New, from me: Who Operates the Badbox 2.0 Botnet?
The cybercriminals in control of Kimwolf -- a disruptive botnet that has infected more than 2 million devices -- recently shared a screenshot indicating they'd compromised the control panel for Badbox 2.0, a vast China-based botnet powered by malicious software that comes pre-installed on many Android TV streaming boxes. Both the FBI and Google say they are hunting for the people behind Badbox 2.0, and thanks to bragging by the Kimwolf botmasters we may now have a much clearer idea about that.
https://krebsonsecurity.com/2026/01/who-operates-the-badbox-2-0-botnet/
#infosec #botnet #IoT #Android #Google #threatresearch
New, from me: The Kimwolf Botnet is Lurking in Corporate, Govt. Networks
A new Internet-of-Things botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and to relay other malicious and abusive Internet traffic. Kimwolf’s ability to scan the local networks of compromised systems for other IoT devices to infect makes it a sobering threat to organizations, and new research reveals Kimwolf is surprisingly prevalent in government and corporate networks.
https://krebsonsecurity.com/2026/01/kimwolf-botnet-lurking-in-corporate-govt-networks/
#botnet #infosec #IoT #DDoS #threatresearch #malware
New, by me:
Our first story of 2026 revealed how a destructive new botnet called Kimwolf has infected more than two million devices by mass-compromising a vast number of unofficial Android TV streaming boxes. Today, we’ll dig through digital clues left behind by the hackers, network operators and services that appear to have benefitted from Kimwolf’s spread.
https://krebsonsecurity.com/2026/01/who-benefited-from-the-aisuru-and-kimwolf-botnets/
For part one in this series, check out:
https://krebsonsecurity.com/2026/01/the-kimwolf-botnet-is-stalking-your-local-network/
I'm pretty sure Mastodon is the first social network I've been on that didn't immediately ask me to betray all of the people in my address book.
We knew this was coming, but now the clock is running. From Privacy International:
"Yesterday the Trump Administration announced a proposed change in policy for travellers to the U.S. It applies to the powers of data collection by the Customs and Border Police (CBP)."
"If the proposed changes are adopted after the 60-day consultation, then millions of travellers to the U.S. will be forced to use a U.S. government mobile phone app, submit their social media from the last five years and email addresses used in the last ten years, including of family members. They’re also proposing the collection of DNA."
PI linked to and summarized a Federal Register entry describing the proposed requirements:
-All visitors must submit ‘their social media from the last 5 years’
-ESTA (Electronic System for Travel Authorization) applications will include ‘high value data fields’, ‘when feasible’
‘telephone numbers used in the last five years’
-‘email addresses used in the last ten years’
-‘family number telephone numbers (sic) used in the last five years’
-biometrics – face, fingerprint, DNA, and iris
-business telephone numbers used in the last five years
-business email addresses used in the last ten years.
https://www.privacyinternational.org/news-analysis/5713/trump-administration-wants-your-dna-and-social-media
The Federal Register entry says comments are encouraged and
must be submitted (no later than February 9, 2026) to be assured of consideration.
Federal Register entry: https://www.govinfo.gov/content/pkg/FR-2025-12-10/pdf/2025-22461.pdf
I feel for anyone in the travel, tourism and hospitality industries, which make up ~ 10M jobs and ~ 3 percent of the nation's GDP. From the U.S. International Trade Administration (trade.gov)
"Inbound international travel to the United States plays a vital role in the Nation’s economy and promotes cultural exchange and understanding. Travel and tourism is the largest single services export for the United States, accounting for 22 percent of the country’s services exports and 7 percent of all exports in 2023. The travel and tourism industry contributed $2.3 trillion to the U.S. economy in 2022 (2.97 percent of the country’s GDP), supporting 9.5 million jobs."
We knew this was coming, but now the clock is running. From Privacy International:
"Yesterday the Trump Administration announced a proposed change in policy for travellers to the U.S. It applies to the powers of data collection by the Customs and Border Police (CBP)."
"If the proposed changes are adopted after the 60-day consultation, then millions of travellers to the U.S. will be forced to use a U.S. government mobile phone app, submit their social media from the last five years and email addresses used in the last ten years, including of family members. They’re also proposing the collection of DNA."
PI linked to and summarized a Federal Register entry describing the proposed requirements:
-All visitors must submit ‘their social media from the last 5 years’
-ESTA (Electronic System for Travel Authorization) applications will include ‘high value data fields’, ‘when feasible’
‘telephone numbers used in the last five years’
-‘email addresses used in the last ten years’
-‘family number telephone numbers (sic) used in the last five years’
-biometrics – face, fingerprint, DNA, and iris
-business telephone numbers used in the last five years
-business email addresses used in the last ten years.
https://www.privacyinternational.org/news-analysis/5713/trump-administration-wants-your-dna-and-social-media
The Federal Register entry says comments are encouraged and
must be submitted (no later than February 9, 2026) to be assured of consideration.
Federal Register entry: https://www.govinfo.gov/content/pkg/FR-2025-12-10/pdf/2025-22461.pdf
New, from me: Who Operates the Badbox 2.0 Botnet?
The cybercriminals in control of Kimwolf -- a disruptive botnet that has infected more than 2 million devices -- recently shared a screenshot indicating they'd compromised the control panel for Badbox 2.0, a vast China-based botnet powered by malicious software that comes pre-installed on many Android TV streaming boxes. Both the FBI and Google say they are hunting for the people behind Badbox 2.0, and thanks to bragging by the Kimwolf botmasters we may now have a much clearer idea about that.
https://krebsonsecurity.com/2026/01/who-operates-the-badbox-2-0-botnet/
#infosec #botnet #IoT #Android #Google #threatresearch
New, from me: The Kimwolf Botnet is Lurking in Corporate, Govt. Networks
A new Internet-of-Things botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and to relay other malicious and abusive Internet traffic. Kimwolf’s ability to scan the local networks of compromised systems for other IoT devices to infect makes it a sobering threat to organizations, and new research reveals Kimwolf is surprisingly prevalent in government and corporate networks.
https://krebsonsecurity.com/2026/01/kimwolf-botnet-lurking-in-corporate-govt-networks/
#botnet #infosec #IoT #DDoS #threatresearch #malware
New, by me:
Our first story of 2026 revealed how a destructive new botnet called Kimwolf has infected more than two million devices by mass-compromising a vast number of unofficial Android TV streaming boxes. Today, we’ll dig through digital clues left behind by the hackers, network operators and services that appear to have benefitted from Kimwolf’s spread.
https://krebsonsecurity.com/2026/01/who-benefited-from-the-aisuru-and-kimwolf-botnets/
For part one in this series, check out:
https://krebsonsecurity.com/2026/01/the-kimwolf-botnet-is-stalking-your-local-network/
New, by me: The Kimwolf Botnet is Stalking Your Local Network
Today's story is a long overdue series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been exploited for months already, and it’s time for a broader awareness of the threat. The short version is that everything you thought you knew about the security of the internal network behind your Internet router probably is now dangerously out of date.
https://krebsonsecurity.com/2026/01/the-kimwolf-botnet-is-stalking-your-local-network/
The CEO of The Onion set the publication's goal for 2026 to have more subscribers than The Washington Post. At the rate the latter is going, that won't take long.
"For reasons we don't like or understand, our work has become increasingly important."
"Look, we're an independent company, we don't use AI to write headlines and make art, and we're one of roughly three publications who are up for the fight. Unlike other places, The Onion is quadrupling down on being a pain in the ass, politically. Are you?
https://www.linkedin.com/posts/ben-collins-28263a52_its-been-a-big-year-for-us-at-the-onion-ugcPost-7400218696058810368-7nVB?utm_source=share&utm_medium=member_desktop&rcm=ACoAAAAliaMB3BQO-WOS-eUh-XU4HAd5h8pTzkI
Scoopy, new, by me:
Meet Rey, the Admin of 'Scattered Lapsus$ Hunters'
"A prolific cybercriminal group that calls itself "Scattered LAPSUS$ Hunters" made headlines regularly this year by stealing data from and publicly mass extorting dozens of major corporations. But the tables seem to have turned somewhat for "Rey," the moniker chosen by the technical operator and public face of the hacker group: Earlier this week, Rey confirmed his real life identity and agreed to an interview after KrebsOnSecurity tracked him down and contacted his father."
https://krebsonsecurity.com/2025/11/meet-rey-the-admin-of-scattered-lapsus-hunters/
New, by me: Is your Android TV streaming box part of a botnet?
"On the surface, the Superbox media streaming devices for sale at retailers like BestBuy and Walmart may seem like a steal: They offer unlimited access to more than 2,200 pay-per-view and streaming services like Netflix, ESPN and Hulu, all for a one-time fee of around $400. But security experts warn these TV boxes require intrusive software that forces the user’s network to relay Internet traffic for others, traffic that is often tied to cybercrime activity such as advertising fraud and account takeovers."
The story looks closely at what Superbox is, how it operates, and what it appears to do on the sly. Spoiler: A Censys researcher found that installing the apps that allow these channels to stream enrolls the user's IP in a residential proxy service, and that these devices include powerful network discovery and remote access tools like Tcpdump and Netcat.
Overall, the Superbox is just one brand in an ocean of no-name Android-based TV boxes that are widely available and that either come pre-infected with malware or require malicious apps to use.
https://krebsonsecurity.com/2025/11/is-your-android-tv-streaming-box-part-of-a-botnet/
New, by me: Mozilla Says It's Finally Done with Two-Faced Onerep
In March 2024, Mozilla said it was winding down its collaboration with Onerep — an identity protection service offered with the Firefox web browser that promises to remove users from hundreds of people-search sites — after KrebsOnSecurity revealed Onerep’s founder had created dozens of people-search services and was continuing to operate at least one of them. Sixteen months later, however, Mozilla is still promoting Onerep. This week, Mozilla announced its partnership with Onerep will officially end next month.
https://krebsonsecurity.com/2025/11/mozilla-says-its-finally-done-with-two-faced-onerep/
BrianKrebs