Browsing: Security

An extensive academic cheating operation, reportedly generating nearly $25 million through Google Ads, has been found to have connections with a Kremlin-affiliated oligarch. This individual’s university in Russia is involved in manufacturing drones for the conflict in Ukraine. The cheating service, which has rebranded itself as an AI company, has a complex history of corporate changes and ties to Russia’s largest private educational institution.

KrebsOnSecurity.com celebrates 16 years of cybersecurity reporting, highlighting a year focused on exposing entities enabling global cybercrime. Investigations covered bulletproof hosting, cryptocurrency money laundering, LastPass breaches, advanced phishing schemes, and the takedown of malware services. The year concluded with extensive analysis of record-breaking botnets like Aisuru and the powerful new Kimwolf.

Immigration and Customs Enforcement (ICE) is reportedly renewing a comprehensive cybersecurity contract that will significantly expand its ability to monitor and investigate its own employees, particularly amid increased government focus on leak investigations and internal dissent.

Covenant Health, a Catholic healthcare organization, recently disclosed that a cyberattack last year compromised the sensitive information of 478,188 individuals. The breach, which occurred in May 2025, involved hackers gaining access to the organization’s network and stealing various patient data.

Cybercriminal groups are shifting their SMS phishing tactics, moving from fake package deliveries to new schemes involving fraudulent rewards points for mobile carriers, bogus tax refunds, and convincing but fake e-commerce websites. These scams aim to steal payment card data and link it to mobile wallets, with a notable increase in activity during the holiday season.

A Pakistan-aligned hacking group, APT36 (Transparent Tribe), has launched a sophisticated cyber-espionage campaign against Indian government, academic, and strategic institutions. The operation uses spear-phishing emails to deliver advanced malware capable of remote control, data exfiltration, and persistent surveillance, indicating long-term intelligence-gathering objectives.

A prominent cybercriminal group, “Scattered LAPSUS$ Hunters,” has been known for its data theft and corporate extortion. However, the group’s technical operator, known as “Rey,” was recently identified and interviewed after being tracked down. This article details the methods used to uncover Rey’s real identity and his involvement with various cybercrime activities.

The effort includes a new research center that will bring government and industry experts together to study how AI will impact cybersecurity in critical infrastructure.

The RondoDox botnet is actively exploiting the critical React2Shell vulnerability (CVE-2025-55182) to compromise Next.js servers, deploying malware and cryptominers. This large-scale botnet, previously known for targeting various n-day flaws, has recently intensified its focus on React2Shell, with CloudSEK reporting significant exploitation attempts and the deployment of coinminers and Mirai variants.

Alexis Chavez, a leader of the 8884 offshoot of the 764 extremist collective, has pleaded guilty to charges including child exploitation. His admission marks a significant victory for law enforcement against the violent group he joined as a minor.