Daily Security Briefing #123

Daily Security Briefing #123

Table of Contents

January 5, 2026 | Read Online

Largest darknet markets on Telegram, FortiWeb exploited for Sliver C2 persistence, Kimwolf Android botnet hits 2 million devices

Executive Summary

Cybercriminal activity continues to evolve rapidly, with the largest Chinese darknet markets now thriving on Telegram despite recent platform bans. Attackers are exploiting outdated FortiWeb web application firewalls worldwide to deploy the Sliver command-and-control framework, enabling persistent covert access. Android malware also remains a significant threat, as the Kimwolf botnet has infected over two million devices using exposed ADB and proxy networks. Meanwhile, AI infrastructure security gains prominence, with growing attacks targeting generative AI systems. Privacy-focused mobile OS configurations and an alarming broadband infrastructure breach further highlight the multi-faceted risks organizations face today.

Top Articles

Metasploit 2025 Annual Wrap-Up
The Metasploit Framework community reflects on another active year of contributions and developments in 2025. This annual review highlights the steady progress driven by dedicated contributors who enhance the platform’s capabilities in penetration testing and exploit development. The ongoing community commitment remains central to Metasploit’s success.
Rapid7

Telegram Hosting World’s Largest Darknet Market
Chinese-speaking crypto scammers have established the largest darknet marketplaces on Telegram, surpassing previous platforms despite bans earlier in 2025. According to a report from Elliptic analyzed by Wired, marketplaces Tudou Guarantee and Xinbi now dominate the ecosystem. This growth underscores Telegram’s persistent role in facilitating illicit crypto trade.
Schneier

Check Point Secures AI Factories with NVIDIA
With AI adoption booming, cybersecurity for AI pipelines is critical. Check Point and NVIDIA emphasize protecting AI infrastructure from prompt manipulation and attacks, which 32% of organizations have already faced. Strengthening defenses around generative AI helps guard against emerging adversarial techniques targeting these systems.
Checkpoint

Attackers Leverage FortiWeb Vulnerabilities to Deploy Sliver C2 for Long-Term Access
Researchers uncovered a coordinated global attack exploiting FortiWeb firewall vulnerabilities to deploy the Sliver C2 framework. This allows threat actors to establish persistent, covert proxy networks and maintain long-term access to compromised systems. The campaign was revealed through exposed databases and logs found during open-directory hunting on Censys.
GBHackers | Cyberpress

GrapheneOS 2026 Settings
GrapheneOS recommends updated privacy settings in 2026 as Apple introduces features that may infringe on user privacy despite enhanced security. This analysis offers configuration advice for users seeking extreme privacy on mobile devices, contrasting Apple’s approach with GrapheneOS’s focus on minimizing data exposure.
Intel Techniques

ProfileHound: Post-Escalation Tool Designed to Achieve Red Team Objectives
ProfileHound is a new offensive security tool tailored for red team operators. It enhances post-exploitation efforts by enumerating user profiles stored in Active Directory environments, enabling identification of high-value targets and aiding strategic decision-making during engagements. This tool fills an important gap in red team reconnaissance capabilities.
GBHackers

iOS 26 Settings
An update to privacy and security guidance covers iOS 26, revisiting settings recommendations from previous editions amid evolving system features. The article assists users in optimizing configurations to maintain strong privacy safeguards in the face of new OS developments.
Intel Techniques

“Crimson Collective” Reportedly Claims Breach of Brightspeed Fiber Broadband Infrastructure
The threat actor Crimson Collective has claimed a breach of Brightspeed, a major U.S. fiber broadband provider. The group posted samples of personally identifiable information from customers and employees, raising significant concerns over data exposure across Brightspeed’s operations in 20 states. The incident exemplifies risks within critical infrastructure sectors.
Cyberpress

Russia-Aligned Hackers Abuse Viber to Target Ukrainian Military and Government
UAC-0184, a Russia-aligned threat actor, has been conducting intelligence operations against Ukrainian military and government targets using malicious ZIP archives delivered via the Viber messaging platform. This persistent espionage activity was documented by the 360 Threat Intelligence Center and reflects ongoing cyber conflict in the region.
The Hacker News

Kimwolf Android Botnet Infects Over 2 Million Devices via Exposed ADB and Proxy Networks
The Kimwolf botnet has compromised more than two million Android devices by exploiting exposed Android Debug Bridge services and routing through residential proxy networks. Operators monetize the botnet through app installs, selling proxy bandwidth, and DDoS services, representing a growing cyber threat on mobile platforms.
The Hacker News

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.

Tags :
Share :
comments powered by Disqus

Related Posts

Daily Security Briefing #117

Daily Security Briefing #117

December 28, 2025 | Read Online\n\nWIRED data leak, MongoBleed vulnerability exploited, Rainbow Six Siege hacked with massive in-game abuse…\n\n—\n\n## Executive Summary\n\nSeveral high-impact cybersecurity incidents have emerged this week, reflecting both targeted data breaches and widespread exploitation of software vulnerabilities. A hacker claims to have accessed and leaked millions of subscriber records from Condé Nast’s WIRED database, signaling ongoing risks to media companies’ sensitive data. Meanwhile, the MongoBleed vulnerability is actively exploited, exposing tens of thousands of MongoDB servers to data theft. In the gaming sector, Ubisoft’s Rainbow Six Siege suffered a significant breach, allowing attackers to manipulate player accounts and virtual economies. These incidents highlight a blend of data privacy concerns and operational security challenges across different industries.\n\n—\n\n## Top Articles\n\nHacker claims to leak WIRED database with 2.3 million records \nA hacker alleges a breach of Condé Nast, claiming to have leaked a WIRED subscriber database containing over 2.3 million records. The threat actor warns of upcoming releases of up to 40 million additional records from other Condé Nast properties, raising concerns about large-scale exposure of personal data from a major media company. The full extent and authenticity of the leak remain under investigation. \nBleepingComputer\n\nExploited MongoBleed flaw leaks MongoDB secrets, 87K servers exposed \nThe MongoBleed vulnerability (CVE-2025-14847) is currently exploited in active attacks, affecting multiple versions of MongoDB. Over 80,000 exposed servers are at risk, with attackers able to access sensitive database secrets and potentially compromise data integrity. This widespread exposure emphasizes the critical need for database administrators to apply patches promptly and monitor for suspicious activity. \nBleepingComputer\n\nMassive Rainbow Six Siege breach gives players billions of credits \nUbisoft’s Rainbow Six Siege has been breached through abuse of internal moderation systems, permitting hackers to ban/unban players and grant enormous amounts of in-game currency and cosmetics. This breach undermines the game’s integrity and highlights vulnerabilities in the developer’s operational security that affect player trust and game economy balance. Ubisoft is investigating and working on remediation. \nBleepingComputer\n\n—\n\n> AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.

Read More
Daily Security Briefing #120

Daily Security Briefing #120

December 31, 2025 | Read Online LinkedIn job scams worldwide, AI-driven NeuroSploit v2 revolutionizes pen testing, GlassWorm targets macOS via VS Code extensions…

Read More
Daily Security Briefing #118

Daily Security Briefing #118

December 29, 2025 | Read Online Bluetooth headphone exploits, record data breach payouts, MongoDB vulnerability under fire, and ongoing phishing campaigns…

Read More