Experts Flag Security, Privacy Risks in DeepSeek AI App
Feb 06, 2025 | Krebs on Security
New mobile apps from the Chinese artificial intelligence (AI) company DeepSeek have remained among the top three "free" downloads for Apple and Google devices since their debut on Jan. 25, 2025. But experts caution that many of DeepSeek's design choices -- such as using hard-coded encryption keys, and sending unencrypted user and device data to Chinese companies -- introduce a number of glaring security and privacy risks.
Teen on Musk’s DOGE Team Graduated from ‘The Com’
Feb 08, 2025 | Krebs on Security
Wired reported this week that a 19-year-old working for Elon Musk's so-called Department of Government Efficiency (DOGE) was given access to sensitive US government systems even though his past association with cybercrime communities should have precluded him from gaining the necessary security clearances to do so. As today's story explores, the DOGE teen is a former denizen of 'The Com,' an archipelago of Discord and Telegram chat channels that function as a kind of distributed cybercriminal social network for facilitating instant collaboration.
Microsoft Patch Tuesday, February 2025 Edition
Feb 12, 2025 | Krebs on Security
Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero-day flaws that are being actively exploited.
Nearly a Year Later, Mozilla is Still Promoting OneRep
Feb 13, 2025 | Krebs on Security
In mid-March 2024, KrebsOnSecurity revealed that the founder of the personal data removal service Onerep also founded dozens of people-search companies. Shortly after that investigation was published, Mozilla said it would stop bundling Onerep with the Firefox browser and wind down its partnership. But nearly a year later, Mozilla is still promoting it to Firefox users.
How Phished Data Turns into Apple & Google Wallets
Feb 18, 2025 | Krebs on Security
Carding -- the underground business of stealing, selling and swiping stolen payment card data -- has long been the dominion of Russia-based hackers. Happily, the broad deployment of more secure chip-based payment cards in the United States has weakened the carding market. But a flurry of innovation from cybercrime groups in China is breathing new life into the carding industry, by turning phished card data into mobile wallets that can be used online and at main street stores.
Trump 2.0 Brings Cuts to Cyber, Consumer Protections
Feb 23, 2025 | Krebs on Security
One month into his second term, President Trump's actions to shrink the government through mass layoffs, firings and withholding funds allocated by Congress have thrown federal cybersecurity and consumer protection programs into disarray. At the same time, agencies are battling an ongoing effort by the world's richest man to wrest control over their networks and data.
U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”
Feb 27, 2025 | Krebs on Security
A U.S. Army soldier who pleaded guilty last week to leaking phone records for high-ranking U.S. government officials searched online for non-extradition countries and for an answer to the question "can hacking be treason?" prosecutors in the case said Wednesday. The government disclosed the details in a court motion to keep the defendant in custody until he is discharged from the military.
Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab
Feb 28, 2025 | Krebs on Security
One of the most notorious providers of abuse-friendly "bulletproof" web hosting for cybercriminals has started routing its operations through networks run by the Russian antivirus and security firm Kaspersky Lab, KrebsOnSecurity has learned.
Who is the DOGE and X Technician Branden Spikes?
Mar 07, 2025 | Krebs on Security
At 49, Branden Spikes isn't just one of the oldest technologists who has been involved in Elon Musk's Department of Government Efficiency (DOGE). As the current director of information technology at X/Twitter and an early hire at PayPal, Zip2, Tesla and SpaceX, Spikes is also among Musk's most loyal employees. Here's a closer look at this trusted Musk lieutenant, whose Russian ex-wife was once married to Elon's cousin.
Feds Link $150M Cyberheist to 2022 LastPass Hacks
Mar 08, 2025 | Krebs on Security
In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking master passwords stolen from the password manager service LastPass in 2022. In a court filing this week, U.S. federal agents investigating a spectacular $150 million cryptocurrency heist said they had reached the same conclusion.
Feds Link $150M Cyberheist to 2022 LastPass Hacks
Mar 08, 2025 | Krebs on Security
In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking master passwords stolen from the password manager service LastPass in 2022. In a court filing this week, U.S. federal agents investigating a spectacular $150 million cryptocurrency heist said they had reached the same conclusion.
Who is the DOGE and X Technician Branden Spikes?
Mar 07, 2025 | Krebs on Security
At 49, Branden Spikes isn't just one of the oldest technologists who has been involved in Elon Musk's Department of Government Efficiency (DOGE). As the current director of information technology at X/Twitter and an early hire at PayPal, Zip2, Tesla and SpaceX, Spikes is also among Musk's most loyal employees. Here's a closer look at this trusted Musk lieutenant, whose Russian ex-wife was once married to Elon's cousin.
Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab
Feb 28, 2025 | Krebs on Security
One of the most notorious providers of abuse-friendly "bulletproof" web hosting for cybercriminals has started routing its operations through networks run by the Russian antivirus and security firm Kaspersky Lab, KrebsOnSecurity has learned.
U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”
Feb 27, 2025 | Krebs on Security
A U.S. Army soldier who pleaded guilty last week to leaking phone records for high-ranking U.S. government officials searched online for non-extradition countries and for an answer to the question "can hacking be treason?" prosecutors in the case said Wednesday. The government disclosed the details in a court motion to keep the defendant in custody until he is discharged from the military.
Trump 2.0 Brings Cuts to Cyber, Consumer Protections
Feb 23, 2025 | Krebs on Security
One month into his second term, President Trump's actions to shrink the government through mass layoffs, firings and withholding funds allocated by Congress have thrown federal cybersecurity and consumer protection programs into disarray. At the same time, agencies are battling an ongoing effort by the world's richest man to wrest control over their networks and data.
How Phished Data Turns into Apple & Google Wallets
Feb 18, 2025 | Krebs on Security
Carding -- the underground business of stealing, selling and swiping stolen payment card data -- has long been the dominion of Russia-based hackers. Happily, the broad deployment of more secure chip-based payment cards in the United States has weakened the carding market. But a flurry of innovation from cybercrime groups in China is breathing new life into the carding industry, by turning phished card data into mobile wallets that can be used online and at main street stores.
Nearly a Year Later, Mozilla is Still Promoting OneRep
Feb 13, 2025 | Krebs on Security
In mid-March 2024, KrebsOnSecurity revealed that the founder of the personal data removal service Onerep also founded dozens of people-search companies. Shortly after that investigation was published, Mozilla said it would stop bundling Onerep with the Firefox browser and wind down its partnership. But nearly a year later, Mozilla is still promoting it to Firefox users.
Microsoft Patch Tuesday, February 2025 Edition
Feb 12, 2025 | Krebs on Security
Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero-day flaws that are being actively exploited.
Teen on Musk’s DOGE Team Graduated from ‘The Com’
Feb 08, 2025 | Krebs on Security
Wired reported this week that a 19-year-old working for Elon Musk's so-called Department of Government Efficiency (DOGE) was given access to sensitive US government systems even though his past association with cybercrime communities should have precluded him from gaining the necessary security clearances to do so. As today's story explores, the DOGE teen is a former denizen of 'The Com,' an archipelago of Discord and Telegram chat channels that function as a kind of distributed cybercriminal social network for facilitating instant collaboration.
Experts Flag Security, Privacy Risks in DeepSeek AI App
Feb 06, 2025 | Krebs on Security
New mobile apps from the Chinese artificial intelligence (AI) company DeepSeek have remained among the top three "free" downloads for Apple and Google devices since their debut on Jan. 25, 2025. But experts caution that many of DeepSeek's design choices -- such as using hard-coded encryption keys, and sending unencrypted user and device data to Chinese companies -- introduce a number of glaring security and privacy risks.
