Lucene search
K
KrebsMost viewed

1094 matches found

Krebs on Security
Krebs on Security
added 2017/12/15 4:48 p.m.13 views

Former Botmaster, ‘Darkode’ Founder is CTO of Hacked Bitcoin Mining Firm ‘NiceHash’

On Dec. 6, 2017, approximately USD $52 million worth of Bitcoin mysteriously disappeared from the coffers of NiceHash, a Slovenian company that lets users sell their computing power to help others mine virtual currencies. As the investigation into the heist nears the end of its second week, many...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/04/19 1:35 a.m.13 views

InterContinental Hotel Chain Breach Expands

In December 2016, KrebsOnSecurity broke the news that fraud experts at various banks were seeing a pattern suggesting a widespread credit card breach across some 5,000 hotels worldwide owned by InterContinental Hotels Group IHG. In February, IHG acknowledged a breach but said it appeared to invol...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/04/14 4:1 p.m.13 views

Shoney’s Hit By Apparent Credit Card Breach

It's Friday, which means it's time for another episode of "Which Restaurant Chain Got Hacked?" Multiple sources in the financial industry say they've traced a pattern of fraud on customer cards indicating that the latest victim may be Shoney's, a 70-year-old restaurant chain that operates primari...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/12/06 2:45 p.m.12 views

Drones to Diplomas: How Russia’s Largest Private University is Linked to a $25M Essay Mill

A sprawling academic cheating network turbocharged by Google Ads that has generated nearly $25 million in revenue has curious ties to a Kremlin-connected oligarch whose Russian university builds drones for Russia's war against Ukraine. The Nerdify homepage. The link between essay mills and Russia...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/11/06 2:4 a.m.12 views

Cloudflare Scrubs Aisuru Botnet from Top Domains List

For the past week, domains associated with the massive Aisuru botnet have repeatedly usurped Amazon , Apple , Google and Microsoft in Cloudflare's public ranking of the most frequently requested websites. Cloudflare responded by redacting Aisuru domain names from their top websites list. The chie...

7.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/09/24 11:48 a.m.12 views

Feds Tie ‘Scattered Spider’ Duo to $115M in Ransoms

U.S. prosecutors last week levied criminal hacking charges against 19-year-old U.K. national Thalha Jubair for allegedly being a core member of Scattered Spider , a prolific cybercrime group blamed for extorting at least $115 million in ransom payments from victims. The charges came as Jubair and...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/08/26 2:5 p.m.12 views

DSLRoot, Proxies, and the Threat of ‘Legal Botnets’

The cybersecurity community on Reddit responded in disbelief this month when a self-described Air National Guard member with top secret security clearance began questioning the arrangement they'd made with company called DSLRoot , which was paying $250 a month to plug a pair of laptops into the...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/03/20 1:26 a.m.12 views

DOGE to Fired CISA Staff: Email Us Your Personal Data

A message posted on Monday to the homepage of the U.S. Cybersecurity & Infrastructure Security Agency CISA is the latest exhibit in the Trump administration's continued disregard for basic cybersecurity protections. The message instructed recently-fired CISA employees to get in touch so they can ...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/02/13 8:14 p.m.12 views

Nearly a Year Later, Mozilla is Still Promoting OneRep

In mid-March 2024, KrebsOnSecurity revealed that the founder of the personal data removal service Onerep also founded dozens of people-search companies. Shortly after that investigation was published, Mozilla said it would stop bundling Onerep with the Firefox browser and wind down its partnershi...

7.3AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/01/31 6:35 p.m.12 views

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

The FBI and authorities in The Netherlands this week seized dozens of servers and domains for a hugely popular spam and malware dissemination service operating out of Pakistan. The proprietors of the service, who use the collective nickname "The Manipulaters ," have been the subject of three...

7.4AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/06/21 6:39 p.m.12 views

Why Malware Crypting Services Deserve More Scrutiny

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or "crypt" your malware so that it appears benign to antivirus and security products. In fact, the process of "crypting" malware is sufficiently...

7.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/11/10 6:11 p.m.12 views

Lawsuit Seeks Food Benefits Stolen By Skimmers

A nonprofit organization is suing the state of Massachusetts on behalf of thousands of low-income families who were collectively robbed of more than a $1 million in food assistance benefits by card skimming devices secretly installed at cash machines and grocery store checkout lanes across the...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/09/09 12:40 p.m.12 views

Transacting in Person with Strangers from the Internet

Communities like Craigslist, OfferUp, Facebook Marketplace and others are great for finding low- or no-cost stuff that one can pick up directly from a nearby seller, and for getting rid of useful things that dont deserve to end up in a landfill. But when dealing with strangers from the Internet,...

6.5AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/06/20 5:56 p.m.12 views

Why Paper Receipts are Money at the Drive-Thru

Check out this handmade sign posted to the front door of a shuttered Jimmy Johns sandwich chain shop in Missouri last week. See if you can tell from the store owners message what happened. If you guessed that someone in the Jimmy Johns store might have fallen victim to a Business Email Compromise...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/04/29 7:25 p.m.12 views

You Can Now Ask Google to Remove Your Phone Number, Email or Address from Search Results

Google said this week it is expanding the types of data people can ask to have removed from search results, to include personal contact information like your phone number, email address or physical address. The move comes just months after Google rolled out a new policy enabling people under the...

0.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/04/19 9:58 p.m.12 views

Marcus “MalwareTech” Hutchins Pleads Guilty to Writing, Selling Banking Malware

Marcus Hutchins, a 24-year-old blogger and malware researcher arrested in 2017 for allegedly authoring and selling malware designed to steal online banking credentials, has pleaded guilty to criminal charges of conspiracy and to making, selling or advertising illegal wiretapping devices. Marcus...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2026/05/21 9:50 p.m.11 views

Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada

Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf , a fast spreading Internet-of-Things botnet that enslaved millions of devices for use in a series of massive distributed denial-of-service DDoS attacks over the past six months...

5.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2026/03/11 12:32 a.m.11 views

Microsoft Patch Tuesday, March 2026 Edition

Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing "zero-day" flaws this month compared to February's five zero-day treat, but as usual some patches may deserve more rapid attention from...

9.8CVSS6.1AI score0.04491EPSS
Exploits5
Krebs on Security
Krebs on Security
added 2026/02/10 9:49 p.m.11 views

Patch Tuesday, February 2026 Edition

Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopping six "zero-day" vulnerabilities that attackers are already exploiting in the wild. Zero-day 1 this month is CVE-2026-21510, a security feature...

8.8CVSS6.6AI score0.72152EPSS
Exploits20
Krebs on Security
Krebs on Security
added 2026/01/20 6:19 p.m.11 views

Kimwolf Botnet Lurking in Corporate, Govt. Networks

A new Internet-of-Things IoT botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service DDoS attacks and to relay other malicious and abusive Internet traffic. Kimwolf's ability to scan the local networks of...

5.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/08/19 8:51 p.m.11 views

Oregon Man Charged in ‘Rapper Bot’ DDoS Service

A 22-year-old Oregon man has been arrested on suspicion of operating "Rapper Bot ," a massive botnet used to power a service for launching distributed denial-of-service DDoS attacks against targets -- including a March 2025 DDoS that knocked Twitter/X offline. The Justice Department asserts the...

7.3AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/07/18 1:23 a.m.11 views

Poor Passwords Tattle on AI Hiring Bot Maker Paradox.ai

Security researchers recently revealed that the personal information of millions of people who applied for jobs at McDonald 's was exposed after they guessed the password "123456" for the fast food chain's account at Paradox.ai , a company that makes artificial intelligence based hiring chatbots...

7.3AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/07/15 1:23 a.m.11 views

DOGE Denizen Marko Elez Leaked API Key for xAI

Marko Elez , a 25-year-old employee at Elon Musk's Department of Government Efficiency DOGE, has been granted access to sensitive databases at the U.S. Social Security Administration, the Treasury and Justice departments, and the Department of Homeland Security. So it should fill all Americans wi...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/05/15 7:56 p.m.11 views

Breachforums Boss to Pay $700k in Healthcare Breach

In what experts are calling a novel legal outcome, the 22-year-old former administrator of the cybercrime community Breachforums will forfeit nearly $700,000 to settle a civil lawsuit from a health insurance company whose customer data was posted for sale on the forum in 2023. Conor Brian...

7.3AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/01/30 5:10 p.m.11 views

Infrastructure Laundering: Blending in with the Cloud

Image: Shutterstock, ArtHead. In an effort to blend in and make their malicious traffic tougher to block, hosting firms catering to cybercriminals in China and Russia increasingly are funneling their operations through major U.S. cloud providers. Research published this week on one such outfit --...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/01/16 9:18 p.m.11 views

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Residents across the United States are being inundated with text messages purporting to come from toll road operators like E-ZPass , warning that recipients face fines if a delinquent toll fee remains unpaid. Researchers say the surge in SMS spam coincides with new features added to a popular...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/12/03 1:27 p.m.11 views

Why Phishers Love New TLDs Like .shop, .top and .xyz

Phishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains gTLDs -- such as .shop , .top , .xyz -- that attract scammers with rock-bottom prices and no meaningful registration requirements,...

7.4AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/11/05 5:10 p.m.11 views

Canadian Man Arrested in Snowflake Data Extortions

A 25-year-old man in Ontario, Canada has been arrested for allegedly stealing data from and extorting more than 160 companies that used the cloud data service Snowflake. Image: https://www.pomerium.com/blog/the-real-lessons-from-the-snowflake-breach On October 30, Canadian authorities arrested...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/08/28 11:55 p.m.11 views

When Get-Out-The-Vote Efforts Look Like Phishing

Multiple media reports this week warned Americans to be on guard against a new phishing scam that arrives in a text message informing recipients they are not yet registered to vote. A bit of digging reveals the missives were sent by a California political consulting firm as part of a well-meaning...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/08/05 7:52 p.m.11 views

Low-Drama ‘Dark Angels’ Reap Record Ransoms

A ransomware group called Dark Angels made headlines this past week when it was revealed the crime group recently received a record $75 million data ransom payment from a Fortune 50 company. Security experts say the Dark Angels have been around since 2021, but the group doesnt get much press...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/08/02 12:15 a.m.11 views

U.S. Trades Cybercriminals to Russia in Prisoner Swap

Twenty-four prisoners were freed today in an international prisoner swap between Russia and Western countries. Among the eight Russians repatriated were several convicted cybercriminals. In return, Russia has reportedly released 16 prisoners, including Wall Street Journal reporter Evan Gershkovic...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/04/20 12:59 p.m.11 views

Is Facebook’s Anti-Abuse System Broken?

Facebook has built some of the most advanced algorithms for tracking users, but when it comes to acting on user abuse reports about Facebook groups and content that clearly violate the company's "community standards," the social media giant's technology appears to be woefully inadequate. Last wee...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/02/12 1:41 p.m.11 views

Domain Theft Strands Thousands of Web Sites

Newtek Business Services Corp. NASDAQ:NEWT, a Web services conglomerate that operates more than 100,000 business Web sites and some 40,000 managed technology accounts, had several of its core domain names stolen over the weekend. The theft shut off email and stranded Web sites for many of Newtek'...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/12/21 1:56 p.m.11 views

U.K. Man Avoids Jail Time in vDOS Case

A U.K. man who pleaded guilty to launching more than 2,000 cyberattacks against some of the world's largest companies has avoided jail time for his role in the attacks. The judge in the case reportedly was moved by pleas for leniency that cited the man's youth at the time of the attacks and a...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/12/08 12:35 a.m.11 views

Phishers Are Upping Their Game. So Should You.

Not long ago, phishing attacks were fairly easy for the average Internet user to spot: Full of grammatical and spelling errors, and linking to phony bank or email logins at unencrypted http:// vs. https:// Web pages. Increasingly, however, phishers are upping their game, polishing their copy and...

6.3AI score
Exploits0
Krebs on Security
Krebs on Security
added 2026/05/08 2:58 a.m.10 views

Canvas Breach Disrupts Schools & Colleges Nationwide

An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the service's login page with a ransom demand that threatened to...

5.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2026/04/14 9:47 p.m.10 views

Patch Tuesday, April 2026 Edition

Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed "BlueHammer." Separately, Google Chrome fixed its...

7.8CVSS7.1AI score0.22808EPSS
Exploits4
Krebs on Security
Krebs on Security
added 2026/03/23 3:43 p.m.10 views

‘CanisterWorm’ Springs Wiper Attack Targeting Iran

A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran's time zone or have Farsi set as the default language. Experts say the wip...

5.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2026/03/11 4:20 p.m.10 views

Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker

A hacktivist group with links to Iran's intelligence agencies is claiming responsibility for a data-wiping attack against Stryker , a global medical technology company based in Michigan. News reports out of Ireland, Stryker's largest hub outside of the United States, said the company sent home mo...

5.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2026/02/28 12:1 p.m.10 views

Who is the Kimwolf Botmaster “Dort”?

In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to build Kimwolf , the world's largest and most disruptive botnet. Since then, the person in control of Kimwolf -- who goes by the handle "Dort " -- has coordinated a barrage of...

5.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/12/04 11:2 p.m.10 views

SMS Phishers Pivot to Points, Taxes, Fake Retailers

China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping season: Phishing kits for mass-creating fake but convincing e-commerce websites that convert customer payment...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/09/01 9:55 p.m.10 views

The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft

The recent mass-theft of authentication tokens from Salesloft , whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many companies racing to invalidate the stolen credentials before hackers can exploit them. Now Google war...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/08/06 12:12 p.m.10 views

Who Got Arrested in the Raid on the XSS Crime Forum?

On July 22, 2025, the European police agency Europol said a long-running investigation led by the French Police resulted in the arrest of a 38-year-old administrator of XSS, a Russian-language cybercrime forum with more than 50,000 members. The action has triggered an ongoing frenzy of speculatio...

6.3AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/06/30 5:33 p.m.10 views

Senator Chides FBI for Weak Advice on Mobile Security

Agents with the Federal Bureau of Investigation FBI briefed Capitol Hill staff recently on hardening the security of their mobile devices, after a contacts list stolen from the personal phone of the White House Chief of Staff Susie Wiles was reportedly used to fuel a series of text messages and...

6.1CVSS6.8AI score0.04371EPSS
Exploits0
Krebs on Security
Krebs on Security
added 2025/03/07 12:54 a.m.10 views

Who is the DOGE and X Technician Branden Spikes?

At 49, Branden Spikes isn't just one of the oldest technologists who has been involved in Elon Musk's Department of Government Efficiency DOGE. As the current director of information technology at X/Twitter and an early hire at PayPal , Zip2 ,Tesla and SpaceX , Spikes is also among Musk's most...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/02/27 3:39 a.m.10 views

U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”

A U.S. Army soldier who pleaded guilty last week to leaking phone records for high-ranking U.S. government officials searched online for non-extradition countries and for an answer to the question "can hacking be treason?" prosecutors in the case said Wednesday. The government disclosed the detai...

7.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/02/23 11:2 p.m.10 views

Trump 2.0 Brings Cuts to Cyber, Consumer Protections

One month into his second term, President Trump's actions to shrink the government through mass layoffs, firings and withholding funds allocated by Congress have thrown federal cybersecurity and consumer protection programs into disarray. At the same time, agencies are battling an ongoing effort ...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/01/22 3:24 p.m.10 views

MasterCard DNS Error Went Unnoticed for Years

The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name. The misconfiguration persisted for nearly five years until a security...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/12/31 4:5 a.m.10 views

U.S. Army Soldier Arrested in AT&T, Verizon Extortions

Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m , a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT &T and Verizon. As first reported by KrebsOnSecurity last month, th...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/10/18 12:33 p.m.10 views

Brazil Arrests ‘USDoD,’ Hacker in FBI Infragard Breach

Brazilian authorities reportedly have arrested a 33-year-old man on suspicion of being "USDoD ," a prolific cybercriminal who rose to infamy in 2022 after infiltrating the FBI 's InfraGard program and leaking contact information for 80,000 members. More recently, USDoD was behind a breach at the...

7.4AI score
Exploits0
Total number of security vulnerabilities1094