Brian Krebs

1. Email Bombs Exploit Lax Authentication in Zendesk

   Cybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with menacing messages that come from hundreds of Zendesk corporate customers simultaneously.

   Published Fri, Oct 17, 2025

2. Patch Tuesday, October 2025 ‘End of 10’ Edition

   Microsoft today released software updates to plug a whopping 172 security holes in its Windows operating systems, including at least three vulnerabilities that are already being actively exploited. October's Patch Tuesday also marks the final month that Microsoft will ship security updates for Windows…

   Published Tue, Oct 14, 2025

3. DDoS Botnet Aisuru Blankets US ISPs in Record DDoS

   The world's largest and most disruptive botnet is now drawing a majority of its firepower from compromised Internet-of-Things (IoT) devices hosted on U.S. Internet providers like AT&T, Comcast and Verizon, new evidence suggests. Experts say the heavy concentration of infected devices at U.S. providers…

   Published Fri, Oct 10, 2025

4. ShinyHunters Wage Broad Corporate Extortion Spree

   A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen from dozens of Fortune 500 firms if they refuse to pay a ransom. The group also claimed responsibility…

   Published Tue, Oct 7, 2025

5. Feds Tie ‘Scattered Spider’ Duo to $115M in Ransoms

   U.S. prosecutors last week levied criminal hacking charges against 19-year-old U.K. national Thalha Jubair for allegedly being a core member of Scattered Spider, a prolific cybercrime group blamed for extorting at least $115 million in ransom payments from victims. The charges came as Jubair and an alleged…

   Published Wed, Sep 24, 2025

6. Self-Replicating Worm Hits 180+ Software Packages

   At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor…

   Published Tue, Sep 16, 2025

7. Bulletproof Host Stark Industries Evades EU Sanctions

   In May 2025, the European Union levied financial sanctions on the owners of Stark Industries Solutions Ltd., a bulletproof hosting provider that materialized two weeks before Russia invaded Ukraine and quickly became a top source of Kremlin-linked cyberattacks and disinformation campaigns. But new data…

   Published Thu, Sep 11, 2025

8. Microsoft Patch Tuesday, September 2025 Edition

   Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known "zero-day" or actively exploited vulnerabilities in this month's bundle from Redmond, which nevertheless includes patches for 13 flaws that earned Microsoft's…

   Published Tue, Sep 9, 2025

9. 18 Popular Code Packages Hacked, Rigged to Steal Crypto

   At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The attack appears to have been quickly contained and was narrowly…

   Published Mon, Sep 8, 2025

10. GOP Cries Censorship Over Spam Filters That Work

    The chairman of the Federal Trade Commission (FTC) last week sent a letter to Google's CEO demanding to know why Gmail was blocking messages from Republican senders while allegedly failing to block similar missives supporting Democrats. The letter followed media reports accusing Gmail of disproportionately…

    Published Sat, Sep 6, 2025