Less than a week after disclosure, a vulnerability in home routers from some twenty different vendors is under widespread attack, Threatpost reports. Attackers are adding the affected routers to a Mirai botnet suitable for conducting distributed denial-of-service operations. Naked Security has a guide on how to determine whether your device is affected, and what to do about it. A good place to begin is Tenable's list of vulnerable devices.
VNExpress says that an offer of source code for some of Bkav's security products has been posted to Raidforums, where those who claim to have obtained the code are offering to sell it for $250 thousand. Bkav says it's investigating.
CrowdStrike reports that the operators of the Magniber ransomware have "weaponized" the twice- or thrice-patched PrintNightmare remote code execution vulnerability that afflicts Windows systems, and are now using it in the wild, for the most part against targets in the Republic of Korea. The Record points out that there are two vulnerabilities known colloquially as PrintNightmare. The one Crowdstrike is seeing undergoing active exploitation is CVE-2021-34527.
According to Reuters the hoods who stole somewhere in excess of $600 million from DeFi provider Poly Network have now returned more than half of what they took, about $324 million, leaving some $268 million still outstanding. Why the criminals are refunding their big haul is unclear, Reuters suggests that so much money may simply have proved prohibitively difficult to launder.
The Cyberspace Solarium Commission's Annual Report on Implementation offers mixed but generally encouraging news.