- Microsoft Takes Down Fox Tempest for Providing Ransomware-Enabling Signing Tool
on May 19, 2026 at 3:00 pmMicrosoft’s Digital Crimes Unit has taken down the infrastructure of Fox Tempest, a prolific cybercrime-enabling threat group
- AI Raises the Bar on Vulnerability Awareness and Secure-by-Design Softwareon May 19, 2026 at 12:30 pm
AI-powered vulnerability scanning leaves no excuse for unpatched bugs as the EU Cyber Resilience Act pushes firms toward secure-by-design software
- Agentic AI Accelerates Software Builds and Mobile App Attackson May 19, 2026 at 12:00 pm
Digital.ai data reveals 87% of apps were attacked over the past year
- Grafana Labs Confirms Hackers Stole Source Codeon May 19, 2026 at 9:15 am
Open source tool maker Grafana says hackers stole codebase via GitHub breach
- Hackers Bypass Security Tools to Target Users Directlyon May 19, 2026 at 8:20 am
Bridewell report calls out emergence of “fix-style” attacks
Hacks – Threatpost The First Stop For Security News
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
by Nate Nelson on August 29, 2022 at 2:56 pmOver 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
- iPhone Users Urged to Update to Patch 2 Zero-Days
by Elizabeth Montalbano on August 19, 2022 at 3:25 pmSeparate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
- APT Lazarus Targets Engineers with macOS Malware
by Elizabeth Montalbano on August 17, 2022 at 3:07 pmThe North Korean APT is using a fake job posting for Coinbase in a cyberespionage campaign targeting users of both Apple and Intel-based systems.
- Black Hat and DEF CON Roundup
by Threatpost on August 15, 2022 at 1:56 pm‘Summer Camp’ for hackers features a compromised satellite, a homecoming for hackers and cyberwarfare warnings.
- New Hacker Forum Takes Pro-Ukraine Stance
by Elizabeth Montalbano on August 11, 2022 at 3:14 pmA uniquely politically motivated site called DUMPS focuses solely on threat activity directed against Russia and Belarus
Mobile Security – Threatpost The First Stop For Security News
- iPhone Users Urged to Update to Patch 2 Zero-Daysby Elizabeth Montalbano on August 19, 2022 at 3:25 pm
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
- Xiaomi Phone Bug Allowed Payment Forgery
by Nate Nelson on August 16, 2022 at 12:26 pmMobile transactions could’ve been disabled, created and signed by attackers.
- Google Boots Multiple Malware-laced Android Apps from Marketplace
by Elizabeth Montalbano on July 18, 2022 at 12:32 pmGoogle removed eight Android apps, with 3M cumulative downloads, from its marketplace for being infected with a Joker spyware variant.
- Leaky Access Tokens Exposed Amazon Photos of Users
by Nate Nelson on June 29, 2022 at 8:18 pmHackers with Amazon users’ authentication tokens could’ve stolen or encrypted personal photos and documents.
- Google Warns Spyware Being Deployed Against Android, iOS Users
by Elizabeth Montalbano on June 24, 2022 at 11:02 amThe company is warning victims in Italy and Kazakhstan that they have been targeted by the malware from Italian firm RCS Labs.
Krebs on Security In-depth security news and investigation
- CISA Admin Leaked AWS GovCloud Keys on Github
by BrianKrebs on May 18, 2026 at 8:48 pmUntil this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.
- Patch Tuesday, May 2026 Editionby BrianKrebs on May 12, 2026 at 9:46 pm
Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month with some of the more widely-used software makers — including Apple, Google, Microsoft, Mozilla and Oracle — fixing near record volumes of security bugs, and/or quickening the tempo of their patch releases.
- Canvas Breach Disrupts Schools & Colleges Nationwide
by BrianKrebs on May 8, 2026 at 2:58 amAn ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the service’s login page with a ransom demand that threatened to leak data from 275 million students and faculty across nearly 9,000 educational institutions.
- Anti-DDoS Firm Heaped Attacks on Brazilian ISPs
by BrianKrebs on April 30, 2026 at 2:04 pmA Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks against other network operators in Brazil, KrebsOnSecurity has learned. The firm’s chief executive says the malicious activity resulted from a security breach and was likely the work of a competitor trying to tarnish his company’s public image.
- ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
by BrianKrebs on April 21, 2026 at 2:53 pmA 24-year-old British national and senior member of the cybercrime group “Scattered Spider” has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022 that allowed the group to hack into at least a dozen major technology companies and steal tens of millions of dollars worth of cryptocurrency from investors.