Lucene search
K
KrebsMost viewed

1092 matches found

Krebs on Security
Krebs on Security
added 2024/09/30 9:33 p.m.10 views

Crooked Cops, Stolen Laptops & the Ghost of UGNazi

A California man accused of failing to pay taxes on tens of millions of dollars allegedly earned from cybercrime also paid local police officers hundreds of thousands of dollars to help him extort, intimidate and silence rivals and former business partners, the government alleges. KrebsOnSecurity...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/09/03 3:45 p.m.10 views

Sextortion Scams Now Include Photos of Your Home

An old but persistent email scam known as "sextortion " has a new personalized touch: The missives, which claim that malware has captured webcam footage of recipients pleasuring themselves, now include a photo of the target's home in a bid to make threats about publishing the videos more...

7.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/07/19 2:24 p.m.10 views

Global Microsoft Meltdown Tied to Bad Crowdstrike Update

A faulty software update from cybersecurity vendor Crowdstrike crippled countless Microsoft Windows computers across the globe today, disrupting everything from airline travel and financial institutions to hospitals and businesses online. Crowdstrike said a fix has been deployed, but experts say...

7.5AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/04/21 7:29 p.m.10 views

How Cybercrooks Put the Beatdown on My Beats

Last month Yours Truly got snookered by a too-good-to-be-true online scam in which some dirtball hijacked an Amazon merchant's account and used it to pimp steeply discounted electronics that he never intended to sell. Amazon refunded my money, and the legitimate seller never did figure out how hi...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2026/03/08 11:35 p.m.9 views

How AI Assistants are Moving the Security Goalposts

AI-based assistants or "agents" -- autonomous programs that have access to the user's computer, files, online services and can automate virtually any task -- are growing in popularity with developers and IT workers. But as so many eyebrow-raising headlines over the past few weeks have shown, thes...

5.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2026/01/08 11:23 p.m.9 views

Who Benefited from the Aisuru and Kimwolf Botnets?

Our first story of 2026 revealed how a destructive new botnet called Kimwolf has infected more than two million devices by mass-compromising a vast number of unofficial Android TV streaming boxes. Today, we'll dig through digital clues left behind by the hackers, network operators and services th...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/11/13 2:47 p.m.9 views

Google Sues to Disrupt Chinese SMS Phishing Triad

Google is suing more than two dozen unnamed individuals allegedly involved in peddling a popular China-based mobile phishing service that helps scammers impersonate hundreds of trusted brands, blast out text message lures, and convert phished payment card data into mobile wallets from Apple and...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/11/09 6:14 p.m.9 views

Drilling Down on Uncle Sam’s Proposed TP-Link Ban

The U.S. government is reportedly preparing to ban the sale of wireless routers and other networking gear from TP-Link Systems , a tech company that currently enjoys an estimated 50% market share among home users and small businesses. Experts say while the proposed ban may have more to do with...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/10/17 11:26 a.m.9 views

Email Bombs Exploit Lax Authentication in Zendesk

Cybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with menacing messages that come from hundreds of Zendesk corporate customers simultaneously. Zendesk is an automated help desk service designed to make it simpl...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/09/16 2:8 p.m.9 views

Self-Replicating Worm Hits 180+ Software Packages

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub , experts warn. The malware, which briefly infected multiple code packages from the securit...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/08/21 1:47 a.m.9 views

SIM-Swapper, Scattered Spider Hacker Gets 10 Years

A 20-year-old Florida man at the center of a prolific cybercrime group known as "Scattered Spider " was sentenced to 10 years in federal prison today, and ordered to pay roughly $13 million in restitution to victims. Noah Michael Urban of Palm Coast, Fla. pleaded guilty in April 2025 to charges o...

7.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/07/24 5:57 p.m.9 views

Phishers Target Aviation Execs to Scam Customers

KrebsOnSecurity recently heard from a reader whose boss's email account got phished and was used to trick one of the company's customers into sending a large payment to scammers. An investigation into the attacker's infrastructure points to a long-running Nigerian cybercrime ring that is actively...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/07/10 5:31 p.m.9 views

UK Arrests Four in ‘Scattered Spider’ Ransom Group

Authorities in the United Kingdom this week arrested four people aged 17 to 20 in connection with recent data theft and extortion attacks against the retailers Marks & Spencer and Harrods , and the British food retailer Co-op Group. The breaches have been linked to a prolific but loosely-affiliat...

7.3AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/03/14 10:15 p.m.9 views

ClickFix: How to Infect Your PC in Three Easy Steps

A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed "ClickFix ," the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft...

7.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/09/25 4:26 p.m.9 views

Timeshare Owner? The Mexican Drug Cartels Want You

The FBI is warning timeshare owners to be wary of a prevalent telemarketing scam involving a violent Mexican drug cartel that tries to trick people into believing someone wants to buy their property. This is the story of a couple who recently lost more than $50,000 to an ongoing timeshare scam th...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/09/19 7:39 p.m.9 views

This Windows PowerShell Phish Has Scary Potential

ManyGitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/05/30 3:19 p.m.9 views

‘Operation Endgame’ Hits Malware Delivery Platforms

Law enforcement agencies in the United States and Europe today announced Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware. Dubbed "the largest ever operation against botnets," the international effort...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 5 days ago8 views

Felons, Fraudsters Flog Offensive Cybersecurity Startup

A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures included fake intelligence companies and a now-defunct AI-based lobbying platfor...

5.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2026/04/06 2:7 a.m.8 views

Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab

An elusive hacker who went by the handle "UNKN " and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least 130 acts of computer...

5.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2026/01/14 12:47 a.m.8 views

Patch Tuesday, January 2026 Edition

Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. Eight of the vulnerabilities earned Microsoft's most-dire "critical" rating, and the company warns that attackers are already exploiting one of the bugs fixed today...

9.8CVSS9.4AI score0.10561EPSS
Exploits8
Krebs on Security
Krebs on Security
added 2025/12/19 3:14 p.m.8 views

Dismantling Defenses: Trump 2.0 Cyber Year in Review

The Trump administration has pursued a staggering range of policy pivots this past year that threaten to weaken the nation's ability and willingness to address a broad spectrum of technology challenges, from cybersecurity and privacy to countering disinformation, fraud and corruption. These shift...

6.5AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/12/16 2:14 p.m.8 views

Most Parked Domains Now Serving Malicious Content

Direct navigation -- the act of visiting a website by manually typing a domain name in a web browser -- has never been riskier: A new study finds the vast majority of "parked" domains -- mostly expired or dormant domain names, or common misspellings of popular websites -- are now configured to...

6.5AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/09/09 9:21 p.m.8 views

Microsoft Patch Tuesday, September 2025 Edition

Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known "zero-day" or actively exploited vulnerabilities in this month's bundle from Redmond, which nevertheless includes patches for 13 flaws that earned...

9.8CVSS8.7AI score0.19972EPSS
Exploits20
Krebs on Security
Krebs on Security
added 2025/08/28 5:21 p.m.8 views

Affiliates Flock to ‘Soulless’ Scam Gambling Machine

Last month, KrebsOnSecurity tracked the sudden emergence of hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. We've since learned that these scam gambling sites have proliferated...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/08/15 6:27 p.m.8 views

Mobile Phishers Target Brokerage Accounts in ‘Ramp and Dump’ Cashout Scheme

Cybercriminal groups peddling sophisticated phishing kits that convert stolen card data into mobile wallets have recently shifted their focus to targeting customers of brokerage services, new research shows. Undeterred by security controls at these trading platforms that block users from wiring...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/07/03 4:6 p.m.8 views

Big Tech’s Mixed Response to U.S. Treasury Sanctions

In May 2025, the U.S. government sanctioned a Chinese national for operating a cloud provider linked to the majority of virtual currency investment scam websites reported to the FBI. But a new report finds the accused continues to operate a slew of established accounts at American tech companies ...

7.4AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/12/29 11:48 p.m.8 views

Happy 15th Anniversary, KrebsOnSecurity!

Image: Shutterstock, Dreamansions. KrebsOnSecurity.com turns 15 years old today! Maybe it's indelicate to celebrate the birthday of a cybercrime blog that mostly publishes bad news, but happily many of 2024's most engrossing security stories were about bad things happening to bad guys. It's also ...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/10/30 1:34 p.m.8 views

Change Healthcare Breach Hits 100M Americans

Change Healthcare says it has notified approximately 100 million Americans that their personal, financial and healthcare records may have been stolen in a February 2024 ransomware attack that caused the largest ever known data breach of protected health information. Image: Tamer Tuncay,...

7.5AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/12/20 8:8 p.m.8 views

The Equifax Breach Settlement Offer is Real, For Now

Millions of people likely just received an email or snail mail notice saying theyre eligible to claim a class action payment in connection with the 2017 megabreach at consumer credit bureau Equifax. Given the high volume of reader inquiries about this, it seemed worth pointing out that while this...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2026/04/21 2:53 p.m.7 views

‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty

A 24-year-old British national and senior member of the cybercrime group "Scattered Spider " has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022 that allowed the group...

5.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2026/02/11 4:8 p.m.7 views

Kimwolf Botnet Swamps Anonymity Network I2P

For the past week, the massive "Internet of Things" IoT botnet known as Kimwolf has been disrupting The Invisible Internet Project I2P, a decentralized, encrypted communications network designed to anonymize and secure online communications. I2P users started reporting disruptions in the network...

5.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2026/01/26 4:11 p.m.7 views

Who Operates the Badbox 2.0 Botnet?

The cybercriminals in control of Kimwolf -- a disruptive botnet that has infected more than 2 million devices -- recently shared a screenshot indicating they'd compromised the control panel for Badbox 2.0 , a vast China-based botnet powered by malicious software that comes pre-installed on many...

5.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/12/29 8:23 p.m.7 views

Happy 16th Birthday, KrebsOnSecurity.com!

KrebsOnSecurity.com celebrates its 16th anniversary today! A huge "thank you" to all of our readers -- newcomers, long-timers and drive-by critics alike. Your engagement this past year here has been tremendous and truly a salve on a handful of dark days. Happily, comeuppance was a strong theme...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/11/26 5:22 p.m.7 views

Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’

A prolific cybercriminal group that calls itself "Scattered LAPSUS$ Hunters " has dominated headlines this year by regularly stealing data from and publicly mass extorting dozens of major corporations. But the tables seem to have turned somewhat for "Rey," the moniker chosen by the technical...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/10/10 4:10 p.m.7 views

DDoS Botnet Aisuru Blankets US ISPs in Record DDoS

The world's largest and most disruptive botnet is now drawing a majority of its firepower from compromised Internet-of-Things IoT devices hosted on U.S. Internet providers like AT &T, Comcast and Verizon , new evidence suggests. Experts say the heavy concentration of infected devices at U.S...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/09/06 3:23 a.m.7 views

GOP Cries Censorship Over Spam Filters That Work

The chairman of the Federal Trade Commission FTC last week sent a letter to Google's CEO demanding to know why Gmail was blocking messages from Republican senders while allegedly failing to block similar missives supporting Democrats. The letter followed media reports accusing Gmail of...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/08/08 9:38 p.m.7 views

KrebsOnSecurity in New ‘Most Wanted’ HBO Max Series

A new documentary series about cybercrime airing next month on HBO Max features interviews with Yours Truly. The four-part series follows the exploits of Julius Kivimäki , a prolific Finnish hacker recently convicted of leaking tens of thousands of patient records from an online psychotherapy...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2026/03/20 12:49 a.m.6 views

Feds Disrupt IoT Botnets Behind Huge DDoS Attacks

The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million Internet of Things IoT devices, such as routers and web cameras. The feds say the four botnets -- named Aisu...

5.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2026/02/02 4:15 p.m.6 views

Please Don’t Feed the Scattered Lapsus ShinyHunters

A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters SLSH has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swatting executives and their families, all while notifying journalists and regulators about the extent of...

5.4AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/01/28 2:50 a.m.6 views

A Tumultuous Week for Federal Cybersecurity Efforts

Image: Shutterstock. Greg Meland. President Trump last week issued a flurry of executive orders that upended a number of government initiatives focused on improving the nation's cybersecurity posture. The president fired all advisors from the Department of Homeland Security's Cyber Safety Review...

7.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/01/07 11:41 p.m.6 views

A Day in the Life of a Prolific Voice Phishing Crew

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gang show the group routinely abuses legitimate...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/12/04 2:8 p.m.5 views

U.S. Offered $10M for Hacker Just Arrested by Russia

In January 2022, KrebsOnSecurity identified a Russian man named Mikhail Matveev as "Wazawaka ," a cybercriminal who was deeply involved in the formation and operation of multiple ransomware groups. The U.S. government indicted Matveev as a top ransomware purveyor a year later, offering $10 millio...

6.9AI score
Exploits0
Total number of security vulnerabilities1092