ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories

Weekly cybersecurity roundup covering 30+ events: 47 zero-days disclosed at Pwn2Own Berlin; multiple active malware families and campaigns (Gunra ransomware, PureLogs infostealer, Banana RAT, Premium Deception SMS fraud, TamperedChef trojanized apps, OrBit rootkit); supply-chain compromises (npm art-template, typosquat Go module); critical vulnerabilities including Composer token leak (CVE-2026-45793) and HPLIP RCE (CVE-2026-8631); cloud/identity breaches and abuse (Storm-2949 abusing SSPR, CISA GovCloud credential leak); AI-assisted intrusion campaigns against Latin American governments and financial institutions; large-scale fraud and card dumps; and ongoing ICS/OT targeting by Sandworm — the report highlights active exploitation, broad impact across sectors, and evolving attacker TTPs.