-
A new Internet-of-Things botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and to relay other malicious and abusive Internet traffic. Kimwolf’s ability to scan the local networks of compromised systems for other IoT devices to infect makes it a sobering threat to organizations, and new research reveals Kimwolf is surprisingly prevalent in government and corporate networks.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. Eight of the vulnerabilities earned Microsoft’s most-dire “critical” rating, and the company warns that attackers are already exploiting one of the bugs fixed today.
·
Adam Barnett, Chris Goettl, CVE-2023-31096, CVE-2026-0628, CVE-2026-0891, CVE-2026-0892, CVE-2026-20805, CVE-2026-20952, CVE-2026-20953, CVE-2026-21265, Desktop Window Manager, Immersive, Ivanti, Kev Breen, Latest Warnings, Microsoft Office, Microsoft Patch Tuesday January 2026, Rapid7, The Coming Storm, Time to Patch¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The story you are reading is a series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been exploited for months already, and it’s time for a broader awareness of the threat. The short version is that everything you thought you knew about the security of the internal network behind your Internet router probably is now dangerously out of date.
·
911s5, 922 Proxy, A Little Sunshine, Aisuru, AISURU Botnet, Akamai Technologies, Android Debug Bridge, BadBox 2.0, Ben Brundage, Chad Seaman, DDoS-for-Hire, HUMAN Security, IPidea, Kimwolf, Kimwolf botnet, krebsfiveheadindustries, Latest Warnings, Lindsay Kaye, Oxylabs, Quokka, residential proxy, Riley Kilmer, Spur, Synthient, Uhale app, Web Fraud 2.0, XLab¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Trump administration has pursued a staggering range of policy pivots this past year that threaten to weaken the nation’s ability and willingness to address a broad spectrum of technology challenges, from cybersecurity and privacy to countering disinformation, fraud and corruption. These shifts, along with the president’s efforts to restrict free speech and freedom of the press, have come at such a rapid clip that many readers probably aren’t even aware of them all.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Direct navigation — the act of visiting a website by manually typing a domain name in a web browser — has never been riskier: A new study finds the vast majority of “parked” domains — mostly expired or dormant domain names, or common misspellings of popular websites — are now configured to redirect visitors to sites that foist scams and malware.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft today pushed updates to fix at least 56 security flaws in its Windows operating systems and supported software. This final Patch Tuesday of 2025 tackles one zero-day bug that is already being exploited, as well as two publicly disclosed vulnerabilities.
·
Adam Barnett, Ari Marzuk, CVE-2025-10573, CVE-2025-54100, CVE-2025-59516, CVE-2025-59517, CVE-2025-62221, CVE-2025-62458, CVE-2025-62470, CVE-2025-62472, CVE-2025-62554, CVE-2025-62557, CVE-2025-64671, IDEsaster, Immersive, Kev Breen, Latest Warnings, Microsoft Office, Microsoft Outlook, Rapid7, Satnam Narang, Tenable, The Coming Storm, Time to Patch, Windows Cloud Files Mini Filter Driver, Windows Powershell¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping season: Phishing kits for mass-creating fake but convincing e-commerce websites that convert customer payment card data into mobile wallets from Apple and Google. Experts say these same phishing groups also are now using SMS lures that promise unclaimed tax refunds and mobile rewards points.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
