Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog – Page 5

Get the latest international news and world events from around the world.

Log in for authorized contributors

Kimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS Attacks

A new distributed denial-of-service (DDoS) botnet known as Kimwolf has enlisted a massive army of no less than 1.8 million infected devices comprising Android-based TVs, set-top boxes, and tablets, and may be associated with another botnet known as AISURU, according to findings from QiAnXin XLab.

“Kimwolf is a botnet compiled using the NDK [Native Development Kit],” the company said in a report published today. “In addition to typical DDoS attack capabilities, it integrates proxy forwarding, reverse shell, and file management functions.”

The hyper-scale botnet is estimated to have issued 1.7 billion DDoS attack commands within a three-day period between November 19 and 22, 2025, around the same time one of its command-and-control (C2) domains – 14emeliaterracewestroxburyma02132[.]su – came first in Cloudflare’s list of top 100 domains, briefly even surpassing Google.

France arrests suspect tied to cyberattack on Interior Ministry

French authorities arrested a 22-year-old suspect on Tuesday for a cyberattack that targeted France’s Ministry of the Interior earlier this month.

In a statement issued by Public Prosecutor Laure Beccuau, officials said the suspected hacker was arrested on December 17, 2025, as part of an investigation into the attack.

“A person was arrested on December 17, 2025, as part of the investigation opened by the cybercrime unit of the Paris public prosecutor’s office, on charges including unauthorized access to an automated personal data processing system implemented by the State, committed by an organized group, following the cyberattack against the Ministry of the Interior,” reads the statement translated into English.

Amazon: Ongoing cryptomining campaign uses hacked AWS accounts

Amazon’s AWS GuardDuty security team is warning of an ongoing crypto-mining campaign that targets its Elastic Compute Cloud (EC2) and Elastic Container Service (ECS) using compromised credentials for Identity and Access Management (IAM).

The operation started on November 2nd and employed a persistence mechanism that extended mining operations and hindered incident responders.

The threat actor used a Docker Hub image that was created at the end of October and had more than 100,000 pulls.

WhatsApp device linking abused in account hijacking attacks

Threat actors are abusing the legitimate device-linking feature to hijack WhatsApp accounts via pairing codes in a campaign dubbed GhostPairing.

This type of attack does not require any authentication, as the victim is tricked into linking the attacker’s browser to a WhatsApp device.

By doing so, threat actors gain access to the full conversation history and shared media, and may leverage information to impersonate users or commit fraud.

Sonicwall warns of new SMA1000 zero-day exploited in attacks

SonicWall warned customers today to patch a vulnerability in the SonicWall SMA1000 Appliance Management Console (AMC) that was chained in zero-day attacks to escalate privileges.

According to SonicWall, this medium-severity local privilege escalation security flaw (CVE-2025–40602) was reported by Clément Lecigne and Zander Work of the Google Threat Intelligence Group, and doesn’t affect SSL-VPN running on SonicWall firewalls.

“SonicWall PSIRT strongly advises users of the SMA1000 product to upgrade to the latest hotfix release version to address the vulnerability,” the company said in a Wednesday advisory.

/* */