New, by me: The Kimwolf Botnet is Stalking Your Local Network
Today's story is a long overdue series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been exploited for months already, and it’s time for a broader awareness of the threat. The short version is that everything you thought you knew about the security of the internal network behind your Internet router probably is now dangerously out of date.
https://krebsonsecurity.com/2026/01/the-kimwolf-botnet-is-stalking-your-local-network/
It appears that the company that did the bulk of the heavy lifting and research on Kimwolf -- Synthient -- is now under a DDoS attack. This is my shocked face. Read it while it's still live, lol.
@briankrebs if you know anybody there, their origin server (and API server) are internet accessible so people can DDoS it to bypass Cloudflare - they need to firewall limit them to Cloudflare IPs
https://beta.shodan.io/host/48.217.52.41
https://beta.shodan.io/host/20.121.54.161
@GossiTheDog @briankrebs too late now. Unlikely a standard firewall will process the flood. They'll need to change IP and keep them hidden amd filtered
