Cybersecurity researchers have discovered over a dozen vulnerabilities in enterprise secure vaults from CyberArk and HashiCorp that, if successfully exploited, can allow remote attackers to crack open corporate identity systems and extract enterprise secrets and tokens from them.  The 14 vulnerabilities, collectively named Vault Fault, affect CyberArk Secrets Manager, Self-Hosted,Read More »CyberArk and HashiCorp Flaws Enable Remote Vault Takeover Without Credentials

A new documentary series about cybercrime airing next month on HBO Max features interviews with Yours Truly. The four-part series follows the exploits of Julius Kivimäki, a prolific Finnish hacker recently convicted of leaking tens of thousands of patient records from an online psychotherapy practice while attempting to extort theRead More »KrebsOnSecurity in New ‘Most Wanted’ HBO Max Series

Cybersecurity researchers are drawing attention to a new campaign that’s using legitimate generative artificial intelligence (AI)-powered website building tools like DeepSite AI and BlackBox AI to create replica phishing pages mimicking Brazilian government agencies as part of a financially motivated campaign. The activity involves the creation of lookalike sites imitatingRead More »AI Tools Fuel Brazilian Phishing Scam While Efimer Trojan Steals Crypto from 5,000 Victims

CISA has released a malware and forensic analysis platform. 

On August 5, dialysis firm DaVita confirmed a data breach affecting over 900,000 individuals. The breach potentially exposed Social Security Numbers and personal health information.