End-of-Day report
Timeframe: Dienstag 30-12-2025 18:00 - Freitag 02-01-2026 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Alexander Riepl
News
Over 10K Fortinet firewalls exposed to actively exploited 2FA bypass
Fortinet released FortiOS versions 6.4.1, 6.2.4, and 6.0.10 in July 2020 to address this flaw (tracked as CVE-2020-12812) and advised admins who couldn't immediately patch to turn off username-case-sensitivity to block 2FA bypass attempts targeting their devices. [..] On Friday, Internet security watchdog Shadowserver revealed that it currently tracks over 10,000 Fortinet firewalls still exposed on the Internet that are unpatched against CVE-2020-12812 and vulnerable to these ongoing attacks ...
https://www.bleepingcomputer.com/news/security/over-10-000-fortinet-firewalls-exposed-to-ongoing-2fa-bypass-attacks/
The Kimwolf Botnet is Stalking Your Local Network
The story you are reading is a series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been exploited for months already, and its time for a broader awareness of the threat. The short version is that everything you thought you knew about the security of the internal network behind your Internet router probably is now dangerously out of date.
https://krebsonsecurity.com/2026/01/the-kimwolf-botnet-is-stalking-your-local-network/
Everest Ransomware Leaks 1TB of Stolen ASUS Data
On December 2, 2025, Hackread.com exclusively reported that the Everest ransomware group claimed to have stolen 1TB of sensitive ASUS data, including information related to the company-s AI models, memory dumps, and calibration files. [..] Everest has now leaked the entire dataset online.
https://hackread.com/everest-ransomware-asus-data-leak/
RondoDox botnet exploits React2Shell flaw to breach Next.js servers
The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers.
https://www.bleepingcomputer.com/news/security/rondodox-botnet-exploits-react2shell-flaw-to-breach-nextjs-servers/
The biggest cybersecurity and cyberattack stories of 2025
2025 was a big year for cybersecurity, with cyberattacks, data breaches, threat groups reaching new notoriety levels, and, of course, zero-day flaws exploited in breaches. Some stories, though, were more impactful or popular with our readers than others. This article explores 15 of the biggest cybersecurity stories of 2025.
https://www.bleepingcomputer.com/news/security/the-biggest-cybersecurity-and-cyberattack-stories-of-2025/
Hong Kong-s newest anti-scam technology is over-the-counter banking
Hong Kong-s banks have a new weapon against scams: Accounts that require customers to visit a branch to access their funds.
https://go.theregister.com/feed/www.theregister.com/2025/12/31/hong_kong_antiscam_money_safe/
How AI made scams more convincing in 2025
Several AI-related stories in 2025 highlighted how quickly AI systems can move beyond meaningful human control.
https://www.malwarebytes.com/blog/news/2026/01/how-ai-made-scams-more-convincing-in-2025
VVS Discord Stealer Using Pyarmor for Obfuscation and Detection Evasion
Discord is a social messaging and communications platform that has become a popular target for malware, like VVS stealer. VVS stealer is designed to steal a victim's Discord information and browser data. [..] The stealer also achieves persistence by automatically installing itself on startup. It operates stealthily by displaying fake error messages and capturing screenshots.
https://unit42.paloaltonetworks.com/vvs-stealer/
Snipping the Long Tail of Shai-Hulud 2.0
Wiz Research reveals the data behind Shai-Huluds 2.0 long tail, the massive gap in cloud credential rotation, a potential link to the Trust Wallet incident, and how we finally "snipped the tail" on a month of ongoing infections.
https://www.wiz.io/blog/snipping-the-long-tail-of-shai-hulud-2-0
RMM Abuse in a Crypto Wallet Distribution Campaign
A professionally written announcement email titled -Eternl Desktop Is Live - Secure Execution for Atrium & Diffusion Participants- is currently circulating within the Cardano community. [..] This campaign exhibits multiple overlapping indicators consistent with supply-chain abuse and trojanized wallet distribution, combined with pre positioning techniques that leverage RMM tools to establish persistent access.
https://malwr-analysis.com/2025/12/31/rmm-abuse-in-a-crypto-wallet-distribution-campaign/
Vulnerabilities
Gambio: Wichtiges Security Update 2025-12 v1.0.0 für alle Versionen bis GX5 v5.0.1.0
Wir haben soeben ein neues Security Update Paket veröffentlicht, dessen Installation wir allen Shopbetreibern dringend empfehlen. Wichtig: Nutzer der Gambio Cloud müssen nichts unternehmen, alle Shops wurden bereits vollständig von uns abgesichert! [..] Bitte versteht, dass wir keine Details beschreiben werden, die Angreifern als Blaupause für einen Angriff dienen könnten.
https://www.gambio.de/forum/threads/wichtiges-security-update-2025-12-v1-0-0-fuer-alle-versionen-bis-gx5-v5-0-1-0.52593/
QNAP Security Advisories 3. Jan
QNAP has released 7 new security advisories.
https://www.qnap.com/en-us/security-advisories
Security updates for Friday
Security updates have been issued by Debian (smb4k), Fedora (direwolf, gh, usd, and webkitgtk), Slackware (libpcap and seamonkey), and SUSE (kepler).
https://lwn.net/Articles/1052600/