In the dynamic realm of cybersecurity threats, the Raspberry Robin malware, also known as the QNAP worm, has recently escalated its menace by exploiting two new one-day vulnerabilities for local privilege escalation. Unveiled by Check Point in a recent report, these developments underscore the malware’s agility and sophistication. Originating in 2021 and attributed to the threat actor Storm-0856, Raspberry Robin acts as a prominent initial access facilitator for various malicious payloads, including ransomware. With ties to e-crime groups like Evil Corp and Silence, the malware employs a range of entry vectors, including infected USB drives. Check Point’s findings reveal the threat actors’ rapid adoption of new exploits, either procured externally or developed in-house, showcasing Raspberry Robin’s continual evolution and its capacity to exploit vulnerabilities before organizations can patch them.