Brian Krebs

1. Feds Disrupt IoT Botnets Behind Huge DDoS Attacks

   The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million hacked Internet of Things (IoT) devices, such as routers and web cameras. The feds say the four botnets -- named…

   Published Fri, Mar 20, 2026

2. Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker

   A hacktivist group with links to Iran's intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker's largest hub outside of the United States, said the company sent home more than…

   Published Wed, Mar 11, 2026

3. Microsoft Patch Tuesday, March 2026 Edition

   Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing "zero-day" flaws this month (compared to February's five zero-day treat), but as usual some patches may deserve more rapid attention from organizations…

   Published Wed, Mar 11, 2026

4. How AI Assistants are Moving the Security Goalposts

   AI-based assistants or "agents" -- autonomous programs that have access to the user's computer, files, online services and can automate virtually any task -- are growing in popularity with developers and IT workers. But as so many eyebrow-raising headlines over the past few weeks have shown, these powerful…

   Published Sun, Mar 8, 2026

5. Who is the Kimwolf Botmaster “Dort”?

   In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to assemble Kimwolf, the world's largest and most disruptive botnet. Since then, the person in control of Kimwolf -- who goes by the handle "Dort" -- has coordinated a barrage of distributed…

   Published Sat, Feb 28, 2026

6. ‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA

   Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse activists and security firms. But a stealthy new phishing-as-a-service offering lets customers sidestep both of these pitfalls: It uses cleverly…

   Published Fri, Feb 20, 2026

7. Kimwolf Botnet Swamps Anonymity Network I2P

   For the past week, the massive "Internet of Things" (IoT) botnet known as Kimwolf has been disrupting the The Invisible Internet Project (I2P), a decentralized, encrypted communications network designed to anonymize and secure online communications. I2P users started reporting disruptions in the network…

   Published Wed, Feb 11, 2026

8. Patch Tuesday, February 2026 Edition

   Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopping six "zero-day" vulnerabilities that attackers are already exploiting in the wild.

   Published Tue, Feb 10, 2026

9. Please Don’t Feed the Scattered Lapsus ShinyHunters

   A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swatting executives and their families, all while notifying journalists and regulators… Read More »

   Published Mon, Feb 2, 2026

10. Who Operates the Badbox 2.0 Botnet?

    The cybercriminals in control of Kimwolf -- a disruptive botnet that has infected more than 2 million devices -- recently shared a screenshot indicating they'd compromised the control panel for Badbox 2.0, a vast China-based botnet powered by malicious software that comes pre-installed on many Android…

    Published Mon, Jan 26, 2026