Full Width [alt+shift+f] Shortcuts [alt+shift+k]
Sign Up [alt+shift+s] Log In [alt+shift+l]

Krebs on Security

Krebs on Security
Arrests in Tap-to-Pay Scheme Powered by Phishing Authorities in at least two U.S. states last week independently announced arrests of Chinese...
2 months ago
28
2 months ago
Authorities in at least two U.S. states last week independently announced arrests of Chinese nationals accused of perpetrating a novel form of tap-to-pay fraud using mobile devices. Details released by authorities so far indicate the mobile wallets being used by the scammers were...
Krebs on Security
Whistleblower: DOGE Siphoned NLRB Case Data A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon...
a month ago
28
a month ago
A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk's Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few...
Krebs on Security
DOGE Worker’s Code Supports NLRB Whistleblower A whistleblower at the National Labor Relations Board (NLRB) alleged last week that denizens of Elon...
a month ago
26
a month ago
A whistleblower at the National Labor Relations Board (NLRB) alleged last week that denizens of Elon Musk's Department of Government Efficiency (DOGE) siphoned gigabytes of data from the agency's sensitive case files in early March. The whistleblower said accounts created for...
Krebs on Security
DOGE to Fired CISA Staff: Email Us Your Personal Data A message posted on Monday to the homepage of the U.S. Cybersecurity & Infrastructure Security...
2 months ago
25
2 months ago
A message posted on Monday to the homepage of the U.S. Cybersecurity & Infrastructure Security Agency (CISA) is the latest exhibit in the Trump administration's continued disregard for basic cybersecurity protections. The message instructed recently-fired CISA employees to get in...
Krebs on Security
How Each Pillar of the 1st Amendment is Under Attack In an address to Congress this month, President Trump claimed he had "brought free speech back to...
2 months ago
24
2 months ago
In an address to Congress this month, President Trump claimed he had "brought free speech back to America." But barely two months into his second term, the president has waged an unprecedented attack on the First Amendment rights of journalists, students, universities, government...
Krebs on Security
When Getting Phished Puts You in Mortal Danger Many successful phishing attacks result in a financial loss or malware infection. But falling for...
2 months ago
22
2 months ago
Many successful phishing attacks result in a financial loss or malware infection. But falling for some phishing scams, like those currently targeting Russians searching online for organizations that are fighting the Kremlin war machine, can cost you your freedom or your life.
Krebs on Security
Trump Revenge Tour Targets Cyber Leaders, Elections President Trump last week revoked security clearances for Chris Krebs, the former director of the...
a month ago
22
a month ago
President Trump last week revoked security clearances for Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA) who was fired by Trump after declaring the 2020 election the most secure in U.S. history. The White House memo, which also...
Krebs on Security
Patch Tuesday, April 2025 Edition Microsoft today released updates to plug at least 121 security holes in its Windows operating...
a month ago
21
a month ago
Microsoft today released updates to plug at least 121 security holes in its Windows operating systems and software, including one vulnerability that is already being exploited in the wild. Eleven of those flaws earned Microsoft's most-dire "critical" rating, meaning malware or...
Krebs on Security
Microsoft: 6 Zero-Days in March 2025 Patch Tuesday Microsoft today issued more than 50 security updates for its various Windows operating systems,...
2 months ago
19
2 months ago
Microsoft today issued more than 50 security updates for its various Windows operating systems, including fixes for a whopping six zero-day vulnerabilities that are already seeing active exploitation.
Krebs on Security
Cyber Forensic Expert in 2,000+ Cases Faces FBI Probe A Minnesota cybersecurity and computer forensics expert whose testimony has featured in thousands of...
a month ago
19
a month ago
A Minnesota cybersecurity and computer forensics expert whose testimony has featured in thousands of courtroom trials over the past 30 years is facing questions about his credentials and an inquiry from the Federal Bureau of Investigation (FBI). Legal experts say the inquiry...
Krebs on Security
ClickFix: How to Infect Your PC in Three Easy Steps A clever malware deployment scheme first spotted in targeted attacks last year has now gone...
2 months ago
19
2 months ago
A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed "ClickFix," the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that...
Krebs on Security
China-based SMS Phishing Triad Pivots to Banks China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished...
a month ago
18
a month ago
China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called “Smishing Triad” mainly impersonated toll road operators and shipping companies. But experts...
Krebs on Security
Feds Link $150M Cyberheist to 2022 LastPass Hacks In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a...
2 months ago
18
2 months ago
In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking master passwords stolen from the password manager service LastPass in 2022. In a court...
Krebs on Security
Funding Expires for Key Cyber Vulnerability Database A critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix...
a month ago
16
a month ago
A critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix security vulnerabilities in software and hardware is in danger of breaking down. The federally funded, non-profit research and development organization MITRE warned today that its...
Krebs on Security
Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab One of the most notorious providers of abuse-friendly "bulletproof" web hosting for cybercriminals...
3 months ago
15
3 months ago
One of the most notorious providers of abuse-friendly "bulletproof" web hosting for cybercriminals has started routing its operations through networks run by the Russian antivirus and security firm Kaspersky Lab, KrebsOnSecurity has learned.
Krebs on Security
Alleged Co-Founder of Garantex Arrested in India Authorities in India today arrested the alleged co-founder of Garantex, a cryptocurrency exchange...
2 months ago
14
2 months ago
Authorities in India today arrested the alleged co-founder of Garantex, a cryptocurrency exchange sanctioned by the U.S. government in 2022 for facilitating tens of billions of dollars in money laundering by transnational criminal and cybercriminal organizations. Sources close to...
Krebs on Security
Who is the DOGE and X Technician Branden Spikes? At 49, Branden Spikes isn't just one of the oldest technologists who has been involved in Elon...
2 months ago
13
2 months ago
At 49, Branden Spikes isn't just one of the oldest technologists who has been involved in Elon Musk's Department of Government Efficiency (DOGE). As the current director of information technology at X/Twitter and an early hire at PayPal, Zip2, Tesla and SpaceX, Spikes is also...
Krebs on Security
U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason” A U.S. Army soldier who pleaded guilty last week to leaking phone records for high-ranking U.S....
3 months ago
12
3 months ago
A U.S. Army soldier who pleaded guilty last week to leaking phone records for high-ranking U.S. government officials searched online for non-extradition countries and for an answer to the question "can hacking be treason?" prosecutors in the case said Wednesday. The government...
Krebs on Security
Pakistani Firm Shipped Fentanyl Analogs, Scams to US A Texas firm recently charged with conspiring to distribute synthetic opioids in the United States...
3 weeks ago
12
3 weeks ago
A Texas firm recently charged with conspiring to distribute synthetic opioids in the United States is at the center of a vast network of companies in the U.S. and Pakistan whose employees are accused of using online ads to scam westerners seeking help with trademarks, book...
Krebs on Security
Trump 2.0 Brings Cuts to Cyber, Consumer Protections One month into his second term, President Trump's actions to shrink the government through mass...
3 months ago
10
3 months ago
One month into his second term, President Trump's actions to shrink the government through mass layoffs, firings and withholding funds allocated by Congress have thrown federal cybersecurity and consumer protection programs into disarray. At the same time, agencies are battling...
Krebs on Security
xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs A employee at Elon Musk's artificial intelligence company xAI leaked a private key on GitHub that...
4 weeks ago
6
4 weeks ago
A employee at Elon Musk's artificial intelligence company xAI leaked a private key on GitHub that for the past two months could have allowed anyone to query private xAI large language models (LLMs) which appear to have been custom made for working with internal data from Musk's...
Krebs on Security
Cyber Forensic Expert in 2,000+ Cases Faces FBI Probe A Minnesota cybersecurity and computer forensics expert whose testimony has featured in thousands of...
2 months ago
6
2 months ago
A Minnesota cybersecurity and computer forensics expert whose testimony has featured in thousands of courtroom trials over the past 30 years is facing questions about his credentials and an inquiry from the Federal Bureau of Investigation (FBI). Legal experts say the inquiry...
Krebs on Security
Alleged ‘Scattered Spider’ Member Extradited to U.S. A 23-year-old Scottish man thought to be a member of the prolific Scattered Spider cybercrime group...
4 weeks ago
5
4 weeks ago
A 23-year-old Scottish man thought to be a member of the prolific Scattered Spider cybercrime group was extradited last week from Spain to the United States, where he is facing charges of wire fraud, conspiracy and identity theft. U.S. prosecutors allege Tyler Robert Buchanan and...