{"id":35249,"date":"2026-01-18T13:13:47","date_gmt":"2026-01-18T21:13:47","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=35249"},"modified":"2026-01-19T17:18:34","modified_gmt":"2026-01-20T01:18:34","slug":"sb-2026-01-18","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2026\/01\/sb-2026-01-18\/","title":{"rendered":"Security Bits \u2014 18 January 2026"},"content":{"rendered":"<h2>Feedback &amp; Followups<\/h2>\n<aside class=\"small-aside\">Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time.<\/aside>\n<ul>\n<li>Some context for a story we covered many times in 2025: <a href=\"https:\/\/cyberinsider.com\/amazon-blocked-1800-employment-attempts-by-north-korean-agents\/\">Amazon blocked 1,800 employment attempts by North Korean agents \u2014 cyberinsider.com\/\u2026<\/a><\/li>\n<li>Yet another reason to steer clear of VS Code forks: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/vscode-ide-forks-expose-users-to-recommended-extension-attacks\/\">VSCode IDE forks expose users to &#8220;recommended extension&#8221; attacks \u2014 www.bleepingcomputer.com\/\u2026<\/a> (most of these are for AI, and we&#8217;ve already reported on how they are very slow to incorporate up-stream patches, leaving users very vulnerable)<\/li>\n<li>Yet another illustration of Meta&#8217;s hostility to their user&#8217;s privacy rights: <a href=\"https:\/\/tidbits.com\/2026\/01\/04\/reuters-exposes-metas-tactics-to-avoid-scam-ad-oversight\/\">Reuters Exposes Meta\u2019s Tactics to Avoid Scam Ad Oversight \u2014 tidbits.com\/\u2026<\/a><\/li>\n<li>More examples of obsolete or unsupported routers being fundamentally unsafe:\n<ul>\n<li><a href=\"https:\/\/thehackernews.com\/2026\/01\/unpatched-firmware-flaw-exposes.html\">Unpatched Firmware Flaw Exposes TOTOLINK EX200 to Full Remote Device Takeover \u2014 thehackernews.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-d-link-flaw-in-legacy-dsl-routers-actively-exploited-in-attacks\/\">New D-Link flaw in legacy DSL routers actively exploited in attacks \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>A real-world example of the importance of DMARC: <a href=\"https:\/\/cyberinsider.com\/microsoft-how-attackers-spoof-email-addresses-to-steal-corporate-funds\/\">Microsoft: How attackers spoof email addresses to steal corporate funds \u2014 cyberinsider.com\/\u2026<\/a> (See <a href=\"https:\/\/www.podfeet.com\/blog\/2025\/12\/ccatp-827\/\">CCATP 827<\/a>)<\/li>\n<\/ul>\n<h2>Deep Dive 1 \u2014 a Bad Month for Bluetooth<\/h2>\n<h3>A Known Issue Evolves<\/h3>\n<p>First, the technical detail, including sample exploit code, of the flaw in headphone firmware used by multiple vendors we warned about a few weeks ago, is now out. If you have an affected headset from a major brand like Sony, JBL, Bose, or Marshall, make sure your firmware is up to date!<\/p>\n<p>Below is a quick reminder of the issue (from <a href=\"https:\/\/cyberinsider.com\/exploit-tool-for-bluetooth-flaws-impacting-millions-of-headphones-now-available\/\">cyberinsider.com\/\u2026<\/a>):<\/p>\n<blockquote><p>\n  During their research, ERNW demonstrated how an attacker can silently connect to a vulnerable headphone via BLE, dump its firmware to extract stored Bluetooth link keys, and then use those keys to impersonate the headphone to a paired smartphone. Once impersonation is successful, attackers can:<\/p>\n<ol>\n<li>Initiate phone calls or accept incoming calls silently.<\/li>\n<li>Access the victim&#8217;s phone number and contacts using HfP commands.<\/li>\n<li>Trigger voice assistants like Siri or Google Assistant to send texts or perform other actions.<\/li>\n<li>Eavesdrop using the phone&#8217;s microphone by silently placing a call to an attacker-controlled number.<\/li>\n<\/ol>\n<\/blockquote>\n<h3>A Major New Vulnerability \u2014  &#8216;WhisperPair&#8217;<\/h3>\n<p><em><strong>TL:DR<\/strong> \u2014 if you have an affected headset, you need a firmware update.<\/em><\/p>\n<p>Researchers at the KU Leuven University in Belgium has released details of a new Bluetooth vulnerability they&#8217;ve named <em>WhisperPair<\/em>. It affects hundreds of products from big-name brands, including Google, Jabra, JBL, Logitech, Marshall, Nothing, OnePlus, Sony, Soundcore, Xiaomi, Olufsen, and even Beats (but not Apple\u2019s own brand devices)! (The researchers have provided a nice search tool to check your device \u2014 <a href=\"https:\/\/whisperpair.eu\/vulnerable-devices\">whisperpair.eu\/\u2026<\/a>)<\/p>\n<p>The problem is with the way many vendors have implemented Google&#8217;s <em>Fast Pair<\/em> protocol, an Android equivalent of Apple&#8217;s AirPods pairing system. But note that the flaw is in the device firmware, so <strong>all users of these devices are vulnerable<\/strong>, whether or not they use Android!<\/p>\n<p>One reason this flaw is so widespread is that Google&#8217;s certification process did not correctly test an important aspect of the pairing process, so the affected devices are all certified as safe by Google! Google have now updated their tests, so new devices will not get certified until they implement the pairing process securely, but all the affected devices need firmware fixes.<\/p>\n<p>As the name suggests, the bug lets <strong>attackers within Bluetooth range<\/strong> stealthily pair their device to vulnerable headsets. To make matters worse, the <em>Fast Pair<\/em> algorithm not only pairs Bluetooth, but it also facilitates the registration of devices that support the feature into Google&#8217;s <em>Find Hub<\/em> network (their equivalent to Apple&#8217;s <em>Find My<\/em> network). There are three important caveats to this, though:<\/p>\n<ol>\n<li>Only some of the affected devices support <em>Find Hub<\/em><\/li>\n<li>Attackers can only register previously unregistered devices<\/li>\n<li>Victims will receive a warning that they are being followed by a tracking device within a day or two of the attack, though, since the warning will show their own device in the warning, the true meaning of the warning could easily be lost on victims.<\/li>\n<\/ol>\n<p>Putting it all together, the risks for victims are:<\/p>\n<ol>\n<li>Physically dangerous pranks like blasting loud music at full volume into people\u2019s ears unexpectedly (at best, terrifying, but could easily cause hearing damage), but only while the attacker is within Bluetooth range.<\/li>\n<li>Abuse of the mic for eavesdropping, again, only while the attacker is in Bluetooth range.<\/li>\n<li>Abuse of the <em>Find Hub<\/em> network for persistent tracking (with the three caveats above)<\/li>\n<\/ol>\n<p>If you have an affected device, upgrade your firmware as soon as possible, and in the meantime, be aware of the risks and adjust your behaviour accordingly.<\/p>\n<h3>Links<\/h3>\n<ul>\n<li>The vulnerability&#8217;s home page (including the search tool) \u2014 <a href=\"https:\/\/whisperpair.eu\/\">whisperpair.eu\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/critical-whisperpair-flaw-lets-hackers-track-eavesdrop-via-bluetooth-audio-devices\/\">Critical WhisperPair flaw lets hackers track, eavesdrop via Bluetooth audio devices \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/cyberinsider.com\/whisperpair-attack-exposes-millions-of-bluetooth-devices-to-location-tracking\/\">WhisperPair attack exposes millions of Bluetooth devices to location tracking \u2014 cyberinsider.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Deep Dive 2 \u2014 The Risks from Dodgy Android Devices Become Real with the Kimwolf Botnet<\/h2>\n<p>Brian Krebs detailed the abuse of unofficial Android devices combined with flaws in so-called <em>residential proxy<\/em> services to build up a massive botnet in great technical detail in a recent article (<a href=\"https:\/\/krebsonsecurity.com\/2026\/01\/the-kimwolf-botnet-is-stalking-your-local-network\/\">krebsonsecurity.com\/\u2026<\/a>) that caught Allison&#8217;s attention.<\/p>\n<p>The article described both the actual Kimwolf botnet and all the theoretical implications in great technical detail. Krebs&#8217; audience is mostly cybersecurity professionals, and he pitches his articles appropriately. This means he explains all the theoretical risks in great detail, but doesn&#8217;t spend much, if any, time putting those risks into context for regular home users. This often makes his articles sound more alarming than they really are.<\/p>\n<p>Before digging in more deeply, here are the important takeaways for home users from a publication targeted at home users (<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/kimwolf-android-botnet-abuses-residential-proxies-to-infect-internal-devices\/\">www.bleepingcomputer.com\/\u2026<\/a>):<\/p>\n<blockquote><p>\n  Researchers observed increased activity for the malware since last August. Over the past month, Kimwolf has intensified its scanning of proxy networks, searching for devices with exposed Android Debug Bridge (ADB) services.<\/p>\n<p>  Common targets are Android-based TV boxes and streaming devices that allow unauthenticated access over ADB.<br \/>\n  \u2026<br \/>\n  Most of the infected Android devices are in Vietnam, Brazil, India, and Saudi Arabia.<br \/>\n  \u2026<br \/>\n  The general recommendation is to avoid low-cost generic Android TV boxes and to prefer \u2018Google Play Protect certified\u2019 devices from reputable OEMs, such as Google\u2019s Chromecast, NVIDIA Shield TV, and Xiaomi Mi TV Box.\n<\/p><\/blockquote>\n<p>That&#8217;s the real-world risk for home users <strong>today<\/strong>, and the practical advice that users can take on board <strong>today<\/strong>.<\/p>\n<p>But the Krebs article did highlight bigger hypothetical risks the security industry is going to need to monitor and protect against going forward.<\/p>\n<p>Today, attackers are abusing piracy-enabling unofficial Android TV boxes, but in theory, they could abuse any Android device not protected by Google Play Services, including things like photo frames from careless or malicious vendors.<\/p>\n<p>The attacks leveraged weaknesses in some legally dubious services that are theoretically legal, probably, but definitely ethically questionable. These are the so-called <em>residential proxy services<\/em>. These are companies which admit to providing unscrupulous app vendors with code to include in their dodgy free apps to enroll their users&#8217; devices into their proxy networks. They then sell anonymous proxy services that let you send any traffic you like via these enrolled devices.<\/p>\n<p>Spammers and cybercriminals use these networks to route their spam and DDoS attacks through regular people&#8217;s phones and homes to make them harder for victims to detect. Why? Because the attack traffic blends in with all the regular traffic in a way that attacks coming from data centres don&#8217;t.<\/p>\n<p>There is also good evidence that many of these services augment their networks with hacked devices. Plenty of malware strains enroll devices into these kinds of networks.<\/p>\n<p>You don&#8217;t want your devices in these networks anyway, but what the Kimwolf criminals discovered is that these networks are bad at security as well as just being morally questionable, allowing users to send traffic to LAN IPs through the network, effectively using enrolled devices as bridges into people&#8217;s private networks.<\/p>\n<p>The Kimwolf attackers abused these security weaknesses to leverage the fact that dodgy Android TV devices also have terribly poor security, making them trivial to hack, allowing them to enroll the Android TV devices into their botnets.<\/p>\n<p>In theory, the proxy services could abuse iOS apps too, but they aren&#8217;t, and it&#8217;s not clear they&#8217;d get past Apple&#8217;s gate-keeping if they tried. It&#8217;s also not clear whether this is a big problem in the Google Play store, but it could become so. For now, the biggest risk is side-loaded apps, especially morally questionable ones like piracy apps and apps offering free pornography, illegal access to gambling services, and dodgy cryptocurrency services\/scams.<\/p>\n<h3>Links<\/h3>\n<ul>\n<li>The original reporting from Brian Krebs: <a href=\"https:\/\/krebsonsecurity.com\/2026\/01\/the-kimwolf-botnet-is-stalking-your-local-network\/\">The Kimwolf Botnet is Stalking Your Local Network \u2014 krebsonsecurity.com\/\u2026<\/a> (via Allison on the <a href=\"https:\/\/www.podfeet.com\/slack\">Nosillacast Slack<\/a>)<\/li>\n<li>A human-friendly summary: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/kimwolf-android-botnet-abuses-residential-proxies-to-infect-internal-devices\/\">Kimwolf Android botnet abuses residential proxies to infect internal devices \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>\u2757 Action Alerts<\/h2>\n<aside class=\"small-aside\">Calls to action, if any stories in this section are relevant to you, there is some action you should take.<\/aside>\n<ul>\n<li><a href=\"https:\/\/appleinsider.com\/articles\/25\/12\/22\/iphone-xs-iphone-xr-apple-tv-hd-get-critical-security-updates\">iPhone XS, iPhone XR, Apple TV HD get critical security updates \u2014 appleinsider.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-january-2026-patch-tuesday-fixes-3-zero-days-114-flaws\/\">Microsoft January 2026 Patch Tuesday fixes 3 zero-days, 114 flaws \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Worthy Warnings<\/h2>\n<aside class=\"small-aside\">Potentially relevant warnings from government organisations, public interest groups, or the security community.<\/aside>\n<ul>\n<li>No matter what meme you read on social media, don&#8217;t say <em>&#8216;112&#8217;<\/em> to Siri in any way, you&#8217;ll illegally call emergency services \u2014 <a href=\"https:\/\/www.macobserver.com\/tips\/round-ups\/what-happens-if-you-tell-siri-112\/\">www.macobserver.com\/\u2026<\/a>\n<ul>\n<li><strong>Bonus Tip:<\/strong> 112 is part of the GSM standard, so if you&#8217;re travelling, that number will divert to the correct local emergency services number, e.g., 911 in the US, and 999 in the UK &amp; Ireland<\/li>\n<\/ul>\n<\/li>\n<li>Something seems to have happened at Instagram; there seems to be at least some data leaked, but it&#8217;s not at all clear what is going on \u2014 <a href=\"https:\/\/cyberinsider.com\/malwarebytes-warns-of-instagram-data-breach-impacting-17-5-million-users\/\">cyberinsider.com\/\u2026<\/a> &amp; <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/instagram-denies-breach-amid-claims-of-17-million-account-data-leak\/\">www.bleepingcomputer.com\/\u2026<\/a>\n<ul>\n<li>There are fake password reset emails doing the rounds, <strong>ignore them<\/strong> if you get one \u2014 <a href=\"https:\/\/appleinsider.com\/articles\/26\/01\/12\/reminder-ignore-instagram-password-reset-messages-if-you-didnt-request-one\">appleinsider.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Grubhub have definitely lost some customer data, but they&#8217;re not being forthcoming with the details \u2014 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/grubhub-confirms-hackers-stole-data-in-recent-security-breach\/\">www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li>There also appears to have been some kind of leak at WIRED, but again, no clarity \u2014 <a href=\"https:\/\/cyberinsider.com\/2-3-million-alleged-wired-subscriber-records-leaked-on-breachforums\/\">cyberinsider.com\/\u2026<\/a> &amp; <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/hacker-claims-to-leak-wired-database-with-23-million-records\/\">www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Notable News<\/h2>\n<ul>\n<li>\ud83c\uddea\ud83c\uddfa The EU-based privacy-focused messaging app Threema has new owners, but thankfully, they don&#8217;t raise any red flags \u2014 <a href=\"https:\/\/cyberinsider.com\/secure-messaging-app-threema-announces-change-of-ownership\/\">cyberinsider.com\/\u2026<\/a> (Still a good alternative for users outside America looking for digital sovereignty and privacy)<\/li>\n<li>\ud83c\uddfa\ud83c\uddf8 <a href=\"https:\/\/cyberinsider.com\/california-launches-tool-enabling-mass-opt-out-from-data-brokers\/\">California launches tool enabling mass opt-out from data brokers \u2014 cyberinsider.com\/\u2026<\/a> (DROP, for <em>Delete Requests and Opt-Out Platform<\/em>)<\/li>\n<li>\ud83c\uddfa\ud83c\uddf8 Some welcome enforcement actions:\n<ul>\n<li><a href=\"https:\/\/cyberinsider.com\/california-shuts-down-sale-of-health-data-in-major-enforcement-action\/\">California shuts down sale of health data in major enforcement action \u2014 cyberinsider.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/cyberinsider.com\/texas-sues-major-tv-brands-for-spying-on-consumers-via-smart-tvs\/\">Texas sues major TV brands for spying on consumers via smart TVs \u2014 cyberinsider.com\/\u2026<\/a> (Sony, Samsung, LG, Hisense &amp; TCL)<\/li>\n<li><a href=\"https:\/\/cyberinsider.com\/disney-agrees-to-pay-10m-for-illegally-tracking-children-on-youtube\/\">Disney agrees to pay $10M for illegally tracking children on YouTube \u2014 cyberinsider.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Some nice security enhancements:\n<ul>\n<li>Apple have updated the AirDrop process to make sending to users not in your contact list a little safer by requiring a code to be shared \u2014 <a href=\"https:\/\/sixcolors.com\/post\/2025\/12\/airdrop-codes-allow-temporary-persistent-contact\/\">sixcolors.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/microsoft-rolls-out-hardware-accelerated-bitlocker-in-windows-11\/\">Microsoft rolls out hardware-accelerated BitLocker in Windows 11 \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-to-enforce-mfa-for-microsoft-365-admin-center-sign-ins\/\">Microsoft to enforce MFA for Microsoft 365 admin center sign-ins \u2014 www.bleepingcomputer.com\/\u2026<\/a> (Will make many smaller organisations much more secure)<\/li>\n<li><a href=\"https:\/\/cyberinsider.com\/firefox-147-tightens-web-security-reduces-data-sharing-with-google\/\">Firefox 147 tightens web security, reduces data sharing with Google \u2014 cyberinsider.com\/\u2026<\/a> (Safe Browsing updated from V4 to V5)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Interesting Insights<\/h2>\n<aside class=\"small-aside\">High-quality opinion and editorial content recommended by Bart.<\/aside>\n<ul>\n<li>A nice overview: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/the-biggest-cybersecurity-and-cyberattack-stories-of-2025\/\">The biggest cybersecurity and cyberattack stories of 2025 \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li>\ud83c\uddfa\ud83c\uddf8 Not happy reading, but might be of interest to some: <a href=\"https:\/\/krebsonsecurity.com\/2025\/12\/dismantling-defenses-trump-2-0-cyber-year-in-review\/\">Dismantling Defenses: Trump 2.0 Cyber Year in Review \u2014 krebsonsecurity.com\/\u2026<\/a><\/li>\n<li>OWASP have released a new top ten vulnerabilities framework for agentic AI, this will help the security community get to grips with this new attack surface \u2014 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/the-real-world-attacks-behind-owasp-agentic-ai-top-10\/\">www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Palate Cleansers<\/h2>\n<aside class=\"small-aside\">Anything upbeat and nerdy Bart and\/or Allison think you might enjoy.<\/aside>\n<ul>\n<li><strong>From Allison:<\/strong>\n<ul>\n<li><img decoding=\"async\" src=\"https:\/\/imgs.xkcd.com\/comics\/funny_numbers.png\" alt=\"A comic showing the mathematical society awards showing 67 being added to a list of cool numbers, including 23 Skidoo, 42, 1337, 69, 58,008, and 420\" title=\"in 1899 people were walking around shouting \u201823\u2019 at each other and reporters were writing articles trying to figure out what it meant\" \/> <a href=\"https:\/\/xkcd.com\/3184\/\">xkcd.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/guthib.com\/\">guthib.com\/\u2026<\/a> (via Kanton on the Nosillacast Slack)<\/li>\n<\/ul>\n<\/li>\n<li><strong>From Bart:<\/strong>\n<ul>\n<li>\ud83c\udfa6 This orrery (model of the solar system) takes nerdy Lego to the next level \u2014 <a href=\"https:\/\/m.youtube.com\/watch?v=OkQNGBq51Zc&#038;pp=0gcJCR4Bo7VqN5tD\">m.youtube.com\/\u2026<\/a> (from one of my nerdier colleagues in Maynooth University)<\/li>\n<li>\ud83c\udfa7 <a href=\"https:\/\/overcast.fm\/+AA4qHqemjek\">kill switch: how to- protect yourself from online harassment \u2014 overcast.fm\/\u2026<\/a>\n<ul>\n<li>The recommended resource: <a href=\"https:\/\/onlineharassmentfieldmanual.pen.org\/\">Online Harassment Field Manual (from PEN America) \u2014 onlineharassmentfieldmanual.pen.org<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/daringfireball.net\/linked\/2026\/01\/09\/moylan\">Jim Moylan and the Moylan Arrow \u2014 daringfireball.net\/\u2026<\/a> (We need something similar for EVs!)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Legend<\/h2>\n<p>When the textual description of a link is part of the link, it is the title of the page being linked to, when the text describing a link is not part of the link, it is a description written by <a href=\"https:\/\/bartb.ie\/\">Bart<\/a>.<\/p>\n<table>\n<thead>\n<tr>\n<th align=\"center\">Emoji<\/th>\n<th align=\"left\">Meaning<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"center\">\ud83c\udfa7<\/td>\n<td align=\"left\">A link to <strong>audio content<\/strong>, probably a podcast.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\u2757<\/td>\n<td align=\"left\">A <strong>call to action<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><em>flag<\/em><\/td>\n<td align=\"left\">The story is particularly relevant to people living in a <strong>specific country<\/strong>, or, the organisation the story is about is affiliated with the government of a specific country.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udcca<\/td>\n<td align=\"left\">A link to <strong>graphical content<\/strong>, probably a chart, graph, or diagram.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83e\uddef<\/td>\n<td align=\"left\">A story that has been <strong>over-hyped<\/strong> in the media, or, <em>&#8220;no need to light your hair on fire&#8221;<\/em> \ud83d\ude42<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udcb5<\/td>\n<td align=\"left\">A link to an article behind a <strong>paywall<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udccc<\/td>\n<td align=\"left\">A <strong>pinned<\/strong> story, i.e. one to keep an eye on that&#8217;s likely to develop into something significant in the future.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83c\udfa9<\/td>\n<td align=\"left\">A <strong><em>tip of the hat<\/em><\/strong> to thank a member of the community for bringing the story to our attention.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83c\udfa6<\/td>\n<td align=\"left\">A link to <strong>video content<\/strong>.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Feedback &amp; Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time. Some context for a story we covered many times in 2025: Amazon blocked 1,800 employment attempts by North Korean agents \u2014 cyberinsider.com\/\u2026 Yet another reason to steer clear of VS Code forks: VSCode IDE [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":28385,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[147,214],"tags":[515,102,7800,389,7799,7801,50,569,7798],"class_list":["post-35249","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-security-bits","tag-android","tag-bluetooth","tag-botnet","tag-headphones","tag-kimwolf","tag-kimwolf-botnet","tag-security","tag-security-bits","tag-whisperpair"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2023\/05\/Security-Bits-Logo_1040x520.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/35249","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=35249"}],"version-history":[{"count":1,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/35249\/revisions"}],"predecessor-version":[{"id":35250,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/35249\/revisions\/35250"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/28385"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=35249"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=35249"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=35249"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}