Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Shai-Hulud Returns w ...

 Malware News

Just weeks after the devastating "Second Coming" campaign crippled thousands of development environments, the threat actor behind the Shai-Hulud worm has returned. Security researchers at Aikido have detected a new, evolved strain of the malware dubbed "The Golden Path," signaling that the most   show more ...

aggressive supply chain predator in the npm ecosystem is far from finished. This latest iteration was first spotted on over the weekend, embedded within the package @vietmoney/react-big-calendar. While the initial discovery suggests the attackers may still be in a "testing" phase with limited spread, the technical refinements found in the code point to a more resilient and cross-platform threat. Evolution of a Predator Shai-Hulud has long utilized a Dune-inspired theatrical flair, but its latest evolution suggests a shift in branding. In this new wave, stolen data is exfiltrated to GitHub repositories featuring a cryptic new description: "Goldox-T3chs: Only Happy Girl. Technically, "The Golden Path" is a significant upgrade. Earlier versions of the worm struggled with Windows environments when attempting to self-propagate using the bun runtime. The new strain specifically addresses this, implementing cross-platform publishing capabilities that ensure the worm can spread regardless of the victim's operating system. Researchers also noted a shift in file nomenclature—the malware now operates via bun_installer.js and environment_source.js—and features improved error handling for TruffleHog, the secret-scanning tool the worm uses to harvest AWS, GCP, and Azure credentials. By refining its timeout logic, the malware is now less likely to crash during high-latency scans, making its "smash-and-grab" operations more reliable. A Legacy of Disruption This isn't Shai-Hulud’s first rodeo. The group first made headlines in September 2025 when a massive campaign hit over 500 npm packages, including those belonging to cybersecurity giant CrowdStrike. Read: CrowdStrike Among Those Hit in NPM Attack Campaign That initial strike was historically significant, resulting in the theft of an estimated $50 million in cryptocurrency and proving that even the most security-conscious organizations are vulnerable to upstream dependency hijacking. In November, the "Second Coming" wave escalated the stakes by introducing a "dead man’s switch"—a destructive payload designed to wipe a user's home directory if the malware detected it had been cut off from its command-and-control (C2) servers. Read: New Shai-Hulud Attack Hits Nearly 500 npm Packages with 100+ Million Downloads The Supply Chain Standoff The return of Shai-Hulud underscores a grim reality for modern DevOps: trust is a liability. By targeting the preinstall phase of npm packages, the malware executes before a developer even realizes a package is malicious. "The differences in the code suggests that this was obfuscated again from original source, not modified in place," Aikido researchers noted. "This makes it highly unlikely to be a copy-cat, but was made by somebody who had access to the original source code for the worm." Relying on npm’s default security is no longer sufficient. Organizations are urged to adopt "Trusted Publishing," enforce strict lockfile integrity, and utilize package-aging tools that block the installation of brand-new, unvetted releases. In the world of Shai-Hulud, the only way to survive the desert is to stop trusting the ground beneath your feet.

image for Former Georgian Secu ...

 Cyber News

Georgia’s former Head of the State Security Service, Grigol Liluashvili, has been arrested following an investigation into alleged corruption, bribery, and abuse of power. The Grigol Liluashvili arrest was carried out as part of joint operational and investigative actions by the Prosecutor General’s Office of   show more ...

Georgia and the State Security Service. Liluashvili, who led the country’s security agency from 2019 until April 2025, is accused of accepting bribes in several criminal cases. Prosecutors say the alleged crimes span multiple years and involve both financial corruption and the protection of illegal activities. Alleged Bribery Linked to Energy and Gas Projects According to the investigation, the first bribery episode dates back to October 2022. Prosecutors allege that Liluashvili received $1 million from Turkish investor Çağatay Ülker. The payment was reportedly transferred through Romeo Mikautadze, who at the time served as First Deputy Minister of Economy and Sustainable Development. In return, Liluashvili is accused of lobbying for the signing of a memorandum of understanding related to the construction of wind power plants. The second episode occurred in February 2022, again involving Mikautadze as an intermediary. Prosecutors claim that Liluashvili demanded and extorted 1.5 million GEL from Giorgi Khazhalia, founder of the company Express Service 2008, in exchange for assistance in gasification tenders. Protection of Fraudulent Call Centers A major part of the case focuses on the period between 2021 and 2023, when Georgia was officially battling illegal scam call centers. Despite this effort, prosecutors say dozens of fraudulent call centers continued to operate in the country. Based on witness testimony, investigators claim that most of these call centers were controlled by individuals who used their profits to finance opposition-aligned media outlets. Prosecutors further allege that a smaller group of call centers was protected by Liluashvili, who carried out this activity through his cousin, Sandro Liluashvili. Through this scheme, Liluashvili is accused of receiving approximately $1.365 million in bribes. Sandro Liluashvili has already been arrested on charges of fraud and money laundering. Authorities are also investigating whether Liluashvili and his accomplices deliberately concealed the existence of these call centers. Prosecutors claim that, in exchange, certain opposition media outlets allegedly refrained from reporting on scam operations under his protection, despite having information about them. Kindergarten Procurement Scheme The fourth episode involves alleged corruption within the Tbilisi City Hall Kindergarten Management Agency. Prosecutors say Liluashvili used his position to protect his friend, Kakha Gvantseladze, the agency’s former director, who is accused of receiving large-scale kickbacks from businesses involved in kindergarten procurement contracts. According to investigators, several agency employees involved in financial accounting, calculations, and monitoring were also part of the scheme. Criminal charges have been brought against all of them. Prosecutors say hundreds of investigative actions have been carried out, including witness interrogations, video and audio recordings, and the seizure of other evidence supporting the charges. Liluashvili has been charged under Article 338 of the Criminal Code of Georgia, which covers taking bribes in a particularly large amount by a group acting by prior agreement. The charge carries a sentence of 11 to 15 years in prison. Prosecutors plan to request pretrial detention as a preventive measure. Ongoing Investigation Against Grigol Liluashvili The investigation remains ongoing, with authorities working to identify additional crimes and other individuals involved. Georgian law enforcement officials say the case is part of a broader effort to combat corruption and reduce it “to a historical minimum.” The Grigol Liluashvili arrest follows earlier reporting on scam call centers in Tbilisi, including the Scam Empire investigation, which revealed a large call center operating near the State Security Service headquarters and defrauding thousands of victims worldwide. While assets in that case were frozen and arrests made, prosecutors have not yet specified which call centers Liluashvili is accused of protecting. This is not the first time Grigol Liluashvili has faced such allegations. In 2022, he denied similar claims and filed defamation lawsuits against several opposition television channels.

image for Why Peak Shopping Se ...

 Firewall Daily

Rizwan Patel, Global Head Cloud, InfoSec and Emerging Technologies, Altimetrik Global commerce no longer pauses between festivals; it moves continuously across markets, moments, and geographies. India's Diwali and Navratri have passed, yet the digital intensity they generated merely sets the stage for what comes   show more ...

next. Christmas shopping surges are building momentum across global markets, followed closely by fiscal closures and Lunar New Year preparations across Asia. What was once a sequence of seasonal events has become a single, continuous stress test of enterprise infrastructure and digital trust. Adversarial AI operates inside this same cycle, and it never takes holidays. While technology leaders finalize year-end campaigns, automated threat networks run relentless reconnaissance against digital platforms, learning transaction patterns, mapping authentication architectures, and calculating optimal breach windows. The asymmetry is significant: enterprises expand transaction capacity during high-volume periods but rarely scale detection capabilities at the same speed. Adversarial systems adapt instantly, while human teams operate on predictable shifts. Every vendor integration, partner API, or cross-border payment is now part of a shared attack surface. Reliability and trust are no longer defined by uptime alone but by resilience under pressure. The next breach may not strike when systems are weakest—it may strike when commerce is strongest. The real question for technology leaders is no longer when adversarial AI will test their systems, but whether their defenses can keep pace when it does. The Global Commerce Vulnerability Window High-volume shopping periods create a concentrated attack surface that threat actors exploit with precision. During the 2024 holiday season, December recorded 574 ransomware incidents, the highest monthly volume since monitoring began in 2021 according to NCC Group's Threat Pulse report. The trend overturns historical patterns where December once saw slower attack activity during year-end breaks. Cybersecurity experts increasingly refer to these periods as the Global Commerce Vulnerability Window, marked by intense transaction volumes and limited human oversight across regions that shift like moving targets. As one market reaches its festive peak, adversarial networks redirect focus to the next, maintaining continuous pressure on enterprise systems. The exposure extends deep into B2B ecosystems that enable these surges. Breaches on consumer-facing platforms can cascade through partner networks, exposing critical dependencies across cloud, financial, and logistics systems. A single incident during a client’s key revenue window can erode partner confidence, delay renewals, and weaken market standing while competitors seize the opportunity to advance. The Strategic Leadership Playbook Enterprise leaders navigating perpetual threat cycles must architect their security posture around three interdependent capabilities that operate as integrated systems rather than isolated functions. Intelligent Trust transforms security from an invisible assumption into a tangible asset. Explainable AI systems must demonstrate their decision-making logic to both technical teams and business stakeholders. Real-time consent management platforms show customers exactly how their data moves through your infrastructure. During high-volume integrations, visible trust indicators such as verified credentials, anomaly alerts, and transparent data workflows help sustain confidence across partners. Trust becomes an operational metric, tracked and improved with the same rigor as uptime or throughput. Dynamic Compliance treats regulatory adherence as a living system rather than a periodic audit exercise. Laws such as the EU’s GDPR, the U.S. CCPA, India’s DPDP Act, and the EU AI Act emphasize consent, accountability, and transparency across data and AI systems. Additionally, consent-first APIs, continuous monitoring, and automated audit trails ensure alignment across jurisdictions. Treating compliance as a living system builds trust and resilience in an environment where both regulations and risks advance continuously. Autonomous Resilience represents the frontier where agentic systems deliver measurable business value. Guardian Agents operate as intelligent, goal-oriented systems that function within defined governance boundaries. These agents continuously scan transaction patterns for data anomalies, detect adversarial behavior through behavioral analysis, and initiate mitigation protocols automatically. They coordinate with human oversight teams to escalate critical decisions or accept override commands. Most importantly, they evolve through machine learning as threat patterns shift, ensuring your defense posture adapts faster than manual processes allow. This shift from reactive monitoring to self-governed prevention reduces both detection time and response resource requirements, allowing security teams to focus on architecture and strategy rather than tactical firefighting. The AI Paradox Driving Next-Generation Defense AI now defines both sides of the cybersecurity equation. According to The IBM 2025 Cost of a Data Breach Report while AI-enabled defenses save organizations nearly $1.9 million per breach, 13% of enterprises faced breaches in AI models or applications often owing to weak access controls. This paradox defines today’s leadership challenge. Autonomous systems deliver measurable advantage, but must remain adaptive, governed, and accountable. Guardian Agents exemplify this evolution through continuous behavioural learning, establishing baselines for normal activity and detecting deviations before traditional defenses respond. Their orchestration model allows coordination across distributed endpoints, sharing intelligence while preserving local decision authority. Each automated response is mapped through audit trails to the specific anomaly that triggered it, enabling transparency and human validation. This alignment of machine precision and human oversight ensures accountability even as response speeds surpass human reaction times. As enterprises expand across jurisdictions and regulatory frameworks, this transition from autonomous to adaptive defense defines the next frontier. The real test of leadership now lies in redefining what resilience means in an era where intelligence itself is the battlefield. AI will not wait for regulation, nor will adversaries wait for readiness. The future belongs to enterprises that can operationalize foresight, building systems that anticipate change, adapt without instruction, and uphold trust even under attack. Those that succeed will not only secure their data but shape the digital order that follows. (This article reflects the author’s analysis and personal viewpoints and is intended for informational purposes only. It should not be construed as legal or regulatory advice.)

image for 2025 Changed How I S ...

 Features

By Salleh Kodri, Sr Presales consultant, Cyble As 2025 comes to a close, one thing is clear to me: The most damaging cyber incidents across ASEAN this year did not start with malware, zero-days, or system breaches. They started with trust. Across my work in Malaysia, Singapore, Thailand, Indonesia, the Philippines,   show more ...

and Vietnam, I repeatedly saw organizations doing “everything right” from a technical security standpoint, yet still suffering real-world damage because their brand, identity, or executives were exploited. 2025 was the year many of us finally realized that brand is no longer a marketing concern. It is a cyber asset, and in ASEAN, it has become one of the most abused attack surfaces. Malaysia: When Customers Were Hit Before Banks Even Knew In Malaysia, I saw multiple cases where: Fake banking websites and phishing pages were already circulating Scam campaigns were active in Bahasa Malaysia Customers were already losing money Before the institution itself had any alert. What struck me was this: There was no breach. No malware. No SOC alert. The damage happened entirely outside the bank’s environment, through brand impersonation, fake domains, and social media abuse. By the time complaints reached the organization, trust had already eroded. The lesson was painful but clear: If you only monitor what happens inside your network, you will always be late. Singapore: Reputation Damage Moves Faster Than Regulation In Singapore, the challenge was not capability, it was speed and exposure. I observed: Fake government-related services appearing online Impersonation attempts abusing official-looking communications Scam infrastructure spun up and taken down rapidly Even in a highly regulated, mature environment, brand abuse moved faster than response processes. What concerned stakeholders most was not technical impact, but public confidence. Once trust is questioned, no amount of post-incident explanation can fully undo the damage. Singapore reinforced a critical truth for me in 2025: Cybersecurity maturity does not automatically protect digital reputation. Thailand: Executive Impersonation Became the Weakest Link In Thailand, the most alarming trend I encountered was executive identity abuse. We saw: Fake LINE and WhatsApp accounts impersonating senior leaders Social media profiles cloning executives from banks and enterprises Attempts to influence internal decisions using perceived authority These were not sophisticated hacks. They were psychological attacks, exploiting hierarchy, respect, and urgency. What made this dangerous was that traditional security tools had no visibility into it. The risk sat squarely at the intersection of human trust and digital identity, a space most security programs were not designed to defend. Indonesia: Scale Made Brand Abuse a Business Model Indonesia showed me what happens when scale meets weak visibility. With its massive digital population, attackers exploited: Fake mobile apps using trusted brand names Clone domains targeting regional customers Long-running scam campaigns that reused infrastructure In several cases, takedown efforts were slow, not because teams didn’t care, but because they discovered the abuse far too late. By the time action was taken, the attackers had already moved, rebranded, and relaunched elsewhere. Indonesia highlighted something important: Brand abuse in ASEAN is not opportunistic, it is industrialized. Philippines: Trust Was Exploited Through Familiarity In the Philippines, what stood out to me was how attackers weaponized familiar communication channels. We encountered: SMS and messaging-based impersonation Social engineering campaigns tailored to local behavior Brand abuse that felt “normal” to recipients Victims didn’t think they were being attacked. They thought they were interacting with legitimate services. The danger here wasn’t technology, it was perception. And perception is exactly what brand abuse manipulates best. Vietnam: Digital Growth Outpaced Brand Defense Vietnam’s rapid digital growth in 2025 came with an unintended consequence: Brand exposure expanded faster than brand protection. I observed: New digital services being impersonated almost immediately Fake pages and domains launched within days of public announcements Limited monitoring beyond core infrastructure Vietnam reminded me that digital transformation without intelligence-led visibility creates silent risk, especially when brand assets are treated as secondary concerns. Why 2025 Changed My View on Cyber Risk in ASEAN Across all these countries, one pattern kept repeating: No malware required No system compromise needed No technical alert triggered Yet real harm occurred—financial, reputational, and regulatory. That was my biggest takeaway of 2025: Cyber risk in ASEAN is no longer defined by system compromise alone. It is defined by how easily trust can be abused. Brand Is Now a Cyber Asset, Whether We Like It or Not In 2025, I stopped asking: “Is this a cybersecurity issue?” And started asking: “Does this harm trust, safety, or public confidence?” Because once customers, citizens, or partners lose trust, recovery becomes exponentially harder than restoring a system from backup. Brands, executives, and digital identities now require the same discipline we apply to networks and endpoints: Continuous monitoring Early intelligence Rapid disruption Clear ownership Looking Into 2026: Trust Will Be the New Perimeter As ASEAN continues to digitize, attackers will not slow down. They will go where defense is weakest, and in many organizations, that is still outside the firewall. In 2026, the question will no longer be: “Are we secure?” It will be: “Do we know how our brand, identity, and trust are being abused—right now?” Those who answer that question honestly and act on it will be ahead. Those who don’t will keep defending systems while attackers exploit perception. Personal Closing 2025 changed how I see cybersecurity in ASEAN. Not as a technology problem, but as a trust problem. And trust, once lost, is the hardest asset to recover. (This article reflects the author’s analysis and personal viewpoints and is intended for informational purposes only. It should not be construed as legal or regulatory advice.)

image for Coupang Breach Suspe ...

 Cyber News

The former employee behind the recent Coupang data breach tried to cover his tracks by smashing his MacBook Air and throwing it into a river, the company revealed in a recent update on the incident. The alleged perpetrator panicked when news outlets reported on the Coupang breach, the December 25 update said.   show more ...

“Among other things, the perpetrator stated that he physically smashed his MacBook Air laptop, placed it in a canvas Coupang bag, loaded the bag with bricks, and threw the bag into a nearby river,” the update said. Using maps and descriptions from the former employee, divers were able to recover the laptop from the river. “It was exactly as the perpetrator claimed—in a canvas Coupang bag loaded with bricks—and its serial number matched the serial number in the perpetrator’s iCloud account,” Coupang said. Coupang has since updated the post twice, once to reassure customers that the company was cooperating fully with the government in its investigation, and the second time to announce a “customer compensation plan to restore customer trust” with vouchers worth about USD $35 (50,000 won) per customer. Coupang Breach Smaller than Feared Much of the update sought to reassure customers of the Korean online retailer that the breach was smaller than initially feared. While initial reports said the breach – which led to the CEO’s resignation – might have compromised the data of more than 33 million, Coupang said its investigation indicates that while the perpetrator may have accessed 33 million accounts, he “retained limited user data from only 3,000 accounts and subsequently deleted the user data.” The user data included 2,609 building entrance codes, but no payment, log-in data or individual customs numbers were accessed, and the perpetrator never transferred any of the data to third parties, the company said. Coupang said it conducted its investigation with Mandiant, Palo Alto Networks and Ernst & Young. Perpetrator ‘Confessed Everything’ Coupang said it used “digital fingerprints” and other forensic evidence to identify the former employee allegedly responsible for the breach. “The perpetrator confessed everything and revealed precise details about how he accessed user data,” the company said. The former employee used “an internal security key that he took while still working at the company” to access “basic user data” from more than 33 million customer accounts. He retained user data (name, email, phone number, address and partial order histories) from about 3,000 accounts, plus 2,609 building entrance access codes. The Coupang statement notes repeatedly that the alleged perpetrator’s story is supported by the available forensic evidence, likely to reassure customers that the breach wasn’t as bad as initially feared. The statement frequently uses phrases such as “exactly as the perpetrator described” to underscore that the forensic evidence supports the former employee’s claims. “The investigative findings to date are consistent with the perpetrator’s sworn statements and found no evidence that contradicts these statements,” the company says in another section. “The perpetrator stated that he used a personal desktop PC and a MacBook Air laptop to provision access and to store a limited amount of user data,” the Coupang statement said. “Independent forensic investigation confirmed that Coupang systems were accessed using one PC system and one Apple system as the primary hardware interfaces, exactly as the perpetrator described.” The perpetrator also turned over the PC system and four hard drives from the system, “on which analysts found the script used to carry out the attack,” the company said.

image for Happy 16th Birthday, ...

 A Little Sunshine

KrebsOnSecurity.com celebrates its 16th anniversary today! A huge “thank you” to all of our readers — newcomers, long-timers and drive-by critics alike. Your engagement this past year here has been tremendous and truly a salve on a handful of dark days. Happily, comeuppance was a strong theme running   show more ...

through our coverage in 2025, with a primary focus on entities that enabled complex and globally-dispersed cybercrime services. Image: Shutterstock, Younes Stiller Kraske. In May 2024, we scrutinized the history and ownership of Stark Industries Solutions Ltd., a “bulletproof hosting” provider that came online just two weeks before Russia invaded Ukraine and served as a primary staging ground for repeated Kremlin cyberattacks and disinformation efforts. A year later, Stark and its two co-owners were sanctioned by the European Union, but our analysis showed those penalties have done little to stop the Stark proprietors from rebranding and transferring considerable network assets to other entities they control. In December 2024, KrebsOnSecurity profiled Cryptomus, a financial firm registered in Canada that emerged as the payment processor of choice for dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services aimed at Russian-speaking customers. In October 2025, Canadian financial regulators ruled that Cryptomus had grossly violated its anti-money laundering laws, and levied a record $176 million fine against the platform. In September 2023, KrebsOnSecurity published findings from researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking master passwords stolen from the password manager service LastPass in 2022. In a court filing in March 2025, U.S. federal agents investigating a spectacular $150 million cryptocurrency heist said they had reached the same conclusion. Phishing was a major theme of this year’s coverage, which peered inside the day-to-day operations of several voice phishing gangs that routinely carried out elaborate, convincing, and financially devastating cryptocurrency thefts. A Day in the Life of a Prolific Voice Phishing Crew examined how one cybercrime gang routinely abused legitimate services at Apple and Google to force a variety of outbound communications to their users, including emails, automated phone calls and system-level messages sent to all signed-in devices. Nearly a half-dozen stories in 2025 dissected the incessant SMS phishing or “smishing” coming from China-based phishing kit vendors, who make it easy for customers to convert phished payment card data into mobile wallets from Apple and Google. In January, we highlighted research into a dodgy and sprawling content delivery network called Funnull that specialized in helping China-based gambling and money laundering websites distribute their operations across multiple U.S.-based cloud providers. Five months later, the U.S. government sanctioned Funnull, identifying it as a top source of investment/romance scams known as “pig butchering.” Image: Shutterstock, ArtHead. In May, Pakistan arrested 21 people alleged to be working for Heartsender, a phishing and malware dissemination service that KrebsOnSecurity first profiled back in 2015. The arrests came shortly after the FBI and the Dutch police seized dozens of servers and domains for the group. Many of those arrested were first publicly identified in a 2021 story here about how they’d inadvertently infected their computers with malware that gave away their real-life identities. In April, the U.S. Department of Justice indicted the proprietors of a Pakistan-based e-commerce company for conspiring to distribute synthetic opioids in the United States. The following month, KrebsOnSecurity detailed how the proprietors of the sanctioned entity are perhaps better known for operating an elaborate and lengthy scheme to scam westerners seeking help with trademarks, book writing, mobile app development and logo designs. Earlier this month, we examined an academic cheating empire turbocharged by Google Ads that earned tens of millions of dollars in revenue and has curious ties to a Kremlin-connected oligarch whose Russian university builds drones for Russia’s war against Ukraine. An attack drone advertised the website hosted on the same network as Russia’s largest private education company — Synergy University. As ever, KrebsOnSecurity endeavored to keep close tabs on the world’s biggest and most disruptive botnets, which pummeled the Internet this year with distributed denial-of-service (DDoS) assaults that were two to three times the size and impact of previous record DDoS attacks. In June, KrebsOnSecurity.com was hit by the largest DDoS attack that Google had ever mitigated at the time (we are a grateful guest of Google’s excellent Project Shield offering). Experts blamed that attack on an Internet-of-Things botnet called Aisuru that had rapidly grown in size and firepower since its debut in late 2024. Another Aisuru attack on Cloudflare just days later practically doubled the size of the June attack against this website. Not long after that, Aisuru was blamed for a DDoS that again doubled the previous record. In October, it appeared the cybercriminals in control of Aisuru had shifted the botnet’s focus from DDoS to a more sustainable and profitable use: Renting hundreds of thousands of infected Internet of Things (IoT) devices to proxy services that help cybercriminals anonymize their traffic. However, it has recently become clear that at least some of the disruptive botnet and residential proxy activity attributed to Aisuru last year likely was the work of people responsible for building and testing a powerful botnet known as Kimwolf. Chinese security firm XLab, which was the first to chronicle Aisuru’s rise in 2024, recently profiled Kimwolf as easily the world’s biggest and most dangerous collection of compromised machines — with approximately 1.83 million devices under its thumb as of December 17. XLab noted that the Kimwolf author “shows an almost ‘obsessive’ fixation on the well-known cybersecurity investigative journalist Brian Krebs, leaving easter eggs related to him in multiple places.” Image: XLab, Kimwolf Botnet Exposed: The Massive Android Botnet with 1.8 million infected devices. I am happy to report that the first KrebsOnSecurity stories of 2026 will go deep into the origins of Kimwolf, and examine the botnet’s unique and highly invasive means of spreading digital disease far and wide. The first in that series will include a somewhat sobering and global security notification concerning the devices and residential proxy services that are inadvertently helping to power Kimwolf’s rapid growth. Thank you once again for your continued readership, encouragement and support. If you like the content we publish at KrebsOnSecurity.com, please consider making an exception for our domain in your ad blocker. The ads we run are limited to a handful of static images that are all served in-house and vetted by me (there is no third-party content on this site, period). Doing so would help further support the work you see here almost every week. And if you haven’t done so yet, sign up for our email newsletter! (62,000 other subscribers can’t be wrong, right?). The newsletter is just a plain text email that goes out the moment a new story is published. We send between one and two emails a week, we never share our email list, and we don’t run surveys or promotions. Thanks again, and Happy New Year everyone! Be safe out there.

 Feed

A recently disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 potentially susceptible instances identified across the world. The vulnerability in question is CVE-2025-14847 (CVSS score: 8.7), which allows an unauthenticated attacker to remotely leak sensitive data from the MongoDB server memory. It has been codenamed MongoBleed. "A flaw

 Feed

In December 2024, the popular Ultralytics AI library was compromised, installing malicious code that hijacked system resources for cryptocurrency mining. In August 2025, malicious Nx packages leaked 2,349 GitHub, cloud, and AI credentials. Throughout 2024, ChatGPT vulnerabilities allowed unauthorized extraction of user data from AI memory. The result: 23.77 million secrets were leaked through AI

 Feed

Cybersecurity researchers have disclosed details of what has been described as a "sustained and targeted" spear-phishing campaign that has published over two dozen packages to the npm registry to facilitate credential theft. The activity, which involved uploading 27 npm packages from six different npm aliases, has primarily targeted sales and commercial personnel at critical

 Feed

Last week’s cyber news in 2025 was not about one big incident. It was about many small cracks opening at the same time. Tools people trust every day behave in unexpected ways. Old flaws resurfaced. New ones were used almost immediately. A common theme ran through it all in 2025. Attackers moved faster than fixes. Access meant for work, updates, or support kept getting abused. And damage did not

2025-12
Aggregator history
Monday, December 29
MON
TUE
WED
THU
FRI
SAT
SUN
DecemberJanuaryFebruary