Krebs on Security In-depth security news and investigation

  • Felons, Fraudsters Flog Offensive Cybersecurity Startup
    by BrianKrebs on July 8, 2026 at 12:31 pm

    A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures included fake intelligence companies and a now-defunct AI-based lobbying platform they operated under assumed names.

  • FBI Seizes NetNut Proxy Platform, Popa Botnet
    by BrianKrebs on July 2, 2026 at 7:27 pm

    The Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains associated with NetNut, a sprawling residential proxy service operated by the publicly-traded Israeli company Alarum Technologies [NASDAQ: ALAR]. The action comes roughly two weeks after KrebsOnSecurity published findings from multiple security firms connecting NetNut to the Popa botnet, a collection of at least two million devices that have been compromised by malicious software with little or no consent from victims.

  • Scattered Spider Hackers Plead Guilty on Day 1 of Trial
    by BrianKrebs on June 23, 2026 at 4:12 pm

    Two men pleaded guilty in the United Kingdom this week to criminal charges stemming from an August 2024 cyberattack that crippled Transport for London, the entity responsible for the public transport network in the Greater London area. The duo were key members of a prolific cybercrime group known as Scattered Spider, and their guilty pleas came on the first day of what was expected to be a six-week trial.

  • ‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm
    by BrianKrebs on June 18, 2026 at 5:37 pm

    For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple security firms concluded that the Popa botnet is linked to NetNut, a "residential proxy" provider operated by the publicly-traded Israeli firm Alarum Technologies Ltd [NASDAQ: ALAR].

  • Who Runs the Ransomware Group ‘The Gentlemen?’
    by BrianKrebs on June 10, 2026 at 2:03 pm

    A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by victims. This post examines clues pointing to a real life identity for the administrator of The Gentlemen ransomware group.



BleepingComputer BleepingComputer - All Stories



The Hacker News Most trusted, widely-read independent cybersecurity news source for everyone; supported by hackers and IT professionals — Send TIPs to admin@thehackernews.com

  • AI Attacks Move in Minutes. Join This Webinar on Building a Defense That Keeps Up
    by info@thehackernews.com (The Hacker News) on July 9, 2026 at 12:26 pm

    AI has changed how fast attacks move. Work that once took an attacker days now takes minutes. Using models like Mythos, attackers write tailored bait, pick targets, test what lands, and jump to the next host before your team clears the first alert. That is the gap, and it is not your fault. The tools and runbooks most teams run on were built for attackers who work at human speed. AI-driven

  • Summer of Clearinghouses
    by info@thehackernews.com (The Hacker News) on July 9, 2026 at 11:00 am

    Everyone seems to have announced a clearinghouse over the past few weeks. We did too. Ours is called Athena, and the main thing that sets it apart is that it was already real and running when we announced it — built quietly months earlier, heads down, taking findings and shipping fixes, because customers kept asking us to. We only announced it now because everyone else started announcing theirs,

  • GodDamn Ransomware Uses PoisonX Driver to Disable Endpoint Defenses
    by info@thehackernews.com (The Hacker News) on July 9, 2026 at 10:43 am

    Cybersecurity researchers have flagged a new ransomware family called GodDamn that employs the PoisonX kernel driver to neutralize security software as part of its defense evasion strategy. According to a new report published by the Threat Hunter Team from Symantec, the ransomware was first publicly spotted in the wild on May 21, 2026. It's assessed to be a rebrand of the Beast ransomware,

  • Microsoft Patches RoguePlanet Defender Flaw That Can Grant SYSTEM Privileges
    by info@thehackernews.com (The Hacker News) on July 9, 2026 at 8:48 am

    Microsoft has released security updates for a Defender vulnerability known as RoguePlanet, nearly a month after details of the flaw became public. The vulnerability, tracked as CVE-2026-50656 (CVSS score: 7.8), is a privilege escalation issue in the Microsoft Malware Protection Engine ("mpengine.dll"), which provides scanning, detection, and cleaning capabilities for its antivirus and

  • Meta's New AI Image Tool Lets Others Use Your Public Instagram Photos in AI Images
    by info@thehackernews.com (The Hacker News) on July 9, 2026 at 7:21 am

    Meta has announced that its new artificial intelligence (AI) model Muse Image lets people use public Instagram posts and reels to generate AI content, and it's enabled by default. "You can also @-mention Instagram accounts in the Meta AI app to bring specific Instagram profiles right into your images," the social media giant said in a post. "Whether you want to design a custom event invitation