Brian Krebs

1. Patch Tuesday, January 2026 Edition

   Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. Eight of the vulnerabilities earned Microsoft's most-dire "critical" rating, and the company warns that attackers are already exploiting one of the bugs fixed today.

   Published Wed, Jan 14, 2026

2. Who Benefited from the Aisuru and Kimwolf Botnets?

   Our first story of 2026 revealed how a destructive new botnet called Kimwolf rapidly grew to infect more than two million devices by mass-compromising a vast number of unofficial Android TV streaming boxes. Today, we'll dig through digital clues left behind by the hackers, network operators, and cybercrime…

   Published Thu, Jan 8, 2026

3. The Kimwolf Botnet is Stalking Your Local Network

   The story you are reading is a series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been exploited for months already, and it's time for a broader awareness of the threat. The short version is that everything you thought you knew about the…

   Published Fri, Jan 2, 2026

4. Happy 16th Birthday, KrebsOnSecurity.com!

   KrebsOnSecurity.com celebrates its 16th anniversary today! A huge "thank you" to all of our readers -- newcomers, long-timers and drive-by critics alike. Your engagement this past year here has been tremendous and truly a salve on a handful of dark days. Happily, comeuppance was a strong theme running…

   Published Mon, Dec 29, 2025

5. Dismantling Defenses: Trump 2.0 Cyber Year in Review

   The Trump administration has pursued a staggering range of policy pivots this past year that threaten to weaken the nation’s ability and willingness to address a broad spectrum of technology challenges, from cybersecurity and privacy to countering disinformation, fraud and corruption. These shifts, along…

   Published Fri, Dec 19, 2025

6. Most Parked Domains Now Serving Malicious Content

   Direct navigation -- the act of visiting a website by manually typing a domain name in a web browser -- has never been riskier: A new study finds the vast majority of "parked" domains -- mostly expired or dormant domain names, or common misspellings of popular websites -- are now configured to redirect…

   Published Tue, Dec 16, 2025

7. Microsoft Patch Tuesday, December 2025 Edition

   Microsoft today pushed updates to fix at least 56 security flaws in its Windows operating systems and supported software. This final Patch Tuesday of 2025 tackles one zero-day bug that is already being exploited, as well as two publicly disclosed vulnerabilities.

   Published Tue, Dec 9, 2025

8. Drones to Diplomas: How Russia’s Largest Private University is Linked to a $25M Essay Mill

   A sprawling academic cheating network turbocharged by Google Ads that has generated nearly $25 million in revenue has curious connections to a Kremlin-connected oligarch whose Russian university builds drones for Russia's war against Ukraine.

   Published Sat, Dec 6, 2025

9. SMS Phishers Pivot to Points, Taxes, Fake Retailers

   China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping season: Phishing kits for mass-creating fake but convincing e-commerce websites that convert customer payment card…

   Published Thu, Dec 4, 2025

10. Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’

    A prolific cybercriminal group that calls itself "Scattered LAPSUS$ Hunters" made headlines regularly this year by stealing data from and publicly mass extorting dozens of major corporations. But the tables seem to have turned somewhat for "Rey," the moniker chosen by the technical operator and public…

    Published Wed, Nov 26, 2025