- New ‘Storm’ Infostealer Remotely Decrypts Stolen Credentials
on April 2, 2026 at 3:00 pmThis modern infostealer adopted server-side decryption of stolen credentials to bypass security controls
- NCSC Issues Security Alert Over Hackers Targeting WhatsApp and Signal Accountson April 2, 2026 at 2:15 pm
The UK’s cybersecurity agency offered advice to “high-risk’ individuals” on how to protect against social engineering and cyber-attacks
- Apple Expands iOS 18 Security Updates Amid DarkSword Threaton April 2, 2026 at 1:30 pm
iOS/iPadOS 18.7.7 updates expanded to protect older devices from DarkSword web exploit kit
- GitHub Used as Covert Channel in Multi-Stage Malware Campaignon April 2, 2026 at 1:00 pm
LNK files use GitHub C2, embedded decoders and PowerShell for persistence and data exfiltration
- Researchers Observe Sub-One-Hour Ransomware Attackson April 2, 2026 at 1:00 pm
Halcyon says Akira is now capable of carrying out an entire ransomware attack in less than an hour
Hacks – Threatpost The First Stop For Security News
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
by Nate Nelson on August 29, 2022 at 2:56 pmOver 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
- iPhone Users Urged to Update to Patch 2 Zero-Days
by Elizabeth Montalbano on August 19, 2022 at 3:25 pmSeparate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
- APT Lazarus Targets Engineers with macOS Malware
by Elizabeth Montalbano on August 17, 2022 at 3:07 pmThe North Korean APT is using a fake job posting for Coinbase in a cyberespionage campaign targeting users of both Apple and Intel-based systems.
- Black Hat and DEF CON Roundup
by Threatpost on August 15, 2022 at 1:56 pm‘Summer Camp’ for hackers features a compromised satellite, a homecoming for hackers and cyberwarfare warnings.
- New Hacker Forum Takes Pro-Ukraine Stance
by Elizabeth Montalbano on August 11, 2022 at 3:14 pmA uniquely politically motivated site called DUMPS focuses solely on threat activity directed against Russia and Belarus
Mobile Security – Threatpost The First Stop For Security News
- iPhone Users Urged to Update to Patch 2 Zero-Daysby Elizabeth Montalbano on August 19, 2022 at 3:25 pm
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
- Xiaomi Phone Bug Allowed Payment Forgery
by Nate Nelson on August 16, 2022 at 12:26 pmMobile transactions could’ve been disabled, created and signed by attackers.
- Google Boots Multiple Malware-laced Android Apps from Marketplace
by Elizabeth Montalbano on July 18, 2022 at 12:32 pmGoogle removed eight Android apps, with 3M cumulative downloads, from its marketplace for being infected with a Joker spyware variant.
- Leaky Access Tokens Exposed Amazon Photos of Users
by Nate Nelson on June 29, 2022 at 8:18 pmHackers with Amazon users’ authentication tokens could’ve stolen or encrypted personal photos and documents.
- Google Warns Spyware Being Deployed Against Android, iOS Users
by Elizabeth Montalbano on June 24, 2022 at 11:02 amThe company is warning victims in Italy and Kazakhstan that they have been targeted by the malware from Italian firm RCS Labs.
Krebs on Security In-depth security news and investigation
- ‘CanisterWorm’ Springs Wiper Attack Targeting Iran
by BrianKrebs on March 23, 2026 at 3:43 pmA financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran’s time zone or have Farsi set as the default language.
- Feds Disrupt IoT Botnets Behind Huge DDoS Attacks
by BrianKrebs on March 20, 2026 at 12:49 amThe U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million hacked Internet of Things (IoT) devices, such as routers and web cameras. The feds say the four botnets — named Aisuru, Kimwolf, JackSkid and Mossad — are responsible for a series of recent record-smashing distributed denial-of-service (DDoS) attacks capable of knocking nearly any target offline.
- Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker
by BrianKrebs on March 11, 2026 at 4:20 pmA hacktivist group with links to Iran’s intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker’s largest hub outside of the United States, said the company sent home more than 5,000 workers there today. Meanwhile, a voicemail message at Stryker’s main U.S. headquarters says the company is currently experiencing a building emergency.
- Microsoft Patch Tuesday, March 2026 Edition
by BrianKrebs on March 11, 2026 at 12:32 amMicrosoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing “zero-day” flaws this month (compared to February’s five zero-day treat), but as usual some patches may deserve more rapid attention from organizations using Windows. Here are a few highlights from this month’s Patch Tuesday.
- How AI Assistants are Moving the Security Goalposts
by BrianKrebs on March 8, 2026 at 11:35 pmAI-based assistants or “agents” — autonomous programs that have access to the user’s computer, files, online services and can automate virtually any task — are growing in popularity with developers and IT workers. But as so many eyebrow-raising headlines over the past few weeks have shown, these powerful and assertive new tools are rapidly shifting the security priorities for organizations, while blurring the lines between data and code, trusted co-worker and insider threat, ninja hacker and novice code jockey.