- Vulnerabilities in Password Managers Allow Hackers to View and Change Passwords
on February 16, 2026 at 5:15 pmSecurity researchers have challenged end-to-end encryption claims from popular commercial password managers
- SMEs Wrong to Assume They Won’t Be Hit by Cyber-Attacks, NCSC Boss Warnson February 16, 2026 at 4:30 pm
NCSC’s Richard Horne has warned that cybercriminals do not care about business size and called for SMEs to act now to secure their organizations
- OysterLoader Evolves With New C2 Infrastructure and Obfuscationon February 16, 2026 at 4:15 pm
OysterLoader malware evolves into 2026, refining C2 infrastructure, obfuscation & infection stages
- Operation DoppelBrand Weaponizes Trusted Brands For Credential Thefton February 16, 2026 at 3:45 pm
New phishing campaign dubbed Operation DoppelBrand targeted major financial firms like Wells Fargo
- Google Warns of In the Wild Exploit as It Patches New Chrome Zero Dayon February 16, 2026 at 11:30 am
A high severity vulnerability in Google Chrome and allows remote attackers to execute code
Hacks – Threatpost The First Stop For Security News
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
by Nate Nelson on August 29, 2022 at 2:56 pmOver 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
- iPhone Users Urged to Update to Patch 2 Zero-Days
by Elizabeth Montalbano on August 19, 2022 at 3:25 pmSeparate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
- APT Lazarus Targets Engineers with macOS Malware
by Elizabeth Montalbano on August 17, 2022 at 3:07 pmThe North Korean APT is using a fake job posting for Coinbase in a cyberespionage campaign targeting users of both Apple and Intel-based systems.
- Black Hat and DEF CON Roundup
by Threatpost on August 15, 2022 at 1:56 pm‘Summer Camp’ for hackers features a compromised satellite, a homecoming for hackers and cyberwarfare warnings.
- New Hacker Forum Takes Pro-Ukraine Stance
by Elizabeth Montalbano on August 11, 2022 at 3:14 pmA uniquely politically motivated site called DUMPS focuses solely on threat activity directed against Russia and Belarus
Mobile Security – Threatpost The First Stop For Security News
- iPhone Users Urged to Update to Patch 2 Zero-Daysby Elizabeth Montalbano on August 19, 2022 at 3:25 pm
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
- Xiaomi Phone Bug Allowed Payment Forgery
by Nate Nelson on August 16, 2022 at 12:26 pmMobile transactions could’ve been disabled, created and signed by attackers.
- Google Boots Multiple Malware-laced Android Apps from Marketplace
by Elizabeth Montalbano on July 18, 2022 at 12:32 pmGoogle removed eight Android apps, with 3M cumulative downloads, from its marketplace for being infected with a Joker spyware variant.
- Leaky Access Tokens Exposed Amazon Photos of Users
by Nate Nelson on June 29, 2022 at 8:18 pmHackers with Amazon users’ authentication tokens could’ve stolen or encrypted personal photos and documents.
- Google Warns Spyware Being Deployed Against Android, iOS Users
by Elizabeth Montalbano on June 24, 2022 at 11:02 amThe company is warning victims in Italy and Kazakhstan that they have been targeted by the malware from Italian firm RCS Labs.
Krebs on Security In-depth security news and investigation
- Kimwolf Botnet Swamps Anonymity Network I2P
by BrianKrebs on February 11, 2026 at 4:08 pmFor the past week, the massive “Internet of Things” (IoT) botnet known as Kimwolf has been disrupting the The Invisible Internet Project (I2P), a decentralized, encrypted communications network designed to anonymize and secure online communications. I2P users started reporting disruptions in the network around the same time the Kimwolf botmasters began relying on it to evade takedown attempts against the botnet’s control servers.
- Patch Tuesday, February 2026 Edition
by BrianKrebs on February 10, 2026 at 9:49 pmMicrosoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopping six “zero-day” vulnerabilities that attackers are already exploiting in the wild.
- Please Don’t Feed the Scattered Lapsus ShinyHunters
by BrianKrebs on February 2, 2026 at 4:15 pmA prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swatting executives and their families, all while notifying journalists and regulators… Read More »
- Who Operates the Badbox 2.0 Botnet?
by BrianKrebs on January 26, 2026 at 4:11 pmThe cybercriminals in control of Kimwolf — a disruptive botnet that has infected more than 2 million devices — recently shared a screenshot indicating they’d compromised the control panel for Badbox 2.0, a vast China-based botnet powered by malicious software that comes pre-installed on many Android TV streaming boxes. Both the FBI and Google say they are hunting for the people behind Badbox 2.0, and thanks to bragging by the Kimwolf botmasters we may now have a much clearer idea about that.
- Kimwolf Botnet Lurking in Corporate, Govt. Networks
by BrianKrebs on January 20, 2026 at 6:19 pmA new Internet-of-Things botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and to relay other malicious and abusive Internet traffic. Kimwolf’s ability to scan the local networks of compromised systems for other IoT devices to infect makes it a sobering threat to organizations, and new research reveals Kimwolf is surprisingly prevalent in government and corporate networks.