Ruh roh. That feeling when you get the Google "we detected unusual activity from your computer or network" page and wonder if some IoT device on your network got popped...
Anyone know how to scan my network for #Kimwolf? (I don't THINK I have any old Android TVs but it's the big one of the moment I'm aware of...)
New, from me: Who Operates the Badbox 2.0 Botnet?
The cybercriminals in control of Kimwolf -- a disruptive botnet that has infected more than 2 million devices -- recently shared a screenshot indicating they'd compromised the control panel for Badbox 2.0, a vast China-based botnet powered by malicious software that comes pre-installed on many Android TV streaming boxes. Both the FBI and Google say they are hunting for the people behind Badbox 2.0, and thanks to bragging by the Kimwolf botmasters we may now have a much clearer idea about that.
https://krebsonsecurity.com/2026/01/who-operates-the-badbox-2-0-botnet/
New, from me: Who Operates the Badbox 2.0 Botnet?
The cybercriminals in control of Kimwolf -- a disruptive botnet that has infected more than 2 million devices -- recently shared a screenshot indicating they'd compromised the control panel for Badbox 2.0, a vast China-based botnet powered by malicious software that comes pre-installed on many Android TV streaming boxes. Both the FBI and Google say they are hunting for the people behind Badbox 2.0, and thanks to bragging by the Kimwolf botmasters we may now have a much clearer idea about that.
https://krebsonsecurity.com/2026/01/who-operates-the-badbox-2-0-botnet/
New, from me: The Kimwolf Botnet is Lurking in Corporate, Govt. Networks
A new Internet-of-Things botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and to relay other malicious and abusive Internet traffic. Kimwolf’s ability to scan the local networks of compromised systems for other IoT devices to infect makes it a sobering threat to organizations, and new research reveals Kimwolf is surprisingly prevalent in government and corporate networks.
https://krebsonsecurity.com/2026/01/kimwolf-botnet-lurking-in-corporate-govt-networks/
New, from me: The Kimwolf Botnet is Lurking in Corporate, Govt. Networks
A new Internet-of-Things botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and to relay other malicious and abusive Internet traffic. Kimwolf’s ability to scan the local networks of compromised systems for other IoT devices to infect makes it a sobering threat to organizations, and new research reveals Kimwolf is surprisingly prevalent in government and corporate networks.
https://krebsonsecurity.com/2026/01/kimwolf-botnet-lurking-in-corporate-govt-networks/
Ruh roh. That feeling when you get the Google "we detected unusual activity from your computer or network" page and wonder if some IoT device on your network got popped...
Anyone know how to scan my network for #Kimwolf? (I don't THINK I have any old Android TVs but it's the big one of the moment I'm aware of...)
Cloudflare Scrubs Aisuru Botnet from Top Domains List
https://krebsonsecurity.com/2025/11/cloudflare-scrubs-aisuru-botnet-from-top-domains-list/
#HackerNews #Cloudflare #Aisuru #Botnet #Cybersecurity #Domain #Security #Technology #News
USA: Verkaufsverbot für TP-Link-Router wird immer wahrscheinlicher
Das US-Handelsministerium schlägt ein Verkaufsverbot für TP-Link-Router vor. Mehrere Bundesbehörden sehen ein Sicherheitsrisiko durch Verbindungen nach China.
#Botnet #Cybersecurity #Microsoft #Netzpolitik #Router #Security #Sicherheitslücken #news
USA: Verkaufsverbot für TP-Link-Router wird immer wahrscheinlicher
Das US-Handelsministerium schlägt ein Verkaufsverbot für TP-Link-Router vor. Mehrere Bundesbehörden sehen ein Sicherheitsrisiko durch Verbindungen nach China.
#Botnet #Cybersecurity #Microsoft #Netzpolitik #Router #Security #Sicherheitslücken #news
Happy "Logging in as users -, [ and $ day" to all who celebrate:
Jul 19 02:02:12 portal sshd-session[88959]: Failed password for invalid user - from 152.42.130.79 port 33738 ssh2
Jul 19 03:00:14 portal sshd-session[79691]: Failed password for invalid user [ from 152.42.130.79 port 41708 ssh2
Jul 19 03:58:56 portal sshd-session[6194]: Failed password for invalid user $ from 152.42.130.79 port 55398 ssh2
#ssh #passwordgroping #security #passwords #cybercrime #botnet
Happy "Logging in as users -, [ and $ day" to all who celebrate:
Jul 19 02:02:12 portal sshd-session[88959]: Failed password for invalid user - from 152.42.130.79 port 33738 ssh2
Jul 19 03:00:14 portal sshd-session[79691]: Failed password for invalid user [ from 152.42.130.79 port 41708 ssh2
Jul 19 03:58:56 portal sshd-session[6194]: Failed password for invalid user $ from 152.42.130.79 port 55398 ssh2
#ssh #passwordgroping #security #passwords #cybercrime #botnet
Website owner? Not keen on the Mellowtel browser library building a botnet of untraceable scrapers from unwitting users who are using a browser plugin that contains Mellowtel? I've raised a GitHub issue for them to explain how much contempt they have for our consent. Join in, politely, make them look like the jerks they are. https://github.com/mellowtel-inc/mellowtel-js/issues/41
Website owner? Not keen on the Mellowtel browser library building a botnet of untraceable scrapers from unwitting users who are using a browser plugin that contains Mellowtel? I've raised a GitHub issue for them to explain how much contempt they have for our consent. Join in, politely, make them look like the jerks they are. https://github.com/mellowtel-inc/mellowtel-js/issues/41
