The US government took action to neutralize a botnet of hundreds of US-based Small Office and Home Office (SOHO) routers hijacked by Volt Typhoon, a China-linked Advanced Persistent Threat (APT) actor. The Black Lotus Labs team at Lumen Technologies revealed the botnet's existence in mid-December 2023. According to the Department of Justice (DOJ), most of the routers in the KV-botnet were Cisco and NetGear routers that were vulnerable because they were no longer supported through their manufacturer's security patches or software updates.

The FritzFrog cryptocurrency mining botnet is growing as a recently analyzed variant exploits the Log4Shell and PwnKit vulnerabilities for lateral movement and privilege escalation. The FritzFrog botnet, discovered in August 2020, is a Peer-to-Peer (P2P) botnet run by Golang-based malware. It targets SSH servers by brute-forcing login credentials and has successfully compromised thousands of them.

Researchers have discovered four vulnerabilities, collectively called "Leaky Vessels," in container engine components. Three of the vulnerabilities enable attackers to break out of containers and perform malicious actions on the host system. One of the vulnerabilities affects runC, the lightweight container runtime for Docker and other container environments. It is the most critical of the four vulnerabilities, scoring 8.6 on the CVSS scale.

According to security researchers at Chainalysis, market manipulators may have made over $240m last year by artificially inflating the value of Ethereum tokens.  Chainalysis investigated the 370,000 tokens launched on Ethereum between January and December 2023, 168,600 of which were available to trade on at least one decentralized exchange (DEX).

The National Institute of Standards and Technology (NIST) has released a practice guide covering methods aimed at helping major industries implement the Internet security protocol TLS 1.3, as well as conduct network monitoring and auditing safely, securely, and effectively. Companies in finance, healthcare, and other major industries must follow best practices for monitoring incoming data for cyberattacks. TLS 1.3 provides advanced protection but complicates the performance of required data audits.

Europcar, a global car rental company, has denied claims of a data breach, arguing that the Europcar data posted online by threat actors was generated using ChatGPT, the Artificial Intelligence (AI)-powered chatbot. An advertisement on a popular data leak forum claims that attackers are selling the personal information of 50 million Europcar customers. The authors say they accessed usernames, passwords, home addresses, passport numbers, and other sensitive information. However, the company says this advertisement is false, and the sample data is likely ChatGPT-generated.

According to Guardio Labs researchers, the phishing ecosystem has been made highly accessible due to Telegram's emergence as a hub for cybercrime, allowing threat actors to launch massive attacks inexpensively. The messaging app has evolved into a place where cybercriminals of different skill levels could exchange illicit tools and insights, resulting in an effective supply chain of tools and victim data. They are sharing free samples, tutorials, kits, and other components that could help build a malware campaign.