Profile Explorer

Krebs on Security

@krebsonsecurity.com.web.brid.gy

In-depth security news and investigation 🌉 bridged from https://krebsonsecurity.com/ on the web: https://fed.brid.gy/web/krebsonsecurity.com

214
Followers 0
Following 111
Posts 27.03.2025
Joined

Posts Following

Latest posts by Krebs on Security @krebsonsecurity.com.web.brid.gy

Preview

Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker A hacktivist group with links to Iran's intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker's largest hub outside of the United States, said the company sent home more than 5,000 workers there today. Meanwhile, a voicemail message at Stryker's main U.S. headquarters says the company is currently experiencing a building emergency.

11.03.2026 16:20 👍 2 🔁 1 💬 1 📌 0

Preview

Who Operates the Badbox 2.0 Botnet? The cybercriminals in control of Kimwolf -- a disruptive botnet that has infected more than 2 million devices -- recently shared a screenshot indicating they'd compromised the control panel for Badbox 2.0, a vast China-based botnet powered by malicious software that comes pre-installed on many Android TV streaming boxes. Both the FBI and Google say they are hunting for the people behind Badbox 2.0, and thanks to bragging by the Kimwolf botmasters we may now have a much clearer idea about that.

26.01.2026 16:11 👍 0 🔁 0 💬 0 📌 0

Preview

Kimwolf Botnet Lurking in Corporate, Govt. Networks A new Internet-of-Things botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and to relay other malicious and abusive Internet traffic. Kimwolf's ability to scan the local networks of compromised systems for other IoT devices to infect makes it a sobering threat to organizations, and new research reveals Kimwolf is surprisingly prevalent in government and corporate networks.

20.01.2026 18:19 👍 2 🔁 0 💬 0 📌 0

Patch Tuesday, January 2026 Edition Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. Eight of the vulnerabilities earned Microsoft's most-dire "critical" rating, and the company warns that attackers are already exploiting one of the bugs fixed today.

14.01.2026 00:47 👍 1 🔁 0 💬 0 📌 0

Preview

The Kimwolf Botnet is Stalking Your Local Network The story you are reading is a series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been exploited for months already, and it's time for a broader awareness of the threat. The short version is that everything you thought you knew about the security of the internal network behind your Internet router probably is now dangerously out of date.

02.01.2026 14:20 👍 2 🔁 0 💬 0 📌 0

Preview

Happy 16th Birthday, KrebsOnSecurity.com! KrebsOnSecurity.com celebrates its 16th anniversary today! A huge "thank you" to all of our readers -- newcomers, long-timers and drive-by critics alike. Your engagement this past year here has been tremendous and truly a salve on a handful of dark days. Happily, comeuppance was a strong theme running through our coverage in 2025, with a primary focus on entities that enabled complex and globally-dispersed cybercrime services.

29.12.2025 20:23 👍 0 🔁 0 💬 0 📌 0

Dismantling Defenses: Trump 2.0 Cyber Year in Review The Trump administration has pursued a staggering range of policy pivots this past year that threaten to weaken the nation’s ability and willingness to address a broad spectrum of technology challenges, from cybersecurity and privacy to countering disinformation, fraud and corruption. These shifts, along with the president’s efforts to restrict free speech and freedom of the press, have come at such a rapid clip that many readers probably aren’t even aware of them all.

19.12.2025 15:14 👍 1 🔁 0 💬 0 📌 0

Preview

The Cloudflare Outage May Be a Security Roadmap An intermittent outage at Cloudflare on Tuesday briefly knocked many of the Internet's top destinations offline. Some affected Cloudflare customers were able to pivot away from the platform temporarily so that visitors could still access their websites. But security experts say doing so may have also triggered an impromptu network penetration test for organizations that have come to rely on Cloudflare to block many types of abusive and malicious traffic.

19.11.2025 14:07 👍 1 🔁 0 💬 0 📌 0

Preview

Google Sues to Disrupt Chinese SMS Phishing Triad Google is suing more than two dozen unnamed individuals allegedly involved in peddling a popular China-based mobile phishing service that helps scammers impersonate hundreds of trusted brands, blast out text message lures, and convert phished payment card data into mobile wallets from Apple and Google.

13.11.2025 14:47 👍 1 🔁 1 💬 0 📌 0

Preview

Drilling Down on Uncle Sam’s Proposed TP-Link Ban The U.S. government is reportedly preparing to ban the sale of wireless routers and other networking gear from TP-Link Systems, a tech company that currently enjoys an estimated 50% market share among home users and small businesses. Experts say while the proposed ban may have more to do with TP-Link's ties to China than any specific technical threats, much of the rest of the industry serving this market also sources hardware from China and ships products that are insecure fresh out of the box.

09.11.2025 18:14 👍 0 🔁 0 💬 0 📌 0

Preview

Aisuru Botnet Shifts from DDoS to Residential Proxies Aisuru, the botnet responsible for a series of record-smashing distributed denial-of-service (DDoS) attacks this year, recently was overhauled to support a more low-key, lucrative and sustainable business: Renting hundreds of thousands of infected Internet of Things (IoT) devices to proxy services that help cybercriminals anonymize their traffic. Experts says a glut of proxies from Aisuru and other sources is fueling large-scale data harvesting efforts tied to various artificial intelligence (AI) projects, helping content scrapers evade detection by routing their traffic through residential connections that appear to be regular Internet users.

29.10.2025 00:51 👍 0 🔁 0 💬 0 📌 1

Preview

Canada Fines Cybercrime Friendly Cryptomus $176M Financial regulators in Canada this week levied $176 million in fines against Cryptomus, a digital payments platform that supports dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services. The penalties for violating Canada's anti money-laundering laws come ten months after KrebsOnSecurity noted that Cryptomus's Vancouver street address was home to dozens of foreign currency dealers, money transfer businesses, and cryptocurrency exchanges — none of which were physically located there.

22.10.2025 17:21 👍 0 🔁 0 💬 0 📌 0

Preview

Email Bombs Exploit Lax Authentication in Zendesk Cybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with menacing messages that come from hundreds of Zendesk corporate customers simultaneously.

17.10.2025 11:26 👍 0 🔁 0 💬 0 📌 0

Preview

Patch Tuesday, October 2025 ‘End of 10’ Edition Microsoft today released software updates to plug a whopping 172 security holes in its Windows operating systems, including at least three vulnerabilities that are already being actively exploited. October's Patch Tuesday also marks the final month that Microsoft will ship security updates for Windows 10 systems. If you're running a Windows 10 PC and you're unable or unwilling to migrate to Windows 11, read on for other options.

14.10.2025 22:57 👍 0 🔁 0 💬 0 📌 0

Preview

DDoS Botnet Aisuru Blankets US ISPs in Record DDoS The world's largest and most disruptive botnet is now drawing a majority of its firepower from compromised Internet-of-Things (IoT) devices hosted on U.S. Internet providers like AT&T, Comcast and Verizon, new evidence suggests. Experts say the heavy concentration of infected devices at U.S. providers is complicating efforts to limit collateral damage from the botnet's attacks, which shattered previous records this week with a brief traffic flood that clocked in at nearly 30 trillion bits of data per second.

10.10.2025 16:10 👍 0 🔁 0 💬 0 📌 0

Preview

ShinyHunters Wage Broad Corporate Extortion Spree A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen from dozens of Fortune 500 firms if they refuse to pay a ransom. The group also claimed responsibility for a recent breach involving Discord user data, and for stealing terabytes of sensitive files from thousands of customers of the enterprise software maker Red Hat.

07.10.2025 22:45 👍 0 🔁 0 💬 0 📌 0

Preview

Feds Tie ‘Scattered Spider’ Duo to $115M in Ransoms U.S. prosecutors last week levied criminal hacking charges against 19-year-old U.K. national Thalha Jubair for allegedly being a core member of Scattered Spider, a prolific cybercrime group blamed for extorting at least $115 million in ransom payments from victims. The charges came as Jubair and an alleged co-conspirator appeared in a London court to face accusations of hacking into and extorting several large U.K. retailers, the London transit system, and healthcare providers in the United States.

24.09.2025 11:48 👍 0 🔁 0 💬 0 📌 0

Preview

Self-Replicating Worm Hits 180+ Software Packages At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more credentials every time an infected package is installed.

16.09.2025 14:08 👍 1 🔁 0 💬 0 📌 0

Preview

Bulletproof Host Stark Industries Evades EU Sanctions In May 2025, the European Union levied financial sanctions on the owners of Stark Industries Solutions Ltd., a bulletproof hosting provider that materialized two weeks before Russia invaded Ukraine and quickly became a top source of Kremlin-linked cyberattacks and disinformation campaigns. But new data shows those sanctions have done little to stop Stark from simply rebranding and transferring their assets to other corporate entities controlled by its original hosting providers.

11.09.2025 17:40 👍 0 🔁 0 💬 0 📌 0

Preview

Microsoft Patch Tuesday, September 2025 Edition Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known "zero-day" or actively exploited vulnerabilities in this month's bundle from Redmond, which nevertheless includes patches for 13 flaws that earned Microsoft's most-dire "critical" label. Meanwhile, both Apple and Google recently released updates to fix zero-day bugs in their devices.

09.09.2025 21:21 👍 1 🔁 1 💬 0 📌 0

Preview

18 Popular Code Packages Hacked, Rigged to Steal Crypto At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The attack appears to have been quickly contained and was narrowly focused on stealing cryptocurrency. But experts warn that a similar attack with a slightly more nefarious payload could quickly lead to a disruptive malware outbreak that is far more difficult to detect and restrain.

08.09.2025 22:53 👍 0 🔁 0 💬 0 📌 0

Preview

GOP Cries Censorship Over Spam Filters That Work The chairman of the Federal Trade Commission (FTC) last week sent a letter to Google's CEO demanding to know why Gmail was blocking messages from Republican senders while allegedly failing to block similar missives supporting Democrats. The letter followed media reports accusing Gmail of disproportionately flagging messages from the GOP fundraising platform WinRed and sending them to the spam folder. But according to experts who track daily spam volumes worldwide, WinRed's messages are getting blocked more because its methods of blasting email are increasingly way more spammy than that of ActBlue, the fundraising platform for Democrats.

06.09.2025 03:23 👍 2 🔁 1 💬 0 📌 0

Preview

The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many companies racing to invalidate the stolen credentials before hackers can exploit them. Now Google warns the breach goes far beyond access to Salesforce data, noting the hackers responsible also stole valid authentication tokens for hundreds of online services that customers can integrate with Salesloft, including Slack, Google Workspace, Amazon S3, Microsoft Azure, and OpenAI.

01.09.2025 21:55 👍 0 🔁 0 💬 0 📌 0

Preview

Affiliates Flock to ‘Soulless’ Scam Gambling Machine Last month, KrebsOnSecurity tracked the sudden emergence of hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. We've since learned that these scam gambling sites have proliferated thanks to a new Russian affiliate program called "Gambler Panel" that bills itself as a "soulless project that is made for profit."

28.08.2025 17:21 👍 0 🔁 1 💬 0 📌 0

Preview

DSLRoot, Proxies, and the Threat of ‘Legal Botnets’ The cybersecurity community on Reddit responded in disbelief this month when a self-described Air National Guard member with top secret security clearance began questioning the arrangement they'd made with company called DSLRoot, which was paying $250 a month to plug a pair of laptops into the Redditor's high-speed Internet connection in the United States. This post examines the history and provenance of DSLRoot, one of the oldest "residential proxy" networks with origins in Russia and Eastern Europe.

26.08.2025 14:05 👍 0 🔁 0 💬 0 📌 0

Preview

SIM-Swapper, Scattered Spider Hacker Gets 10 Years A 21-year-old Florida man at the center of a prolific cybercrime group known as "Scattered Spider" was sentenced to 10 years in federal prison today, and ordered to pay roughly $13 million in restitution to victims. Noah Michael Urban of Palm Coast, Fla. pleaded guilty in April 2025 to charges of wire fraud and conspiracy. Florida prosecutors alleged Urban conspired with others to steal at least $800,000 from five victims via SIM-swapping attacks that diverted their mobile phone calls and text messages to devices controlled by Urban and his co-conspirators.

21.08.2025 01:47 👍 0 🔁 0 💬 0 📌 0

Preview

Oregon Man Charged in ‘Rapper Bot’ DDoS Service A 22-year-old Oregon man has been arrested on suspicion of operating "Rapper Bot," a massive botnet used to power a service for launching distributed denial-of-service (DDoS) attacks against targets -- including a March 2025 DDoS that knocked Twitter/X offline. The Justice Department asserts the suspect and an unidentified co-conspirator rented out the botnet to online extortionists, and tried to stay off the radar of law enforcement by ensuring that their botnet was never pointed at KrebsOnSecurity.

19.08.2025 20:51 👍 0 🔁 0 💬 0 📌 0

Preview

Mobile Phishers Target Brokerage Accounts in ‘Ramp and Dump’ Cashout Scheme Cybercriminal groups peddling sophisticated phishing kits that convert stolen card data into mobile wallets have recently shifted their focus to targeting customers of brokerage services, new research shows. Undeterred by security controls at these trading platforms that block users from wiring funds directly out of accounts, the phishers have pivoted to using multiple compromised brokerage accounts in unison to manipulate the prices of foreign stocks.

15.08.2025 18:27 👍 0 🔁 0 💬 0 📌 0

Microsoft Patch Tuesday, August 2025 Edition Microsoft today released updates to fix more than 100 security flaws in its Windows operating systems and other software. At least 13 of the bugs received Microsoft's most-dire "critical" rating, meaning they could be abused by malware or malcontents to gain remote access to a Windows system with little or no help from users.

12.08.2025 22:14 👍 0 🔁 0 💬 0 📌 0

Preview

KrebsOnSecurity in New ‘Most Wanted’ HBO Max Series A new documentary series about cybercrime airing next month on HBO Max features interviews with Yours Truly. The four-part series follows the exploits of Julius Kivimäki, a prolific Finnish hacker recently convicted of leaking tens of thousands of patient records from an online psychotherapy practice while attempting to extort the clinic and its patients.

08.08.2025 21:38 👍 1 🔁 0 💬 0 📌 0