Cyware Daily Threat Intelligence, December 03, 2025

Web3 developers are being targeted by a wolf in sheep's clothing hiding within the Rust ecosystem. A malicious package named evm-units was discovered on crates[.]io, masquerading as an Ethereum helper tool to deploy OS-specific malware on Windows, macOS, and Linux systems.

A new digital titan has risen, shattering records with a terrifying 29.7Tbps DDoS attack. The Aisuru botnet has emerged as a premier botnet-for-hire, leveraging millions of compromised devices to hammer the gaming and telecommunications sectors. This hyper-volumetric threat has grown rapidly, launching over 1,300 attacks in just three months.

The very tool designed to keep Python models safe has been found to be full of holes. Three critical vulnerabilities have been discovered in Picklescan, a security scanner for pickle files, that allow attackers to bypass detection using simple tricks like changing file extensions or exploiting CRC errors.

Top Malware Reported in the Last 24 Hours

Malicious Rust package targets Web3

A malicious Rust package named evm-units has been discovered, capable of targeting Windows, macOS, and Linux systems while masquerading as an Ethereum Virtual Machine (EVM) helper tool. Uploaded to crates.io in April 2025, it garnered over 7,000 downloads before being removed. The malware checks for Qihoo 360 antivirus and executes OS-specific payloads to gain control of developer machines. On Linux, it downloads and runs a script, while on macOS, it uses osascript to execute a file. For Windows, it saves a PowerShell script in the temp directory and alters its execution based on the antivirus detection. 

Aisuru botnet sets record DDoS attack

The Aisuru botnet has emerged as a significant threat, launching over 1,300 DDoS attacks in just three months, including a record peak of 29.7 Tbps. This botnet-for-hire service operates using millions of compromised routers and IoT devices worldwide, allowing cybercriminals to rent its capabilities for malicious purposes. The massive DDoS attacks have severely impacted various sectors, including gaming, telecommunications, and financial services, with the potential to disrupt internet service providers even when they are not direct targets. Notably, hyper-volumetric attacks have surged, with incidents exceeding 1Tbps more than doubling quarter-over-quarter.

Top Vulnerabilities Reported in the Last 24 Hours

Critical bugs spotted in Picklescan

Three critical vulnerabilities were discovered in Picklescan, a security scanner for Python pickle files, allowing malicious actors to execute arbitrary code by bypassing its detection mechanisms. The vulnerabilities (CVE-2025-10155, CVE-2025-10156, CVE-2025-10157) include file extension bypass, CRC error exploitation, and unsafe globals check circumvention, enabling attackers to execute malicious code and potentially launch supply chain attacks. A separate vulnerability (CVE-2025-46417) was found, allowing malicious pickle files to exfiltrate sensitive information via DNS, exploiting legitimate Python modules like linecache and ssl.

Longwatch vulnerability allows RCE

A critical remote code execution vulnerability, identified as CVE-2025-13658, affects Industrial Video & Control’s Longwatch video surveillance system, allowing unauthenticated attackers to execute arbitrary code with SYSTEM-level privileges. This flaw arises from improper control over code generation and can be exploited through unauthenticated HTTP GET requests. It impacts Longwatch versions 6.309 to 6.334 and carries a high CVSS v3.1 score of 9.8, indicating its severe nature. The vulnerability poses significant risks to critical infrastructure sectors, including Energy, Water, and Wastewater Systems, with deployments worldwide. The absence of code signing and execution controls in the affected versions enables attackers to compromise the entire surveillance infrastructure without proper validation. As of now, no public exploitation has been reported.