serisec

Category: Latest Warnings

  • Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts

    Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions began circulating on Telegram showing how to trick Meta’s “AI support assistant” bot into…

  • Lawmakers Demand Answers as CISA Tries to Contain Data Leak

    Lawmakers Demand Answers as CISA Tries to Contain Data Leak Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account.…

  • CISA Admin Leaked AWS GovCloud Keys on Github

    CISA Admin Leaked AWS GovCloud Keys on Github Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how…

  • Patch Tuesday, May 2026 Edition

    Patch Tuesday, May 2026 Edition Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month with some of the more widely-used software makers — including Apple, Google, Microsoft, Mozilla…

  • Patch Tuesday, April 2026 Edition

    Patch Tuesday, April 2026 Edition Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed “BlueHammer.” Separately, Google Chrome fixed its fourth zero-day of 2026, and an emergency update for Adobe…

  • Russia Hacked Routers to Steal Microsoft Office Tokens

    Russia Hacked Routers to Steal Microsoft Office Tokens Hackers linked to Russia’s military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more than 18,000 networks…

  • ‘CanisterWorm’ Springs Wiper Attack Targeting Iran

    ‘CanisterWorm’ Springs Wiper Attack Targeting Iran A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran’s time zone or have Farsi set as the default language. Experts say the…

  • Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker

    Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker A hacktivist group with links to Iran’s intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker’s largest hub outside of the United States, said the company sent home more than…

  • How AI Assistants are Moving the Security Goalposts

    How AI Assistants are Moving the Security Goalposts AI-based assistants or “agents” — autonomous programs that have access to the user’s computer, files, online services and can automate virtually any task — are growing in popularity with developers and IT workers. But as so many eyebrow-raising headlines over the past few weeks have shown, these…

  • ‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA

    ‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse activists and security firms. But a stealthy new phishing-as-a-service offering lets customers sidestep both of these pitfalls: It uses cleverly disguised links…

  • Patch Tuesday, February 2026 Edition

    Patch Tuesday, February 2026 Edition Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopping six “zero-day” vulnerabilities that attackers are already exploiting in the wild. Zero-day #1 this month is CVE-2026-21510, a security feature bypass vulnerability in Windows Shell wherein…

  • Please Don’t Feed the Scattered Lapsus ShinyHunters

    Please Don’t Feed the Scattered Lapsus ShinyHunters A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swatting executives and their families, all while notifying journalists and regulators about the extent of the intrusion. Some victims…

  • Kimwolf Botnet Lurking in Corporate, Govt. Networks

    Kimwolf Botnet Lurking in Corporate, Govt. Networks A new Internet-of-Things (IoT) botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and to relay other malicious and abusive Internet traffic. Kimwolf’s ability to scan the local networks of compromised systems for other IoT…

  • Patch Tuesday, January 2026 Edition

    Patch Tuesday, January 2026 Edition Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. Eight of the vulnerabilities earned Microsoft’s most-dire “critical” rating, and the company warns that attackers are already exploiting one of the bugs fixed today. January’s Microsoft zero-day flaw — CVE-2026-20805…

  • The Kimwolf Botnet is Stalking Your Local Network

    The Kimwolf Botnet is Stalking Your Local Network The story you are reading is a series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been exploited for months already, and it’s time for a broader awareness of the threat. The short version is that everything you thought…

  • Dismantling Defenses: Trump 2.0 Cyber Year in Review

    Dismantling Defenses: Trump 2.0 Cyber Year in Review The Trump administration has pursued a staggering range of policy pivots this past year that threaten to weaken the nation’s ability and willingness to address a broad spectrum of technology challenges, from cybersecurity and privacy to countering disinformation, fraud and corruption. These shifts, along with the president’s…

  • Most Parked Domains Now Serving Malicious Content

    Most Parked Domains Now Serving Malicious Content Direct navigation — the act of visiting a website by manually typing a domain name in a web browser — has never been riskier: A new study finds the vast majority of “parked” domains — mostly expired or dormant domain names, or common misspellings of popular websites —…

  • Microsoft Patch Tuesday, December 2025 Edition

    Microsoft Patch Tuesday, December 2025 Edition Microsoft today pushed updates to fix at least 56 security flaws in its Windows operating systems and supported software. This final Patch Tuesday of 2025 tackles one zero-day bug that is already being exploited, as well as two publicly disclosed vulnerabilities. Despite releasing a lower-than-normal number of security updates…

  • SMS Phishers Pivot to Points, Taxes, Fake Retailers

    SMS Phishers Pivot to Points, Taxes, Fake Retailers China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping season: Phishing kits for mass-creating fake but convincing e-commerce websites that convert customer payment card data into…

  • The Cloudflare Outage May Be a Security Roadmap

    The Cloudflare Outage May Be a Security Roadmap An intermittent outage at Cloudflare on Tuesday briefly knocked many of the Internet’s top destinations offline. Some affected Cloudflare customers were able to pivot away from the platform temporarily so that visitors could still access their websites. But security experts say doing so may have also triggered…

  • Drilling Down on Uncle Sam’s Proposed TP-Link Ban

    Drilling Down on Uncle Sam’s Proposed TP-Link Ban The U.S. government is reportedly preparing to ban the sale of wireless routers and other networking gear from TP-Link Systems, a tech company that currently enjoys an estimated 50% market share among home users and small businesses. Experts say while the proposed ban may have more to…

  • Email Bombs Exploit Lax Authentication in Zendesk

    Email Bombs Exploit Lax Authentication in Zendesk Cybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with menacing messages that come from hundreds of Zendesk corporate customers simultaneously. Zendesk is an automated help desk service designed to make it simple for people to contact companies…

  • DDoS Botnet Aisuru Blankets US ISPs in Record DDoS

    DDoS Botnet Aisuru Blankets US ISPs in Record DDoS The world’s largest and most disruptive botnet is now drawing a majority of its firepower from compromised Internet-of-Things (IoT) devices hosted on U.S. Internet providers like AT&T, Comcast and Verizon, new evidence suggests. Experts say the heavy concentration of infected devices at U.S. providers is complicating…

  • ShinyHunters Wage Broad Corporate Extortion Spree

    ShinyHunters Wage Broad Corporate Extortion Spree A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen from dozens of Fortune 500 firms if they refuse to pay a ransom. The group also claimed responsibility…

  • Self-Replicating Worm Hits 180+ Software Packages

    Self-Replicating Worm Hits 180+ Software Packages At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more…

  • Bulletproof Host Stark Industries Evades EU Sanctions

    Bulletproof Host Stark Industries Evades EU Sanctions In May 2025, the European Union levied financial sanctions on the owners of Stark Industries Solutions Ltd., a bulletproof hosting provider that materialized two weeks before Russia invaded Ukraine and quickly became a top source of Kremlin-linked cyberattacks and disinformation campaigns. But new findings show those sanctions have done…

  • Microsoft Patch Tuesday, September 2025 Edition

    Microsoft Patch Tuesday, September 2025 Edition Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known “zero-day” or actively exploited vulnerabilities in this month’s bundle from Redmond, which nevertheless includes patches for 13 flaws that earned Microsoft’s most-dire “critical” label. Meanwhile, both…

  • 18 Popular Code Packages Hacked, Rigged to Steal Crypto

    18 Popular Code Packages Hacked, Rigged to Steal Crypto At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The attack appears to have been quickly contained and was narrowly…

  • The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft

    The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many companies racing to invalidate the stolen credentials before hackers can exploit them. Now Google…

  • Affiliates Flock to ‘Soulless’ Scam Gambling Machine

    Affiliates Flock to ‘Soulless’ Scam Gambling Machine Last month, KrebsOnSecurity tracked the sudden emergence of hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. We’ve since learned that these scam gambling sites have proliferated thanks to a new Russian affiliate…

  • DSLRoot, Proxies, and the Threat of ‘Legal Botnets’

    DSLRoot, Proxies, and the Threat of ‘Legal Botnets’ The cybersecurity community on Reddit responded in disbelief this month when a self-described Air National Guard member with top secret security clearance began questioning the arrangement they’d made with company called DSLRoot, which was paying $250 a month to plug a pair of laptops into the Redditor’s…

  • Microsoft Patch Tuesday, August 2025 Edition

    Microsoft Patch Tuesday, August 2025 Edition Microsoft today released updates to fix more than 100 security flaws in its Windows operating systems and other software. At least 13 of the bugs received Microsoft’s most-dire “critical” rating, meaning they could be abused by malware or malcontents to gain remote access to a Windows system with little…

  • Scammers Unleash Flood of Slick Online Gaming Sites

    Scammers Unleash Flood of Slick Online Gaming Sites Fraudsters are flooding Discord and other social media platforms with ads for hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. Here’s a closer look at the social engineering tactics and remarkable…

  • Microsoft Fix Targets Attacks on SharePoint Zero-Day

    Microsoft Fix Targets Attacks on SharePoint Zero-Day On Sunday, July 20, Microsoft Corp. issued an emergency security update for a vulnerability in SharePoint Server that is actively being exploited to compromise vulnerable organizations. The patch comes amid reports that malicious hackers have used the SharePoint flaw to breach U.S. federal and state agencies, universities, and…

  • Microsoft Patch Tuesday, July 2025 Edition

    Microsoft Patch Tuesday, July 2025 Edition Microsoft today released updates to fix at least 137 security vulnerabilities in its Windows operating systems and supported software. None of the weaknesses addressed this month are known to be actively exploited, but 14 of the flaws earned Microsoft’s most-dire “critical” rating, meaning they could be exploited to seize…

  • Big Tech’s Mixed Response to U.S. Treasury Sanctions

    Big Tech’s Mixed Response to U.S. Treasury Sanctions In May 2025, the U.S. government sanctioned a Chinese national for operating a cloud provider linked to the majority of virtual currency investment scam websites reported to the FBI. But a new report finds the accused continues to operate a slew of established accounts at American tech…

  • Senator Chides FBI for Weak Advice on Mobile Security

    Senator Chides FBI for Weak Advice on Mobile Security Agents with the Federal Bureau of Investigation (FBI) briefed Capitol Hill staff recently on hardening the security of their mobile devices, after a contacts list stolen from the personal phone of the White House Chief of Staff Susie Wiles was reportedly used to fuel a series…

  • Patch Tuesday, May 2025 Edition

    Patch Tuesday, May 2025 Edition Microsoft on Tuesday released software updates to fix at least 70 vulnerabilities in Windows and related products, including five zero-day flaws that are already seeing active exploitation. Adding to the sense of urgency with this month’s patch batch from Redmond are fixes for two other weaknesses that now have public…

  • xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs

    xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs An employee at Elon Musk’s artificial intelligence company xAI leaked a private key on GitHub that for the past two months could have allowed anyone to query private xAI large language models (LLMs) which appear to have been custom made for working with internal data from…

  • Whistleblower: DOGE Siphoned NLRB Case Data

    Whistleblower: DOGE Siphoned NLRB Case Data A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk‘s Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few traces of network activity. The NLRB whistleblower said the…

  • Funding Expires for Key Cyber Vulnerability Database

    Funding Expires for Key Cyber Vulnerability Database A critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix security vulnerabilities in software and hardware is in danger of breaking down. The federally funded, non-profit research and development organization MITRE warned today that its contract to maintain the Common Vulnerabilities and Exposures (CVE)…

  • Trump Revenge Tour Targets Cyber Leaders, Elections

    Trump Revenge Tour Targets Cyber Leaders, Elections President Trump last week revoked security clearances for Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA) who was fired by Trump after declaring the 2020 election the most secure in U.S. history. The White House memo, which also suspended clearances for other security…

  • China-based SMS Phishing Triad Pivots to Banks

    China-based SMS Phishing Triad Pivots to Banks China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called “Smishing Triad” mainly impersonated toll road operators and shipping companies. But experts say these groups are now directly targeting customers of international…

  • Patch Tuesday, April 2025 Edition

    Patch Tuesday, April 2025 Edition Microsoft today released updates to plug at least 121 security holes in its Windows operating systems and software, including one vulnerability that is already being exploited in the wild. Eleven of those flaws earned Microsoft’s most-dire “critical” rating, meaning malware or malcontents could exploit them with little to no interaction…

  • How Each Pillar of the 1st Amendment is Under Attack

    How Each Pillar of the 1st Amendment is Under Attack “Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.”…

  • Trump 2.0 Brings Cuts to Cyber, Consumer Protections

    Trump 2.0 Brings Cuts to Cyber, Consumer Protections One month into his second term, President Trump’s actions to shrink the government through mass layoffs, firings and withholding funds allocated by Congress have thrown federal cybersecurity and consumer protection programs into disarray. At the same time, agencies are battling an ongoing effort by the world’s richest…

  • Experts Flag Security, Privacy Risks in DeepSeek AI App

    Experts Flag Security, Privacy Risks in DeepSeek AI App New mobile apps from the Chinese artificial intelligence (AI) company DeepSeek have remained among the top three “free” downloads for Apple and Google devices since their debut on Jan. 25, 2025. But experts caution that many of DeepSeek’s design choices — such as using hard-coded encryption…

  • Chinese Innovations Spawn Wave of Toll Phishing Via SMS

    Chinese Innovations Spawn Wave of Toll Phishing Via SMS Residents across the United States are being inundated with text messages purporting to come from toll road operators like E-ZPass, warning that recipients face fines if a delinquent toll fee remains unpaid. Researchers say the surge in SMS spam coincides with new features added to a…

  • Microsoft: Happy 2025. Here’s 161 Security Updates

    Microsoft: Happy 2025. Here’s 161 Security Updates Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three “zero-day” weaknesses that are already under active attack. Redmond’s inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since 2017. Rapid7‘s Adam Barnett…

  • A Day in the Life of a Prolific Voice Phishing Crew

    A Day in the Life of a Prolific Voice Phishing Crew Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gang show the group routinely…

  • How to Lose a Fortune with Just One Bad Click

    How to Lose a Fortune with Just One Bad Click Image: Shutterstock, iHaMoo. Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and…

  • Fintech Giant Finastra Investigating Data Breach

    Fintech Giant Finastra Investigating Data Breach The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world’s top 50 banks, notified customers of the security incident after a cybercriminal began selling more than…