krebsonsecurity-com

Dutch authorities arrested the co-owners of two hosting companies for operating infrastructure linked to Russia, used in cyberattacks and disinformation campaigns within the EU. The suspects had taken over the technical infrastructure of Stark Industries Solutions, an ISP previously sanctioned by the EU for facilitating Russian cyber operations.

Lawmakers from both chambers of Congress are demanding answers from CISA after a contractor deliberately published AWS GovCloud keys and other sensitive agency data on a public GitHub account. The agency is still working to contain the breach and invalidate the leaked credentials.

Canadian police arrested a 23-year-old Ottawa man accused of creating and operating the Kimwolf IoT botnet, which enslaved millions of devices for large-scale DDoS attacks over six months. The suspect, previously named by KrebsOnSecurity after targeting the author and a researcher, now faces hacking charges in Canada and the U.S.

CISA contractor left a public GitHub repository exposed until recently, revealing credentials to highly privileged AWS GovCloud accounts and internal systems. Security experts describe the leak, which included files on CISA's internal software development practices, as one of the most serious government data breaches in recent years.

Major software makers including Apple, Google, Microsoft, Mozilla, and Oracle released near-record volumes of security patches in May 2026. The article highlights that AI platforms, while susceptible to social engineering, are proving highly effective at finding vulnerabilities in human-written code, contributing to the accelerated patch tempo.

A data extortion attack on the education platform Canvas disrupted classes nationwide after cybercriminals defaced its login page with a ransom demand, threatening to leak data from 275 million students and faculty across nearly 9,000 educational institutions.

A Brazilian anti-DDoS firm was secretly behind a botnet that launched massive DDoS attacks on other Brazilian ISPs. The company's CEO claims the attacks resulted from a security breach and may have been orchestrated by a competitor to damage the firm's reputation.

A 24-year-old British national and senior member of the cybercrime group "Scattered Spider" pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted to text-message phishing attacks in 2022 that allowed the group to hack major technology companies and steal tens of millions in cryptocurrency.

A new phishing-as-a-service called Starkiller uses disguised links to load real login pages from target brands. It acts as a relay between victims and legitimate sites, forwarding usernames, passwords, and MFA codes to bypass security measures.

The Kimwolf botnet controller known as "Dort" has coordinated DDoS attacks, doxing, and email flooding against security researchers, including sending a SWAT team to a researcher's home. This analysis examines what public information reveals about Dort's identity and activities.

AI-based assistants that automate tasks and access user systems are growing in popularity among developers and IT workers. These powerful tools are rapidly shifting security priorities for organizations while blurring lines between trusted tools and potential threats.

Microsoft released security updates addressing 77 vulnerabilities across its software products. While no zero-day flaws were reported this month, some patches require prompt attention from Windows users. The updates are part of Microsoft's regular Patch Tuesday cycle.

An Iran-linked hacktivist group claims responsibility for a data-wiping attack on medical technology company Stryker. The company sent home over 5,000 workers in Ireland and is experiencing a building emergency at its U.S. headquarters.

U.S., Canadian and German authorities dismantled infrastructure behind four IoT botnets that compromised over three million devices. The botnets were responsible for record-breaking DDoS attacks capable of knocking targets offline.

A financially motivated data theft and extortion group has unleashed a worm that spreads through poorly secured cloud services. The malware wipes data on infected systems that use Iran's time zone or have Farsi set as the default language.

German authorities have identified 31-year-old Russian Daniil Maksimovich Shchukin as the hacker "UNKN" who led ransomware groups GandCrab and REvil. He is accused of carrying out at least 130 acts of computer sabotage and extortion against German victims between 2019 and 2021.

Russian military intelligence hackers exploited vulnerabilities in older routers to steal Microsoft Office authentication tokens from over 18,000 networks without deploying malware. Security experts warned that the campaign allowed state-backed hackers to quietly siphon tokens.

Microsoft fixed 167 security vulnerabilities including a SharePoint Server zero-day and a publicly disclosed Windows Defender weakness. Google Chrome addressed its fourth zero-day of 2026, and Adobe Reader released an emergency update for an actively exploited flaw.