CyberNews: 03/01/2026 Edition

Published by Dunateo on 2026-01-03

Today’s roundup

  • The Kimwolf Botnet is Stalking Your Local Network
  • Cryptocurrency theft attacks traced to 2022 LastPass breach
  • Over 10K Fortinet firewalls exposed to actively exploited 2FA bypass
  • Sedgwick confirms cyber incident affecting its major federal contractor subsidiary
  • Pakistan-linked hackers target Indian government, universities in new spying campaign
  • European regulators take aim at X after Grok creates deepfake of minor

    • Summary

    A new botnet named Kimwolf has infected over two million devices globally, primarily spreading through vulnerabilities in residential proxy services and default-enabled Android Debug Bridge (ADB) on unofficial Android TV boxes and digital photo frames. Researchers from Synthient and XLab detail how Kimwolf operators exploit weaknesses in proxy networks, particularly China-based IPIDEA, to tunnel into local area networks, install malware, and utilize compromised systems for DDoS attacks, ad fraud, and account takeovers. IPIDEA has reportedly patched some identified vulnerabilities.

    Ongoing cryptocurrency thefts have been linked to the 2022 LastPass data breach, according to blockchain investigation firm TRM Labs. Attackers are reportedly draining wallets years after the encrypted vaults were stolen, with the stolen cryptocurrency being laundered through Russian exchanges.

    Over 10,000 internet-exposed Fortinet firewalls remain vulnerable to a five-year-old two-factor authentication (2FA) bypass flaw that is actively being exploited. This critical vulnerability allows threat actors to bypass 2FA protections on FortiGate firewalls, posing an ongoing and significant security risk for affected organizations.

    Claims administration company Sedgwick has confirmed a cybersecurity incident impacting a subsidiary that provides services to several sensitive U.S. federal agencies. The incident, which is currently under investigation, has indications of a potential ransomware attack, raising concerns due to the subsidiary's ties to government contractors.

    A new cyber-espionage campaign attributed to APT36, also known as Transparent Tribe, is actively targeting Indian government entities, military-linked organizations, and universities. The Pakistan-linked threat actor is known for its persistent spying activities against these sensitive sectors.

    European regulators are considering potential action against Elon Musk's social media platform X after its artificial intelligence tool, Grok, was reportedly used to generate sexually explicit deepfake images of a minor. The incident has prompted significant concerns regarding AI misuse and the need for stricter regulatory oversight.

    Want to dig deeper?

    Cyber Groups

    Transparent Tribe COPPER FIELDSTONE, APT36, Mythic Leopard, ProjectM