Lucene search
K
KrebsMost viewed

1094 matches found

Krebs on Security
Krebs on Security
added 2026/01/02 2:20 p.m.15 views

The Kimwolf Botnet is Stalking Your Local Network

The story you are reading is a series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been exploited for months already, and it's time for a broader awareness of the threat. The short version is that everything you thought you knew about...

7.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/11/20 7:6 p.m.15 views

Mozilla Says It’s Finally Done With Two-Faced Onerep

In March 2024, Mozilla said it was winding down its collaboration with Onerep -- an identity protection service offered with the Firefox web browser that promises to remove users from hundreds of people-search sites -- after KrebsOnSecurity revealed Onerep's founder had created dozens of...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/11/16 9:47 p.m.15 views

Microsoft Patch Tuesday, November 2025 Edition

Microsoft this week pushed security updates to fix more than 60 vulnerabilities in its Windows operating systems and supported software, including at least one zero-day bug that is already being exploited. Microsoft also fixed a glitch that prevented some Windows 10 users from taking advantage of...

7.8CVSS7AI score0.06073EPSS
Exploits6
Krebs on Security
Krebs on Security
added 2025/10/29 12:51 a.m.15 views

Aisuru Botnet Shifts from DDoS to Residential Proxies

Aisuru , the botnet responsible for a series of record-smashing distributed denial-of-service DDoS attacks this year, recently was overhauled to support a more low-key, lucrative and sustainable business: Renting hundreds of thousands of infected Internet of Things IoT devices to proxy services...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/10/07 10:45 p.m.15 views

ShinyHunters Wage Broad Corporate Extortion Spree

A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen from dozens of Fortune 500 firms if they refuse to pay a ransom. The group also claimed...

9.8CVSS7.7AI score0.99722EPSS
Exploits15
Krebs on Security
Krebs on Security
added 2025/09/08 10:53 p.m.15 views

18 Popular Code Packages Hacked, Rigged to Steal Crypto

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The attack appears to have been quickly contained and was...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/03/27 4:39 p.m.15 views

When Getting Phished Puts You in Mortal Danger

Many successful phishing attacks result in a financial loss or malware infection. But falling for some phishing scams, like those currently targeting Russians searching online for organizations that are fighting the Kremlin war machine, can cost you your freedom or your life. The real website of...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/10/23 11:30 a.m.15 views

The Global Surveillance Free-for-All in Mobile Ad Data

Not long ago, the ability to digitally track someone’s daily movements just by knowing their home address, employer, or place of worship was considered a dangerous power that should remain only within the purview of nation states. But a new lawsuit in a likely constitutional battle over a New...

6.4AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/10/03 1:5 p.m.15 views

A Single Cloud Compromise Can Feed an Army of AI Sex Bots

Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researchers say these illicit chat bots, which use custom...

7.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/10/18 2:3 p.m.15 views

The Fake Browser Update Scam Gets a Makeover

One of the oldest malware tricks in the book -- hacked websites claiming visitors need to update their Web browser before they can view any content -- has roared back to life in the past few months. New research shows the attackers behind one such scheme have developed an ingenious way of keeping...

7.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/03/28 5:26 p.m.15 views

UK Sets Up Fake Booter Sites To Muddy DDoS Market

The United Kingdoms National Crime Agency NCA has been busy setting up phony DDoS-for-hire websites that seek to collect information on users, remind them that launching DDoS attacks is illegal, and generally increase the level of paranoia for people looking to hire such services. The warning...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/08/16 5:6 p.m.15 views

When Efforts to Contain a Data Breach Backfire

Earlier this month, the administrator of the cybercrime forum Breached received a cease-and-desist letter from a cybersecurity firm. The missive alleged that an auction on the site for data stolen from 10 million customers of Mexicos second-largest bank was fake news and harming the banks...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/06/14 12:9 a.m.15 views

“Downthem” DDoS-for-Hire Boss Gets 2 Years in Prison

A 33-year-old Illinois man was sentenced to two years in prison today following his conviction last year for operating services that allowed paying customers to launch powerful distributed denial-of-service DDoS attacks against hundreds of thousands of Internet users and websites. The user...

1.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/03/15 3:37 p.m.15 views

Lawmakers Probe Early Release of Top RU Cybercrook

Aleksei Burkov, seated second from right, attends a hearing in Jerusalem in 2015. Image: Andrei Shirokov / Tass via Getty Images. Aleksei Burkov, a cybercriminal who long operated two of Russias most exclusive underground hacking forums, was arrested in 2015 by Israeli authorities. The Russian...

0.5AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/12/10 4:46 p.m.15 views

CISO MAG Honors KrebsOnSecurity

CISO MAG, a publication dedicated to covering issues near and dear to corporate chief information security officers everywhere, has graciously awarded this author the designation of "Cybersecurity Person of the Year" in its December 2019 issue. KrebsOnSecurity is grateful for the unexpected honor...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/02/13 9:13 p.m.15 views

Microsoft Patch Tuesday, February 2018 Edition

Microsoft today released a bevy of security updates to tackle more than 50 serious weaknesses in Windows, Internet Explorer/Edge, Microsoft Office and Adobe Flash Player, among other products. A good number of the patches issued today ship with Microsoft's "critical" rating, meaning the problems...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/12/05 8:37 p.m.15 views

Anti-Skimmer Detector for Skimmer Scammers

Crooks who make and deploy ATM skimmers are constantly engaged in a cat-and-mouse game with financial institutions, which deploy a variety of technological measures designed to defeat skimming devices. The latest innovation aimed at tipping the scales in favor of skimmer thieves is a small, batte...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/04/12 2:23 p.m.15 views

Critical Security Updates from Adobe, Microsoft

Adobe and Microsoft separately issued updates on Tuesday to fix a slew of security flaws in their products. Adobe patched dozens of holes in its Flash Player, Acrobat and Reader products. Microsoft pushed fixes to address dozens of vulnerabilities in Windows and related software. The biggest chan...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2026/07/02 7:27 p.m.14 views

FBI Seizes NetNut Proxy Platform, Popa Botnet

The Federal Bureau of Investigation FBI said today it worked with industry partners to seize hundreds of domains associated with NetNut , a sprawling residential proxy service operated by the publicly-traded Israeli company Alarum TechnologiesNASDAQ: ALAR. The action comes roughly two weeks after...

5.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/10/14 10:57 p.m.14 views

Patch Tuesday, October 2025 ‘End of 10’ Edition

Microsoft today released software updates to plug a whopping 172 security holes in its Windows operating systems, including at least two vulnerabilities that are already being actively exploited. October's Patch Tuesday also marks the final month that Microsoft will ship security updates for...

9.8CVSS8.7AI score0.99962EPSS
Exploits25
Krebs on Security
Krebs on Security
added 2025/09/11 5:40 p.m.14 views

Bulletproof Host Stark Industries Evades EU Sanctions

In May 2025, the European Union levied financial sanctions on the owners ofStark Industries Solutions Ltd. , a bulletproof hosting provider that materialized two weeks before Russia invaded Ukraine and quickly became a top source of Kremlin-linked cyberattacks and disinformation campaigns. But ne...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/08/12 10:14 p.m.14 views

Microsoft Patch Tuesday, August 2025 Edition

Microsoft today released updates to fix more than 100 security flaws in its Windows operating systems and other software. At least 13 of the bugs received Microsoft's most-dire "critical" rating, meaning they could be abused by malware or malcontents to gain remote access to a Windows system with...

9.8CVSS8.7AI score0.38176EPSS
Exploits7
Krebs on Security
Krebs on Security
added 2024/04/29 8:56 p.m.14 views

FCC Fines Major U.S. Wireless Carriers for Selling Customer Location Data

The U.S. Federal Communications Commission FCC today levied fines totaling nearly $200 million against the four major carriers -- including AT&T, Sprint, T-Mobile and Verizon -- for illegally sharing access to customers location information without consent. The fines mark the culmination of a mor...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/12/06 3:51 p.m.14 views

ICANN Launches Service to Help With WHOIS Lookups

More than five years after domain name registrars started redacting personal data from all public domain registration records, the non-profit organization overseeing the domain industry has introduced a centralized online service designed to make it easier for researchers, law enforcement and...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/02/17 9:9 p.m.14 views

New Protections for Food Benefits Stolen by Skimmers

Millions of Americans receiving food assistance benefits just earned a new right that they cant yet enforce: The right to be reimbursed if funds on their Electronic Benefit Transfer EBT cards are stolen by card skimming devices secretly installed at cash machines and grocery store checkout lanes...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/03/31 10:54 p.m.14 views

Fake Emergency Search Warrants Draw Scrutiny from Capitol Hill

On Tuesday, KrebsOnSecurity warned that hackers increasingly are using compromised government and police department email accounts to obtain sensitive customer data from mobile providers, ISPs and social media companies. Today, one of the U.S. Senates most tech-savvy lawmakers said he was trouble...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/05/02 7:26 p.m.14 views

When Your Employees Post Passwords Online

Storing passwords in plaintext online is never a good idea, but it's remarkable how many companies have employees who are doing just that using online collaboration tools like Trello.com. Last week, KrebsOnSecurity notified a host of companies that employees were using Trello to share passwords f...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/12/13 4:23 p.m.14 views

Mirai IoT Botnet Co-Authors Plead Guilty

The U.S. Justice Department on Tuesday unsealed the guilty pleas of two men first identified in January 2017 by KrebsOnSecurity as the likely co-authors of Mirai, a malware strain that remotely enslaves so-called "Internet of Things" devices such as security cameras, routers, and digital video...

7.4AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/12/02 7:44 p.m.14 views

Former NSA Employee Pleads Guilty to Taking Classified Data

A former employee for the National Security Agency pleaded guilty on Friday to taking classified data to his home computer in Maryland. According to published reports, U.S. intelligence officials believe the data was then stolen from his computer by hackers working for the Russian government. Ngh...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/09/26 9:28 p.m.14 views

Breach at Sonic Drive-In May Have Impacted Millions of Credit, Debit Cards

Sonic Drive-In, a fast-food chain with nearly 3,600 locations across 45 U.S. states, has acknowledged a breach affecting an unknown number of store payment systems. The ongoing breach may have led to a fire sale on millions of stolen credit and debit card accounts that are now being peddled in...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/08/08 8:35 p.m.14 views

Critical Security Fixes from Adobe, Microsoft

Adobe has released updates to fix dozens of vulnerabilities in its Acrobat, Reader and Flash Player software. Separately, Microsoft today issued patches to plug 48 security holes in Windows and other Microsoft products. If you use Windows or Adobe products, it's time once again to get your patche...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2026/05/22 4:34 p.m.13 views

Lawmakers Demand Answers as CISA Tries to Contain Data Leak

Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency CISA after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub accoun...

5.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2026/04/30 2:4 p.m.13 views

Anti-DDoS Firm Heaped Attacks on Brazilian ISPs

A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service DDoS attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks against other network operators in Brazil, KrebsOnSecurity has learned. The firm's chief executive...

8.8CVSS8.4AI score0.99999EPSS
Exploits7
Krebs on Security
Krebs on Security
added 2026/04/07 5:2 p.m.13 views

Russia Hacked Routers to Steal Microsoft Office Tokens

Hackers linked to Russia's military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens...

5.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2026/02/20 8:0 p.m.13 views

‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA

Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse activists and security firms. But a stealthy new phishing-as-a-service offering lets customers sidestep both of these pitfalls: It uses...

5.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/07/30 6:46 p.m.13 views

Scammers Unleash Flood of Slick Online Gaming Sites

Fraudsters are flooding Discord and other social media platforms with ads for hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. Here's a closer look at the social engineering tacti...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/03/21 7:12 p.m.13 views

Arrests in Tap-to-Pay Scheme Powered by Phishing

Authorities in at least two U.S. states last week independently announced arrests of Chinese nationals accused of perpetrating a novel form of tap-to-pay fraud using mobile devices. Details released by authorities so far indicate the mobile wallets being used by the scammers were created through...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/11/09 7:20 p.m.13 views

FBI: Spike in Hacked Police Emails, Fake Subpoenas

The Federal Bureau of Investigation FBI is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/10/17 2:17 p.m.13 views

Sudanese Brothers Arrested in ‘AnonSudan’ Takedown

The U.S. government on Wednesday announced the arrest and charging of two Sudanese brothers accused of running Anonymous Sudan a.k.a. AnonSudan, a cybercrime business known for launching powerful distributed denial-of-service DDoS attacks against a range of targets, including dozens of hospitals,...

7.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/09/18 1:43 p.m.13 views

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

Scammers are flooding Facebook with groups that purport to offer video streaming of funeral services for the recently deceased. Friends and family who follow the links for the streaming services are then asked to cough up their credit card information. Recently, these scammers have branched out...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/08/23 2:12 p.m.13 views

Local Networks Go Global When Domain Names Collide

The proliferation of new top-level domains TLDs has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didnt exist at the time. Meaning, they are continuously sending their Windows usernam...

7.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/04/30 1:34 p.m.13 views

Man Who Mass-Extorted Psychotherapy Patients Gets Six Years

A 26-year-old Finnish man was sentenced to more than six years in prison today after being convicted of hacking into an online psychotherapy clinic, leaking tens of thousands of patient therapy records, and attempting to extort the clinic and patients. On October 21, 2020, the Vastaamo...

7.4AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/11/29 7:41 p.m.13 views

Okta: Breach Affected All Customer Support Users

When KrebsOnSecurity broke the news on Oct. 20, 2023 that identity and authentication giant Okta had suffered a breach in its customer support department, Okta said the intrusion allowed hackers to steal sensitive data from fewer than one percent of its 18,000+ customers. But today, Okta revised...

7.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/05/02 10:8 p.m.13 views

Promising Jobs at the U.S. Postal Service, ‘US Job Services’ Leaks Customer Data

A sprawling online company based in Georgia that has made tens of millions of dollars purporting to sell access to jobs at the United States Postal Service USPS has exposed its internal IT operations and database of nearly 900,000 customers. The leaked records indicate the networks chief technolo...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/11/18 2:30 a.m.13 views

Researchers Quietly Cracked Zeppelin Ransomware Keys

Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called "Zeppelin" in May 2020. Hed been on the job less than six months, and because of the way his predecessor architected things, the companys data backups also were encrypted by Zeppelin. After t...

0.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/09/16 5:55 p.m.13 views

Botched Crypto Mugging Lands Three U.K. Men in Jail

Three men in the United Kingdom were arrested this month for attempting to assault a local man and steal his virtual currencies. The incident is the latest example of how certain cybercriminal communities are increasingly turning to physical violence to settle scores and disputes. Shortly after 1...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/05/18 4:55 p.m.13 views

Senators Urge FTC to Probe ID.me Over Selfie Data

Some of more tech-savvy Democrats in the U.S. Senate are asking the Federal Trade Commission FTC to investigate identity-proofing company ID.me for "deceptive statements" the company and its founder allegedly made over how they handle facial recognition data collected on behalf of the Internal...

0.4AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/07/22 8:25 p.m.13 views

Twitter Hacking for Profit and the LoLs

The New York Times last week ran an interview with several young men who claimed to have had direct contact with those involved in last weeks epic hack against Twitter. These individuals said they were only customers of the person who had access to Twitters internal employee tools, and were not...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/06/28 6:1 p.m.13 views

Microsoft to Require Multi-Factor Authentication for Cloud Solution Providers

It might be difficult to fathom how this isn't already mandatory, but Microsoft Corp. says it will soon force all Cloud Solution Providers CSPs that help companies manage their Office365 accounts to use multi-factor authentication. The move comes amid a noticeable uptick in phishing and malware...

7.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/05/03 10:40 p.m.13 views

Twitter to All Users: Change Your Password Now!

Twitter just asked all 300+ million users to reset their passwords, citing the exposure of user passwords via a bug that stored passwords in plain text -- without protecting them with any sort of encryption technology that would mask a Twitter user's true password. The social media giant says it...

6.8AI score
Exploits0
Total number of security vulnerabilities1094