Brian Krebs

1. Inside a Dark Adtech Empire Fed by Fake CAPTCHAs

   Late last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same malicious advertising technology that powers a sprawling ecosystem of online hucksters and website hackers. A new report…

   Published Thu, Jun 12, 2025

2. Patch Tuesday, June 2025 Edition

   Microsoft today released security updates to fix at least 67 vulnerabilities in its Windows operating systems and software. Redmond warns that one of the flaws is already under active attack, and that software blueprints showing how to exploit a pervasive Windows bug patched this month are now public…

   Published Wed, Jun 11, 2025

3. Proxy Services Feast on Ukraine’s IP Address Exodus

   Ukraine has seen nearly one-fifth of its Internet space come under Russian control or sold to Internet address brokers since February 2022, a new study finds. The analysis indicates large chunks of Ukrainian Internet address space are now in the hands of proxy and anonymity services nested at some of…

   Published Thu, Jun 5, 2025

4. U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams

   The U.S. government today imposed economic sanctions on Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual currency investment scams, commonly known as “pig butchering." In January 2025, KrebsOnSecurity…

   Published Fri, May 30, 2025

5. Pakistan Arrests 21 in ‘Heartsender’ Malware Service

   Authorities in Pakistan have arrested 21 individuals accused of operating "Heartsender," a once popular spam and malware dissemination service that operated for more than a decade. The main clientele for HeartSender were organized crime groups that tried to trick victim companies into making payments…

   Published Wed, May 28, 2025

6. Oops: DanaBot Malware Devs Infected Their Own PCs

   The U.S. government today unsealed criminal charges against 16 individuals accused of operating and selling DanaBot, a prolific strain of information-stealing malware that has been sold on Russian cybercrime forums since 2018. The FBI says a newer version of DanaBot was used for espionage, and that many…

   Published Thu, May 22, 2025

7. KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS

   KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data). The brief attack appears to have been a test run for a massive new Internet of Things (IoT) botnet capable…

   Published Tue, May 20, 2025

8. Breachforums Boss to Pay $700k in Healthcare Breach

   In what experts are calling a novel legal outcome, the 22-year-old former administrator of the cybercrime community Breachforums will forfeit nearly $700,000 to settle a civil lawsuit from a health insurance company whose customer data was posted for sale on the forum in 2023. Conor Brian Fitzpatrick…

   Published Thu, May 15, 2025

9. Patch Tuesday, May 2025 Edition

   Microsoft on Tuesday released software updates to fix at least 70 vulnerabilities in Windows and related products, including five zero-day flaws that are already seeing active exploitation. Adding to the sense of urgency with this month's patch batch from Redmond are fixes for two other weaknesses that…

   Published Wed, May 14, 2025

10. Pakistani Firm Shipped Fentanyl Analogs, Scams to US

    A Texas firm recently charged with conspiring to distribute synthetic opioids in the United States is at the center of a vast network of companies in the U.S. and Pakistan whose employees are accused of using online ads to scam westerners seeking help with trademarks, book writing, mobile app development…

    Published Wed, May 7, 2025