A whistleblower at the National Labor Relations Board (NLRB) alleged last week that denizens of Elon Musk’s Department of Government Efficiency (DOGE) siphoned gigabytes of data from the agency’s sensitive case files in early March. The whistleblower said accounts created for DOGE at the NLRB downloaded three code repositories from GitHub. Further investigation into one…
Category: The Coming Storm
A Little Sunshine, Amazon, Andrew P. Bakaj, CNN, Cybersecurity and Infrastructure Security Agency, Daniel J. Berulis, doge, GitHub, Global Security News, Lasharn Hamilton, Latest Warnings, Microsoft Azure, NPR, NxGen, president trump, SpaceX, The Coming Storm, Tim Bearese, US-CERT
Whistleblower: DOGE Siphoned NLRB Case Data
A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk‘s Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few traces of network activity. The NLRB whistleblower said the unusual large data outflows coincided with…
A Little Sunshine, Common Vulnerabilities and Exposures, Corellium, CVE, CVE Numbering Authorities, Global Security News, Latest Warnings, Matt Tait, MITRE, The Coming Storm
Funding Expires for Key Cyber Vulnerability Database
A critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix security vulnerabilities in software and hardware is in danger of breaking down. The federally funded, non-profit research and development organization MITRE warned today that its contract to maintain the Common Vulnerabilities and Exposures (CVE) program — which is traditionally funded each…
A Little Sunshine, A.J. Vicens, Asia Pacific, Chris Krebs, Cyber Safety Review Board, Department of Government Efficiency, doge, Dustin Volz, Electronic Frontier Foundation, Gen. Timothy Haugh, Global Security News, Heritage Foundation, Iowa Secretary of State Paul Pate, Latest Warnings, Martin Matishak, National Counterintelligence and Security Center, National Security Agency, Nevada Secretary of State Cisco Aguilar, Newsweek, Paul Rosenzweig, Pennsylvania Capital-Star, Raphael Satter, Reuters, Safeguard American Voter Eligibility Act (SAVE) Act, Secretary of the Commonwealth Al Schmidt, Sen. Mark Warner, Sen. Ron Wyden, Suzanne Smalley, The Coming Storm, The Guardian, The Record, The Wall Street Journal, The Washington Post, U.S. Cyber Command, U.S. Election Assistance Commission, Wendy Noble
Trump Revenge Tour Targets Cyber Leaders, Elections
President Trump last week revoked security clearances for Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA) who was fired by Trump after declaring the 2020 election the most secure in U.S. history. The White House memo, which also suspended clearances for other security professionals at Krebs’s employer SentinelOne, comes as…
A Little Sunshine, Asia Pacific, Citigroup, CSIS Security Group, Darcula, Ford Merrill, Global Security News, google android, imessage, Latest Warnings, Lighthouse, Mastercard, Ne'er-Do-Well News, PayPal, ProDaft, Resecurity, SecAlliance, SilentPush, Smishing Triad, stripe, The Coming Storm, visa, Web Fraud 2.0, Xinxin Group, Z-NFC, Zach Edwards
China-based SMS Phishing Triad Pivots to Banks
China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called “Smishing Triad” mainly impersonated toll road operators and shipping companies. But experts say these groups are now directly targeting customers of international financial institutions, while dramatically expanding their cybercrime…
Chris Goettl, CLFS, Common Log File System, CVE-2025-26671, CVE-2025-27480, CVE-2025-27482, CVE-2025-29824, Exploits, Global Security News, ivanti, Latest Warnings, Microsoft, Satnam Narang, Security Tools, The Coming Storm, Time to Patch, Windows, Windows Remote Desktop Services
Patch Tuesday, April 2025 Edition
Microsoft today released updates to plug at least 121 security holes in its Windows operating systems and software, including one vulnerability that is already being exploited in the wild. Eleven of those flaws earned Microsoft’s most-dire “critical” rating, meaning malware or malcontents could exploit them with little to no interaction from Windows users. The zero-day…
A Little Sunshine, Computer Forensic Services, fbi, Felician University, Global Security News, HarvardX, Kimberly Hanlon, Mark Lanterman, mark rasch, North America, Perkins Coie LLP, Sean Harrington, Stephen Allwine, The Coming Storm, U.S. Secret Service, Unit 221B, Upsala College
Cyber Forensic Expert in 2,000+ Cases Faces FBI Probe
A Minnesota cybersecurity and computer forensics expert whose testimony has featured in thousands of courtroom trials over the past 30 years is facing questions about his credentials and an inquiry from the Federal Bureau of Investigation (FBI). Legal experts say the inquiry could be grounds to reopen a number of adjudicated cases in which the…
1st Amendment, 60 Minutes, A Little Sunshine, ABC News, Americans United for Separation of Church and State, András Pethő, Brendan Carr, Center for Democracy & Technology, CNN, Defense Secretary Pete Hegseth, Department of Education, Disney, doge, Electronic Frontier Foundation, Facebook, Federal Communications Commission, First Amendment, Freedom of Information Act, Gannett, George Stephanopoulos, Global Security News, House Speaker Mike Johnson, Interfaith Alliance, Jeffrey Goldberg, Jenner & Block, Judge Richard Leon, Kate Ruane, Latest Warnings, Marc Elias, Meta CEO Mark Zuckerberg, National Security Advisor Michael Waltz, North America, NPR, Paramount, PBS, president trump, Pulitzer Prize board, Radio Free Asia, Radio Free Europe / Radio Liberty, Rev. Paul Brandeis Raushenbush, Secretary of State Marco Rubio, The Atlantic, The Coming Storm, The Des Moines Register, The New York Times, The Washington Post, Tony Bradley, U.S. Agency for Global Media, U.S. Agency for International Development, U.S. District Court Judge Royce Lamberth, U.S. District Judge James Boasberg, U.S. Immigration and Customs Enforcement, U.S. Supreme Court Justice John Roberts, Vice President JD Vance, Vice President Kamala Harris, Voice of America, WilmerHale
How Each Pillar of the 1st Amendment is Under Attack
“Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.” -U.S. Constitution, First Amendment. Image: Shutterstock, zimmytws. In an address…
A Little Sunshine, Android, Apple Pay, Asia Pacific, Bernie Lyon, CSIS Security Group, Ford Merrill, Global Security News, Google Apple, Ne'er-Do-Well News, SecAlliance, tap-to-pay fraud, The Coming Storm, Z-NFC
Arrests in Tap-to-Pay Scheme Powered by Phishing
Authorities in at least two U.S. states last week independently announced arrests of Chinese nationals accused of perpetrating a novel form of tap-to-pay fraud using mobile devices. Details released by authorities so far indicate the mobile wallets being used by the scammers were created through online phishing scams, and that the accused were relying on…
A Little Sunshine, Asia Pacific, Central Intelligence Agency, Christopher Stanley, doge, Fannie Mae, Global Security News, Hunter Strategy, Jake Williams, Kash Patel, Mike Masnick, National Security Agency, NBC News, Rob Joyce, Shane Harris, Starlink, Techdirt, The Atlantic, The Coming Storm, The New York Times, U.S. Citizenship and Immigration Services, U.S. Cybersecurity & Infrastructure Security Agency
DOGE to Fired CISA Staff: Email Us Your Personal Data
A message posted on Monday to the homepage of the U.S. Cybersecurity & Infrastructure Security Agency (CISA) is the latest exhibit in the Trump administration’s continued disregard for basic cybersecurity protections. The message instructed recently-fired CISA employees to get in touch so they can be rehired and then immediately placed on leave, asking employees to…
A Little Sunshine, Alfa Bank, BEARHOST, Global Security News, GootLoader, Interisle Consulting Group, Intrinsec, Kaspersky Lab, Kentik, Ne'er-Do-Well News, North America, Prospero OOO, Ransomware, Securehost, Silent Push, SocGholish, spamhaus, The Coming Storm, Zach Edwards
Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab
One of the most notorious providers of abuse-friendly “bulletproof” web hosting for cybercriminals has started routing its operations through networks run by the Russian antivirus and security firm Kaspersky Lab, KrebsOnSecurity has learned. Security experts say the Russia-based service provider Prospero OOO (the triple O is the Russian version of “LLC”) has long been a…
A Little Sunshine, Bruce Schneier, bybit, Christopher Stanley, Coinbase, Conservative Political Action Conference, Consumer Financial Protection Bureau, Cybersecurity and Infrastructure Security Agency, Davi Ottenheimer, Department of Government Efficiency, Department of Homeland Security, Department of Justice, Edward Coristine, Gavin Kliger, Global Investigative Journalism Network, Global Security News, Hunter Labs, Internal Revenue Service, Jacob Silverman, Jacob Williams, Katie Arrington, KleptoCapture Task Force, Kleptocracy Asset Recovery Initiative, Latest Warnings, Leland Dudek, lizardstresser, Michelle King, Natalya Martynova, national institute of standards and technology, National Treasury Employees Union, North America, office of management and budget, Office of Personnel Management, Organized Crime and Corruption Reporting Project, president donald trump, Project 2025, Rep. Andy Ogles, Russia's War on Ukraine, Sean Cairncross, Social Security Administration, Starlink, The Coming Storm, Treasury Department, U.S. Agency for International Development, U.S. Foreign Corrupt Practices Act, U.S. Securities and Exchange Commission, Valery Martynov, Vladimir Putin, Volodymyr Zelensky
Trump 2.0 Brings Cuts to Cyber, Consumer Protections
One month into his second term, President Trump’s actions to shrink the government through mass layoffs, firings and withholding funds allocated by Congress have thrown federal cybersecurity and consumer protection programs into disarray. At the same time, agencies are battling an ongoing effort by the world’s richest man to wrest control over their networks and…
A Little Sunshine, All About Skimmers, Andy Chandler, Apple, Asia Pacific, CSIS Security Group, Ford Merrill, ghost tap, Global Security News, Google, Grant Smith, imessage, M3AAWG, RCS, Resecurity, SecAlliance, smishing, The Coming Storm, ThreatFabric, Web Fraud 2.0, ZNFC
How Phished Data Turns into Apple & Google Wallets
Carding — the underground business of stealing, selling and swiping stolen payment card data — has long been the dominion of Russia-based hackers. Happily, the broad deployment of more secure chip-based payment cards in the United States has weakened the carding market. But a flurry of innovation from cybercrime groups in China is breathing new…
A Little Sunshine, AS400495, BackConnect Security LLC, Curtis Gervais, DiamondCDN, Director of National Intelligence, doge, Dstat, Edward Coristine, Elon Musk, Eric Taylor, Global Security News, Marshal Webb, Ne'er-Do-Well News, Neuralink, North America, Packetware, Path Networks, president trump, Rivage, Tesla Sexy LLC, The Com, The Coming Storm, Tucker Preston, Wired
Teen on Musk’s DOGE Team Graduated from ‘The Com’
Wired reported this week that a 19-year-old working for Elon Musk‘s so-called Department of Government Efficiency (DOGE) was given access to sensitive US government systems even though his past association with cybercrime communities should have precluded him from gaining the necessary security clearances to do so. As today’s story explores, the DOGE teen is a…
A Little Sunshine, Andrew Hoog, app transport security, Apple, Artificial Intelligence, bytedance, china, deepseek, DeepSeek AI, Global Security News, iOS, Latest Warnings, NowSecure, The Coming Storm, Volcengine
Experts Flag Security, Privacy Risks in DeepSeek AI App
New mobile apps from the Chinese artificial intelligence (AI) company DeepSeek have remained among the top three “free” downloads for Apple and Google devices since their debut on Jan. 25, 2025. But experts caution that many of DeepSeek’s design choices — such as using hard-coded encryption keys, and sending unencrypted user and device data to…
A Little Sunshine, Alfa Bank, david sacks, Global Security News, House Judiciary Committee's Select Subcommittee on the Weaponization of the Federal Government, Jack Goldsmith, Joe Hall, John Durham, Lawfare, Melania Trump, Michael Sussman, North America, president trump, Quinta Jurecic, Rep. Jim Jordan, The Coming Storm, United States Council on Transnational Organized Crime, World Liberty Financial
A Tumultuous Week for Federal Cybersecurity Efforts
Image: Shutterstock. Greg Meland. President Trump last week issued a flurry of executive orders that upended a number of government initiatives focused on improving the nation’s cybersecurity posture. The president fired all advisors from the Department of Homeland Security’s Cyber Safety Review Board, called for the creation of a strategic cryptocurrency reserve, and voided a…
Adam Barnett, Bitlocker, Bob Hopkins, CVE-2024-49142, CVE-2025-21186, CVE-2025-21210, CVE-2025-21298, CVE-2025-21311, CVE-2025-21333, CVE-2025-21334, CVE-2025-21335, CVE-2025-21366, CVE-2025-21395, Exploits, Global Security News, Kev Breen, Latest Warnings, Microsoft Access, Microsoft Patch Tuesday January 2025, Rapid7, Satnam Narang, The Coming Storm, Time to Patch, unpatched.ai, windows 11, Windows Hyper-V, Windows NTLMv1
Microsoft: Happy 2025. Here’s 161 Security Updates
Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three “zero-day” weaknesses that are already under active attack. Redmond’s inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since 2017. Rapid7‘s Adam Barnett says January marks the fourth consecutive month…
800-275-2273, A Little Sunshine, Allison Nixon, Aristotle, autodoxers, Coinbase, Crypto Chameleon, discord, domaintools, Emerging Tech, Global Security News, Latest Warnings, Lookout, Mark Cuban, Okta, Perm, Shark Tank, Star Fraud, Stotle, Telegram, The Coming Storm, Trezor, Unit 221B, voice phishing, Web Fraud 2.0
A Day in the Life of a Prolific Voice Phishing Crew
Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gang show the group routinely abuses legitimate services at Apple and Google to force a variety…
A Little Sunshine, Acunetix, Altug Sara, altugsara321@gmail.com, Araneida Scanner, Asia Pacific, Bilitro Yazilim, Breadcrumbs, domaintools, Fin7, Global Security News, Invicti Security, Matt Sciberras, Ne'er-Do-Well News, Neil Roseman, ori0nbusiness@protonmail.com, Silent Push, The Coming Storm, U.S. Department of Health and Human Services, Zach Edwards
Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm
Cybercriminals are selling hundreds of thousands of credential sets stolen with the help of a cracked version of Acunetix, a powerful commercial web app vulnerability scanner, new research finds. The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology…
@chenlun, A Little Sunshine, and Mobile Anti-Abuse Working Group, Anti-Phishing Working Group, Coalition Against Unsolicited Commercial Email, Global Security News, ICANN, Interisle Consulting, Internet Corporation for Assigned Names and Numbers, John Levine, Latest Warnings, malware, Messaging, new gTLDs, North America, phishing, spam, The Coming Storm, U.S. Postal Service
Why Phishers Love New TLDs Like .shop, .top and .xyz
Phishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains (gTLDs) — such as .shop, .top, .xyz — that attract scammers with rock-bottom prices and no meaningful registration requirements, new research finds. Meanwhile, the nonprofit entity that oversees…
A Little Sunshine, AT&T, Boxfan, buttholio, Connor Riley Moucka, cyb3rph4nt0m, DDoS-for-Hire, Global Security News, John Erin Binns, Judische, Kiberphant0m, Naver, Ne'er-Do-Well News, North America, Proman557, Ransomware, Reverseshell, Shi-Bot, Snowflake, South Korea, telekomterrorist, The Coming Storm, Vars_Secc, Verizon, Waifu
Hacker in Snowflake Extortions May Be a U.S. Soldier
Two men have been arrested for allegedly stealing data from and extorting dozens of companies that used the cloud data storage company Snowflake, but a third suspect — a prolific hacker known as Kiberphant0m — remains at large and continues to publicly extort victims. However, this person’s identity may not remain a secret for long:…
abyss0, BreachForums, Data Breaches, Finastra, Global Security News, ke-la.com, Latest Warnings, Ne'er-Do-Well News, The Coming Storm
Fintech Giant Finastra Investigating Data Breach
The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world’s top 50 banks, notified customers of the security incident after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen…
A Little Sunshine, emergency data request, fake EDR, fbi, Global Security News, Kodex, Latest Warnings, Matt Donahue, North America, pwnstar, The Coming Storm, Web Fraud 2.0
FBI: Spike in Hacked Police Emails, Fake Subpoenas
The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based technology companies. In an alert (PDF) published this week, the FBI…