serisec

Category: A Little Sunshine

  • Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts

    Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions began circulating on Telegram showing how to trick Meta’s “AI support assistant” bot into…

  • Lawmakers Demand Answers as CISA Tries to Contain Data Leak

    Lawmakers Demand Answers as CISA Tries to Contain Data Leak Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account.…

  • Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada

    Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf, a fast spreading Internet-of-Things botnet that enslaved millions of devices for use in a series of massive distributed denial-of-service (DDoS) attacks over the past six months. KrebsOnSecurity publicly named…

  • CISA Admin Leaked AWS GovCloud Keys on Github

    CISA Admin Leaked AWS GovCloud Keys on Github Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how…

  • Canvas Breach Disrupts Schools & Colleges Nationwide

    Canvas Breach Disrupts Schools & Colleges Nationwide An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the service’s login page with a ransom demand that threatened to leak data from 275 million students…

  • Anti-DDoS Firm Heaped Attacks on Brazilian ISPs

    Anti-DDoS Firm Heaped Attacks on Brazilian ISPs A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks against other network operators in Brazil, KrebsOnSecurity has learned. The firm’s chief executive says the malicious activity resulted from a…

  • ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty

    ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty A 24-year-old British national and senior member of the cybercrime group “Scattered Spider” has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022 that allowed the group to hack into…

  • Russia Hacked Routers to Steal Microsoft Office Tokens

    Russia Hacked Routers to Steal Microsoft Office Tokens Hackers linked to Russia’s military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more than 18,000 networks…

  • Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab

    Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab An elusive hacker who went by the handle “UNKN” and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least…

  • ‘CanisterWorm’ Springs Wiper Attack Targeting Iran

    ‘CanisterWorm’ Springs Wiper Attack Targeting Iran A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran’s time zone or have Farsi set as the default language. Experts say the…

  • Feds Disrupt IoT Botnets Behind Huge DDoS Attacks

    Feds Disrupt IoT Botnets Behind Huge DDoS Attacks The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million Internet of Things (IoT) devices, such as routers and web cameras. The feds say the four botnets — named Aisuru, Kimwolf,…

  • Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker

    Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker A hacktivist group with links to Iran’s intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker’s largest hub outside of the United States, said the company sent home more than…

  • How AI Assistants are Moving the Security Goalposts

    How AI Assistants are Moving the Security Goalposts AI-based assistants or “agents” — autonomous programs that have access to the user’s computer, files, online services and can automate virtually any task — are growing in popularity with developers and IT workers. But as so many eyebrow-raising headlines over the past few weeks have shown, these…

  • Who is the Kimwolf Botmaster “Dort”?

    Who is the Kimwolf Botmaster “Dort”? In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to build Kimwolf, the world’s largest and most disruptive botnet. Since then, the person in control of Kimwolf — who goes by the handle “Dort” — has coordinated a barrage of distributed denial-of-service…

  • ‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA

    ‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse activists and security firms. But a stealthy new phishing-as-a-service offering lets customers sidestep both of these pitfalls: It uses cleverly disguised links…

  • Kimwolf Botnet Swamps Anonymity Network I2P

    Kimwolf Botnet Swamps Anonymity Network I2P For the past week, the massive “Internet of Things” (IoT) botnet known as Kimwolf has been disrupting The Invisible Internet Project (I2P), a decentralized, encrypted communications network designed to anonymize and secure online communications. I2P users started reporting disruptions in the network around the same time the Kimwolf botmasters…

  • Who Benefited from the Aisuru and Kimwolf Botnets?

    Who Benefited from the Aisuru and Kimwolf Botnets? Our first story of 2026 revealed how a destructive new botnet called Kimwolf has infected more than two million devices by mass-compromising a vast number of unofficial Android TV streaming boxes. Today, we’ll dig through digital clues left behind by the hackers, network operators and services that…

  • The Kimwolf Botnet is Stalking Your Local Network

    The Kimwolf Botnet is Stalking Your Local Network The story you are reading is a series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been exploited for months already, and it’s time for a broader awareness of the threat. The short version is that everything you thought…

  • Happy 16th Birthday, KrebsOnSecurity.com!

    Happy 16th Birthday, KrebsOnSecurity.com! KrebsOnSecurity.com celebrates its 16th anniversary today! A huge “thank you” to all of our readers — newcomers, long-timers and drive-by critics alike. Your engagement this past year here has been tremendous and truly a salve on a handful of dark days. Happily, comeuppance was a strong theme running through our coverage…

  • Most Parked Domains Now Serving Malicious Content

    Most Parked Domains Now Serving Malicious Content Direct navigation — the act of visiting a website by manually typing a domain name in a web browser — has never been riskier: A new study finds the vast majority of “parked” domains — mostly expired or dormant domain names, or common misspellings of popular websites —…

  • Drones to Diplomas: How Russia’s Largest Private University is Linked to a $25M Essay Mill

    Drones to Diplomas: How Russia’s Largest Private University is Linked to a $25M Essay Mill A sprawling academic cheating network turbocharged by Google Ads that has generated nearly $25 million in revenue has curious ties to a Kremlin-connected oligarch whose Russian university builds drones for Russia’s war against Ukraine. The Nerdify homepage. The link between…

  • SMS Phishers Pivot to Points, Taxes, Fake Retailers

    SMS Phishers Pivot to Points, Taxes, Fake Retailers China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping season: Phishing kits for mass-creating fake but convincing e-commerce websites that convert customer payment card data into…

  • Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’

    Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’ A prolific cybercriminal group that calls itself “Scattered LAPSUS$ Hunters” has dominated headlines this year by regularly stealing data from and publicly mass extorting dozens of major corporations. But the tables seem to have turned somewhat for “Rey,” the moniker chosen by the technical operator and public…

  • Is Your Android TV Streaming Box Part of a Botnet?

    Is Your Android TV Streaming Box Part of a Botnet? On the surface, the Superbox media streaming devices for sale at retailers like BestBuy and Walmart may seem like a steal: They offer unlimited access to more than 2,200 pay-per-view and streaming services like Netflix, ESPN and Hulu, all for a one-time fee of around…

  • Mozilla Says It’s Finally Done With Two-Faced Onerep

    Mozilla Says It’s Finally Done With Two-Faced Onerep In March 2024, Mozilla said it was winding down its collaboration with Onerep — an identity protection service offered with the Firefox web browser that promises to remove users from hundreds of people-search sites — after KrebsOnSecurity revealed Onerep’s founder had created dozens of people-search services and…

  • The Cloudflare Outage May Be a Security Roadmap

    The Cloudflare Outage May Be a Security Roadmap An intermittent outage at Cloudflare on Tuesday briefly knocked many of the Internet’s top destinations offline. Some affected Cloudflare customers were able to pivot away from the platform temporarily so that visitors could still access their websites. But security experts say doing so may have also triggered…

  • Google Sues to Disrupt Chinese SMS Phishing Triad

    Google Sues to Disrupt Chinese SMS Phishing Triad Google is suing more than two dozen unnamed individuals allegedly involved in peddling a popular China-based mobile phishing service that helps scammers impersonate hundreds of trusted brands, blast out text message lures, and convert phished payment card data into mobile wallets from Apple and Google. In a…

  • Drilling Down on Uncle Sam’s Proposed TP-Link Ban

    Drilling Down on Uncle Sam’s Proposed TP-Link Ban The U.S. government is reportedly preparing to ban the sale of wireless routers and other networking gear from TP-Link Systems, a tech company that currently enjoys an estimated 50% market share among home users and small businesses. Experts say while the proposed ban may have more to…

  • Cloudflare Scrubs Aisuru Botnet from Top Domains List

    Cloudflare Scrubs Aisuru Botnet from Top Domains List For the past week, domains associated with the massive Aisuru botnet have repeatedly usurped Amazon, Apple, Google and Microsoft in Cloudflare’s public ranking of the most frequently requested websites. Cloudflare responded by redacting Aisuru domain names from their top websites list. The chief executive at Cloudflare says…

  • Alleged Jabber Zeus Coder ‘MrICQ’ in U.S. Custody

    Alleged Jabber Zeus Coder ‘MrICQ’ in U.S. Custody A Ukrainian man indicted in 2012 for conspiring with a prolific hacking group to steal tens of millions of dollars from U.S. businesses was arrested in Italy and is now in custody in the United States, KrebsOnSecurity has learned. Sources close to the investigation say Yuriy Igorevich…

  • Aisuru Botnet Shifts from DDoS to Residential Proxies

    Aisuru Botnet Shifts from DDoS to Residential Proxies Aisuru, the botnet responsible for a series of record-smashing distributed denial-of-service (DDoS) attacks this year, recently was overhauled to support a more low-key, lucrative and sustainable business: Renting hundreds of thousands of infected Internet of Things (IoT) devices to proxy services that help cybercriminals anonymize their traffic.…

  • Canada Fines Cybercrime Friendly Cryptomus $176M

    Canada Fines Cybercrime Friendly Cryptomus $176M Financial regulators in Canada this week levied $176 million in fines against Cryptomus, a digital payments platform that supports dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services. The penalties for violating Canada’s anti money-laundering laws come ten months after KrebsOnSecurity noted that Cryptomus’s Vancouver street address was…

  • Email Bombs Exploit Lax Authentication in Zendesk

    Email Bombs Exploit Lax Authentication in Zendesk Cybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with menacing messages that come from hundreds of Zendesk corporate customers simultaneously. Zendesk is an automated help desk service designed to make it simple for people to contact companies…

  • ShinyHunters Wage Broad Corporate Extortion Spree

    ShinyHunters Wage Broad Corporate Extortion Spree A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen from dozens of Fortune 500 firms if they refuse to pay a ransom. The group also claimed responsibility…

  • Feds Tie ‘Scattered Spider’ Duo to $115M in Ransoms

    Feds Tie ‘Scattered Spider’ Duo to $115M in Ransoms U.S. prosecutors last week levied criminal hacking charges against 19-year-old U.K. national Thalha Jubair for allegedly being a core member of Scattered Spider, a prolific cybercrime group blamed for extorting at least $115 million in ransom payments from victims. The charges came as Jubair and an…

  • Bulletproof Host Stark Industries Evades EU Sanctions

    Bulletproof Host Stark Industries Evades EU Sanctions In May 2025, the European Union levied financial sanctions on the owners of Stark Industries Solutions Ltd., a bulletproof hosting provider that materialized two weeks before Russia invaded Ukraine and quickly became a top source of Kremlin-linked cyberattacks and disinformation campaigns. But new findings show those sanctions have done…

  • 18 Popular Code Packages Hacked, Rigged to Steal Crypto

    18 Popular Code Packages Hacked, Rigged to Steal Crypto At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The attack appears to have been quickly contained and was narrowly…

  • GOP Cries Censorship Over Spam Filters That Work

    GOP Cries Censorship Over Spam Filters That Work The chairman of the Federal Trade Commission (FTC) last week sent a letter to Google’s CEO demanding to know why Gmail was blocking messages from Republican senders while allegedly failing to block similar missives supporting Democrats. The letter followed media reports accusing Gmail of disproportionately flagging messages…

  • The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft

    The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many companies racing to invalidate the stolen credentials before hackers can exploit them. Now Google…

  • Affiliates Flock to ‘Soulless’ Scam Gambling Machine

    Affiliates Flock to ‘Soulless’ Scam Gambling Machine Last month, KrebsOnSecurity tracked the sudden emergence of hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. We’ve since learned that these scam gambling sites have proliferated thanks to a new Russian affiliate…

  • DSLRoot, Proxies, and the Threat of ‘Legal Botnets’

    DSLRoot, Proxies, and the Threat of ‘Legal Botnets’ The cybersecurity community on Reddit responded in disbelief this month when a self-described Air National Guard member with top secret security clearance began questioning the arrangement they’d made with company called DSLRoot, which was paying $250 a month to plug a pair of laptops into the Redditor’s…

  • Oregon Man Charged in ‘Rapper Bot’ DDoS Service

    Oregon Man Charged in ‘Rapper Bot’ DDoS Service A 22-year-old Oregon man has been arrested on suspicion of operating “Rapper Bot,” a massive botnet used to power a service for launching distributed denial-of-service (DDoS) attacks against targets — including a March 2025 DDoS that knocked Twitter/X offline. The Justice Department asserts the suspect and an…

  • Mobile Phishers Target Brokerage Accounts in ‘Ramp and Dump’ Cashout Scheme

    Mobile Phishers Target Brokerage Accounts in ‘Ramp and Dump’ Cashout Scheme Cybercriminal groups peddling sophisticated phishing kits that convert stolen card data into mobile wallets have recently shifted their focus to targeting customers of brokerage services, new research shows. Undeterred by security controls at these trading platforms that block users from wiring funds directly out…

  • KrebsOnSecurity in New ‘Most Wanted’ HBO Max Series

    KrebsOnSecurity in New ‘Most Wanted’ HBO Max Series A new documentary series about cybercrime airing next month on HBO Max features interviews with Yours Truly. The four-part series follows the exploits of Julius Kivimäki, a prolific Finnish hacker recently convicted of leaking tens of thousands of patient records from an online psychotherapy practice while attempting…

  • Scammers Unleash Flood of Slick Online Gaming Sites

    Scammers Unleash Flood of Slick Online Gaming Sites Fraudsters are flooding Discord and other social media platforms with ads for hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. Here’s a closer look at the social engineering tactics and remarkable…

  • Phishers Target Aviation Execs to Scam Customers

    Phishers Target Aviation Execs to Scam Customers KrebsOnSecurity recently heard from a reader whose boss’s email account got phished and was used to trick one of the company’s customers into sending a large payment to scammers. An investigation into the attacker’s infrastructure points to a long-running Nigerian cybercrime ring that is actively targeting established companies…

  • Poor Passwords Tattle on AI Hiring Bot Maker Paradox.ai

    Poor Passwords Tattle on AI Hiring Bot Maker Paradox.ai Security researchers recently revealed that the personal information of millions of people who applied for jobs at McDonald’s was exposed after they guessed the password (“123456”) for the fast food chain’s account at Paradox.ai, a company that makes artificial intelligence based hiring chatbots used by many…

  • DOGE Denizen Marko Elez Leaked API Key for xAI

    DOGE Denizen Marko Elez Leaked API Key for xAI Marko Elez, a 25-year-old employee at Elon Musk’s Department of Government Efficiency (DOGE), has been granted access to sensitive databases at the U.S. Social Security Administration, the Treasury and Justice departments, and the Department of Homeland Security. So it should fill all Americans with a deep…

  • Big Tech’s Mixed Response to U.S. Treasury Sanctions

    Big Tech’s Mixed Response to U.S. Treasury Sanctions In May 2025, the U.S. government sanctioned a Chinese national for operating a cloud provider linked to the majority of virtual currency investment scam websites reported to the FBI. But a new report finds the accused continues to operate a slew of established accounts at American tech…

  • Senator Chides FBI for Weak Advice on Mobile Security

    Senator Chides FBI for Weak Advice on Mobile Security Agents with the Federal Bureau of Investigation (FBI) briefed Capitol Hill staff recently on hardening the security of their mobile devices, after a contacts list stolen from the personal phone of the White House Chief of Staff Susie Wiles was reportedly used to fuel a series…

  • Inside a Dark Adtech Empire Fed by Fake CAPTCHAs

    Inside a Dark Adtech Empire Fed by Fake CAPTCHAs Late last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same malicious advertising technology that powers a sprawling ecosystem of online hucksters and website hackers. A new report on the fallout from that investigation…

  • Proxy Services Feast on Ukraine’s IP Address Exodus

    Proxy Services Feast on Ukraine’s IP Address Exodus Image: Mark Rademaker, via Shutterstock. Ukraine has seen nearly one-fifth of its Internet space come under Russian control or sold to Internet address brokers since February 2022, a new study finds. The analysis indicates large chunks of Ukrainian Internet address space are now in the hands of…

  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams

    U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams Image: Shutterstock, ArtHead. The U.S. government today imposed economic sanctions on Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual currency investment scams known as “pig butchering.” In January 2025, KrebsOnSecurity detailed how…

  • Pakistan Arrests 21 in ‘Heartsender’ Malware Service

    Pakistan Arrests 21 in ‘Heartsender’ Malware Service Authorities in Pakistan have arrested 21 individuals accused of operating “Heartsender,” a once popular spam and malware dissemination service that operated for more than a decade. The main clientele for HeartSender were organized crime groups that tried to trick victim companies into making payments to a third party,…

  • Oops: DanaBot Malware Devs Infected Their Own PCs

    Oops: DanaBot Malware Devs Infected Their Own PCs The U.S. government today unsealed criminal charges against 16 individuals accused of operating and selling DanaBot, a prolific strain of information-stealing malware that has been sold on Russian cybercrime forums since 2018. The FBI says a newer version of DanaBot was used for espionage, and that many…

  • KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS

    KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data). The brief attack appears to have been a test run for a massive new Internet…

  • Breachforums Boss to Pay $700k in Healthcare Breach

    Breachforums Boss to Pay $700k in Healthcare Breach In what experts are calling a novel legal outcome, the 22-year-old former administrator of the cybercrime community Breachforums will forfeit nearly $700,000 to settle a civil lawsuit from a health insurance company whose customer data was posted for sale on the forum in 2023. Conor Brian Fitzpatrick,…

  • Pakistani Firm Shipped Fentanyl Analogs, Scams to US

    Pakistani Firm Shipped Fentanyl Analogs, Scams to US A Texas firm recently charged with conspiring to distribute synthetic opioids in the United States is at the center of a vast network of companies in the U.S. and Pakistan whose employees are accused of using online ads to scam westerners seeking help with trademarks, book writing,…

  • xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs

    xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs An employee at Elon Musk’s artificial intelligence company xAI leaked a private key on GitHub that for the past two months could have allowed anyone to query private xAI large language models (LLMs) which appear to have been custom made for working with internal data from…

  • Alleged ‘Scattered Spider’ Member Extradited to U.S.

    Alleged ‘Scattered Spider’ Member Extradited to U.S. A 23-year-old Scottish man thought to be a member of the prolific Scattered Spider cybercrime group was extradited last week from Spain to the United States, where he is facing charges of wire fraud, conspiracy and identity theft. U.S. prosecutors allege Tyler Robert Buchanan and co-conspirators hacked into…

  • DOGE Worker’s Code Supports NLRB Whistleblower

    DOGE Worker’s Code Supports NLRB Whistleblower A whistleblower at the National Labor Relations Board (NLRB) alleged last week that denizens of Elon Musk’s Department of Government Efficiency (DOGE) siphoned gigabytes of data from the agency’s sensitive case files in early March. The whistleblower said accounts created for DOGE at the NLRB downloaded three code repositories…

  • Whistleblower: DOGE Siphoned NLRB Case Data

    Whistleblower: DOGE Siphoned NLRB Case Data A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk‘s Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few traces of network activity. The NLRB whistleblower said the…

  • Funding Expires for Key Cyber Vulnerability Database

    Funding Expires for Key Cyber Vulnerability Database A critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix security vulnerabilities in software and hardware is in danger of breaking down. The federally funded, non-profit research and development organization MITRE warned today that its contract to maintain the Common Vulnerabilities and Exposures (CVE)…

  • Trump Revenge Tour Targets Cyber Leaders, Elections

    Trump Revenge Tour Targets Cyber Leaders, Elections President Trump last week revoked security clearances for Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA) who was fired by Trump after declaring the 2020 election the most secure in U.S. history. The White House memo, which also suspended clearances for other security…

  • China-based SMS Phishing Triad Pivots to Banks

    China-based SMS Phishing Triad Pivots to Banks China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called “Smishing Triad” mainly impersonated toll road operators and shipping companies. But experts say these groups are now directly targeting customers of international…

  • Cyber Forensic Expert in 2,000+ Cases Faces FBI Probe

    Cyber Forensic Expert in 2,000+ Cases Faces FBI Probe A Minnesota cybersecurity and computer forensics expert whose testimony has featured in thousands of courtroom trials over the past 30 years is facing questions about his credentials and an inquiry from the Federal Bureau of Investigation (FBI). Legal experts say the inquiry could be grounds to…

  • How Each Pillar of the 1st Amendment is Under Attack

    How Each Pillar of the 1st Amendment is Under Attack “Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.”…

  • When Getting Phished Puts You in Mortal Danger

    When Getting Phished Puts You in Mortal Danger Many successful phishing attacks result in a financial loss or malware infection. But falling for some phishing scams, like those currently targeting Russians searching online for organizations that are fighting the Kremlin war machine, can cost you your freedom or your life. The real website of the…

  • Arrests in Tap-to-Pay Scheme Powered by Phishing

    Arrests in Tap-to-Pay Scheme Powered by Phishing Authorities in at least two U.S. states last week independently announced arrests of Chinese nationals accused of perpetrating a novel form of tap-to-pay fraud using mobile devices. Details released by authorities so far indicate the mobile wallets being used by the scammers were created through online phishing scams,…

  • DOGE to Fired CISA Staff: Email Us Your Personal Data

    DOGE to Fired CISA Staff: Email Us Your Personal Data A message posted on Monday to the homepage of the U.S. Cybersecurity & Infrastructure Security Agency (CISA) is the latest exhibit in the Trump administration’s continued disregard for basic cybersecurity protections. The message instructed recently-fired CISA employees to get in touch so they can be…

  • Feds Link $150M Cyberheist to 2022 LastPass Hacks

    Feds Link $150M Cyberheist to 2022 LastPass Hacks In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking master passwords stolen from the password manager service LastPass in 2022. In a court filing this week, U.S. federal agents investigating a…

  • Who is the DOGE and X Technician Branden Spikes?

    Who is the DOGE and X Technician Branden Spikes? At 49, Branden Spikes isn’t just one of the oldest technologists who has been involved in Elon Musk’s Department of Government Efficiency (DOGE). As the current director of information technology at X/Twitter and an early hire at PayPal, Zip2, Tesla and SpaceX, Spikes is also among…

  • Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

    Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab One of the most notorious providers of abuse-friendly “bulletproof” web hosting for cybercriminals has started routing its operations through networks run by the Russian antivirus and security firm Kaspersky Lab, KrebsOnSecurity has learned. Security experts say the Russia-based service provider Prospero OOO (the triple O is…

  • Trump 2.0 Brings Cuts to Cyber, Consumer Protections

    Trump 2.0 Brings Cuts to Cyber, Consumer Protections One month into his second term, President Trump’s actions to shrink the government through mass layoffs, firings and withholding funds allocated by Congress have thrown federal cybersecurity and consumer protection programs into disarray. At the same time, agencies are battling an ongoing effort by the world’s richest…

  • How Phished Data Turns into Apple & Google Wallets

    How Phished Data Turns into Apple & Google Wallets Carding — the underground business of stealing, selling and swiping stolen payment card data — has long been the dominion of Russia-based hackers. Happily, the broad deployment of more secure chip-based payment cards in the United States has weakened the carding market. But a flurry of…

  • Nearly a Year Later, Mozilla is Still Promoting OneRep

    Nearly a Year Later, Mozilla is Still Promoting OneRep In mid-March 2024, KrebsOnSecurity revealed that the founder of the personal data removal service Onerep also founded dozens of people-search companies. Shortly after that investigation was published, Mozilla said it would stop bundling Onerep with the Firefox browser and wind down its partnership with the company. But…

  • Teen on Musk’s DOGE Team Graduated from ‘The Com’

    Teen on Musk’s DOGE Team Graduated from ‘The Com’ Wired reported this week that a 19-year-old working for Elon Musk‘s so-called Department of Government Efficiency (DOGE) was given access to sensitive US government systems even though his past association with cybercrime communities should have precluded him from gaining the necessary security clearances to do so.…

  • Experts Flag Security, Privacy Risks in DeepSeek AI App

    Experts Flag Security, Privacy Risks in DeepSeek AI App New mobile apps from the Chinese artificial intelligence (AI) company DeepSeek have remained among the top three “free” downloads for Apple and Google devices since their debut on Jan. 25, 2025. But experts caution that many of DeepSeek’s design choices — such as using hard-coded encryption…

  • Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?

    Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’? The FBI joined authorities across Europe last week in seizing domain names for Cracked and Nulled, English-language cybercrime forums with millions of users that trafficked in stolen data, hacking tools and malware. An investigation into the history of these communities shows their apparent co-founders quite openly operate…

  • FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

    FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang The FBI and authorities in The Netherlands this week seized dozens of servers and domains for a hugely popular spam and malware dissemination service operating out of Pakistan. The proprietors of the service, who use the collective nickname “The Manipulaters,” have been the subject of three stories published…

  • Infrastructure Laundering: Blending in with the Cloud

    Infrastructure Laundering: Blending in with the Cloud Image: Shutterstock, ArtHead. In an effort to blend in and make their malicious traffic tougher to block, hosting firms catering to cybercriminals in China and Russia increasingly are funneling their operations through major U.S. cloud providers. Research published this week on one such outfit — a sprawling network…

  • A Tumultuous Week for Federal Cybersecurity Efforts

    A Tumultuous Week for Federal Cybersecurity Efforts Image: Shutterstock. Greg Meland. President Trump last week issued a flurry of executive orders that upended a number of government initiatives focused on improving the nation’s cybersecurity posture. The president fired all advisors from the Department of Homeland Security’s Cyber Safety Review Board, called for the creation of…

  • MasterCard DNS Error Went Unnoticed for Years

    MasterCard DNS Error Went Unnoticed for Years The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name. The misconfiguration persisted for nearly five years until a security researcher spent…

  • Chinese Innovations Spawn Wave of Toll Phishing Via SMS

    Chinese Innovations Spawn Wave of Toll Phishing Via SMS Residents across the United States are being inundated with text messages purporting to come from toll road operators like E-ZPass, warning that recipients face fines if a delinquent toll fee remains unpaid. Researchers say the surge in SMS spam coincides with new features added to a…

  • A Day in the Life of a Prolific Voice Phishing Crew

    A Day in the Life of a Prolific Voice Phishing Crew Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gang show the group routinely…

  • U.S. Army Soldier Arrested in AT&T, Verizon Extortions

    U.S. Army Soldier Arrested in AT&T, Verizon Extortions Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon. As first reported by KrebsOnSecurity last month, the accused is a…

  • Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

    Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm Cybercriminals are selling hundreds of thousands of credential sets stolen with the help of a cracked version of Acunetix, a powerful commercial web app vulnerability scanner, new research finds. The cracked software is being resold as a cloud-based attack tool by at least two different services,…

  • How to Lose a Fortune with Just One Bad Click

    How to Lose a Fortune with Just One Bad Click Image: Shutterstock, iHaMoo. Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and…

  • How Cryptocurrency Turns to Cash in Russian Banks

    How Cryptocurrency Turns to Cash in Russian Banks A financial firm registered in Canada has emerged as the payment processor for dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services aimed at Russian-speaking customers, new research finds. Meanwhile, an investigation into the Vancouver street address used by this company shows it is home to…

  • Hacker in Snowflake Extortions May Be a U.S. Soldier

    Hacker in Snowflake Extortions May Be a U.S. Soldier Two men have been arrested for allegedly stealing data from and extorting dozens of companies that used the cloud data storage company Snowflake, but a third suspect — a prolific hacker known as Kiberphant0m — remains at large and continues to publicly extort victims. However, this…

  • Feds Charge Five Men in ‘Scattered Spider’ Roundup

    Feds Charge Five Men in ‘Scattered Spider’ Roundup Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass, MailChimp, Okta, T-Mobile and Twilio. A visual depiction of…

  • An Interview With the Target & Home Depot Hacker

    An Interview With the Target & Home Depot Hacker In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator, the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Moscow resident Mikhail Shefel, who confirmed using the Rescator identity in…