Our first story of 2026 revealed how a destructive new botnet called Kimwolf has infected more than two million devices by mass-compromising a vast number of unofficial Android TV streaming boxes. Today, we’ll dig through digital clues left behind by the hackers, network operators and services that appear to have benefitted from Kimwolf’s spread. On…
Category: A Little Sunshine
A Little Sunshine, Exploits, Global Security News, Latest Warnings, Web Fraud 2.0
The Kimwolf Botnet is Stalking Your Local Network
The story you are reading is a series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been exploited for months already, and it’s time for a broader awareness of the threat. The short version is that everything you thought you knew about the security of the internal…
A Little Sunshine, Asia Pacific, Funnull, Global Security News, HeartSender
Happy 16th Birthday, KrebsOnSecurity.com!
KrebsOnSecurity.com celebrates its 16th anniversary today! A huge “thank you” to all of our readers — newcomers, long-timers and drive-by critics alike. Your engagement this past year here has been tremendous and truly a salve on a handful of dark days. Happily, comeuppance was a strong theme running through our coverage in 2025, with a…
A Little Sunshine, Global Security News, Latest Warnings, Web Fraud 2.0
Most Parked Domains Now Serving Malicious Content
Direct navigation — the act of visiting a website by manually typing a domain name in a web browser — has never been riskier: A new study finds the vast majority of “parked” domains — mostly expired or dormant domain names, or common misspellings of popular websites — are now configured to redirect visitors to…
A Little Sunshine, Global Security News, Russia's War on Ukraine
Drones to Diplomas: How Russia’s Largest Private University is Linked to a $25M Essay Mill
A sprawling academic cheating network turbocharged by Google Ads that has generated nearly $25 million in revenue has curious connections to a Kremlin-connected oligarch whose Russian university builds drones for Russia’s war against Ukraine. The Nerdify homepage. The link between essay mills and Russian attack drones might seem improbable, but understanding it begins with a…
A Little Sunshine, Asia Pacific, AT&T, Global Security News, Latest Warnings, Tax Refund Fraud, Web Fraud 2.0
SMS Phishers Pivot to Points, Taxes, Fake Retailers
China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping season: Phishing kits for mass-creating fake but convincing e-commerce websites that convert customer payment card data into mobile wallets from Apple and Google. Experts say…
A Little Sunshine, BreachForums, Breadcrumbs, Europe, Global Security News, Ne'er-Do-Well News, Ransomware
Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’
A prolific cybercriminal group that calls itself “Scattered LAPSUS$ Hunters” has dominated headlines this year by regularly stealing data from and publicly mass extorting dozens of major corporations. But the tables seem to have turned somewhat for “Rey,” the moniker chosen by the technical operator and public face of the hacker group: Earlier this week,…
A Little Sunshine, Amazon, Asia Pacific, Global Security News, Internet of Things (IoT), Web Fraud 2.0
Is Your Android TV Streaming Box Part of a Botnet?
On the surface, the Superbox media streaming devices for sale at retailers like BestBuy and Walmart may seem like a steal: They offer unlimited access to more than 2,200 pay-per-view and streaming services like Netflix, ESPN and Hulu, all for a one-time fee of around $400. But security experts warn these TV boxes require intrusive…
A Little Sunshine, Firefox, Global Security News, Monitor Plus, Ne'er-Do-Well News
Mozilla Says It’s Finally Done With Two-Faced Onerep
In March 2024, Mozilla said it was winding down its collaboration with Onerep — an identity protection service offered with the Firefox web browser that promises to remove users from hundreds of people-search sites — after KrebsOnSecurity revealed Onerep’s founder had created dozens of people-search services and was continuing to operate at least one of…
A Little Sunshine, CloudFlare, Global Security News, Latest Warnings, The Coming Storm
The Cloudflare Outage May Be a Security Roadmap
An intermittent outage at Cloudflare on Tuesday briefly knocked many of the Internet’s top destinations offline. Some affected Cloudflare customers were able to pivot away from the platform temporarily so that visitors could still access their websites. But security experts say doing so may have also triggered an impromptu network penetration test for organizations that…
A Little Sunshine, alibaba, Apple, Asia Pacific, Global Security News, The Coming Storm, Web Fraud 2.0
Google Sues to Disrupt Chinese SMS Phishing Triad
Google is suing more than two dozen unnamed individuals allegedly involved in peddling a popular China-based mobile phishing service that helps scammers impersonate hundreds of trusted brands, blast out text message lures, and convert phished payment card data into mobile wallets from Apple and Google. In a lawsuit filed in the Southern District of New…
A Little Sunshine, Asia Pacific, Global Security News, Internet of Things (IoT), Latest Warnings, The Coming Storm
Drilling Down on Uncle Sam’s Proposed TP-Link Ban
The U.S. government is reportedly preparing to ban the sale of wireless routers and other networking gear from TP-Link Systems, a tech company that currently enjoys an estimated 50% market share among home users and small businesses. Experts say while the proposed ban may have more to do with TP-Link’s ties to China than any…
A Little Sunshine, Global Security News, Internet of Things (IoT), North America, Web Fraud 2.0
Cloudflare Scrubs Aisuru Botnet from Top Domains List
For the past week, domains associated with the massive Aisuru botnet have repeatedly usurped Amazon, Apple, Google and Microsoft in Cloudflare’s public ranking of the most frequently requested websites. Cloudflare responded by redacting Aisuru domain names from their top websites list. The chief executive at Cloudflare says Aisuru’s overlords are using the botnet to boost…
A Little Sunshine, Global Security News, Ne'er-Do-Well News, North America, Target: Small Businesses
Alleged Jabber Zeus Coder ‘MrICQ’ in U.S. Custody
A Ukrainian man indicted in 2012 for conspiring with a prolific hacking group to steal tens of millions of dollars from U.S. businesses was arrested in Italy and is now in custody in the United States, KrebsOnSecurity has learned. Sources close to the investigation say Yuriy Igorevich Rybtsov, a 41-year-old from the Russia-controlled city of…
A Little Sunshine, Global Security News, Internet of Things (IoT), North America, The Coming Storm, Web Fraud 2.0
Aisuru Botnet Shifts from DDoS to Residential Proxies
Aisuru, the botnet responsible for a series of record-smashing distributed denial-of-service (DDoS) attacks this year, recently was overhauled to support a more low-key, lucrative and sustainable business: Renting hundreds of thousands of infected Internet of Things (IoT) devices to proxy services that help cybercriminals anonymize their traffic. Experts says a glut of proxies from Aisuru…
A Little Sunshine, Global Security News, Ne'er-Do-Well News, North America, Ransomware, Russia's War on Ukraine, Web Fraud 2.0
Canada Fines Cybercrime Friendly Cryptomus $176M
Financial regulators in Canada this week levied $176 million in fines against Cryptomus, a digital payments platform that supports dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services. The penalties for violating Canada’s anti money-laundering laws come ten months after KrebsOnSecurity noted that Cryptomus’s Vancouver street address was home to dozens of foreign currency…
A Little Sunshine, Global Security News, Latest Warnings, The Coming Storm, Web Fraud 2.0
Email Bombs Exploit Lax Authentication in Zendesk
Cybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with menacing messages that come from hundreds of Zendesk corporate customers simultaneously. Zendesk is an automated help desk service designed to make it simple for people to contact companies for customer support issues. Earlier this week,…
A Little Sunshine, Exploits, Global Security News, Latest Warnings, Ne'er-Do-Well News, Ransomware, The Coming Storm
ShinyHunters Wage Broad Corporate Extortion Spree
A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen from dozens of Fortune 500 firms if they refuse to pay a ransom. The group also claimed responsibility for a recent breach involving Discord…
A Little Sunshine, Data Breaches, Exploits, Global Security News, Ne'er-Do-Well News, Ransomware
Feds Tie ‘Scattered Spider’ Duo to $115M in Ransoms
U.S. prosecutors last week levied criminal hacking charges against 19-year-old U.K. national Thalha Jubair for allegedly being a core member of Scattered Spider, a prolific cybercrime group blamed for extorting at least $115 million in ransom payments from victims. The charges came as Jubair and an alleged co-conspirator appeared in a London court to face…
A Little Sunshine, Europe, Global Security News, Latest Warnings, Ne'er-Do-Well News, Russia's War on Ukraine
Bulletproof Host Stark Industries Evades EU Sanctions
In May 2025, the European Union levied financial sanctions on the owners of Stark Industries Solutions Ltd., a bulletproof hosting provider that materialized two weeks before Russia invaded Ukraine and quickly became a top source of Kremlin-linked cyberattacks and disinformation campaigns. But new findings show those sanctions have done little to stop Stark from simply rebranding…
A Little Sunshine, Data Breaches, Global Security News, Latest Warnings, The Coming Storm
18 Popular Code Packages Hacked, Rigged to Steal Crypto
At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The attack appears to have been quickly contained and was narrowly focused on stealing cryptocurrency. But experts warn that a…
A Little Sunshine, Alphabet, Global Security News
GOP Cries Censorship Over Spam Filters That Work
The chairman of the Federal Trade Commission (FTC) last week sent a letter to Google’s CEO demanding to know why Gmail was blocking messages from Republican senders while allegedly failing to block similar missives supporting Democrats. The letter followed media reports accusing Gmail of disproportionately flagging messages from the GOP fundraising platform WinRed and sending…
A Little Sunshine, Data Breaches, Exploits, Global Security News, Latest Warnings, The Coming Storm
The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft
The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many companies racing to invalidate the stolen credentials before hackers can exploit them. Now Google warns the breach goes far beyond access to Salesforce data, noting…
A Little Sunshine, Gambler Panel, Global Security News, Latest Warnings, The Coming Storm, Web Fraud 2.0
Affiliates Flock to ‘Soulless’ Scam Gambling Machine
Last month, KrebsOnSecurity tracked the sudden emergence of hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. We’ve since learned that these scam gambling sites have proliferated thanks to a new Russian affiliate program called “Gambler Panel” that bills itself…
A Little Sunshine, Breadcrumbs, Global Security News, Internet of Things (IoT), Latest Warnings
DSLRoot, Proxies, and the Threat of ‘Legal Botnets’
The cybersecurity community on Reddit responded in disbelief this month when a self-described Air National Guard member with top secret security clearance began questioning the arrangement they’d made with company called DSLRoot, which was paying $250 a month to plug a pair of laptops into the Redditor’s high-speed Internet connection in the United States. This…
A Little Sunshine, Elliott Peterson, Exploits, Global Security News, Ne'er-Do-Well News
Oregon Man Charged in ‘Rapper Bot’ DDoS Service
A 22-year-old Oregon man has been arrested on suspicion of operating “Rapper Bot,” a massive botnet used to power a service for launching distributed denial-of-service (DDoS) attacks against targets — including a March 2025 DDoS that knocked Twitter/X offline. The Justice Department asserts the suspect and an unidentified co-conspirator rented out the botnet to online…
A Little Sunshine, Asia Pacific, Global Security News, Ne'er-Do-Well News, The Coming Storm, Web Fraud 2.0
Mobile Phishers Target Brokerage Accounts in ‘Ramp and Dump’ Cashout Scheme
Cybercriminal groups peddling sophisticated phishing kits that convert stolen card data into mobile wallets have recently shifted their focus to targeting customers of brokerage services, new research shows. Undeterred by security controls at these trading platforms that block users from wiring funds directly out of accounts, the phishers have pivoted to using multiple compromised brokerage…
A Little Sunshine, Europe, Global Security News, John Smedley, Joni Soila, Ne'er-Do-Well News, Ransomware
KrebsOnSecurity in New ‘Most Wanted’ HBO Max Series
A new documentary series about cybercrime airing next month on HBO Max features interviews with Yours Truly. The four-part series follows the exploits of Julius Kivimäki, a prolific Finnish hacker recently convicted of leaking tens of thousands of patient records from an online psychotherapy practice while attempting to extort the clinic and its patients. The…
A Little Sunshine, Global Security News, Latest Warnings, Web Fraud 2.0
Scammers Unleash Flood of Slick Online Gaming Sites
Fraudsters are flooding Discord and other social media platforms with ads for hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. Here’s a closer look at the social engineering tactics and remarkable traits of this sprawling network of more than…
A Little Sunshine, Breadcrumbs, Global Security News, Ne'er-Do-Well News, Target: Small Businesses
Phishers Target Aviation Execs to Scam Customers
KrebsOnSecurity recently heard from a reader whose boss’s email account got phished and was used to trick one of the company’s customers into sending a large payment to scammers. An investigation into the attacker’s infrastructure points to a long-running Nigerian cybercrime ring that is actively targeting established companies in the transportation and aviation industries. Image:…
A Little Sunshine, Data Breaches, Global Security News, Hive Systems, Ian Carroll
Poor Passwords Tattle on AI Hiring Bot Maker Paradox.ai
Security researchers recently revealed that the personal information of millions of people who applied for jobs at McDonald’s was exposed after they guessed the password (“123456”) for the fast food chain’s account at Paradox.ai, a company that makes artificial intelligence based hiring chatbots used by many Fortune 500 companies. Paradox.ai said the security oversight was…
A Little Sunshine, Data Breaches, doge, Global IT News, Global Security News, The Coming Storm
DOGE Denizen Marko Elez Leaked API Key for xAI
Marko Elez, a 25-year-old employee at Elon Musk’s Department of Government Efficiency (DOGE), has been granted access to sensitive databases at the U.S. Social Security Administration, the Treasury and Justice departments, and the Department of Homeland Security. So it should fill all Americans with a deep sense of confidence to learn that Mr. Elez over…
A Little Sunshine, Asia Pacific, Global Security News, Latest Warnings, Ne'er-Do-Well News, Web Fraud 2.0
Big Tech’s Mixed Response to U.S. Treasury Sanctions
In May 2025, the U.S. government sanctioned a Chinese national for operating a cloud provider linked to the majority of virtual currency investment scam websites reported to the FBI. But a new report finds the accused continues to operate a slew of established accounts at American tech companies — including Facebook, Github, PayPal and Twitter/X.…
A Little Sunshine, Exploits, Global Security News, Latest Warnings, Security Tools, The Coming Storm, Time to Patch
Senator Chides FBI for Weak Advice on Mobile Security
Agents with the Federal Bureau of Investigation (FBI) briefed Capitol Hill staff recently on hardening the security of their mobile devices, after a contacts list stolen from the personal phone of the White House Chief of Staff Susie Wiles was reportedly used to fuel a series of text messages and phone calls impersonating her to…
A Little Sunshine, Global Security News, Ne'er-Do-Well News, Web Fraud 2.0
Inside a Dark Adtech Empire Fed by Fake CAPTCHAs
Late last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same malicious advertising technology that powers a sprawling ecosystem of online hucksters and website hackers. A new report on the fallout from that investigation finds this dark ad tech industry is far more…
A Little Sunshine, Amazon, Europe, Global Security News, Russia's War on Ukraine, Time to Patch, Web Fraud 2.0
Proxy Services Feast on Ukraine’s IP Address Exodus
Image: Mark Rademaker, via Shutterstock. Ukraine has seen nearly one-fifth of its Internet space come under Russian control or sold to Internet address brokers since February 2022, a new study finds. The analysis indicates large chunks of Ukrainian Internet address space are now in the hands of shadowy proxy and anonymity services that are nested…
A Little Sunshine, Amazon, Europe, Funnull, Global Security News, infrastructure laundering, Ivan Neculiti, Microsoft, Ne'er-Do-Well News, Silent Push, Stark Industrires Solutions Ltd, Suncity Group, Web Fraud 2.0, Yuri Neculiti, Zach Edwards
U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
Image: Shutterstock, ArtHead. The U.S. government today imposed economic sanctions on Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual currency investment scams known as “pig butchering.” In January 2025, KrebsOnSecurity detailed how Funnull was being used as a content delivery network that catered to…
A Little Sunshine, Breadcrumbs, FudCo, Fudpage, Fudtools, Global Security News, Hamad Nawaz, HeartSender, Hussnain Haider, Muhammad Adeel Akram, Muhammad Aslam, Muhammad Nowsherwan, Muhammad Umar Irshad, National Cyber Crime Investigation Agency, NCCIA Director Abdul Ghaffar, Ne'er-Do-Well News, Rameez Shahzad, Saim Raza, Scylla Intel, Syed Saim Ali Shah, Usama Farooq, Usama Mehmood, WeCodeSolutions, Yasir Ali
Pakistan Arrests 21 in ‘Heartsender’ Malware Service
Authorities in Pakistan have arrested 21 individuals accused of operating “Heartsender,” a once popular spam and malware dissemination service that operated for more than a decade. The main clientele for HeartSender were organized crime groups that tried to trick victim companies into making payments to a third party, and its alleged proprietors were publicly identified…
A Little Sunshine, eset, fbi, Flashpoint, Global Security News, Google, Intel 471, JimmBee, lumen, Lumma Stealer, Maffiozi, Microsoft, Ne'er-Do-Well News, North America, Onix, proofpoint, Russia's War on Ukraine, team cyrmu, U.S. Department of Justice, Zscaler
Oops: DanaBot Malware Devs Infected Their Own PCs
The U.S. government today unsealed criminal charges against 16 individuals accused of operating and selling DanaBot, a prolific strain of information-stealing malware that has been sold on Russian cybercrime forums since 2018. The FBI says a newer version of DanaBot was used for espionage, and that many of the defendants exposed their real-life identities after…
A Little Sunshine, Breadcrumbs, CloudFlare, DDoS, fbi, Forky, Global Security News, Internet of Things (IoT), Jigsaw, Kaike Southier Leite, Mirai, Ne'er-Do-Well News, Project Shield, QiAnXin XLab, stresser, The Coming Storm, U.S. Department of Justice, yfork
KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS
KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data). The brief attack appears to have been a test run for a massive new Internet of Things (IoT) botnet capable of launching…
A Little Sunshine, Asia Pacific, BreachForums, Data Breaches, Global Security News, Jill Fertel, mark rasch, Ne'er-Do-Well News, Nonstop Health, Pompompurin, RaidForums, Unit 221B
Breachforums Boss to Pay $700k in Healthcare Breach
In what experts are calling a novel legal outcome, the 22-year-old former administrator of the cybercrime community Breachforums will forfeit nearly $700,000 to settle a civil lawsuit from a health insurance company whose customer data was posted for sale on the forum in 2023. Conor Brian Fitzpatrick, a.k.a. “Pompompurin,” is slated for resentencing next month…
A Little Sunshine, Breadcrumbs, eWorldTrade, Federal Investigation Agency, Global Security News, Intersys Limited, Junaid Mansoor, Majestic Ghostwriting, Muhammad Burhan Mirza, NatInfoSec, Ne'er-Do-Well News, North America, Octa Group Technologies AU, Qasim Mansoor, Retrocube LLC, The New York Times, U.S. Department of Justice, U.S. Patent and Trademark Office, Vertical Minds LLC, Web Fraud 2.0
Pakistani Firm Shipped Fentanyl Analogs, Scams to US
A Texas firm recently charged with conspiring to distribute synthetic opioids in the United States is at the center of a vast network of companies in the U.S. and Pakistan whose employees are accused of using online ads to scam westerners seeking help with trademarks, book writing, mobile app development and logo designs, a new…
A Little Sunshine, Department of Government Efficiency, doge, Eric Fourrier, General Services Administration, GitGuardian, GitHub, Global Security News, Grok, GSAi, Latest Warnings, Philippe Caturegli, Reuters, Seralys, SpaceX, Tesla, The Coming Storm, The Washington Post, twitter/x, xAI
xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs
An employee at Elon Musk’s artificial intelligence company xAI leaked a private key on GitHub that for the past two months could have allowed anyone to query private xAI large language models (LLMs) which appear to have been custom made for working with internal data from Musk’s companies, including SpaceX, Tesla and Twitter/X, KrebsOnSecurity has learned.…
A Little Sunshine, Evans Osiebo, Global Security News, Group-IB, Joel Evans, lastpass, Mailchimp, MGM, Ne'er-Do-Well News, Noah Urban, North America, Ransomware, Scattered Spider, SIM Swapping, Twilio, Tyler Robert Buchanan, Tylerb
Alleged ‘Scattered Spider’ Member Extradited to U.S.
A 23-year-old Scottish man thought to be a member of the prolific Scattered Spider cybercrime group was extradited last week from Spain to the United States, where he is facing charges of wire fraud, conspiracy and identity theft. U.S. prosecutors allege Tyler Robert Buchanan and co-conspirators hacked into dozens of companies in the United States…
A Little Sunshine, Department of Government Efficiency, doge, Ge0rg3, GitHub, Global Security News, Integuru, Labor Department, Marko Elez, National Labor Relations Board, Politico, The Coming Storm, The Wall Street Journal
DOGE Worker’s Code Supports NLRB Whistleblower
A whistleblower at the National Labor Relations Board (NLRB) alleged last week that denizens of Elon Musk’s Department of Government Efficiency (DOGE) siphoned gigabytes of data from the agency’s sensitive case files in early March. The whistleblower said accounts created for DOGE at the NLRB downloaded three code repositories from GitHub. Further investigation into one…
A Little Sunshine, Amazon, Cybersecurity and Infrastructure Security Agency, doge, GitHub, Global Security News, Lasharn Hamilton, Latest Warnings, Microsoft Azure, NPR, NxGen, SpaceX, The Coming Storm, Tim Bearese, US-CERT
Whistleblower: DOGE Siphoned NLRB Case Data
A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk‘s Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few traces of network activity. The NLRB whistleblower said the unusual large data outflows coincided with…
A Little Sunshine, CVE, Global Security News, Latest Warnings, Matt Tait, MITRE, The Coming Storm
Funding Expires for Key Cyber Vulnerability Database
A critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix security vulnerabilities in software and hardware is in danger of breaking down. The federally funded, non-profit research and development organization MITRE warned today that its contract to maintain the Common Vulnerabilities and Exposures (CVE) program — which is traditionally funded each…
A Little Sunshine, Asia Pacific, Department of Government Efficiency, doge, Electronic Frontier Foundation, Gen. Timothy Haugh, Global Security News, Heritage Foundation, Iowa Secretary of State Paul Pate, Latest Warnings, Martin Matishak, National Counterintelligence and Security Center, National Security Agency, Nevada Secretary of State Cisco Aguilar, Newsweek, Paul Rosenzweig, Pennsylvania Capital-Star, Raphael Satter, Reuters, Safeguard American Voter Eligibility Act (SAVE) Act, Secretary of the Commonwealth Al Schmidt, Sen. Mark Warner, Sen. Ron Wyden, Suzanne Smalley, The Coming Storm, The Guardian, The Record, The Wall Street Journal, The Washington Post, U.S. Cyber Command, U.S. Election Assistance Commission, Wendy Noble
Trump Revenge Tour Targets Cyber Leaders, Elections
President Trump last week revoked security clearances for Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA) who was fired by Trump after declaring the 2020 election the most secure in U.S. history. The White House memo, which also suspended clearances for other security professionals at Krebs’s employer SentinelOne, comes as…
A Little Sunshine, Asia Pacific, Ford Merrill, Global Security News, google android, imessage, Latest Warnings, Lighthouse, Mastercard, Ne'er-Do-Well News, ProDaft, Resecurity, SecAlliance, SilentPush, Smishing Triad, stripe, The Coming Storm, visa, Web Fraud 2.0, Xinxin Group, Z-NFC, Zach Edwards
China-based SMS Phishing Triad Pivots to Banks
China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called “Smishing Triad” mainly impersonated toll road operators and shipping companies. But experts say these groups are now directly targeting customers of international financial institutions, while dramatically expanding their cybercrime…
A Little Sunshine, fbi, Felician University, Global Security News, HarvardX, Kimberly Hanlon, Mark Lanterman, mark rasch, North America, Perkins Coie LLP, Sean Harrington, Stephen Allwine, The Coming Storm, U.S. Secret Service, Unit 221B, Upsala College
Cyber Forensic Expert in 2,000+ Cases Faces FBI Probe
A Minnesota cybersecurity and computer forensics expert whose testimony has featured in thousands of courtroom trials over the past 30 years is facing questions about his credentials and an inquiry from the Federal Bureau of Investigation (FBI). Legal experts say the inquiry could be grounds to reopen a number of adjudicated cases in which the…
A Little Sunshine, doge, Electronic Frontier Foundation, Facebook, Federal Communications Commission, First Amendment, Freedom of Information Act, Gannett, George Stephanopoulos, Global Security News, House Speaker Mike Johnson, Interfaith Alliance, Jeffrey Goldberg, Jenner & Block, Judge Richard Leon, Kate Ruane, Latest Warnings, Marc Elias, Meta CEO Mark Zuckerberg, National Security Advisor Michael Waltz, North America, NPR, Paramount, PBS, Pulitzer Prize board, Radio Free Asia, Radio Free Europe / Radio Liberty, Rev. Paul Brandeis Raushenbush, Secretary of State Marco Rubio, The Atlantic, The Coming Storm, The Des Moines Register, The New York Times, The Washington Post, Tony Bradley, U.S. Agency for Global Media, U.S. Agency for International Development, U.S. District Court Judge Royce Lamberth, U.S. District Judge James Boasberg, U.S. Immigration and Customs Enforcement, U.S. Supreme Court Justice John Roberts, Vice President JD Vance, Vice President Kamala Harris, Voice of America, WilmerHale
How Each Pillar of the 1st Amendment is Under Attack
“Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.” -U.S. Constitution, First Amendment. Image: Shutterstock, zimmytws. In an address…
A Little Sunshine, Freedom of Russia legion, Global Security News, Russia's War on Ukraine, Russian Volunteer Corps, Silent Push, Stark Industries Solutions Ltd, Yandex, Zach Edwards
When Getting Phished Puts You in Mortal Danger
Many successful phishing attacks result in a financial loss or malware infection. But falling for some phishing scams, like those currently targeting Russians searching online for organizations that are fighting the Kremlin war machine, can cost you your freedom or your life. The real website of the Ukrainian paramilitary group “Freedom of Russia” legion. The…
A Little Sunshine, Android, Asia Pacific, Ford Merrill, Global Security News, Google Apple, Ne'er-Do-Well News, SecAlliance, tap-to-pay fraud, The Coming Storm, Z-NFC
Arrests in Tap-to-Pay Scheme Powered by Phishing
Authorities in at least two U.S. states last week independently announced arrests of Chinese nationals accused of perpetrating a novel form of tap-to-pay fraud using mobile devices. Details released by authorities so far indicate the mobile wallets being used by the scammers were created through online phishing scams, and that the accused were relying on…
A Little Sunshine, Asia Pacific, doge, Fannie Mae, Global Security News, Hunter Strategy, Jake Williams, Kash Patel, Mike Masnick, National Security Agency, NBC News, Rob Joyce, Shane Harris, Starlink, Techdirt, The Atlantic, The Coming Storm, The New York Times, U.S. Citizenship and Immigration Services, U.S. Cybersecurity & Infrastructure Security Agency
DOGE to Fired CISA Staff: Email Us Your Personal Data
A message posted on Monday to the homepage of the U.S. Cybersecurity & Infrastructure Security Agency (CISA) is the latest exhibit in the Trump administration’s continued disregard for basic cybersecurity protections. The message instructed recently-fired CISA employees to get in touch so they can be rehired and then immediately placed on leave, asking employees to…
A Little Sunshine, Data Breaches, fbi, Global Security News, Karim Toubba, lastpass breach, Nick Bax, Ripple, Taylor Monahan, U.S. Secret Service, ZachXBT
Feds Link $150M Cyberheist to 2022 LastPass Hacks
In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking master passwords stolen from the password manager service LastPass in 2022. In a court filing this week, U.S. federal agents investigating a spectacular $150 million cryptocurrency heist said they had…
A Little Sunshine, Department of Government Efficiency, Elon Musk, Global Security News, INC, Ivan Y. Podvalov, Jacqueline Sweet, Maye Musk, Natalia Haldeman, Natalia Spikes, Radaris, Reeve Haldeman, Russian American Media, Russian Heritage Foundation, Russian Orthodox Church Outside of Russia, Scott Haldeman, SpaceX, Spikes Security, U.S. Digital Service
Who is the DOGE and X Technician Branden Spikes?
At 49, Branden Spikes isn’t just one of the oldest technologists who has been involved in Elon Musk’s Department of Government Efficiency (DOGE). As the current director of information technology at X/Twitter and an early hire at PayPal, Zip2, Tesla and SpaceX, Spikes is also among Musk’s most loyal employees. Here’s a closer look at…
A Little Sunshine, Global Security News, GootLoader, Interisle Consulting Group, Intrinsec, Kaspersky Lab, Kentik, Ne'er-Do-Well News, North America, Prospero OOO, Ransomware, Securehost, Silent Push, SocGholish, spamhaus, The Coming Storm, Zach Edwards
Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab
One of the most notorious providers of abuse-friendly “bulletproof” web hosting for cybercriminals has started routing its operations through networks run by the Russian antivirus and security firm Kaspersky Lab, KrebsOnSecurity has learned. Security experts say the Russia-based service provider Prospero OOO (the triple O is the Russian version of “LLC”) has long been a…
A Little Sunshine, Coinbase, Cybersecurity and Infrastructure Security Agency, Department of Government Efficiency, Department of Justice, Edward Coristine, Gavin Kliger, Global Investigative Journalism Network, Global Security News, Hunter Labs, Internal Revenue Service, Jacob Silverman, Jacob Williams, Katie Arrington, KleptoCapture Task Force, Kleptocracy Asset Recovery Initiative, Latest Warnings, Leland Dudek, lizardstresser, Michelle King, Natalya Martynova, national institute of standards and technology, National Treasury Employees Union, North America, office of management and budget, Office of Personnel Management, Organized Crime and Corruption Reporting Project, president donald trump, Project 2025, Rep. Andy Ogles, Russia's War on Ukraine, Sean Cairncross, Social Security Administration, Starlink, The Coming Storm, Treasury Department, U.S. Agency for International Development, U.S. Foreign Corrupt Practices Act, U.S. Securities and Exchange Commission, Valery Martynov, Vladimir Putin, Volodymyr Zelensky
Trump 2.0 Brings Cuts to Cyber, Consumer Protections
One month into his second term, President Trump’s actions to shrink the government through mass layoffs, firings and withholding funds allocated by Congress have thrown federal cybersecurity and consumer protection programs into disarray. At the same time, agencies are battling an ongoing effort by the world’s richest man to wrest control over their networks and…
A Little Sunshine, Apple, Asia Pacific, Ford Merrill, ghost tap, Global Security News, Google, Grant Smith, imessage, M3AAWG, RCS, Resecurity, SecAlliance, smishing, The Coming Storm, ThreatFabric, Web Fraud 2.0, ZNFC
How Phished Data Turns into Apple & Google Wallets
Carding — the underground business of stealing, selling and swiping stolen payment card data — has long been the dominion of Russia-based hackers. Happily, the broad deployment of more secure chip-based payment cards in the United States has weakened the carding market. But a flurry of innovation from cybercrime groups in China is breathing new…
A Little Sunshine, Firefox, Global Security News, mozilla, Mozilla Monitor Plus, Nuwber, OneRep, Radaris
Nearly a Year Later, Mozilla is Still Promoting OneRep
In mid-March 2024, KrebsOnSecurity revealed that the founder of the personal data removal service Onerep also founded dozens of people-search companies. Shortly after that investigation was published, Mozilla said it would stop bundling Onerep with the Firefox browser and wind down its partnership with the company. But nearly a year later, Mozilla is still promoting it…
A Little Sunshine, doge, Edward Coristine, Elon Musk, Eric Taylor, Global Security News, Marshal Webb, Ne'er-Do-Well News, Neuralink, North America, Packetware, Path Networks, Rivage, Tesla Sexy LLC, The Com, The Coming Storm, Tucker Preston, Wired
Teen on Musk’s DOGE Team Graduated from ‘The Com’
Wired reported this week that a 19-year-old working for Elon Musk‘s so-called Department of Government Efficiency (DOGE) was given access to sensitive US government systems even though his past association with cybercrime communities should have precluded him from gaining the necessary security clearances to do so. As today’s story explores, the DOGE teen is a…
A Little Sunshine, Apple, Artificial Intelligence, bytedance, china, deepseek, Global Security News, iOS, Latest Warnings, NowSecure, The Coming Storm, Volcengine
Experts Flag Security, Privacy Risks in DeepSeek AI App
New mobile apps from the Chinese artificial intelligence (AI) company DeepSeek have remained among the top three “free” downloads for Apple and Google devices since their debut on Jan. 25, 2025. But experts caution that many of DeepSeek’s design choices — such as using hard-coded encryption keys, and sending unencrypted user and device data to…
A Little Sunshine, Breadcrumbs, Europe, Finn Alexander Grimpe, finn@shoppy.gg, finndev, floriaN, Florian Marzahl, Global Security News, HRB 164175, Intel 471, Lucas Sohn, Northdata.com, nulled, olivia.messla@outlook.de, Operation Talent, Sellix, Shoppy Ecommerce Ltd, StarkRDP
Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?
The FBI joined authorities across Europe last week in seizing domain names for Cracked and Nulled, English-language cybercrime forums with millions of users that trafficked in stolen data, hacking tools and malware. An investigation into the history of these communities shows their apparent co-founders quite openly operate an Internet service provider and a pair of…
A Little Sunshine, Breadcrumbs, Exploits, fbi, FudCo, Fudpage, Fudtools, Global Security News, HeartSender, Ne'er-Do-Well News, Operation Talent, Saim Raza, Sellix, The Manipulaters, U.S. Department of Justice, WeCodeSolutions
FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang
The FBI and authorities in The Netherlands this week seized dozens of servers and domains for a hugely popular spam and malware dissemination service operating out of Pakistan. The proprietors of the service, who use the collective nickname “The Manipulaters,” have been the subject of three stories published here since 2015. The FBI said the…
A Little Sunshine, Asia Pacific, Fangneng CDN, Funnull, Global Security News, infrastructure laundering, Microsoft Azure, Ne'er-Do-Well News, NETSCOUT, NoName057(16), polyfill, Richard Hummel, Silent Push, Suncity Group, Time to Patch, U.S. Department of Commerce, Web Fraud 2.0, Zach Edwards
Infrastructure Laundering: Blending in with the Cloud
Image: Shutterstock, ArtHead. In an effort to blend in and make their malicious traffic tougher to block, hosting firms catering to cybercriminals in China and Russia increasingly are funneling their operations through major U.S. cloud providers. Research published this week on one such outfit — a sprawling network tied to Chinese organized crime gangs and…
A Little Sunshine, Global Security News, House Judiciary Committee's Select Subcommittee on the Weaponization of the Federal Government, Jack Goldsmith, Joe Hall, John Durham, Lawfare, Melania Trump, Michael Sussman, North America, Quinta Jurecic, Rep. Jim Jordan, The Coming Storm, United States Council on Transnational Organized Crime, World Liberty Financial
A Tumultuous Week for Federal Cybersecurity Efforts
Image: Shutterstock. Greg Meland. President Trump last week issued a flurry of executive orders that upended a number of government initiatives focused on improving the nation’s cybersecurity posture. The president fired all advisors from the Department of Homeland Security’s Cyber Safety Review Board, called for the creation of a strategic cryptocurrency reserve, and voided a…
A Little Sunshine, CloudFlare, Global Security News, Google, How to Break Into Security, Mastercard, Philippe Caturegli, Seralys
MasterCard DNS Error Went Unnoticed for Years
The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name. The misconfiguration persisted for nearly five years until a security researcher spent $300 to register the domain and prevent…
A Little Sunshine, Asia Pacific, EZDriveMA, fbi, Ford Merrill, Global Security News, ic3, imessage, Latest Warnings, Lighthouse, MassDOT, North Texas Toll Authority, RCS, SecAlliance, smishing, SMS phishing, Sunpass, The Toll Roads, Web Fraud 2.0
Chinese Innovations Spawn Wave of Toll Phishing Via SMS
Residents across the United States are being inundated with text messages purporting to come from toll road operators like E-ZPass, warning that recipients face fines if a delinquent toll fee remains unpaid. Researchers say the surge in SMS spam coincides with new features added to a popular commercial phishing kit sold in China that makes…
A Little Sunshine, Coinbase, discord, Emerging Tech, Global Security News, Latest Warnings, Lookout, Mark Cuban, Perm, Shark Tank, Star Fraud, Stotle, Telegram, The Coming Storm, Trezor, Unit 221B, voice phishing, Web Fraud 2.0
A Day in the Life of a Prolific Voice Phishing Crew
Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gang show the group routinely abuses legitimate services at Apple and Google to force a variety…
A Little Sunshine, Global Security News, Judische, Kiberphant0m, Ne'er-Do-Well News, North America, Unit 221B
U.S. Army Soldier Arrested in AT&T, Verizon Extortions
Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon. As first reported by KrebsOnSecurity last month, the accused is a communications specialist who was recently stationed in South…
A Little Sunshine, Asia Pacific, Breadcrumbs, Fin7, Global Security News, Invicti Security, Matt Sciberras, Ne'er-Do-Well News, Neil Roseman, ori0nbusiness@protonmail.com, Silent Push, The Coming Storm, U.S. Department of Health and Human Services, Zach Edwards
Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm
Cybercriminals are selling hundreds of thousands of credential sets stolen with the help of a cracked version of Acunetix, a powerful commercial web app vulnerability scanner, new research finds. The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology…
A Little Sunshine, Coinbase, Gemini AI, Global Security News, Google Assistant, Google Docs, Google Forms, Google Photos, Graham Cluely, Junseth, Latest Warnings, Minecraft, Ne'er-Do-Well News, SwanCoin, Trezor, Web Fraud 2.0
How to Lose a Fortune with Just One Bad Click
Image: Shutterstock, iHaMoo. Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and ultimately seized control over the account by convincing him to…
A Little Sunshine, Breadcrumbs, CloudFlare, Global Security News, Russia's War on Ukraine, Web Fraud 2.0
How Cryptocurrency Turns to Cash in Russian Banks
A financial firm registered in Canada has emerged as the payment processor for dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services aimed at Russian-speaking customers, new research finds. Meanwhile, an investigation into the Vancouver street address used by this company shows it is home to dozens of foreign currency dealers, money transfer businesses,…
A Little Sunshine, Global Security News, Latest Warnings, malware, Messaging, North America, phishing, spam, The Coming Storm
Why Phishers Love New TLDs Like .shop, .top and .xyz
Phishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains (gTLDs) — such as .shop, .top, .xyz — that attract scammers with rock-bottom prices and no meaningful registration requirements, new research finds. Meanwhile, the nonprofit entity that oversees…
A Little Sunshine, AT&T, Global Security News, John Erin Binns, Judische, Kiberphant0m, Ne'er-Do-Well News, North America, Ransomware, Snowflake, South Korea, The Coming Storm
Hacker in Snowflake Extortions May Be a U.S. Soldier
Two men have been arrested for allegedly stealing data from and extorting dozens of companies that used the cloud data storage company Snowflake, but a third suspect — a prolific hacker known as Kiberphant0m — remains at large and continues to publicly extort victims. However, this person’s identity may not remain a secret for long:…
A Little Sunshine, Global Security News, lastpass, Mailchimp, Ne'er-Do-Well News, Scattered Spider, SIM Swapping, T-Mobile, Twilio, Tylerb
Feds Charge Five Men in ‘Scattered Spider’ Roundup
Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass, MailChimp, Okta, T-Mobile and Twilio. A visual depiction of the attacks by the SMS phishing group known…
A Little Sunshine, Data Breaches, Global Security News, Helkern, Home Depot breach, Hydra Market, MikeMike, Mikhail Lenin, Mikhail Shefel, Ne'er-Do-Well News, North America, pavel vrublevsky, Peter Vrublevsky, Pharma Wars, Sprut, Sugar ransomware, target breach
An Interview With the Target & Home Depot Hacker
In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator, the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Moscow resident Mikhail Shefel, who confirmed using the Rescator identity in a recent interview, also admitted reaching out because he…
A Little Sunshine, emergency data request, fake EDR, fbi, Global Security News, Kodex, Latest Warnings, Matt Donahue, North America, pwnstar, The Coming Storm, Web Fraud 2.0
FBI: Spike in Hacked Police Emails, Fake Subpoenas
The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based technology companies. In an alert (PDF) published this week, the FBI…