serisec

Category: krebsonsecurity

  • Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts

    Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions began circulating on Telegram showing how to trick Meta’s “AI support assistant” bot into…

  • Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks

    Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influence operations and disinformation campaigns inside the European Union. The two men were the focus of a 2025 KrebsOnSecurity story about…

  • Lawmakers Demand Answers as CISA Tries to Contain Data Leak

    Lawmakers Demand Answers as CISA Tries to Contain Data Leak Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account.…

  • Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada

    Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf, a fast spreading Internet-of-Things botnet that enslaved millions of devices for use in a series of massive distributed denial-of-service (DDoS) attacks over the past six months. KrebsOnSecurity publicly named…

  • CISA Admin Leaked AWS GovCloud Keys on Github

    CISA Admin Leaked AWS GovCloud Keys on Github Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how…

  • Patch Tuesday, May 2026 Edition

    Patch Tuesday, May 2026 Edition Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month with some of the more widely-used software makers — including Apple, Google, Microsoft, Mozilla…

  • Canvas Breach Disrupts Schools & Colleges Nationwide

    Canvas Breach Disrupts Schools & Colleges Nationwide An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the service’s login page with a ransom demand that threatened to leak data from 275 million students…

  • Anti-DDoS Firm Heaped Attacks on Brazilian ISPs

    Anti-DDoS Firm Heaped Attacks on Brazilian ISPs A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks against other network operators in Brazil, KrebsOnSecurity has learned. The firm’s chief executive says the malicious activity resulted from a…

  • ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty

    ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty A 24-year-old British national and senior member of the cybercrime group “Scattered Spider” has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022 that allowed the group to hack into…

  • Patch Tuesday, April 2026 Edition

    Patch Tuesday, April 2026 Edition Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed “BlueHammer.” Separately, Google Chrome fixed its fourth zero-day of 2026, and an emergency update for Adobe…

  • Russia Hacked Routers to Steal Microsoft Office Tokens

    Russia Hacked Routers to Steal Microsoft Office Tokens Hackers linked to Russia’s military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more than 18,000 networks…

  • Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab

    Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab An elusive hacker who went by the handle “UNKN” and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least…

  • ‘CanisterWorm’ Springs Wiper Attack Targeting Iran

    ‘CanisterWorm’ Springs Wiper Attack Targeting Iran A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran’s time zone or have Farsi set as the default language. Experts say the…

  • Feds Disrupt IoT Botnets Behind Huge DDoS Attacks

    Feds Disrupt IoT Botnets Behind Huge DDoS Attacks The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million Internet of Things (IoT) devices, such as routers and web cameras. The feds say the four botnets — named Aisuru, Kimwolf,…

  • Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker

    Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker A hacktivist group with links to Iran’s intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker’s largest hub outside of the United States, said the company sent home more than…

  • Microsoft Patch Tuesday, March 2026 Edition

    Microsoft Patch Tuesday, March 2026 Edition Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing “zero-day” flaws this month (compared to February’s five zero-day treat), but as usual some patches may deserve more rapid attention from organizations using Windows. Here…

  • How AI Assistants are Moving the Security Goalposts

    How AI Assistants are Moving the Security Goalposts AI-based assistants or “agents” — autonomous programs that have access to the user’s computer, files, online services and can automate virtually any task — are growing in popularity with developers and IT workers. But as so many eyebrow-raising headlines over the past few weeks have shown, these…

  • Who is the Kimwolf Botmaster “Dort”?

    Who is the Kimwolf Botmaster “Dort”? In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to build Kimwolf, the world’s largest and most disruptive botnet. Since then, the person in control of Kimwolf — who goes by the handle “Dort” — has coordinated a barrage of distributed denial-of-service…

  • ‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA

    ‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse activists and security firms. But a stealthy new phishing-as-a-service offering lets customers sidestep both of these pitfalls: It uses cleverly disguised links…

  • Kimwolf Botnet Swamps Anonymity Network I2P

    Kimwolf Botnet Swamps Anonymity Network I2P For the past week, the massive “Internet of Things” (IoT) botnet known as Kimwolf has been disrupting The Invisible Internet Project (I2P), a decentralized, encrypted communications network designed to anonymize and secure online communications. I2P users started reporting disruptions in the network around the same time the Kimwolf botmasters…

  • Patch Tuesday, February 2026 Edition

    Patch Tuesday, February 2026 Edition Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopping six “zero-day” vulnerabilities that attackers are already exploiting in the wild. Zero-day #1 this month is CVE-2026-21510, a security feature bypass vulnerability in Windows Shell wherein…

  • Who Operates the Badbox 2.0 Botnet?

    Who Operates the Badbox 2.0 Botnet? The cybercriminals in control of Kimwolf — a disruptive botnet that has infected more than 2 million devices — recently shared a screenshot indicating they’d compromised the control panel for Badbox 2.0, a vast China-based botnet powered by malicious software that comes pre-installed on many Android TV streaming boxes.…

  • Please Don’t Feed the Scattered Lapsus ShinyHunters

    Please Don’t Feed the Scattered Lapsus ShinyHunters A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swatting executives and their families, all while notifying journalists and regulators about the extent of the intrusion. Some victims…

  • Kimwolf Botnet Lurking in Corporate, Govt. Networks

    Kimwolf Botnet Lurking in Corporate, Govt. Networks A new Internet-of-Things (IoT) botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and to relay other malicious and abusive Internet traffic. Kimwolf’s ability to scan the local networks of compromised systems for other IoT…

  • Patch Tuesday, January 2026 Edition

    Patch Tuesday, January 2026 Edition Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. Eight of the vulnerabilities earned Microsoft’s most-dire “critical” rating, and the company warns that attackers are already exploiting one of the bugs fixed today. January’s Microsoft zero-day flaw — CVE-2026-20805…

  • Who Benefited from the Aisuru and Kimwolf Botnets?

    Who Benefited from the Aisuru and Kimwolf Botnets? Our first story of 2026 revealed how a destructive new botnet called Kimwolf has infected more than two million devices by mass-compromising a vast number of unofficial Android TV streaming boxes. Today, we’ll dig through digital clues left behind by the hackers, network operators and services that…

  • The Kimwolf Botnet is Stalking Your Local Network

    The Kimwolf Botnet is Stalking Your Local Network The story you are reading is a series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been exploited for months already, and it’s time for a broader awareness of the threat. The short version is that everything you thought…

  • Happy 16th Birthday, KrebsOnSecurity.com!

    Happy 16th Birthday, KrebsOnSecurity.com! KrebsOnSecurity.com celebrates its 16th anniversary today! A huge “thank you” to all of our readers — newcomers, long-timers and drive-by critics alike. Your engagement this past year here has been tremendous and truly a salve on a handful of dark days. Happily, comeuppance was a strong theme running through our coverage…

  • Dismantling Defenses: Trump 2.0 Cyber Year in Review

    Dismantling Defenses: Trump 2.0 Cyber Year in Review The Trump administration has pursued a staggering range of policy pivots this past year that threaten to weaken the nation’s ability and willingness to address a broad spectrum of technology challenges, from cybersecurity and privacy to countering disinformation, fraud and corruption. These shifts, along with the president’s…

  • Most Parked Domains Now Serving Malicious Content

    Most Parked Domains Now Serving Malicious Content Direct navigation — the act of visiting a website by manually typing a domain name in a web browser — has never been riskier: A new study finds the vast majority of “parked” domains — mostly expired or dormant domain names, or common misspellings of popular websites —…

  • Microsoft Patch Tuesday, December 2025 Edition

    Microsoft Patch Tuesday, December 2025 Edition Microsoft today pushed updates to fix at least 56 security flaws in its Windows operating systems and supported software. This final Patch Tuesday of 2025 tackles one zero-day bug that is already being exploited, as well as two publicly disclosed vulnerabilities. Despite releasing a lower-than-normal number of security updates…

  • Drones to Diplomas: How Russia’s Largest Private University is Linked to a $25M Essay Mill

    Drones to Diplomas: How Russia’s Largest Private University is Linked to a $25M Essay Mill A sprawling academic cheating network turbocharged by Google Ads that has generated nearly $25 million in revenue has curious ties to a Kremlin-connected oligarch whose Russian university builds drones for Russia’s war against Ukraine. The Nerdify homepage. The link between…

  • SMS Phishers Pivot to Points, Taxes, Fake Retailers

    SMS Phishers Pivot to Points, Taxes, Fake Retailers China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping season: Phishing kits for mass-creating fake but convincing e-commerce websites that convert customer payment card data into…

  • Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’

    Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’ A prolific cybercriminal group that calls itself “Scattered LAPSUS$ Hunters” has dominated headlines this year by regularly stealing data from and publicly mass extorting dozens of major corporations. But the tables seem to have turned somewhat for “Rey,” the moniker chosen by the technical operator and public…

  • Is Your Android TV Streaming Box Part of a Botnet?

    Is Your Android TV Streaming Box Part of a Botnet? On the surface, the Superbox media streaming devices for sale at retailers like BestBuy and Walmart may seem like a steal: They offer unlimited access to more than 2,200 pay-per-view and streaming services like Netflix, ESPN and Hulu, all for a one-time fee of around…

  • Mozilla Says It’s Finally Done With Two-Faced Onerep

    Mozilla Says It’s Finally Done With Two-Faced Onerep In March 2024, Mozilla said it was winding down its collaboration with Onerep — an identity protection service offered with the Firefox web browser that promises to remove users from hundreds of people-search sites — after KrebsOnSecurity revealed Onerep’s founder had created dozens of people-search services and…

  • The Cloudflare Outage May Be a Security Roadmap

    The Cloudflare Outage May Be a Security Roadmap An intermittent outage at Cloudflare on Tuesday briefly knocked many of the Internet’s top destinations offline. Some affected Cloudflare customers were able to pivot away from the platform temporarily so that visitors could still access their websites. But security experts say doing so may have also triggered…

  • Microsoft Patch Tuesday, November 2025 Edition

    Microsoft Patch Tuesday, November 2025 Edition Microsoft this week pushed security updates to fix more than 60 vulnerabilities in its Windows operating systems and supported software, including at least one zero-day bug that is already being exploited. Microsoft also fixed a glitch that prevented some Windows 10 users from taking advantage of an extra year…

  • Google Sues to Disrupt Chinese SMS Phishing Triad

    Google Sues to Disrupt Chinese SMS Phishing Triad Google is suing more than two dozen unnamed individuals allegedly involved in peddling a popular China-based mobile phishing service that helps scammers impersonate hundreds of trusted brands, blast out text message lures, and convert phished payment card data into mobile wallets from Apple and Google. In a…

  • Drilling Down on Uncle Sam’s Proposed TP-Link Ban

    Drilling Down on Uncle Sam’s Proposed TP-Link Ban The U.S. government is reportedly preparing to ban the sale of wireless routers and other networking gear from TP-Link Systems, a tech company that currently enjoys an estimated 50% market share among home users and small businesses. Experts say while the proposed ban may have more to…

  • Cloudflare Scrubs Aisuru Botnet from Top Domains List

    Cloudflare Scrubs Aisuru Botnet from Top Domains List For the past week, domains associated with the massive Aisuru botnet have repeatedly usurped Amazon, Apple, Google and Microsoft in Cloudflare’s public ranking of the most frequently requested websites. Cloudflare responded by redacting Aisuru domain names from their top websites list. The chief executive at Cloudflare says…

  • Alleged Jabber Zeus Coder ‘MrICQ’ in U.S. Custody

    Alleged Jabber Zeus Coder ‘MrICQ’ in U.S. Custody A Ukrainian man indicted in 2012 for conspiring with a prolific hacking group to steal tens of millions of dollars from U.S. businesses was arrested in Italy and is now in custody in the United States, KrebsOnSecurity has learned. Sources close to the investigation say Yuriy Igorevich…

  • Aisuru Botnet Shifts from DDoS to Residential Proxies

    Aisuru Botnet Shifts from DDoS to Residential Proxies Aisuru, the botnet responsible for a series of record-smashing distributed denial-of-service (DDoS) attacks this year, recently was overhauled to support a more low-key, lucrative and sustainable business: Renting hundreds of thousands of infected Internet of Things (IoT) devices to proxy services that help cybercriminals anonymize their traffic.…

  • Canada Fines Cybercrime Friendly Cryptomus $176M

    Canada Fines Cybercrime Friendly Cryptomus $176M Financial regulators in Canada this week levied $176 million in fines against Cryptomus, a digital payments platform that supports dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services. The penalties for violating Canada’s anti money-laundering laws come ten months after KrebsOnSecurity noted that Cryptomus’s Vancouver street address was…

  • Email Bombs Exploit Lax Authentication in Zendesk

    Email Bombs Exploit Lax Authentication in Zendesk Cybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with menacing messages that come from hundreds of Zendesk corporate customers simultaneously. Zendesk is an automated help desk service designed to make it simple for people to contact companies…

  • Patch Tuesday, October 2025 ‘End of 10’ Edition

    Patch Tuesday, October 2025 ‘End of 10’ Edition Microsoft today released software updates to plug a whopping 172 security holes in its Windows operating systems, including at least two vulnerabilities that are already being actively exploited. October’s Patch Tuesday also marks the final month that Microsoft will ship security updates for Windows 10 systems. If…

  • DDoS Botnet Aisuru Blankets US ISPs in Record DDoS

    DDoS Botnet Aisuru Blankets US ISPs in Record DDoS The world’s largest and most disruptive botnet is now drawing a majority of its firepower from compromised Internet-of-Things (IoT) devices hosted on U.S. Internet providers like AT&T, Comcast and Verizon, new evidence suggests. Experts say the heavy concentration of infected devices at U.S. providers is complicating…

  • ShinyHunters Wage Broad Corporate Extortion Spree

    ShinyHunters Wage Broad Corporate Extortion Spree A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen from dozens of Fortune 500 firms if they refuse to pay a ransom. The group also claimed responsibility…

  • Feds Tie ‘Scattered Spider’ Duo to $115M in Ransoms

    Feds Tie ‘Scattered Spider’ Duo to $115M in Ransoms U.S. prosecutors last week levied criminal hacking charges against 19-year-old U.K. national Thalha Jubair for allegedly being a core member of Scattered Spider, a prolific cybercrime group blamed for extorting at least $115 million in ransom payments from victims. The charges came as Jubair and an…

  • Self-Replicating Worm Hits 180+ Software Packages

    Self-Replicating Worm Hits 180+ Software Packages At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more…

  • Bulletproof Host Stark Industries Evades EU Sanctions

    Bulletproof Host Stark Industries Evades EU Sanctions In May 2025, the European Union levied financial sanctions on the owners of Stark Industries Solutions Ltd., a bulletproof hosting provider that materialized two weeks before Russia invaded Ukraine and quickly became a top source of Kremlin-linked cyberattacks and disinformation campaigns. But new findings show those sanctions have done…

  • Microsoft Patch Tuesday, September 2025 Edition

    Microsoft Patch Tuesday, September 2025 Edition Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known “zero-day” or actively exploited vulnerabilities in this month’s bundle from Redmond, which nevertheless includes patches for 13 flaws that earned Microsoft’s most-dire “critical” label. Meanwhile, both…

  • 18 Popular Code Packages Hacked, Rigged to Steal Crypto

    18 Popular Code Packages Hacked, Rigged to Steal Crypto At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The attack appears to have been quickly contained and was narrowly…

  • GOP Cries Censorship Over Spam Filters That Work

    GOP Cries Censorship Over Spam Filters That Work The chairman of the Federal Trade Commission (FTC) last week sent a letter to Google’s CEO demanding to know why Gmail was blocking messages from Republican senders while allegedly failing to block similar missives supporting Democrats. The letter followed media reports accusing Gmail of disproportionately flagging messages…

  • The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft

    The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many companies racing to invalidate the stolen credentials before hackers can exploit them. Now Google…

  • Affiliates Flock to ‘Soulless’ Scam Gambling Machine

    Affiliates Flock to ‘Soulless’ Scam Gambling Machine Last month, KrebsOnSecurity tracked the sudden emergence of hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. We’ve since learned that these scam gambling sites have proliferated thanks to a new Russian affiliate…

  • DSLRoot, Proxies, and the Threat of ‘Legal Botnets’

    DSLRoot, Proxies, and the Threat of ‘Legal Botnets’ The cybersecurity community on Reddit responded in disbelief this month when a self-described Air National Guard member with top secret security clearance began questioning the arrangement they’d made with company called DSLRoot, which was paying $250 a month to plug a pair of laptops into the Redditor’s…

  • SIM-Swapper, Scattered Spider Hacker Gets 10 Years

    SIM-Swapper, Scattered Spider Hacker Gets 10 Years A 20-year-old Florida man at the center of a prolific cybercrime group known as “Scattered Spider” was sentenced to 10 years in federal prison today, and ordered to pay roughly $13 million in restitution to victims. Noah Michael Urban of Palm Coast, Fla. pleaded guilty in April 2025…

  • Oregon Man Charged in ‘Rapper Bot’ DDoS Service

    Oregon Man Charged in ‘Rapper Bot’ DDoS Service A 22-year-old Oregon man has been arrested on suspicion of operating “Rapper Bot,” a massive botnet used to power a service for launching distributed denial-of-service (DDoS) attacks against targets — including a March 2025 DDoS that knocked Twitter/X offline. The Justice Department asserts the suspect and an…

  • Mobile Phishers Target Brokerage Accounts in ‘Ramp and Dump’ Cashout Scheme

    Mobile Phishers Target Brokerage Accounts in ‘Ramp and Dump’ Cashout Scheme Cybercriminal groups peddling sophisticated phishing kits that convert stolen card data into mobile wallets have recently shifted their focus to targeting customers of brokerage services, new research shows. Undeterred by security controls at these trading platforms that block users from wiring funds directly out…

  • Microsoft Patch Tuesday, August 2025 Edition

    Microsoft Patch Tuesday, August 2025 Edition Microsoft today released updates to fix more than 100 security flaws in its Windows operating systems and other software. At least 13 of the bugs received Microsoft’s most-dire “critical” rating, meaning they could be abused by malware or malcontents to gain remote access to a Windows system with little…

  • KrebsOnSecurity in New ‘Most Wanted’ HBO Max Series

    KrebsOnSecurity in New ‘Most Wanted’ HBO Max Series A new documentary series about cybercrime airing next month on HBO Max features interviews with Yours Truly. The four-part series follows the exploits of Julius Kivimäki, a prolific Finnish hacker recently convicted of leaking tens of thousands of patient records from an online psychotherapy practice while attempting…

  • Who Got Arrested in the Raid on the XSS Crime Forum?

    Who Got Arrested in the Raid on the XSS Crime Forum? On July 22, 2025, the European police agency Europol said a long-running investigation led by the French Police resulted in the arrest of a 38-year-old administrator of XSS, a Russian-language cybercrime forum with more than 50,000 members. The action has triggered an ongoing frenzy of…

  • Scammers Unleash Flood of Slick Online Gaming Sites

    Scammers Unleash Flood of Slick Online Gaming Sites Fraudsters are flooding Discord and other social media platforms with ads for hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. Here’s a closer look at the social engineering tactics and remarkable…

  • Phishers Target Aviation Execs to Scam Customers

    Phishers Target Aviation Execs to Scam Customers KrebsOnSecurity recently heard from a reader whose boss’s email account got phished and was used to trick one of the company’s customers into sending a large payment to scammers. An investigation into the attacker’s infrastructure points to a long-running Nigerian cybercrime ring that is actively targeting established companies…

  • Microsoft Fix Targets Attacks on SharePoint Zero-Day

    Microsoft Fix Targets Attacks on SharePoint Zero-Day On Sunday, July 20, Microsoft Corp. issued an emergency security update for a vulnerability in SharePoint Server that is actively being exploited to compromise vulnerable organizations. The patch comes amid reports that malicious hackers have used the SharePoint flaw to breach U.S. federal and state agencies, universities, and…

  • Poor Passwords Tattle on AI Hiring Bot Maker Paradox.ai

    Poor Passwords Tattle on AI Hiring Bot Maker Paradox.ai Security researchers recently revealed that the personal information of millions of people who applied for jobs at McDonald’s was exposed after they guessed the password (“123456”) for the fast food chain’s account at Paradox.ai, a company that makes artificial intelligence based hiring chatbots used by many…

  • DOGE Denizen Marko Elez Leaked API Key for xAI

    DOGE Denizen Marko Elez Leaked API Key for xAI Marko Elez, a 25-year-old employee at Elon Musk’s Department of Government Efficiency (DOGE), has been granted access to sensitive databases at the U.S. Social Security Administration, the Treasury and Justice departments, and the Department of Homeland Security. So it should fill all Americans with a deep…

  • UK Arrests Four in ‘Scattered Spider’ Ransom Group

    UK Arrests Four in ‘Scattered Spider’ Ransom Group Authorities in the United Kingdom this week arrested four people aged 17 to 20 in connection with recent data theft and extortion attacks against the retailers Marks & Spencer and Harrods, and the British food retailer Co-op Group. The breaches have been linked to a prolific but…

  • Microsoft Patch Tuesday, July 2025 Edition

    Microsoft Patch Tuesday, July 2025 Edition Microsoft today released updates to fix at least 137 security vulnerabilities in its Windows operating systems and supported software. None of the weaknesses addressed this month are known to be actively exploited, but 14 of the flaws earned Microsoft’s most-dire “critical” rating, meaning they could be exploited to seize…

  • Big Tech’s Mixed Response to U.S. Treasury Sanctions

    Big Tech’s Mixed Response to U.S. Treasury Sanctions In May 2025, the U.S. government sanctioned a Chinese national for operating a cloud provider linked to the majority of virtual currency investment scam websites reported to the FBI. But a new report finds the accused continues to operate a slew of established accounts at American tech…

  • Senator Chides FBI for Weak Advice on Mobile Security

    Senator Chides FBI for Weak Advice on Mobile Security Agents with the Federal Bureau of Investigation (FBI) briefed Capitol Hill staff recently on hardening the security of their mobile devices, after a contacts list stolen from the personal phone of the White House Chief of Staff Susie Wiles was reportedly used to fuel a series…

  • Inside a Dark Adtech Empire Fed by Fake CAPTCHAs

    Inside a Dark Adtech Empire Fed by Fake CAPTCHAs Late last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same malicious advertising technology that powers a sprawling ecosystem of online hucksters and website hackers. A new report on the fallout from that investigation…

  • Patch Tuesday, June 2025 Edition

    Patch Tuesday, June 2025 Edition Microsoft today released security updates to fix at least 67 vulnerabilities in its Windows operating systems and software. Redmond warns that one of the flaws is already under active attack, and that software blueprints showing how to exploit a pervasive Windows bug patched this month are now public. The sole…

  • Proxy Services Feast on Ukraine’s IP Address Exodus

    Proxy Services Feast on Ukraine’s IP Address Exodus Image: Mark Rademaker, via Shutterstock. Ukraine has seen nearly one-fifth of its Internet space come under Russian control or sold to Internet address brokers since February 2022, a new study finds. The analysis indicates large chunks of Ukrainian Internet address space are now in the hands of…

  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams

    U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams Image: Shutterstock, ArtHead. The U.S. government today imposed economic sanctions on Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual currency investment scams known as “pig butchering.” In January 2025, KrebsOnSecurity detailed how…

  • Pakistan Arrests 21 in ‘Heartsender’ Malware Service

    Pakistan Arrests 21 in ‘Heartsender’ Malware Service Authorities in Pakistan have arrested 21 individuals accused of operating “Heartsender,” a once popular spam and malware dissemination service that operated for more than a decade. The main clientele for HeartSender were organized crime groups that tried to trick victim companies into making payments to a third party,…

  • Oops: DanaBot Malware Devs Infected Their Own PCs

    Oops: DanaBot Malware Devs Infected Their Own PCs The U.S. government today unsealed criminal charges against 16 individuals accused of operating and selling DanaBot, a prolific strain of information-stealing malware that has been sold on Russian cybercrime forums since 2018. The FBI says a newer version of DanaBot was used for espionage, and that many…

  • KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS

    KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data). The brief attack appears to have been a test run for a massive new Internet…

  • Breachforums Boss to Pay $700k in Healthcare Breach

    Breachforums Boss to Pay $700k in Healthcare Breach In what experts are calling a novel legal outcome, the 22-year-old former administrator of the cybercrime community Breachforums will forfeit nearly $700,000 to settle a civil lawsuit from a health insurance company whose customer data was posted for sale on the forum in 2023. Conor Brian Fitzpatrick,…

  • Patch Tuesday, May 2025 Edition

    Patch Tuesday, May 2025 Edition Microsoft on Tuesday released software updates to fix at least 70 vulnerabilities in Windows and related products, including five zero-day flaws that are already seeing active exploitation. Adding to the sense of urgency with this month’s patch batch from Redmond are fixes for two other weaknesses that now have public…

  • Pakistani Firm Shipped Fentanyl Analogs, Scams to US

    Pakistani Firm Shipped Fentanyl Analogs, Scams to US A Texas firm recently charged with conspiring to distribute synthetic opioids in the United States is at the center of a vast network of companies in the U.S. and Pakistan whose employees are accused of using online ads to scam westerners seeking help with trademarks, book writing,…

  • xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs

    xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs An employee at Elon Musk’s artificial intelligence company xAI leaked a private key on GitHub that for the past two months could have allowed anyone to query private xAI large language models (LLMs) which appear to have been custom made for working with internal data from…

  • Alleged ‘Scattered Spider’ Member Extradited to U.S.

    Alleged ‘Scattered Spider’ Member Extradited to U.S. A 23-year-old Scottish man thought to be a member of the prolific Scattered Spider cybercrime group was extradited last week from Spain to the United States, where he is facing charges of wire fraud, conspiracy and identity theft. U.S. prosecutors allege Tyler Robert Buchanan and co-conspirators hacked into…

  • DOGE Worker’s Code Supports NLRB Whistleblower

    DOGE Worker’s Code Supports NLRB Whistleblower A whistleblower at the National Labor Relations Board (NLRB) alleged last week that denizens of Elon Musk’s Department of Government Efficiency (DOGE) siphoned gigabytes of data from the agency’s sensitive case files in early March. The whistleblower said accounts created for DOGE at the NLRB downloaded three code repositories…

  • Whistleblower: DOGE Siphoned NLRB Case Data

    Whistleblower: DOGE Siphoned NLRB Case Data A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk‘s Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few traces of network activity. The NLRB whistleblower said the…

  • Funding Expires for Key Cyber Vulnerability Database

    Funding Expires for Key Cyber Vulnerability Database A critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix security vulnerabilities in software and hardware is in danger of breaking down. The federally funded, non-profit research and development organization MITRE warned today that its contract to maintain the Common Vulnerabilities and Exposures (CVE)…

  • Trump Revenge Tour Targets Cyber Leaders, Elections

    Trump Revenge Tour Targets Cyber Leaders, Elections President Trump last week revoked security clearances for Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA) who was fired by Trump after declaring the 2020 election the most secure in U.S. history. The White House memo, which also suspended clearances for other security…

  • China-based SMS Phishing Triad Pivots to Banks

    China-based SMS Phishing Triad Pivots to Banks China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called “Smishing Triad” mainly impersonated toll road operators and shipping companies. But experts say these groups are now directly targeting customers of international…

  • Patch Tuesday, April 2025 Edition

    Patch Tuesday, April 2025 Edition Microsoft today released updates to plug at least 121 security holes in its Windows operating systems and software, including one vulnerability that is already being exploited in the wild. Eleven of those flaws earned Microsoft’s most-dire “critical” rating, meaning malware or malcontents could exploit them with little to no interaction…

  • Cyber Forensic Expert in 2,000+ Cases Faces FBI Probe

    Cyber Forensic Expert in 2,000+ Cases Faces FBI Probe A Minnesota cybersecurity and computer forensics expert whose testimony has featured in thousands of courtroom trials over the past 30 years is facing questions about his credentials and an inquiry from the Federal Bureau of Investigation (FBI). Legal experts say the inquiry could be grounds to…

  • How Each Pillar of the 1st Amendment is Under Attack

    How Each Pillar of the 1st Amendment is Under Attack “Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.”…

  • When Getting Phished Puts You in Mortal Danger

    When Getting Phished Puts You in Mortal Danger Many successful phishing attacks result in a financial loss or malware infection. But falling for some phishing scams, like those currently targeting Russians searching online for organizations that are fighting the Kremlin war machine, can cost you your freedom or your life. The real website of the…

  • Arrests in Tap-to-Pay Scheme Powered by Phishing

    Arrests in Tap-to-Pay Scheme Powered by Phishing Authorities in at least two U.S. states last week independently announced arrests of Chinese nationals accused of perpetrating a novel form of tap-to-pay fraud using mobile devices. Details released by authorities so far indicate the mobile wallets being used by the scammers were created through online phishing scams,…

  • DOGE to Fired CISA Staff: Email Us Your Personal Data

    DOGE to Fired CISA Staff: Email Us Your Personal Data A message posted on Monday to the homepage of the U.S. Cybersecurity & Infrastructure Security Agency (CISA) is the latest exhibit in the Trump administration’s continued disregard for basic cybersecurity protections. The message instructed recently-fired CISA employees to get in touch so they can be…

  • ClickFix: How to Infect Your PC in Three Easy Steps

    ClickFix: How to Infect Your PC in Three Easy Steps A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed “ClickFix,” the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes…

  • Microsoft: 6 Zero-Days in March 2025 Patch Tuesday

    Microsoft: 6 Zero-Days in March 2025 Patch Tuesday Microsoft today issued more than 50 security updates for its various Windows operating systems, including fixes for a whopping six zero-day vulnerabilities that are already seeing active exploitation. Two of the zero-day flaws include CVE-2025-24991 and CVE-2025-24993, both vulnerabilities in NTFS, the default file system for Windows…

  • Alleged Co-Founder of Garantex Arrested in India

    Alleged Co-Founder of Garantex Arrested in India Authorities in India today arrested the alleged co-founder of Garantex, a cryptocurrency exchange sanctioned by the U.S. government in 2022 for facilitating tens of billions of dollars in money laundering by transnational criminal and cybercriminal organizations. Sources close to the investigation told KrebsOnSecurity the Lithuanian national Aleksej Besciokov,…

  • Feds Link $150M Cyberheist to 2022 LastPass Hacks

    Feds Link $150M Cyberheist to 2022 LastPass Hacks In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking master passwords stolen from the password manager service LastPass in 2022. In a court filing this week, U.S. federal agents investigating a…

  • Who is the DOGE and X Technician Branden Spikes?

    Who is the DOGE and X Technician Branden Spikes? At 49, Branden Spikes isn’t just one of the oldest technologists who has been involved in Elon Musk’s Department of Government Efficiency (DOGE). As the current director of information technology at X/Twitter and an early hire at PayPal, Zip2, Tesla and SpaceX, Spikes is also among…