Even your Android TV might be working undercover—as part of a massive botnet. A new Vo1d botnet variant has silently compromised 1.6 million Android TV devices across 226 countries, turning them into anonymous proxy nodes. Meanwhile, state-sponsored espionage is on the rise, with Lotus Blossom targeting government, telecom, and manufacturing sectors in the Philippines, Vietnam, Hong Kong, and Taiwan. Adding to the chaos, threat actors are leveraging GitHub repositories masquerading as game mods and cracked software to push Redox Stealer. Read on for more.
01
An investigation by Xlab found that a new Vo1d botnet variant has infected nearly 1.6 million Android TV devices in 226 countries, using these devices as part of anonymous proxy server networks.
02
Cisco Talos discovered cyber espionage campaigns by the Lotus Blossom group targeting government, manufacturing, telecommunications, and media sectors in the Philippines, Vietnam, Hong Kong, and Taiwan, delivering Sagerunex and other hacking tools.
03
Researchers warned of a malware campaign tricking victims through GitHub repositories disguised as game modifications and cracked software to distribute Redox Stealer.
04
The Belgian federal prosecutor’s office is probing a potential intrusion on its State Security Service (VSSE) by Chinese threat actors. The hackers allegedly gained access to the VSSE’s email server between 2021 and May 2023, stealing 10% of staff emails.
05
A likely supply chain attack has compromised 16 Chrome extensions, which were injected with obfuscated scripts designed to steal data, modify HTTP requests, and inject unauthorized ads.
06
A new scam targeting PayPal users has emerged, using Google search ads with crafted PayPal payment links. The scammers misuse PayPal’s “no-code checkout” feature to make fraudulent pages look real.
07
Cado Security Labs reported a malware campaign targeting the Royal Thai Police, linked to the Chinese APT group Mustang Panda. The campaign uses FBI-related documents as bait to deliver a shortcut file that activates the Yokai backdoor.
08
A critical account takeover vulnerability has been discovered in the Better Auth library, a popular TypeScript authentication framework. The vulnerability lies in the trustedOrigins protection feature, which can be abused to redirect users to malicious websites.
09
A new ransomware-as-a-service (RaaS) group called Anubis has appeared, using double extortion methods and operating through cybercrime forums like RAMP and XSS since at least November 2024.
10
The automated ransomware defense startup Mimic raised $50 million in its Series A funding round led by Ballistic Ventures.
