News

RSS Krebs on Security
  • The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft September 1, 2025
    The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many companies racing to invalidate the stolen credentials before hackers can exploit them. Now Google warns the breach goes far beyond access to Salesforce data, noting […]
    BrianKrebs
  • Affiliates Flock to ‘Soulless’ Scam Gambling Machine August 28, 2025
    Last month, KrebsOnSecurity tracked the sudden emergence of hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. We've since learned that these scam gambling sites have proliferated thanks to a new Russian affiliate program called "Gambler Panel" that bills itself […]
    BrianKrebs
  • DSLRoot, Proxies, and the Threat of ‘Legal Botnets’ August 26, 2025
    The cybersecurity community on Reddit responded in disbelief this month when a self-described Air National Guard member with top secret security clearance began questioning the arrangement they'd made with company called DSLRoot, which was paying $250 a month to plug a pair of laptops into the Redditor's high-speed Internet connection in the United States. This […]
    BrianKrebs
  • SIM-Swapper, Scattered Spider Hacker Gets 10 Years August 21, 2025
    A 21-year-old Florida man at the center of a prolific cybercrime group known as "Scattered Spider" was sentenced to 10 years in federal prison today, and ordered to pay roughly $13 million in restitution to victims. Noah Michael Urban of Palm Coast, Fla. pleaded guilty in April 2025 to charges of wire fraud and conspiracy. […]
    BrianKrebs
  • Oregon Man Charged in ‘Rapper Bot’ DDoS Service August 19, 2025
    A 22-year-old Oregon man has been arrested on suspicion of operating "Rapper Bot," a massive botnet used to power a service for launching distributed denial-of-service (DDoS) attacks against targets -- including a March 2025 DDoS that knocked Twitter/X offline. The Justice Department asserts the suspect and an unidentified co-conspirator rented out the botnet to online […]
    BrianKrebs
  • Mobile Phishers Target Brokerage Accounts in ‘Ramp and Dump’ Cashout Scheme August 15, 2025
    Cybercriminal groups peddling sophisticated phishing kits that convert stolen card data into mobile wallets have recently shifted their focus to targeting customers of brokerage services, new research shows. Undeterred by security controls at these trading platforms that block users from wiring funds directly out of accounts, the phishers have pivoted to using multiple compromised brokerage […]
    BrianKrebs
  • Microsoft Patch Tuesday, August 2025 Edition August 12, 2025
    Microsoft today released updates to fix more than 100 security flaws in its Windows operating systems and other software. At least 13 of the bugs received Microsoft's most-dire "critical" rating, meaning they could be abused by malware or malcontents to gain remote access to a Windows system with little or no help from users.
    BrianKrebs
  • KrebsOnSecurity in New ‘Most Wanted’ HBO Max Series August 8, 2025
    A new documentary series about cybercrime airing next month on HBO Max features interviews with Yours Truly. The four-part series follows the exploits of Julius Kivimäki, a prolific Finnish hacker recently convicted of leaking tens of thousands of patient records from an online psychotherapy practice while attempting to extort the clinic and its patients.
    BrianKrebs
  • Who Got Arrested in the Raid on the XSS Crime Forum? August 6, 2025
    On July 22, 2025, the European police agency Europol said a long-running investigation led by the French Police resulted in the arrest of a 38-year-old administrator of XSS, a Russian-language cybercrime forum with more than 50,000 members. The action has triggered an ongoing frenzy of speculation and panic among XSS denizens about the identity of the […]
    BrianKrebs
  • Scammers Unleash Flood of Slick Online Gaming Sites July 30, 2025
    Fraudsters are flooding Discord and other social media platforms with ads for hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. Here's a closer look at the social engineering tactics and remarkable traits of this sprawling network of more than […]
    BrianKrebs
Verified by MonsterInsights