Krebs on Security

This blog will include articles centered around various ongoing topics.

National

English

Blog

Outlet metrics

Domain Authority

Ranking

Global

#136848

United States

#45483

Computers Electronics and Technology/Computer Security

#116

Traffic sources

Monthly visitors

Articles

Inside a Dark Adtech Empire Fed by Fake CAPTCHAs

1 week ago | krebsonsecurity.com | Brian Krebs

Late last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same malicious advertising technology that powers a sprawling ecosystem of online hucksters and website hackers. A new report on the fallout from that investigation finds this dark ad tech industry is far more resilient and incestuous than previously known.
Patch Tuesday, June 2025 Edition

1 week ago | krebsonsecurity.com | Brian Krebs

Microsoft today released security updates to fix at least 67 vulnerabilities in its Windows operating systems and software. Redmond warns that one of the flaws is already under active attack, and that software blueprints showing how to exploit a pervasive Windows bug patched this month are now public.
Proxy Services Feast on Ukraine’s IP Address Exodus

2 weeks ago | krebsonsecurity.com | Brian Krebs

Ukraine has seen nearly one-fifth of its Internet space come under Russian control or sold to Internet address brokers since February 2022, a new study finds. The analysis indicates large chunks of Ukrainian Internet address space are now in the hands of shadowy proxy and anonymity services that are nested at some of America’s largest Internet service providers (ISPs).
U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams

3 weeks ago | krebsonsecurity.com | Brian Krebs

The U.S. government today imposed economic sanctions on Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual currency investment scams known as “pig butchering.” In January 2025, KrebsOnSecurity detailed how Funnull was being used as a content delivery network that catered to cybercriminals seeking to route their traffic through U.S.-based cloud providers.
Pakistan Arrests 21 in ‘Heartsender’ Malware Service

3 weeks ago | krebsonsecurity.com | Brian Krebs

Authorities in Pakistan have arrested 21 individuals accused of operating “Heartsender,” a once popular spam and malware dissemination service that operated for more than a decade. The main clientele for HeartSender were organized crime groups that tried to trick victim companies into making payments to a third party, and its alleged proprietors were publicly identified by KrebsOnSecurity in 2021 after they inadvertently infected their computers with malware.
Oops: DanaBot Malware Devs Infected Their Own PCs

1 month ago | krebsonsecurity.com | Brian Krebs

The U.S. government today unsealed criminal charges against 16 individuals accused of operating and selling DanaBot, a prolific strain of information-stealing malware that has been sold on Russian cybercrime forums since 2018. The FBI says a newer version of DanaBot was used for espionage, and that many of the defendants exposed their real-life identities after accidentally infecting their own systems with the malware.
KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS

1 month ago | krebsonsecurity.com | Brian Krebs

KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data). The brief attack appears to have been a test run for a massive new Internet of Things (IoT) botnet capable of launching crippling digital assaults that few web destinations can withstand. Read on for more about the botnet, the attack, and the apparent creator of this global menace.
Patch Tuesday, May 2025 Edition

1 month ago | krebsonsecurity.com | Brian Krebs

Microsoft on Tuesday released software updates to fix at least 70 vulnerabilities in Windows and related products, including five zero-day flaws that are already seeing active exploitation. Adding to the sense of urgency with this month’s patch batch from Redmond are fixes for two other weaknesses that now have public proof-of-concept exploits available.
Pakistani Firm Shipped Fentanyl Analogs, Scams to US

1 month ago | krebsonsecurity.com | Brian Krebs

A Texas firm recently charged with conspiring to distribute synthetic opioids in the United States is at the center of a vast network of companies in the U.S. and Pakistan whose employees are accused of using online ads to scam westerners seeking help with trademarks, book writing, mobile app development and logo designs, a new investigation reveals.
xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs

1 month ago | krebsonsecurity.com | Brian Krebs

An employee at Elon Musk’s artificial intelligence company xAI leaked a private key on GitHub that for the past two months could have allowed anyone to query private xAI large language models (LLMs) which appear to have been custom made for working with internal data from Musk’s companies, including SpaceX, Tesla and Twitter/X, KrebsOnSecurity has learned.