Meridiano
A critical vulnerability (CVE-2026-2329) in Grandstream's GXP1600 series VoIP phones allows unauthenticated attackers to gain root access and execute remote code, enabling call interception, toll fraud, and credential theft. The flaw, rated 9.3 in severity, highlights how VoIP infrastructure is often a neglected security risk in business environments. The article covers the technical details of the vulnerability, its discovery and patching timeline, and the broader security blind spot that VoIP systems represent for organizations.
Articles infosec
Showing articles 166 - 176 of 176 total (matching filters).
-
infosec 5 -
infosec 3The article describes how the author's personal experience with email bombing—used to hide fraudulent credit card applications—revealed a shared tactic with online harassment campaigns. Both exploit the human vulnerability of cognitive overload to overwhelm victims. The author argues that threat intelligence is fragmented, with fraud/security teams and platform trust/safety teams operating in separate silos despite facing similar attacks on human attention. The main topics covered are the technique of email bombing, the shared human vulnerabilities exploited across different threat types, and the lack of communication between different threat intelligence communities.
-
infosec 6A Chinese nation-state threat actor exploited a critical hard-coded credential vulnerability (CVE-2026-22769) in Dell's RecoverPoint for Virtual Machines since mid-2024. This allowed unauthorized root access to deploy malware, including the Grimbolt backdoor, and move laterally into VMware infrastructure. The flaw stemmed from default admin credentials left in a configuration file, representing a severe supply-chain risk. Dell has released a fixed version and a remediation script for affected customers. The incident highlights the persistent danger of hard-coded credentials in software products.
The main topics covered are: the exploitation of a critical Dell vulnerability by a China-nexus threat actor, the technical details and impact of the hard-coded credential flaw, the malware deployed, and the recommended remediation.
-
No Imageinfosec 5
The Kimwolf IoT botnet has been disrupting the I2P anonymizing network by attempting to join hundreds of thousands of infected devices as nodes, overwhelming the system in what is known as a Sybil attack. The botnet operators were reportedly trying to use I2P as a resilient command and control network to evade takedowns, not to intentionally crash it. The main topics covered are the Kimwolf botnet's characteristics, its impact on the I2P network, and the operators' motivations for targeting such networks.
-
No Imageinfosec 6
Microsoft released a security update patching over 50 vulnerabilities, including six actively exploited zero-days affecting Windows Shell, MSHTML, Microsoft Word, Windows Remote Desktop Services, and the Desktop Window Manager. The patches also address critical remote code execution flaws in AI-assisted developer tools like GitHub Copilot and various IDEs, stemming from prompt injection risks. Experts advise applying the updates promptly, testing them in enterprise environments, and maintaining backups due to the active threats.
-
No Imageinfosec 4
The cyber extortion gang Scattered Lapsus ShinyHunters (SLSH) uses aggressive harassment tactics, including threats, swatting, and media notification, to pressure victim companies into paying ransoms. Unlike more traditional ransomware groups, SLSH is an unreliable and fluid criminal operation with no history of honoring promises to delete stolen data after payment. A security expert warns that any engagement or payment only encourages further escalation, and the only effective response is a firm refusal to negotiate. The main topics covered are the gang's extortion methods, its distinct and untrustworthy nature compared to other cybercriminal groups, and the expert advice against compliance.
-
No Imageinfosec 5
The Kimwolf botnet operators have reportedly compromised the control panel of the Badbox 2.0 botnet, revealing user accounts linked to Chinese tech companies associated with Badbox's distribution. Both the FBI and Google are actively investigating the Badbox 2.0 operation, which involves millions of pre-infected Android TV boxes used for ad fraud and network intrusion. The main topics covered are the interconnection of the Kimwolf and Badbox 2.0 botnets, the ongoing law enforcement and legal actions against them, and the investigation into the entities behind the Badbox operation.
-
No Imageinfosec 6
A new IoT botnet named Kimwolf has infected over 2 million devices, primarily through compromised residential proxy networks. It forces these devices to conduct DDoS attacks and relay malicious traffic by scanning local networks for other vulnerable IoT systems, notably unofficial Android TV boxes. The botnet has surprisingly impacted corporate and government networks globally, with one security firm finding nearly 25% of its customers showed signs of related scanning activity. The main topics covered are the Kimwolf botnet's propagation method, its primary targets (residential proxies and Android TV boxes), and its significant prevalence within institutional networks.
-
No Imageinfosec 5
Microsoft released patches for at least 113 security vulnerabilities, including eight critical ones. A notable flaw, CVE-2026-20805, is already being actively exploited and undermines a core Windows security feature, despite its moderate official rating. The update also addresses critical remote code execution bugs in Microsoft Office and removes vulnerable legacy modem drivers that pose an ongoing risk. Security experts warn that the severity of some vulnerabilities is higher than their ratings suggest and emphasize rapid patching as the key mitigation. The main topics covered are the monthly security patch release, details on specific critical and exploited vulnerabilities, and the removal of risky legacy components.
-
No Imageinfosec 6
The Kimwolf botnet has infected over two million unofficial Android TV streaming boxes, forcing them into DDoS attacks and relaying malicious traffic for residential proxy services. Security firm XLab found definitive evidence linking Kimwolf to the earlier Aisuru botnet, sharing authors, operators, and infrastructure. The botnet's proxy traffic was directed through servers at Resi Rack LLC, a Utah-based hosting company whose co-founders were active in selling proxy services on Discord. Resi Rack stated it addressed the abuse upon notification, but evidence shows its infrastructure was used by Kimwolf for months. The main topics covered are the Kimwolf botnet's operations, its connection to Aisuru, and the involvement of the hosting provider Resi Rack.
-
No Imageinfosec 6
A major new botnet called Kimwolf has infected over 2 million devices globally by exploiting security flaws in unofficial Android TV boxes and digital photo frames. These devices, often pre-infected or requiring malware for use, are turned into residential proxy nodes, allowing the botnet to tunnel into supposedly secure home networks. The malware uses these compromised devices to conduct ad fraud, DDoS attacks, and other malicious traffic. The main topics covered are the Kimwolf botnet's scale and method of propagation, the role of compromised consumer devices (TV boxes and photo frames) in creating residential proxy networks, and the critical security vulnerabilities these devices introduce into home networks.