-
Our first story of 2026 revealed how a destructive new botnet called Kimwolf rapidly grew to infect more than two million devices by mass-compromising a vast number of unofficial Android TV streaming boxes. Today, we’ll dig through digital clues left behind by the hackers, network operators, and cybercrime services that appear to have benefitted from Kimwolf’s spread.
·
3XK Tech GmbH, A Little Sunshine, Aisuru, AT&T, Benjamin Brundage, Breadcrumbs, ByteConnect, Cassidy Hales, DDoS-for-Hire, Dort, Ethereum Name Service, Flashpoint, Forky, Friedrich Kraft, GreyNoise Intelligence, Internet of Things (IoT), Julia Levi, Kimwolf, Linus, Maskify, Ne’er-Do-Well News, Plainproxies, Resi Rack LLC, Shox, Snow, Synthient, XLab¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The story you are reading is a series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been exploited for months already, and it’s time for a broader awareness of the threat. The short version is that everything you thought you knew about the security of the internal network behind your Internet router probably is now dangerously out of date.
·
911s5, 922 Proxy, A Little Sunshine, Aisuru, AISURU Botnet, Akamai Technologies, Android Debug Bridge, BadBox 2.0, Ben Brundage, Chad Seaman, DDoS-for-Hire, HUMAN Security, IPidea, Kimwolf, Kimwolf botnet, krebsfiveheadindustries, Latest Warnings, Lindsay Kaye, Oxylabs, Quokka, residential proxy, Riley Kilmer, Spur, Synthient, Uhale app, Web Fraud 2.0, XLab¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
KrebsOnSecurity.com celebrates its 16th anniversary today! A huge “thank you” to all of our readers — newcomers, long-timers and drive-by critics alike. Your engagement this past year here has been tremendous and truly a salve on a handful of dark days. Happily, comeuppance was a strong theme running through our coverage in 2025, with a primary focus on entities that enabled complex and globally-dispersed cybercrime services.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Direct navigation — the act of visiting a website by manually typing a domain name in a web browser — has never been riskier: A new study finds the vast majority of “parked” domains — mostly expired or dormant domain names, or common misspellings of popular websites — are now configured to redirect visitors to sites that foist scams and malware.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sprawling academic cheating network turbocharged by Google Ads that has generated nearly $25 million in revenue has curious connections to a Kremlin-connected oligarch whose Russian university builds drones for Russia’s war against Ukraine.
·
A Little Sunshine, Alexander Korsukov, Alexey Pokatilo, AW Tech Limited, Awesome Technologies, Brian Mellor, CLS Research LTD, Filip Perkon, Geekly Solutions Ltd, Livingston Research, Marina Butina, NatInfoSec, North Data, OK Marketing LTD, Olekszij Pokatilo, Proglobal Solutions LTD, Russia’s War on Ukraine, Russian Business Week, Russian Diplomatic Online Club, Synergy, Synergy University, Tweetsquad, Two Sigma Solutions LTD, Vadim Lobov, VLS Research LTD¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping season: Phishing kits for mass-creating fake but convincing e-commerce websites that convert customer payment card data into mobile wallets from Apple and Google. Experts say these same phishing groups also are now using SMS lures that promise unclaimed tax refunds and mobile rewards points.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A prolific cybercriminal group that calls itself “Scattered LAPSUS$ Hunters” made headlines regularly this year by stealing data from and publicly mass extorting dozens of major corporations. But the tables seem to have turned somewhat for “Rey,” the moniker chosen by the technical operator and public face of the hacker group: Earlier this week, Rey confirmed his real life identity and agreed to an interview after KrebsOnSecurity tracked him down and contacted his father.
·
A Little Sunshine, BreachForums, Breadcrumbs, CrowdStrike, Cyb3r Drag0nz Team, cybero5tdev@proton.me, Disney/Hulu, FedEx, Flashpoint, Hellcat, Hikki-Chan, KELA, LAPSUS$, Ne’er-Do-Well News, o5tdev, Orange Romania, Ransomware, Saif Al-Din Khader, Scattered LAPSUS$ Hunters, Scattered Spider, Schneider Electric, SentinelOne, ShinyHunters, ShinySp1d3r, SpyCloud, Telefonica, Toyota, U.S. Centers for Disease Control and Prevention, ups, wristmug, Zaid Khader¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
On the surface, the Superbox media streaming devices for sale at retailers like BestBuy and Walmart may seem like a steal: They offer unlimited access to more than 2,200 pay-per-view and streaming services like Netflix, ESPN and Hulu, all for a one-time fee of around $400. But security experts warn these TV boxes require intrusive software that forces the user’s network to relay Internet traffic for others, traffic that is often tied to cybercrime activity such as advertising fraud and…
·
A Little Sunshine, Amazon, ARP poisoning, BadBox 2.0 Enterprise, BestBuy, Censys, Electronic Frontier Foundation, Federal Bureau of Investigation, Grass OpCo (BVI) Ltd, Half Space Labs Limited, Internet of Things (IoT), IPidea, Lower Tribeca Corp., Netcat, Newegg, Riley Kilmer, Spur, Super Media Technology Company Ltd., Superbox, SuperCaja, Synthient, Tcpdump, Walmart, Web Fraud 2.0, Wynd Network¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In March 2024, Mozilla said it was winding down its collaboration with Onerep — an identity protection service offered with the Firefox web browser that promises to remove users from hundreds of people-search sites — after KrebsOnSecurity revealed Onerep’s founder had created dozens of people-search services and was continuing to operate at least one of them. Sixteen months later, however, Mozilla is still promoting Onerep. This week, Mozilla announced their partnership with Onerep will officially end next month.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
