Lucene search
K
KrebsMost viewed

1094 matches found

Krebs on Security
Krebs on Security
added 2022/01/25 7:48 p.m.18 views

Scary Fraud Ensues When ID Theft & Usury Collide

Whats worse than finding out that identity thieves took out a 546 percent interest payday loan in your name? How about a 900 percent interest loan? Or how about not learning of the fraudulent loan until it gets handed off to collection agents? One readers nightmare experience spotlights what can...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/03/29 1:8 p.m.18 views

Omitting the “o” in .com Could Be Costly

Take care when typing a domain name into a browser address bar, because it's far too easy to fat-finger a key and wind up somewhere you don't want to go. For example, if you try to visit some of the most popular destinations on the Web but omit the "o" in .com and type .cm instead, there's a good...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2026/06/23 4:12 p.m.17 views

Scattered Spider Hackers Plead Guilty on Day 1 of Trial

Two men pleaded guilty in the United Kingdom this week to criminal charges stemming from an August 2024 cyberattack that crippled Transport for London , the entity responsible for the public transport network in the Greater London area. The duo were key members of a prolific cybercrime group know...

5.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2026/06/09 10:7 p.m.17 views

A Record-Breaking Patch Tuesday for June 2026

Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company's monthly Patch Tuesday cycle. Nearly three dozen of those bugs earned Microsoft's most dire "critical" rating, and...

7.5CVSS6.1AI score0.48438EPSS
Exploits2
Krebs on Security
Krebs on Security
added 2026/06/01 5:32 p.m.17 views

Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts

The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions began circulating on Telegram showing how to trick Meta's "AI support assistant" bot into resetting...

5.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/12/09 11:18 p.m.17 views

Microsoft Patch Tuesday, December 2025 Edition

Microsoft today pushed updates to fix at least 56 security flaws in its Windows operating systems and supported software. This final Patch Tuesday of 2025 tackles one zero-day bug that is already being exploited, as well as two publicly disclosed vulnerabilities. Despite releasing a...

8.4CVSS8.6AI score0.02383EPSS
Exploits7
Krebs on Security
Krebs on Security
added 2025/11/24 6:44 p.m.17 views

Is Your Android TV Streaming Box Part of a Botnet?

On the surface, the Superbox media streaming devices for sale at retailers like BestBuy and Walmart may seem like a steal: They offer unlimited access to more than 2,200 pay-per-view and streaming services like Netflix , ESPN and Hulu , all for a one-time fee of around $400. But security experts...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/10/22 5:21 p.m.17 views

Canada Fines Cybercrime Friendly Cryptomus $176M

Financial regulators in Canada this week levied $176 million in fines against Cryptomus , a digital payments platform that supports dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services. The penalties for violating Canada's anti money-laundering laws come ten months...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/04/15 3:27 a.m.17 views

Trump Revenge Tour Targets Cyber Leaders, Elections

President Trump last week revoked security clearances for Chris Krebs , the former director of the Cybersecurity and Infrastructure Security Agency CISA who was fired by Trump after declaring the 2020 election the most secure in U.S. history. The White House memo, which also suspended clearances...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/09/02 4:46 p.m.17 views

Owners of 1-Time Passcode Theft Service Plead Guilty

Three men in the United Kingdom have pleaded guilty to operating otp.agency , a once popular online service that helped attackers intercept the one-time passcodes OTPs that many websites require as a second authentication factor in addition to passwords. Launched in November 2019, OTP Agency was ...

7.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/11/06 1:51 p.m.17 views

Who’s Behind the SWAT USA Reshipping Service?

Last week, KrebsOnSecurity broke the news that one of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. In todays Part II, well examine clues about the real-life identity of "Fearlless,"...

7.3AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/10/17 4:23 p.m.17 views

Tech CEO Sentenced to 5 Years in IP Address Scheme

Amir Golestan, the 40-year-old CEO of the Charleston, S.C. based technology company Micfo LLC, has been sentenced to five years in prison for wire fraud. Golestans sentencing comes nearly two years after he pleaded guilty to using an elaborate network of phony companies to secure more than 735,00...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/04/04 9:4 p.m.17 views

FBI Seizes Bot Shop ‘Genesis Market’ Amid Arrests Targeting Operators, Suppliers

Several domain names tied to Genesis Market, a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation FBI today. The domain seizures coincided with more than a...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/01/18 2:30 a.m.17 views

Thinking of Hiring or Running a Booter Service? Think Again.

Most people who operate DDoS-for-hire businesses attempt to hide their true identities and location. Proprietors of these so-called "booter" or "stresser" services -- designed to knock websites and users offline -- have long operated in a legally murky area of cybercrime law. But until recently,...

Exploits0
Krebs on Security
Krebs on Security
added 2022/10/20 5:7 p.m.17 views

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. The next day, half of those profiles no longer existed. A similarly dramatic drop in the number of LinkedIn profiles claiming employment at Amazon comes as LinkedIn is struggling to combat a...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/05/02 9:29 p.m.17 views

Russia to Rent Tech-Savvy Prisoners to Corporate IT?

Image: Proxima Studios, via Shutterstock. Faced with a brain drain of smart people fleeing the country following its invasion of Ukraine, the Russian Federation is floating a new strategy to address a worsening shortage of qualified information technology experts: Forcing tech-savvy people within...

0.5AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/04/27 2:27 p.m.17 views

Fighting Fake EDRs With ‘Credit Ratings’ for Police

When KrebsOnSecurity recently explored how cybercriminals were using hacked email accounts at police departments worldwide to obtain warrantless Emergency Data Requests EDRs from social media firms and technology providers, many security experts called it a fundamentally unfixable problem. But do...

Exploits0
Krebs on Security
Krebs on Security
added 2022/03/11 4:50 p.m.17 views

Report: Recent 10x Increase in Cyberattacks on Ukraine

As their cities suffered more intense bombardment by Russian military forces this week, Ukrainian Internet users came under renewed cyberattacks, with one Internet company providing service there saying they blocked ten times the normal number of phishing and malware attacks targeting Ukrainians...

0.5AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/02/22 5:50 p.m.17 views

IRS: Selfies Now Optional, Biometric Data to Be Deleted

The U.S. Internal Revenue Service IRS said Monday that taxpayers are no longer required to provide facial scans to create an account online at irs.gov. In lieu of providing biometric data, taxpayers can now opt for a live video interview with ID.me, the privately-held Virginia company that runs t...

1.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/11/02 3:34 p.m.17 views

The ‘Groove’ Ransomware Gang Was a Hoax

A number of publications in September warned about the emergence of "Groove," a new ransomware group that called on competing extortion gangs to unite in attacking U.S. government interests online. It now appears that Groove was all a big hoax designed to toy with security firms and journalists...

6.4AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/04/30 8:13 p.m.17 views

Data: E-Retail Hacks More Lucrative Than Ever

For many years and until quite recently, credit card data stolen from online merchants has been worth far less in the cybercrime underground than cards pilfered from hacked brick-and-mortar stores. But new data suggests that over the past year, the economics of supply-and-demand have helped to...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/02/05 6:28 p.m.17 views

Alleged Spam Kingpin ‘Severa’ Extradited to US

Peter Yuryevich Levashov, a 37-year-old Russian computer programmer thought to be one of the world's most notorious spam kingpins, has been extradited to the United States to face federal hacking and spamming charges. Levashov, in an undated photo. Levashov, who allegedly went by the hacker names...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/04/11 3:51 p.m.17 views

Fake News at Work in Spam Kingpin’s Arrest?

Over the past several days, many Western news media outlets have predictably devoured thinly-sourced reporting from a Russian publication that the arrest last week of a Russian spam kingpin in Spain was related to hacking attacks linked to last year’s U.S. election. While there is scant evidence...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/07/21 2:45 p.m.16 views

Microsoft Fix Targets Attacks on SharePoint Zero-Day

On Sunday, July 20, Microsoft Corp. issued an emergency security update for a vulnerability in SharePoint Server that is actively being exploited to compromise vulnerable organizations. The patch comes amid reports that malicious hackers have used the SharePoint flaw to breach U.S. federal and...

9.8CVSS7.9AI score0.99979EPSS
Exploits41
Krebs on Security
Krebs on Security
added 2025/06/12 10:14 p.m.16 views

Inside a Dark Adtech Empire Fed by Fake CAPTCHAs

Late last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same malicious advertising technology that powers a sprawling ecosystem of online hucksters and website hackers. A new...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/05/30 1:55 a.m.16 views

U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams

Image: Shutterstock, ArtHead. The U.S. government today imposed economic sanctions on Funnull Technology Inc. , a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual currency investment scams known as “pig butchering." In Janua...

7.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/04/10 3:31 p.m.16 views

China-based SMS Phishing Triad Pivots to Banks

China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called "Smishing Triad " mainly impersonated toll road operators and shipping companies. But experts say these groups a...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/03/31 1:22 a.m.16 views

How Each Pillar of the 1st Amendment is Under Attack

" Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances." -U.S. Constitution,...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/02/08 12:32 a.m.16 views

Teen on Musk’s DOGE Team Graduated from ‘The Com’

Wired reported this week that a 19-year-old working for Elon Musk 's so-called Department of Government Efficiency DOGE was given access to sensitive US government systems even though his past association with cybercrime communities should have precluded him from gaining the necessary security...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/02/06 9:12 p.m.16 views

Experts Flag Security, Privacy Risks in DeepSeek AI App

New mobile apps from the Chinese artificial intelligence AI company DeepSeek have remained among the top three "free" downloads for Apple and Google devices since their debut on Jan. 25, 2025. But experts caution that many of DeepSeek's design choices -- such as using hard-coded encryption keys,...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/11/01 9:12 p.m.16 views

Booking.com Phishers May Leave You With Reservations

A number of cybercriminal innovations are making it easier for scammers to cash in on your upcoming travel plans. This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. We'll also explore an array of cybercrime services aim...

7.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/07/31 12:6 p.m.16 views

Don’t Let Your Domain Name Become a “Sitting Duck”

More than a million domain names -- including many registered by Fortune 100 firms and brand protection companies -- are vulnerable to takeover by cybercriminals thanks to authentication weaknesses at a number of large web hosting providers and domain registrars, new research finds. Image:...

7.4AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/07/26 9:31 p.m.16 views

Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services

Google says it recently fixed an authentication weakness that allowed crooks to circumvent the email verification required to create a Google Workspace account, and leverage that to impersonate a domain holder at third-party services that allow logins through Googles "Sign in with Google" feature...

8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/07/15 3:24 p.m.16 views

Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks

At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many customers still havent set up their new accounts. Experts say malicious hackers learned they could commandee...

7.4AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/07/10 4:22 p.m.16 views

The Stark Truth Behind the Resurgence of Russia’s Fin7

The Russia-based cybercrime group dubbed "Fin7," known for phishing and malware attacks that have cost victim organizations an estimated $3 billion in losses since 2013, was declared dead last year by U.S. authorities. But experts say Fin7 has roared back to life in 2024 -- setting up thousands o...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/05/29 7:21 p.m.16 views

Is Your Computer Part of ‘The Largest Botnet Ever?’

The U.S. Department of Justice DOJ today said they arrested the alleged operator of 911 S5, a ten-year-old online anonymity service that was powered by what the director of the FBI called "likely the worlds largest botnet ever." The arrest coincided with the seizure of the 911 S5 website and...

7.4AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/12/29 10:16 p.m.16 views

Happy 14th Birthday, KrebsOnSecurity!

KrebsOnSecurity celebrates its 14th year of existence today! I promised myself this post wouldnt devolve into yet another Cybersecurity Year in Review. Nor do I wish to hold forth about whatever cyber horrors may await us in 2024. But I do want to thank you all for your continued readership,...

7.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/05/16 12:20 p.m.16 views

Re-Victimization from Police-Auctioned Cell Phones

Countless smartphones seized in arrests and searches by police forces across the United States are being auctioned online without first having the data on them erased, a practice that can lead to crime victims being re-victimized, a new study found. In response, the largest online marketplace for...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/12/01 7:35 p.m.16 views

ConnectWise Quietly Patches Flaw That Helps Phishers

ConnectWise, which offers a self-hosted, remote desktop software application that is widely used by Managed Service Providers MSPs, is warning about an unusually sophisticated phishing attack that can let attackers take remote control over user systems when recipients click the included link. The...

0.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/09/04 2:59 p.m.16 views

Violence-as-a-Service: Brickings, Firebombings & Shootings for Hire

A 21-year-old New Jersey man has been arrested and charged with stalking in connection with a federal investigation into groups of cybercriminals who are settling scores by hiring people to carry out physical attacks on their rivals. Prosecutors say the defendant recently participated in several ...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/06/14 7:53 p.m.16 views

Ransomware Group Debuts Searchable Victim Data

Cybercrime groups that specialize in stealing corporate data and demanding a ransom not to publish it have tried countless approaches to shaming their victims into paying. The latest innovation in ratcheting up the heat comes from the ALPHV/BlackCat ransomware group, which has traditionally...

Exploits0
Krebs on Security
Krebs on Security
added 2021/12/14 2:13 a.m.16 views

Inside Ireland’s Public Healthcare Ransomware Scare

The consulting firm PricewaterhouseCoopers recently published lessons learned from the disruptive and costly ransomware attack in May 2021 on Irelands public health system. The unusually candid post-mortem found that nearly two months elapsed between the initial intrusion and the launching of the...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/04/18 5:42 p.m.16 views

Wipro Intruders Targeted Other Major IT Firms

The crooks responsible for launching phishing campaigns that netted dozens of employees and more than 100 computer systems last month at Wipro, India's third-largest IT outsourcing firm, also appear to have targeted a number of other competing providers, including Infosys and Cognizant, new...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/07/27 3:45 p.m.16 views

State Govts. Warned of Malware-Laden CD Sent Via Snail Mail from China

Here's a timely reminder that email isn't the only vector for phishing attacks: Several U.S. state and local government agencies have reported receiving strange letters via snail mail that include malware-laden compact discs CDs apparently sent from China, KrebsOnSecurity has learned. This...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/12/19 4:28 p.m.16 views

Buyers Beware of Tampered Gift Cards

Prepaid gift cards make popular presents and no-brainer stocking stuffers, but before you purchase one be on the lookout for signs that someone may have tampered with it. A perennial scam that picks up around the holidays involves thieves who pull back and then replace the decals that obscure the...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/12/18 7:13 p.m.16 views

The Market for Stolen Account Credentials

Past stories here have explored the myriad criminal uses of a hacked computer, the various ways that your inbox can be spliced and diced to help cybercrooks ply their trade, and the value of a hacked company. Today's post looks at the price of stolen credentials for just about any e-commerce, ban...

7.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/04/25 3:6 p.m.16 views

UK Man Gets Two Years in Jail for Running ‘Titanium Stresser’ Attack-for-Hire Service

A 20-year-old man from the United Kingdom was sentenced to two years in prison today after admitting to operating and selling access to "Titanium Stresser," a simple-to-use service that let paying customers launch crippling online attacks against Web sites and individual Internet users. Adam Mudd...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/04/19 6:56 p.m.16 views

Tracing Spam: Diet Pills from Beltway Bandits

Reading junk spam messages isn't exactly my idea of a good time, but sometimes fun can be had when you take a moment to check who really sent the email. Here's the simple story of how a recent spam email advertising celebrity "diet pills" was traced back to a Washington, D.C.-area defense...

6.4AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/04/10 4:17 a.m.16 views

Alleged Spam King Pyotr Levashov Arrested

Authorities in Spain have arrested a Russian computer programmer thought to be one of the world's most notorious spam kingpins. Spanish police arrested Pyotr Levashov under an international warrant executed in the city of Barcelona, according to Reuters. Russian state-run television station RT...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2026/06/10 2:3 p.m.15 views

Who Runs the Ransomware Group ‘The Gentlemen?’

A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by victims. This post examines clues...

5.5AI score
Exploits0
Total number of security vulnerabilities1094