You are browsing archives for
The Library of Congress is seeking our next Innovator in Residence to start in September 2026! We will fund an individual up to $90,000 per year, for a maximum of two years, to create a transformative digital work with Library of Congress collections for the American people and to serve as an ambassador for the Library. This is a mostly remote residency experience […]
In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to build Kimwolf, the world’s largest and most disruptive botnet. Since then, the person in control of Kimwolf — who goes by the handle “Dort” — has coordinated a barrage of distributed denial-of-service (DDoS), doxing and email flooding attacks […]
Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse activists and security firms. But a stealthy new phishing-as-a-service offering lets customers sidestep both of these pitfalls: It uses cleverly disguised links to load the target brand’s real website, and […]
Anywhere Adventures is a mobile-first website which brings local history to users through comics and travel logs. In the first year, 2025-2026 Innovator in Residence Vivian Li developed stories for three locations: Seattle, Washington, Chicago, Illinois, and Southeast Wyoming. This guest post is written by Vivian, and is a follow-up to a post asking readers […]
For the past week, the massive “Internet of Things” (IoT) botnet known as Kimwolf has been disrupting The Invisible Internet Project (I2P), a decentralized, encrypted communications network designed to anonymize and secure online communications. I2P users started reporting disruptions in the network around the same time the Kimwolf botmasters began relying on it to evade […]
Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopping six “zero-day” vulnerabilities that attackers are already exploiting in the wild. Zero-day #1 this month is CVE-2026-21510, a security feature bypass vulnerability in Windows Shell wherein a single click on a […]
Since the 1930s, the Handbook of Latin American Studies has documented scholarship on Latin America and the Caribbean. In this interview, Tracy North describes how that long-standing mission now extends to web archiving, ensuring long-term access to web-based research materials. The conversation discusses the collaborative process of selecting websites to archive and the behind-the-scenes work involved in developing the collection. Please introduce yourself. What […]
A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swatting executives and their families, all while notifying journalists and regulators about the extent of the intrusion. Some victims reportedly are paying — perhaps as much […]
The cybercriminals in control of Kimwolf — a disruptive botnet that has infected more than 2 million devices — recently shared a screenshot indicating they’d compromised the control panel for Badbox 2.0, a vast China-based botnet powered by malicious software that comes pre-installed on many Android TV streaming boxes. Both the FBI and Google say […]
Admittedly, it’s more of a band-aid approach, but it’s gotta be better than nothing. Aaron Tay has a lengthy post describing what’s going on with ghost references, and I’m thinking specifically about how Google Scholar creates them. Here’s a link to the example in question (now up to 56 citations!), and here are the sections […]
A new Internet-of-Things (IoT) botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and to relay other malicious and abusive Internet traffic. Kimwolf’s ability to scan the local networks of compromised systems for other IoT devices to infect makes it a sobering […]
We’re on the hunt for two U.S. communities to include in Vivian Li’s Innovator in Residence Project, Anywhere Adventures! Visitors to the mobile experience are currently able to explore three American communities, Seattle, Chicago, and Southeastern Wyoming, through items from the Library’s digital collections and learn about the stories, people, and events that shaped everyday life in these places. With the site, visitors can do a […]
Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. Eight of the vulnerabilities earned Microsoft’s most-dire “critical” rating, and the company warns that attackers are already exploiting one of the bugs fixed today. January’s Microsoft zero-day flaw — CVE-2026-20805 — is brought to us […]
This post is co-written by Abbie Grotke (Section Head), Amanda Lehman (Digital Collections Specialist), and Melissa Wertheimer (Senior Digital Collections Specialist) of the Web Archiving Section to close our 25th-anniversary celebration year with some highlights of the program. We Have a History In 2025 we wrapped up our 25th year of web archiving at the […]
Interested in learning more about what’s new in the Library of Congress digital collections? The Signal shares regular updates to our digital collections and we love showing off our colleagues’ hard work from across the Library. Read on for a sample of recent additions and a few favorite highlights. Click here for all previous updates. This […]
Our first story of 2026 revealed how a destructive new botnet called Kimwolf has infected more than two million devices by mass-compromising a vast number of unofficial Android TV streaming boxes. Today, we’ll dig through digital clues left behind by the hackers, network operators and services that appear to have benefitted from Kimwolf’s spread. On […]
The story you are reading is a series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been exploited for months already, and it’s time for a broader awareness of the threat. The short version is that everything you thought you knew about the security of the internal […]
2025 wasn’t the best year in memory. Between job challenges, 8 months of unemployment, and spending weeks recovering after having 20% of my right kidney removed due to renal cell carcinoma….let’s just say it wasn’t the best year for me or my family. But even in the midst of all of the troubles, there were […]
KrebsOnSecurity.com celebrates its 16th anniversary today! A huge “thank you” to all of our readers — newcomers, long-timers and drive-by critics alike. Your engagement this past year here has been tremendous and truly a salve on a handful of dark days. Happily, comeuppance was a strong theme running through our coverage in 2025, with a […]
In this interview, 2025 Library of Congress Junior Fellow Kurt Lemai-Nguyen reflects on his experience working to support understanding AI at the Library in the Library’s Digital Strategy Directorate. This interview has been edited for length and clarity. Leah: Hi Kurt! It’s great to have you on our team this summer. Could you tell us what your […]
