CSTI
    industryThe Ransomware Era (2020-Present) Daily Briefing Landmark Event

    Critical PyTorch Vulnerability and New Kimwolf Botnet Dominate Cybersecurity News

    Monday, January 5, 2026

    Critical PyTorch Vulnerability and New Kimwolf Botnet Dominate Cybersecurity News

    On January 5, 2026, the cybersecurity landscape is significantly impacted by the discovery of a critical memory corruption vulnerability in PyTorch, designated as CVE-2025-3001. This flaw, particularly affecting the `torch.lstm_cell` function in PyTorch 2.6.0, poses serious risks, including potential system crashes. Users are urged to upgrade or apply patches immediately to mitigate these risks.

    Additionally, the Kimwolf botnet has emerged, infecting nearly 2 million Android devices through the exploitation of the Android Debug Bridge (ADB). This botnet is engaged in conducting Distributed Denial of Service (DDoS) attacks and proxy forwarding, showcasing a growing trend of large-scale mobile device exploitation.

    In a separate incident, Trust Wallet reported a significant hack linked to a supply chain attack on its Google Chrome extension, which resulted in the theft of approximately $8.5 million in assets. This breach was attributed to exposed developer secrets, highlighting the ongoing vulnerabilities associated with third-party integrations.

    As we navigate early 2026, these incidents underscore the evolving cybersecurity threats and the critical need for organizations to bolster their defenses against both technical vulnerabilities and trust exploitation.

    Also In Security Today

    • Trust Wallet Incident: A supply chain attack on Trust Wallet's Chrome extension led to the theft of approximately $8.5 million. The breach was due to exposed developer secrets that compromised the source code and API. The Hacker News
    • Kimwolf Botnet: The new Kimwolf botnet has infected nearly 2 million Android devices by exploiting vulnerabilities in the Android Debug Bridge (ADB), engaging in DDoS attacks and proxy forwarding. Cyber Recaps
    • Cybersecurity Trends: The beginning of 2026 shows a worrying trend of attackers exploiting trust, targeting vulnerable infrastructures, and using third-party access for system compromises. Cybersecurity Weekly Report

    Analyst's Take

    Today's news highlights critical vulnerabilities and the rise of large-scale botnets, emphasizing the need for organizations to prioritize immediate patching and security audits. The emergence of the Kimwolf botnet signals an alarming trend in mobile exploitation that defenders must address proactively. As attackers increasingly target trust and third-party access, organizations should enhance their security posture by implementing strict access controls and continuous monitoring of third-party integrations.

    Sources

    CVE-2025-3001 PyTorch Kimwolf Trust Wallet Supply Chain Attack