Skip to content
The Nexus
Source profile

Krebs on Security

21 articles tracked since Feb 11 · 16:08 UTC. 0 in the last 7 days, 0 in the last 30.

Total
21
Last 7 days
0
Last 30 days
0
Last seen
Jun 9 · 22:07 UTC

Top coverage areas

security19technology2

Most-mentioned entities

Aggregated across the most recent 200 articles from Krebs on Security.

Recent articles

Last 20
  1. security2026-06-09
    A Record-Breaking Patch Tuesday for June 2026

    Microsoft released a record 200 security patches in June 2026's Patch Tuesday, with 30 critical vulnerabilities and public exploits for three flaws. AI tools are increasingly used to discover bugs, and researcher Nightmare Eclipse disclosed multiple zero-day exploits, including CVE-2026-49160 and CVE-2026-50507, sparking controversy over Microsoft's legal stance on researchers.

  2. security2026-06-01
    Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts

    Hackers exploited Meta’s AI support bot to reset passwords and briefly deface high-profile Instagram accounts, including the Obama White House and the U.S. Space Force’s Chief Master Sergeant. The method involved using a Telegram video to demonstrate tricking the AI into linking accounts to new emails, enabling unauthorized access. Meta issued an emergency patch to address the vulnerability.

  3. security2026-05-25
    Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks

    The Netherlands seized 800 servers and arrested two individuals for operating IT infrastructure used by Russia to conduct cyberattacks and disinformation campaigns in the EU. The arrested men, Andrey Nesterenko and Youssef Zinad, were linked to Stark Industries Solutions, a sanctioned provider of cyberattack tools, and their Dutch-based hosting companies MIRhosting and WorkTitans BV.

  4. security2026-05-22
    Lawmakers Demand Answers as CISA Tries to Contain Data Leak

    A CISA contractor intentionally published AWS GovCloud keys and sensitive agency credentials on a public GitHub account, prompting Congressional lawmakers to demand answers. The breach exposed plaintext credentials to dozens of internal CISA systems and occurred amid significant staff losses at the agency following Trump administration-ordered retirements and resignations.

  5. security2026-05-21
    Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada

    Canadian authorities arrested 23-year-old Jacob Butler, also known as 'Dort', for operating the Kimwolf botnet that infected millions of IoT devices and launched massive DDoS attacks exceeding 30 Terabits per second. Butler faces criminal charges in both Canada and the United States, with the botnet's infrastructure seized in March alongside three other competing DDoS botnets. The arrest followed Butler's harassment campaigns against security researchers and victims whose financial losses exceeded one million dollars.

  6. security2026-05-18
    CISA Admin Leaked AWS GovCloud Keys on Github

    A contractor for the Cybersecurity & Infrastructure Security Agency (CISA) exposed credentials to AWS GovCloud accounts and internal CISA systems on a public GitHub repository. The leak included files detailing how CISA builds, tests, and deploys software internally. The exposed credentials represent a significant government data leak.

  7. security2026-05-12
    Patch Tuesday, May 2026 Edition

    Microsoft released software updates to address at least 118 security vulnerabilities in its various Windows operating systems and other products on Patch Tuesday. This is the first Patch Tuesday in nearly two years that Microsoft is not shipping any fixes to deal with emergency zero-day flaws. The patches include critical vulnerabilities such as CVE-2026-41089 and CVE-2026-41096.

  8. security2026-05-08
    Canvas Breach Disrupts Schools & Colleges Nationwide

    A cybercrime group called ShinyHunters has breached the education technology platform Canvas, disrupting classes and coursework at schools and universities across the US, and is demanding a ransom to prevent the publication of stolen data. The breach affects nearly 9,000 educational institutions and millions of students and faculty. Canvas parent firm Instructure has disabled the platform in response.

  9. security2026-04-30
    Anti-DDoS Firm Heaped Attacks on Brazilian ISPs

    A Brazilian DDoS protection firm, Huge Networks, was found enabling a botnet that launched massive DDoS attacks against Brazilian ISPs. The CEO claims the attacks resulted from a security breach by a competitor aiming to damage the company's reputation.

  10. security2026-04-21
    ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty

    Tyler Robert Buchanan, a senior member of the cybercrime group Scattered Spider, pleaded guilty to wire fraud conspiracy and aggravated identity theft for his role in 2022 SMS phishing attacks that compromised major tech companies and stole $8 million in cryptocurrency. He faces over 20 years in prison and was linked to phishing domains registered under his UK-based IP address.

  11. security2026-04-14
    Patch Tuesday, April 2026 Edition

    Microsoft released critical security patches addressing 167 vulnerabilities, including zero-day flaws in SharePoint Server and Windows Defender. Other vendors like Google and Adobe also issued updates for active exploits, with experts highlighting the significance of these vulnerabilities and the surge in reported bugs.

  12. security2026-04-07
    Russia Hacked Routers to Steal Microsoft Office Tokens

    Russian military intelligence units, known as Forest Blizzard or APT28, used DNS hijacking to steal Microsoft Office authentication tokens from over 18,000 routers, primarily targeting government agencies.

  13. security2026-04-06
    Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab

    German authorities have identified Daniil Maksimovich Shchukin, known as UNKN, as the head of ransomware groups GandCrab and REvil, responsible for over $2 million in extortions.

  14. security2026-03-23
    ‘CanisterWorm’ Springs Wiper Attack Targeting Iran

    A financially motivated data theft and extortion group known as TeamPCP is using a worm called CanisterWorm to wipe data on infected systems that use Iran’s time zone or have Farsi set as the default language.

  15. security2026-03-20
    Feds Disrupt IoT Botnets Behind Huge DDoS Attacks

    The U.S., Canada, and Germany dismantled four IoT botnets named Aisuru, Kimwolf, JackSkid, and Mossad, which were responsible for numerous DDoS attacks on IoT devices.

  16. security2026-03-11
    Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker

    Iran-backed hacktivist group Handala claimed responsibility for a data-wiping attack on Stryker, a global medical technology company, in retaliation for a U.S.-attributed missile strike that killed many children.

  17. technology2026-03-11
    Microsoft Patch Tuesday, March 2026 Edition

    Microsoft released security updates for Windows and other software to fix 77 vulnerabilities, including critical remote code execution flaws in Microsoft Office.

  18. technology2026-03-08
    How AI Assistants are Moving the Security Goalposts

    AI assistants like OpenClaw are becoming more popular among developers and IT workers but pose significant security risks due to their autonomous capabilities.

  19. security2026-02-28
    Who is the Kimwolf Botmaster “Dort”?

    The article discusses the identity and activities of 'Dort', the botmaster behind Kimwolf, the world's largest and most disruptive botnet.

  20. security2026-02-20
    ‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA

    Starkiller is a new phishing service that dynamically loads real login pages and forwards user credentials to attackers, offering real-time session monitoring and account takeover capabilities.

The Nexus tracks 230+ news outlets plus 48 government data feeds. View the full source index or read today’s briefing for synthesis across all of them.