news
Security Leftovers
-
LWN ☛ Security updates for Monday
Security updates have been issued by AlmaLinux (gimp, glib2, go-toolset:rhel8, golang, java-17-openjdk, java-21-openjdk, kernel, net-snmp, pcs, and thunderbird), Debian (apache2, imagemagick, incus, inetutils, libuev, openjdk-17, php7.4, python3.9, shapelib, taglib, and zvbi), Fedora (mingw-glib2, mingw-harfbuzz, mingw-libsoup, mingw-openexr, pgadmin4, python3.11, python3.12, python3.9, and wireshark), Gentoo (Asterisk, Commons-BeanUtils, GIMP, inetutils, and Vim, gVim), Mageia (kernel), Oracle (glib2, java-17-openjdk, java-21-openjdk, and libpng), Red Hat (java-17-openjdk, java-21-openjdk, kernel, and kernel-rt), SUSE (azure-cli-core, bind, buildah, chromium, coredns, glib2, harfbuzz, kernel, kernel-firmware, libheif, libvirt, openCryptoki, openvswitch, podman, python, python-urllib3, rabbitmq-server, and vlang), and Ubuntu (cjson).
-
Scoop News Group ☛ CISA publishes a post-quantum shopping list for agencies. Security professionals aren’t sold
A guide aims to help tech buyers navigate their switch to post-quantum encryption, but experts cautioned that most products and backend internet protocols have yet to be updated.
-
Security Week ☛ 2024 VMware Flaw Now in Attackers’ Crosshairs
The critical-severity vulnerability can be exploited via crafted network packets for remote code execution.
-
Security Week ☛ Access System Flaws Enabled Hackers to Unlock Doors at Major European Firms
More than 20 vulnerabilities were found and patched in Dormakaba physical access control systems.
-
Security Week ☛ ‘Stanley’ Malware Toolkit Enables Phishing via Website Spoofing
Priced $2,000 - $6,000 on a cybercrime forum, the MaaS toolkit promises publication on the Chrome Web Store.
-
Federal News Network ☛ The federal government ignored a cybersecurity warning for 13 years. Now hackers are exploiting the gap.
With malicious Hey Hi (AI) tools at their fingertips, adversaries (and their tactics) are becoming increasingly sophisticated — and more challenging to detect.
-
Devices/Embedded
-
eSecurity Planet ☛ 2M Devices at Risk as Kimwolf Botnet Abuses Proxy Networks
Many unsanctioned Android TV boxes and similar devices ship with ADB enabled by default.
ADB listens on port 5555 and accepts unauthenticated connections, allowing attackers to gain administrative control with a single command.
-
Security Affairs ☛ Massive Android botnet Kimwolf infects millions, strikes with DDoS
The Kimwol Android botnet primarily targets TV boxes, compiled using the NDK and equipped with DDoS, proxy forwarding, reverse shell, and file management functions. It encrypts sensitive data with a simple Stack XOR, uses DNS over TLS to hide communication, and authenticates C2 commands with elliptic curve digital signatures. Recent versions even incorporate EtherHiding to resist takedowns via blockchain domains.
-
Scoop News Group ☛ Kimwolf botnet’s swift rise to 2M infected devices agitates security researchers
The Kimwolf botnet, which splintered off from the record-setting Aisuru DDoS botnet in August, gained the widespread attention of security researchers when it temporarily claimed the top spot in Cloudflare’s global domain rankings in late October 2025.
Within weeks it spread like a wildfire, eventually taking over more than 2 million unofficial Android TV devices, according to Synthient, after its operators figured out how to abuse residential proxy networks for local control.
-