Threat actors are increasingly weaponizing Android and edge-connected devices as entry points and attack infrastructure, while simultaneously intensifying brute-force activity against exposed OT systems. A newly identified botnet, Kimwolf, has infected an estimated 1.8 million Android-powered devices, including smart TVs and set-top boxes, and is being actively used to conduct large-scale DDoS attacks. In parallel, the North Korea–linked threat group Kimsuky is spreading a fresh Android malware strain dubbed DocSwap through phishing infrastructure. Separately, research highlights a sharp concentration of malicious activity at the OT perimeter, with 67% of observed attacks targeting these devices, primarily through widespread SSH and Telnet brute-force attempts. Continue reading for more.
01
A new botnet named Kimwolf has compromised approximately 1.8 million Android-based devices, including TVs and set-top boxes, launching extensive DDoS attacks.
02
The North Korean hacking group Kimsuky is distributing a new Android malware variant, DocSwap, via phishing sites mimicking CJ Logistics, using QR codes and pop-ups to deceive users into installing malicious apps.
03
The GhostPairing campaign abuses WhatsApp’s device-linking feature by using social engineering, such as fake Facebook links sent from trusted contacts, to hijack user accounts without requiring authentication.
04
AWS GuardDuty has uncovered an active cryptomining campaign abusing compromised IAM credentials to exploit EC2 and ECS resources via malicious Docker Hub images and novel persistence techniques.
05
Phantom Stealer, a sophisticated malware that disguises itself as an Adobe installer, is targeting users to steal sensitive data such as passwords, browser cookies, credit card information, and cryptocurrency wallet credentials.
06
HMRC has warned UK taxpayers of a surge in scams ahead of the 31 January 2026 Self Assessment deadline, with over 135,500 reports involving fraudsters impersonating HMRC to steal personal and financial data or deploy malware.
07
Research by Forescout Vedere Labs found that 67% of malicious activity targeted OT perimeter devices, with SSH and Telnet brute-force attempts being the most common attack methods.
08
Chinese threat group, UAT-9686, is exploiting a critical zero-day vulnerability (CVE-2025-20393) in Cisco’s AsyncOS, affecting SEG and SEWM appliances that have non-standard configurations.
09
SonicWall has alerted customers to a zero-day vulnerability in its SMA1000 Appliance Management Console (AMC), identified as CVE-2025-40602, which allows local privilege escalation.
10
A critical vulnerability in React2Shell (CVE-2025-55182) has been exploited by a ransomware gang to gain rapid access to corporate networks, deploying file-encrypting malware within a minute.
