalShell and StallionRAT The Hacker News
Megalodon Campaign Targets Thousands of GitHub Repositories Megalodon Campaign Targets Thousands of GitHub Repositories The Hacker News
Microsoft Alerts on OAuth Redirect Exploitation in Phishing Attacks Microsoft Alerts on OAuth Redirect Exploitation in Phishing Attacks The Hacker News
Breaches Hidden, Attack Surfaces Growing, and AI Misperceptions Rising Breaches Hidden, Attack Surfaces Growing, and AI Misperceptions Rising The Hacker News
Self-Spreading ‘GlassWorm’ Infects VS Code Extensions in Widespread Supply Chain Attack Self-Spreading ‘GlassWorm’ Infects VS Code Extensions in Widespread Supply Chain Attack The Hacker News
Emerging Cyber Threats: OAuth Abuse and Beyond Emerging Cyber Threats: OAuth Abuse and Beyond The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Windows Update Installs LG App with McAfee Ads
  • QIZ Security Secures $17M for Cryptography Platform
  • UNC6692 Exploits Microsoft Teams for SNOW Malware Attack
  • UK Unveils Cybersecurity Strategy with AI Defense Initiative
  • GodDamn Ransomware Employs PoisonX to Bypass Security

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Windows Update Installs LG App with McAfee Ads
  • QIZ Security Secures $17M for Cryptography Platform
  • UNC6692 Exploits Microsoft Teams for SNOW Malware Attack
  • UK Unveils Cybersecurity Strategy with AI Defense Initiative
  • GodDamn Ransomware Employs PoisonX to Bypass Security

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark