A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swatting executives and their families, all while notifying journalists and regulators about the extent of the intrusion. Some victims reportedly are paying — perhaps as much…
Category: The Coming Storm
Asia Pacific, Global Security News, Internet of Things (IoT), Latest Warnings, The Coming Storm, Web Fraud 2.0
Kimwolf Botnet Lurking in Corporate, Govt. Networks
A new Internet-of-Things (IoT) botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and to relay other malicious and abusive Internet traffic. Kimwolf’s ability to scan the local networks of compromised systems for other IoT devices to infect makes it a sobering…
Exploits, Global Security News, Latest Warnings, The Coming Storm, Time to Patch
Patch Tuesday, January 2026 Edition
Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. Eight of the vulnerabilities earned Microsoft’s most-dire “critical” rating, and the company warns that attackers are already exploiting one of the bugs fixed today. January’s Microsoft zero-day flaw — CVE-2026-20805 — is brought to us…
doge, Global Security News, Latest Warnings, Ne'er-Do-Well News, North America, The Coming Storm
Dismantling Defenses: Trump 2.0 Cyber Year in Review
The Trump administration has pursued a staggering range of policy pivots this past year that threaten to weaken the nation’s ability and willingness to address a broad spectrum of technology challenges, from cybersecurity and privacy to countering disinformation, fraud and corruption. These shifts, along with the president’s efforts to restrict free speech and freedom of…
Exploits, Global Security News, Latest Warnings, The Coming Storm, Time to Patch
Microsoft Patch Tuesday, December 2025 Edition
Microsoft today pushed updates to fix at least 56 security flaws in its Windows operating systems and supported software. This final Patch Tuesday of 2025 tackles one zero-day bug that is already being exploited, as well as two publicly disclosed vulnerabilities. Despite releasing a lower-than-normal number of security updates these past few months, Microsoft patched…
A Little Sunshine, CloudFlare, Global Security News, Latest Warnings, The Coming Storm
The Cloudflare Outage May Be a Security Roadmap
An intermittent outage at Cloudflare on Tuesday briefly knocked many of the Internet’s top destinations offline. Some affected Cloudflare customers were able to pivot away from the platform temporarily so that visitors could still access their websites. But security experts say doing so may have also triggered an impromptu network penetration test for organizations that…
A Little Sunshine, alibaba, Apple, Asia Pacific, Global Security News, The Coming Storm, Web Fraud 2.0
Google Sues to Disrupt Chinese SMS Phishing Triad
Google is suing more than two dozen unnamed individuals allegedly involved in peddling a popular China-based mobile phishing service that helps scammers impersonate hundreds of trusted brands, blast out text message lures, and convert phished payment card data into mobile wallets from Apple and Google. In a lawsuit filed in the Southern District of New…
A Little Sunshine, Asia Pacific, Global Security News, Internet of Things (IoT), Latest Warnings, The Coming Storm
Drilling Down on Uncle Sam’s Proposed TP-Link Ban
The U.S. government is reportedly preparing to ban the sale of wireless routers and other networking gear from TP-Link Systems, a tech company that currently enjoys an estimated 50% market share among home users and small businesses. Experts say while the proposed ban may have more to do with TP-Link’s ties to China than any…
A Little Sunshine, Global Security News, Internet of Things (IoT), North America, The Coming Storm, Web Fraud 2.0
Aisuru Botnet Shifts from DDoS to Residential Proxies
Aisuru, the botnet responsible for a series of record-smashing distributed denial-of-service (DDoS) attacks this year, recently was overhauled to support a more low-key, lucrative and sustainable business: Renting hundreds of thousands of infected Internet of Things (IoT) devices to proxy services that help cybercriminals anonymize their traffic. Experts says a glut of proxies from Aisuru…
A Little Sunshine, Global Security News, Latest Warnings, The Coming Storm, Web Fraud 2.0
Email Bombs Exploit Lax Authentication in Zendesk
Cybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with menacing messages that come from hundreds of Zendesk corporate customers simultaneously. Zendesk is an automated help desk service designed to make it simple for people to contact companies for customer support issues. Earlier this week,…
Global Security News, Internet of Things (IoT), Latest Warnings, The Coming Storm, Web Fraud 2.0
DDoS Botnet Aisuru Blankets US ISPs in Record DDoS
The world’s largest and most disruptive botnet is now drawing a majority of its firepower from compromised Internet-of-Things (IoT) devices hosted on U.S. Internet providers like AT&T, Comcast and Verizon, new evidence suggests. Experts say the heavy concentration of infected devices at U.S. providers is complicating efforts to limit collateral damage from the botnet’s attacks,…
A Little Sunshine, Exploits, Global Security News, Latest Warnings, Ne'er-Do-Well News, Ransomware, The Coming Storm
ShinyHunters Wage Broad Corporate Extortion Spree
A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen from dozens of Fortune 500 firms if they refuse to pay a ransom. The group also claimed responsibility for a recent breach involving Discord…
Global Security News, Latest Warnings, The Coming Storm, Time to Patch, Web Fraud 2.0
Self-Replicating Worm Hits 180+ Software Packages
At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more credentials every time an infected package…
Apple, Exploits, Global Security News, Latest Warnings, The Coming Storm, Time to Patch
Microsoft Patch Tuesday, September 2025 Edition
Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known “zero-day” or actively exploited vulnerabilities in this month’s bundle from Redmond, which nevertheless includes patches for 13 flaws that earned Microsoft’s most-dire “critical” label. Meanwhile, both Apple and Google recently released updates…
A Little Sunshine, Data Breaches, Global Security News, Latest Warnings, The Coming Storm
18 Popular Code Packages Hacked, Rigged to Steal Crypto
At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The attack appears to have been quickly contained and was narrowly focused on stealing cryptocurrency. But experts warn that a…
A Little Sunshine, Data Breaches, Exploits, Global Security News, Latest Warnings, The Coming Storm
The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft
The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many companies racing to invalidate the stolen credentials before hackers can exploit them. Now Google warns the breach goes far beyond access to Salesforce data, noting…
A Little Sunshine, Gambler Panel, Global Security News, Latest Warnings, The Coming Storm, Web Fraud 2.0
Affiliates Flock to ‘Soulless’ Scam Gambling Machine
Last month, KrebsOnSecurity tracked the sudden emergence of hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. We’ve since learned that these scam gambling sites have proliferated thanks to a new Russian affiliate program called “Gambler Panel” that bills itself…
A Little Sunshine, Asia Pacific, Global Security News, Ne'er-Do-Well News, The Coming Storm, Web Fraud 2.0
Mobile Phishers Target Brokerage Accounts in ‘Ramp and Dump’ Cashout Scheme
Cybercriminal groups peddling sophisticated phishing kits that convert stolen card data into mobile wallets have recently shifted their focus to targeting customers of brokerage services, new research shows. Undeterred by security controls at these trading platforms that block users from wiring funds directly out of accounts, the phishers have pivoted to using multiple compromised brokerage…
Exploits, Global Security News, Latest Warnings, The Coming Storm, Time to Patch
Microsoft Patch Tuesday, August 2025 Edition
Microsoft today released updates to fix more than 100 security flaws in its Windows operating systems and other software. At least 13 of the bugs received Microsoft’s most-dire “critical” rating, meaning they could be abused by malware or malcontents to gain remote access to a Windows system with little or no help from users. August’s…
Breadcrumbs, Exploits, Global Security News, Ne'er-Do-Well News, Ransomware, The Coming Storm
Who Got Arrested in the Raid on the XSS Crime Forum?
On July 22, 2025, the European police agency Europol said a long-running investigation led by the French Police resulted in the arrest of a 38-year-old administrator of XSS, a Russian-language cybercrime forum with more than 50,000 members. The action has triggered an ongoing frenzy of speculation and panic among XSS denizens about the identity of the…
CISA, Exploits, Global Security News, Latest Warnings, The Coming Storm, Time to Patch
Microsoft Fix Targets Attacks on SharePoint Zero-Day
On Sunday, July 20, Microsoft Corp. issued an emergency security update for a vulnerability in SharePoint Server that is actively being exploited to compromise vulnerable organizations. The patch comes amid reports that malicious hackers have used the Sharepoint flaw to breach U.S. federal and state agencies, universities, and energy companies. Image: Shutterstock, by Ascannio. In…
A Little Sunshine, Data Breaches, doge, Global IT News, Global Security News, The Coming Storm
DOGE Denizen Marko Elez Leaked API Key for xAI
Marko Elez, a 25-year-old employee at Elon Musk’s Department of Government Efficiency (DOGE), has been granted access to sensitive databases at the U.S. Social Security Administration, the Treasury and Justice departments, and the Department of Homeland Security. So it should fill all Americans with a deep sense of confidence to learn that Mr. Elez over…
A Little Sunshine, Exploits, Global Security News, Latest Warnings, Security Tools, The Coming Storm, Time to Patch
Senator Chides FBI for Weak Advice on Mobile Security
Agents with the Federal Bureau of Investigation (FBI) briefed Capitol Hill staff recently on hardening the security of their mobile devices, after a contacts list stolen from the personal phone of the White House Chief of Staff Susie Wiles was reportedly used to fuel a series of text messages and phone calls impersonating her to…
A Little Sunshine, Breadcrumbs, CloudFlare, DDoS, fbi, Forky, Global Security News, Internet of Things (IoT), Jigsaw, Kaike Southier Leite, Mirai, Ne'er-Do-Well News, Project Shield, QiAnXin XLab, stresser, The Coming Storm, U.S. Department of Justice, yfork
KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS
KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data). The brief attack appears to have been a test run for a massive new Internet of Things (IoT) botnet capable of launching…
Exploits, Global Security News, Immersive Labs, Kev Breen, Latest Warnings, Microsoft Patch Tuesday May 2025, Rapid7, The Coming Storm, Time to Patch, Windows Common Log File System
Patch Tuesday, May 2025 Edition
Microsoft on Tuesday released software updates to fix at least 70 vulnerabilities in Windows and related products, including five zero-day flaws that are already seeing active exploitation. Adding to the sense of urgency with this month’s patch batch from Redmond are fixes for two other weaknesses that now have public proof-of-concept exploits available. Microsoft and…
A Little Sunshine, Department of Government Efficiency, doge, Eric Fourrier, General Services Administration, GitGuardian, GitHub, Global Security News, Grok, GSAi, Latest Warnings, Philippe Caturegli, Reuters, Seralys, SpaceX, Tesla, The Coming Storm, The Washington Post, twitter/x, xAI
xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs
An employee at Elon Musk’s artificial intelligence company xAI leaked a private key on GitHub that for the past two months could have allowed anyone to query private xAI large language models (LLMs) which appear to have been custom made for working with internal data from Musk’s companies, including SpaceX, Tesla and Twitter/X, KrebsOnSecurity has learned.…
A Little Sunshine, Department of Government Efficiency, doge, Ge0rg3, GitHub, Global Security News, Integuru, Labor Department, Marko Elez, National Labor Relations Board, Politico, The Coming Storm, The Wall Street Journal
DOGE Worker’s Code Supports NLRB Whistleblower
A whistleblower at the National Labor Relations Board (NLRB) alleged last week that denizens of Elon Musk’s Department of Government Efficiency (DOGE) siphoned gigabytes of data from the agency’s sensitive case files in early March. The whistleblower said accounts created for DOGE at the NLRB downloaded three code repositories from GitHub. Further investigation into one…
A Little Sunshine, Amazon, Cybersecurity and Infrastructure Security Agency, doge, GitHub, Global Security News, Lasharn Hamilton, Latest Warnings, Microsoft Azure, NPR, NxGen, SpaceX, The Coming Storm, Tim Bearese, US-CERT
Whistleblower: DOGE Siphoned NLRB Case Data
A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk‘s Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few traces of network activity. The NLRB whistleblower said the unusual large data outflows coincided with…
A Little Sunshine, CVE, Global Security News, Latest Warnings, Matt Tait, MITRE, The Coming Storm
Funding Expires for Key Cyber Vulnerability Database
A critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix security vulnerabilities in software and hardware is in danger of breaking down. The federally funded, non-profit research and development organization MITRE warned today that its contract to maintain the Common Vulnerabilities and Exposures (CVE) program — which is traditionally funded each…
A Little Sunshine, Asia Pacific, Department of Government Efficiency, doge, Electronic Frontier Foundation, Gen. Timothy Haugh, Global Security News, Heritage Foundation, Iowa Secretary of State Paul Pate, Latest Warnings, Martin Matishak, National Counterintelligence and Security Center, National Security Agency, Nevada Secretary of State Cisco Aguilar, Newsweek, Paul Rosenzweig, Pennsylvania Capital-Star, Raphael Satter, Reuters, Safeguard American Voter Eligibility Act (SAVE) Act, Secretary of the Commonwealth Al Schmidt, Sen. Mark Warner, Sen. Ron Wyden, Suzanne Smalley, The Coming Storm, The Guardian, The Record, The Wall Street Journal, The Washington Post, U.S. Cyber Command, U.S. Election Assistance Commission, Wendy Noble
Trump Revenge Tour Targets Cyber Leaders, Elections
President Trump last week revoked security clearances for Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA) who was fired by Trump after declaring the 2020 election the most secure in U.S. history. The White House memo, which also suspended clearances for other security professionals at Krebs’s employer SentinelOne, comes as…
A Little Sunshine, Asia Pacific, Ford Merrill, Global Security News, google android, imessage, Latest Warnings, Lighthouse, Mastercard, Ne'er-Do-Well News, ProDaft, Resecurity, SecAlliance, SilentPush, Smishing Triad, stripe, The Coming Storm, visa, Web Fraud 2.0, Xinxin Group, Z-NFC, Zach Edwards
China-based SMS Phishing Triad Pivots to Banks
China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called “Smishing Triad” mainly impersonated toll road operators and shipping companies. But experts say these groups are now directly targeting customers of international financial institutions, while dramatically expanding their cybercrime…
Exploits, Global Security News, ivanti, Latest Warnings, Microsoft, Satnam Narang, Security Tools, The Coming Storm, Time to Patch, Windows, Windows Remote Desktop Services
Patch Tuesday, April 2025 Edition
Microsoft today released updates to plug at least 121 security holes in its Windows operating systems and software, including one vulnerability that is already being exploited in the wild. Eleven of those flaws earned Microsoft’s most-dire “critical” rating, meaning malware or malcontents could exploit them with little to no interaction from Windows users. The zero-day…
A Little Sunshine, fbi, Felician University, Global Security News, HarvardX, Kimberly Hanlon, Mark Lanterman, mark rasch, North America, Perkins Coie LLP, Sean Harrington, Stephen Allwine, The Coming Storm, U.S. Secret Service, Unit 221B, Upsala College
Cyber Forensic Expert in 2,000+ Cases Faces FBI Probe
A Minnesota cybersecurity and computer forensics expert whose testimony has featured in thousands of courtroom trials over the past 30 years is facing questions about his credentials and an inquiry from the Federal Bureau of Investigation (FBI). Legal experts say the inquiry could be grounds to reopen a number of adjudicated cases in which the…
A Little Sunshine, doge, Electronic Frontier Foundation, Facebook, Federal Communications Commission, First Amendment, Freedom of Information Act, Gannett, George Stephanopoulos, Global Security News, House Speaker Mike Johnson, Interfaith Alliance, Jeffrey Goldberg, Jenner & Block, Judge Richard Leon, Kate Ruane, Latest Warnings, Marc Elias, Meta CEO Mark Zuckerberg, National Security Advisor Michael Waltz, North America, NPR, Paramount, PBS, Pulitzer Prize board, Radio Free Asia, Radio Free Europe / Radio Liberty, Rev. Paul Brandeis Raushenbush, Secretary of State Marco Rubio, The Atlantic, The Coming Storm, The Des Moines Register, The New York Times, The Washington Post, Tony Bradley, U.S. Agency for Global Media, U.S. Agency for International Development, U.S. District Court Judge Royce Lamberth, U.S. District Judge James Boasberg, U.S. Immigration and Customs Enforcement, U.S. Supreme Court Justice John Roberts, Vice President JD Vance, Vice President Kamala Harris, Voice of America, WilmerHale
How Each Pillar of the 1st Amendment is Under Attack
“Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.” -U.S. Constitution, First Amendment. Image: Shutterstock, zimmytws. In an address…
A Little Sunshine, Android, Asia Pacific, Ford Merrill, Global Security News, Google Apple, Ne'er-Do-Well News, SecAlliance, tap-to-pay fraud, The Coming Storm, Z-NFC
Arrests in Tap-to-Pay Scheme Powered by Phishing
Authorities in at least two U.S. states last week independently announced arrests of Chinese nationals accused of perpetrating a novel form of tap-to-pay fraud using mobile devices. Details released by authorities so far indicate the mobile wallets being used by the scammers were created through online phishing scams, and that the accused were relying on…
A Little Sunshine, Asia Pacific, doge, Fannie Mae, Global Security News, Hunter Strategy, Jake Williams, Kash Patel, Mike Masnick, National Security Agency, NBC News, Rob Joyce, Shane Harris, Starlink, Techdirt, The Atlantic, The Coming Storm, The New York Times, U.S. Citizenship and Immigration Services, U.S. Cybersecurity & Infrastructure Security Agency
DOGE to Fired CISA Staff: Email Us Your Personal Data
A message posted on Monday to the homepage of the U.S. Cybersecurity & Infrastructure Security Agency (CISA) is the latest exhibit in the Trump administration’s continued disregard for basic cybersecurity protections. The message instructed recently-fired CISA employees to get in touch so they can be rehired and then immediately placed on leave, asking employees to…
A Little Sunshine, Global Security News, GootLoader, Interisle Consulting Group, Intrinsec, Kaspersky Lab, Kentik, Ne'er-Do-Well News, North America, Prospero OOO, Ransomware, Securehost, Silent Push, SocGholish, spamhaus, The Coming Storm, Zach Edwards
Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab
One of the most notorious providers of abuse-friendly “bulletproof” web hosting for cybercriminals has started routing its operations through networks run by the Russian antivirus and security firm Kaspersky Lab, KrebsOnSecurity has learned. Security experts say the Russia-based service provider Prospero OOO (the triple O is the Russian version of “LLC”) has long been a…
A Little Sunshine, Coinbase, Cybersecurity and Infrastructure Security Agency, Department of Government Efficiency, Department of Justice, Edward Coristine, Gavin Kliger, Global Investigative Journalism Network, Global Security News, Hunter Labs, Internal Revenue Service, Jacob Silverman, Jacob Williams, Katie Arrington, KleptoCapture Task Force, Kleptocracy Asset Recovery Initiative, Latest Warnings, Leland Dudek, lizardstresser, Michelle King, Natalya Martynova, national institute of standards and technology, National Treasury Employees Union, North America, office of management and budget, Office of Personnel Management, Organized Crime and Corruption Reporting Project, president donald trump, Project 2025, Rep. Andy Ogles, Russia's War on Ukraine, Sean Cairncross, Social Security Administration, Starlink, The Coming Storm, Treasury Department, U.S. Agency for International Development, U.S. Foreign Corrupt Practices Act, U.S. Securities and Exchange Commission, Valery Martynov, Vladimir Putin, Volodymyr Zelensky
Trump 2.0 Brings Cuts to Cyber, Consumer Protections
One month into his second term, President Trump’s actions to shrink the government through mass layoffs, firings and withholding funds allocated by Congress have thrown federal cybersecurity and consumer protection programs into disarray. At the same time, agencies are battling an ongoing effort by the world’s richest man to wrest control over their networks and…
A Little Sunshine, Apple, Asia Pacific, Ford Merrill, ghost tap, Global Security News, Google, Grant Smith, imessage, M3AAWG, RCS, Resecurity, SecAlliance, smishing, The Coming Storm, ThreatFabric, Web Fraud 2.0, ZNFC
How Phished Data Turns into Apple & Google Wallets
Carding — the underground business of stealing, selling and swiping stolen payment card data — has long been the dominion of Russia-based hackers. Happily, the broad deployment of more secure chip-based payment cards in the United States has weakened the carding market. But a flurry of innovation from cybercrime groups in China is breathing new…
A Little Sunshine, doge, Edward Coristine, Elon Musk, Eric Taylor, Global Security News, Marshal Webb, Ne'er-Do-Well News, Neuralink, North America, Packetware, Path Networks, Rivage, Tesla Sexy LLC, The Com, The Coming Storm, Tucker Preston, Wired
Teen on Musk’s DOGE Team Graduated from ‘The Com’
Wired reported this week that a 19-year-old working for Elon Musk‘s so-called Department of Government Efficiency (DOGE) was given access to sensitive US government systems even though his past association with cybercrime communities should have precluded him from gaining the necessary security clearances to do so. As today’s story explores, the DOGE teen is a…
A Little Sunshine, Apple, Artificial Intelligence, bytedance, china, deepseek, Global Security News, iOS, Latest Warnings, NowSecure, The Coming Storm, Volcengine
Experts Flag Security, Privacy Risks in DeepSeek AI App
New mobile apps from the Chinese artificial intelligence (AI) company DeepSeek have remained among the top three “free” downloads for Apple and Google devices since their debut on Jan. 25, 2025. But experts caution that many of DeepSeek’s design choices — such as using hard-coded encryption keys, and sending unencrypted user and device data to…
A Little Sunshine, Global Security News, House Judiciary Committee's Select Subcommittee on the Weaponization of the Federal Government, Jack Goldsmith, Joe Hall, John Durham, Lawfare, Melania Trump, Michael Sussman, North America, Quinta Jurecic, Rep. Jim Jordan, The Coming Storm, United States Council on Transnational Organized Crime, World Liberty Financial
A Tumultuous Week for Federal Cybersecurity Efforts
Image: Shutterstock. Greg Meland. President Trump last week issued a flurry of executive orders that upended a number of government initiatives focused on improving the nation’s cybersecurity posture. The president fired all advisors from the Department of Homeland Security’s Cyber Safety Review Board, called for the creation of a strategic cryptocurrency reserve, and voided a…
Exploits, Global Security News, Kev Breen, Latest Warnings, Microsoft Access, Microsoft Patch Tuesday January 2025, Rapid7, Satnam Narang, The Coming Storm, Time to Patch, unpatched.ai, windows 11, Windows Hyper-V, Windows NTLMv1
Microsoft: Happy 2025. Here’s 161 Security Updates
Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three “zero-day” weaknesses that are already under active attack. Redmond’s inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since 2017. Rapid7‘s Adam Barnett says January marks the fourth consecutive month…
A Little Sunshine, Coinbase, discord, Emerging Tech, Global Security News, Latest Warnings, Lookout, Mark Cuban, Perm, Shark Tank, Star Fraud, Stotle, Telegram, The Coming Storm, Trezor, Unit 221B, voice phishing, Web Fraud 2.0
A Day in the Life of a Prolific Voice Phishing Crew
Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gang show the group routinely abuses legitimate services at Apple and Google to force a variety…
A Little Sunshine, Asia Pacific, Breadcrumbs, Fin7, Global Security News, Invicti Security, Matt Sciberras, Ne'er-Do-Well News, Neil Roseman, ori0nbusiness@protonmail.com, Silent Push, The Coming Storm, U.S. Department of Health and Human Services, Zach Edwards
Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm
Cybercriminals are selling hundreds of thousands of credential sets stolen with the help of a cracked version of Acunetix, a powerful commercial web app vulnerability scanner, new research finds. The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology…
A Little Sunshine, Global Security News, Latest Warnings, malware, Messaging, North America, phishing, spam, The Coming Storm
Why Phishers Love New TLDs Like .shop, .top and .xyz
Phishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains (gTLDs) — such as .shop, .top, .xyz — that attract scammers with rock-bottom prices and no meaningful registration requirements, new research finds. Meanwhile, the nonprofit entity that oversees…
A Little Sunshine, AT&T, Global Security News, John Erin Binns, Judische, Kiberphant0m, Ne'er-Do-Well News, North America, Ransomware, Snowflake, South Korea, The Coming Storm
Hacker in Snowflake Extortions May Be a U.S. Soldier
Two men have been arrested for allegedly stealing data from and extorting dozens of companies that used the cloud data storage company Snowflake, but a third suspect — a prolific hacker known as Kiberphant0m — remains at large and continues to publicly extort victims. However, this person’s identity may not remain a secret for long:…
BreachForums, Data Breaches, Finastra, Global Security News, ke-la.com, Latest Warnings, Ne'er-Do-Well News, The Coming Storm
Fintech Giant Finastra Investigating Data Breach
The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world’s top 50 banks, notified customers of the security incident after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen…
A Little Sunshine, emergency data request, fake EDR, fbi, Global Security News, Kodex, Latest Warnings, Matt Donahue, North America, pwnstar, The Coming Storm, Web Fraud 2.0
FBI: Spike in Hacked Police Emails, Fake Subpoenas
The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based technology companies. In an alert (PDF) published this week, the FBI…