Brian Krebs

1. Drones to Diplomas: How Russia’s Largest Private University is Linked to a $25M Essay Mill

   A sprawling academic cheating network turbocharged by Google Ads that has generated nearly $25 million in revenue has curious connections to a Kremlin-connected oligarch whose Russian university builds drones for Russia's war against Ukraine.

   Published Sat, Dec 6, 2025

2. SMS Phishers Pivot to Points, Taxes, Fake Retailers

   China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping season: Phishing kits for mass-creating fake but convincing e-commerce websites that convert customer payment card…

   Published Thu, Dec 4, 2025

3. Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’

   A prolific cybercriminal group that calls itself "Scattered LAPSUS$ Hunters" made headlines regularly this year by stealing data from and publicly mass extorting dozens of major corporations. But the tables seem to have turned somewhat for "Rey," the moniker chosen by the technical operator and public…

   Published Wed, Nov 26, 2025

4. Is Your Android TV Streaming Box Part of a Botnet?

   On the surface, the Superbox media streaming devices for sale at retailers like BestBuy and Walmart may seem like a steal: They offer unlimited access to more than 2,200 pay-per-view and streaming services like Netflix, ESPN and Hulu, all for a one-time fee of around $400. But security experts warn these…

   Published Mon, Nov 24, 2025

5. Mozilla Says It’s Finally Done With Two-Faced Onerep

   In March 2024, Mozilla said it was winding down its collaboration with Onerep -- an identity protection service offered with the Firefox web browser that promises to remove users from hundreds of people-search sites -- after KrebsOnSecurity revealed Onerep's founder had created dozens of people-search…

   Published Thu, Nov 20, 2025

6. The Cloudflare Outage May Be a Security Roadmap

   An intermittent outage at Cloudflare on Tuesday briefly knocked many of the Internet's top destinations offline. Some affected Cloudflare customers were able to pivot away from the platform temporarily so that visitors could still access their websites. But security experts say doing so may have also…

   Published Wed, Nov 19, 2025

7. Microsoft Patch Tuesday, November 2025 Edition

   Microsoft this week pushed security updates to fix more than 60 vulnerabilities in its Windows operating systems and supported software, including at least one zero-day bug that is already being exploited. Microsoft also fixed a glitch that prevented some Windows 10 users from taking advantage of an…

   Published Sun, Nov 16, 2025

8. Google Sues to Disrupt Chinese SMS Phishing Triad

   Google is suing more than two dozen unnamed individuals allegedly involved in peddling a popular China-based mobile phishing service that helps scammers impersonate hundreds of trusted brands, blast out text message lures, and convert phished payment card data into mobile wallets from Apple and Google…

   Published Thu, Nov 13, 2025

9. Drilling Down on Uncle Sam’s Proposed TP-Link Ban

   The U.S. government is reportedly preparing to ban the sale of wireless routers and other networking gear from TP-Link Systems, a tech company that currently enjoys an estimated 50% market share among home users and small businesses. Experts say while the proposed ban may have more to do with TP-Link's…

   Published Sun, Nov 9, 2025

10. Cloudflare Scrubs Aisuru Botnet from Top Domains List

    For the past week, domains associated with the massive Aisuru botnet have repeatedly usurped Amazon, Apple, Google and Microsoft in Cloudflare's public ranking of the most frequently requested websites. Cloudflare responded by redacting Aisuru domain names from their top websites list. The chief executive…

    Published Thu, Nov 6, 2025