CybercrimeNetwork Security
Google, the FBI, and partners reportedly disrupted a residential proxy network tied to millions of compromised home devices, including smart TVs and streaming boxes.
Vulnerability ManagementCyber Defense
SharePoint, Citrix NetScaler, Cisco Unified CM, and Oracle E-Business Suite stories all point to the same reality: public exposure plus public exploit knowledge now creates immediate risk.
Identity SecurityCloud Security
An 81-million-attempt password spraying campaign, phishing-as-a-service tooling, and OAuth token theft show why identity defense must cover the entire login flow.
Data BreachHealthcare Security
Medtronic reportedly notified customers after a ShinyHunters-linked breach affecting personal and medical information, underscoring the long tail of healthcare exposure.
RansomwareNetwork Security
Researchers linked stolen Fortinet credentials to INC and Lynx ransomware operations, showing how edge-device compromise can feed later intrusions.
CybercrimeSocial Engineering
The extradition of an alleged Scattered Spider member is more than a law-enforcement story; it is a reminder that social engineering groups can create enterprise-scale financial impact.
CybercrimeNetwork Security
KrebsOnSecurity reported that the FBI seized domains tied to NetNut and the Popa botnet, following research linking the residential proxy ecosystem to millions of compromised devices.
CybercrimeSocial EngineeringIdentity Security
KrebsOnSecurity reported that two Scattered Spider members pleaded guilty in the UK over the Transport for London attack, with U.S. allegations tying the group to major intrusions and ransom payments.
Consumer SecurityCybercrimeNetwork Security
KrebsOnSecurity reported that researchers linked the Popa Android botnet to NetNut, showing how consumer TV boxes can become persistent residential proxy nodes.
KrebsOnSecurity reported on The Gentlemen, a fast-growing ransomware-as-a-service group using aggressive affiliate payouts and edge-device access to scale attacks.
Vulnerability ManagementCyber Defense
KrebsOnSecurity reported that Microsoft's June 2026 Patch Tuesday fixed nearly 200 flaws, with public exploit code already available for several weaknesses.
Cyber AIIdentity SecuritySocial Engineering
KrebsOnSecurity reported that attackers allegedly tricked Meta's AI support assistant into resetting Instagram accounts, turning customer support automation into an account takeover path.
CybercrimeNetwork Security
KrebsOnSecurity reported that Dutch authorities seized more than 800 servers and arrested two people accused of enabling Russian cyberattacks and influence operations.
Cloud SecurityCyber Defense
KrebsOnSecurity reported that lawmakers demanded answers after a CISA contractor allegedly published AWS GovCloud keys and other agency secrets to a public GitHub account.
From SMS codes to hardware keys, not all two-factor authentication is created equal. This guide breaks down every major MFA method, explains exactly how passkeys work under the hood, and tells you which to use and when.
A look at the popular apps collecting extensive amounts of personal data — and what you can do to protect your privacy.
A first-hand account of hitting Cloudflare's structural RBAC gap: there is no way to scope a member role or API token to a single Worker or Pages project. This post documents the problem precisely, what the community is doing to work around it, why those workarounds fall short, and what Cloudflare needs to build.
Cyber DefenseEvolve on Sundays
Week of February 9–15, 2026: Zero-Days Dominate, Breaches Escalate. Microsoft patches six actively exploited zero-days, Apple fixes sophisticated in-the-wild vulnerability, and the Conduent breach expands to 25 million affected.
DevelopmentEvolve on Sundays
Week of February 9–15, 2026 – Agentic AI Takes Center Stage. Xcode 26.3 introduces native agentic coding, TypeScript 6.0 beta released, GitHub enhances multi-agent support, and Android 17 Beta 1 arrives.
VoIP security threats are evolving rapidly. Learn about the most common vulnerabilities and how to protect your organization's communication infrastructure from cyber attacks.
PBX systems are often targeted by hackers for toll fraud and data theft. Discover the attack vectors and implement robust defenses to protect your phone systems.
Protecting your VoIP infrastructure starts with these best practices. From encryption to access controls, implement these strategies to secure your communications.
DoS attacks can cripple your business operations. Learn how to identify, prevent, and respond to denial of service attacks targeting your infrastructure.
Voice phishing (vishing) attacks are on the rise. Understand how attackers use phone calls to manipulate victims and how to train your team to recognize these threats.
Building security into your software from the start is crucial. Explore secure coding practices, OWASP guidelines, and tools to help you develop safer applications.
NIST SP 800-63 provides comprehensive authentication guidelines. Learn how to implement these standards to strengthen your organization's identity verification.
Toll fraud costs businesses billions annually. Discover how attackers exploit phone systems and implement controls to prevent unauthorized long-distance charges.