KrebsOnSecurity.com proudly marks its 16th anniversary, a milestone made possible by the unwavering support and engagement of its dedicated readership. This past year, the site has been a beacon of investigative journalism, illuminating the shadowy world of cybercrime and holding accountable those entities that enable its pervasive reach. Brian Krebs, the site’s founder and a leading cybersecurity investigative journalist, expressed profound gratitude to all readers – newcomers, long-time followers, and even the critical observers – for their immense contributions, which have provided solace during challenging times and fueled the pursuit of truth. The year 2025 has been particularly impactful, with KrebsOnSecurity.com dedicating significant coverage to entities that facilitate complex and globally dispersed cybercrime services, bringing a strong theme of comeuppance to the forefront of its reporting.

A pivotal investigation in May 2024 delved into the history and ownership of Stark Industries Solutions Ltd., a notorious "bulletproof hosting" provider that emerged just weeks before the Russian invasion of Ukraine. This provider served as a crucial staging ground for repeated Kremlin-backed cyberattacks and disinformation campaigns. A year later, while Stark and its two co-owners faced sanctions from the European Union, KrebsOnSecurity’s analysis revealed the proprietors’ adeptness at evading these penalties by rebranding and transferring substantial network assets to other controlled entities. This ongoing evasion underscores the persistent challenges in dismantling sophisticated cybercriminal infrastructure.

In December 2024, KrebsOnSecurity shed light on Cryptomus, a Canadian-registered financial firm that had become the preferred payment processor for numerous Russian cryptocurrency exchanges and websites peddling cybercrime services targeting Russian-speaking customers. The repercussions for this facilitation were significant. In October 2025, Canadian financial regulators identified gross violations of anti-money laundering laws by Cryptomus, leading to a record-breaking fine of $176 million against the platform. This ruling highlights the increasing regulatory scrutiny on financial intermediaries enabling illicit online activities.

Happy 16th Birthday, KrebsOnSecurity.com!

A deeply concerning revelation in September 2023, stemming from research published on KrebsOnSecurity, linked a series of six-figure cyberheists to the cracking of master passwords stolen from the password manager service LastPass in 2022. This analysis proved prescient. In March 2025, U.S. federal agents investigating a staggering $150 million cryptocurrency heist confirmed they had reached the same damning conclusion, solidifying the link between the LastPass breach and the subsequent massive financial losses.

Phishing, in its myriad forms, remained a dominant theme in this year’s coverage. KrebsOnSecurity provided an unprecedented look into the daily operations of several voice phishing gangs responsible for elaborate, convincing, and financially devastating cryptocurrency thefts. The in-depth report, "A Day in the Life of a Prolific Voice Phishing Crew," meticulously detailed how one such gang exploited legitimate services offered by Apple and Google to orchestrate a variety of outbound communications to their victims, including emails, automated phone calls, and system-level messages delivered to all signed-in devices. This exposé underscored the insidious ways legitimate technological infrastructure can be weaponized by cybercriminals.

Furthermore, nearly half a dozen articles throughout 2025 dissected the relentless wave of SMS phishing, or "smishing," originating from China-based phishing kit vendors. These vendors make it alarmingly easy for their customers to convert phished payment card data into mobile wallets offered by Apple and Google. In a significant effort to curb this illicit activity, Google has taken aggressive legal action, filing at least two John Doe lawsuits targeting these groups and numerous unnamed defendants to disrupt their online operations. This legal offensive signals a growing commitment from major tech companies to combat sophisticated phishing syndicates.

In January, KrebsOnSecurity highlighted research into Funnull, a dubious and sprawling content delivery network specializing in assisting China-based gambling and money laundering websites in distributing their operations across multiple U.S. cloud providers. This investigative work proved instrumental. Five months later, the U.S. government sanctioned Funnull, identifying it as a primary source of "pig butchering" investment and romance scams, a particularly pernicious form of online fraud. The government’s action validated the critical findings of KrebsOnSecurity’s initial report.

Happy 16th Birthday, KrebsOnSecurity.com!

The crackdown on organized cybercrime extended to Pakistan in May, where 21 individuals were arrested for their alleged involvement with Heartsender, a phishing and malware dissemination service first profiled by KrebsOnSecurity in 2015. These arrests followed swift action by the FBI and Dutch police, who had seized dozens of servers and domains associated with the group. Notably, many of those apprehended had been publicly identified in a 2021 article detailing how they had inadvertently infected their own computers with malware, inadvertently revealing their real-world identities and leading to their eventual capture.

In April, the U.S. Department of Justice indicted the proprietors of a Pakistan-based e-commerce company for conspiring to distribute synthetic opioids in the United States. The following month, KrebsOnSecurity revealed a disturbing parallel: the proprietors of this sanctioned entity were perhaps more widely known for operating an elaborate and long-standing scheme to defraud Westerners seeking assistance with services such as trademark registration, book writing, mobile app development, and logo design. This dual revelation exposed a complex criminal enterprise exploiting both illicit drug trade and fraudulent service provision.

Earlier this month, a deeply unsettling investigation exposed an academic cheating empire, amplified by Google Ads, that had amassed tens of millions of dollars in revenue. This empire harbored curious ties to a Kremlin-connected oligarch whose Russian university is known for building drones utilized in Russia’s war against Ukraine. This connection raises profound questions about the intersection of educational fraud and geopolitical conflict, highlighting how profit motives can align with state-sponsored aggression.

As always, KrebsOnSecurity has diligently monitored the world’s most significant and disruptive botnets, which unleashed distributed denial-of-service (DDoS) assaults upon the internet this year. These attacks were characterized by their unprecedented scale, being two to three times larger and more impactful than previous record-breaking DDoS incidents.

Happy 16th Birthday, KrebsOnSecurity.com!

In June, KrebsOnSecurity.com itself fell victim to the largest DDoS attack that Google had mitigated at that time, a testament to the site’s visibility and impact. The attack was attributed to an Internet-of-Things botnet known as Aisuru, which had rapidly expanded in size and power since its emergence in late 2024. A subsequent Aisuru attack on Cloudflare shortly thereafter nearly doubled the scale of the assault on this website, and further Aisuru attacks continued to escalate the record-breaking DDoS landscape. In October, it appeared that the cybercriminals behind Aisuru had pivoted their focus from DDoS to the more lucrative and sustainable enterprise of renting out hundreds of thousands of infected IoT devices for proxy services, enabling cybercriminals to anonymize their traffic.

However, recent revelations suggest that at least some of the disruptive botnet and residential proxy activity attributed to Aisuru last year was, in fact, the work of the architects behind a formidable botnet named Kimwolf. XLab, a Chinese security firm that first chronicled Aisuru’s rise, recently profiled Kimwolf as arguably the world’s largest and most dangerous collection of compromised machines, boasting approximately 1.83 million devices under its control as of December 17. XLab’s report notably highlighted the Kimwolf author’s "obsessive" fixation on Brian Krebs, the investigative journalist himself, leaving "easter eggs" related to him scattered throughout their research.

KrebsOnSecurity is pleased to announce that its first stories of 2026 will delve deeply into the origins of Kimwolf, scrutinizing its unique and highly invasive methods of spreading digital contagion. The initial installment in this series will present a sobering global security notification concerning the devices and residential proxy services inadvertently fueling Kimwolf’s rapid expansion.

Krebs reiterated his heartfelt thanks for the continued readership, encouragement, and support. He made a special plea to readers to consider making an exception for KrebsOnSecurity.com within their ad blockers, emphasizing that the site’s advertisements are limited to a handful of static, in-house vetted images with no third-party content, and that disabling ad blockers directly supports the investigative work. He also encouraged new subscribers to sign up for the email newsletter, a plain-text dispatch sent upon publication of each new story, which promises one to two emails per week, never shares the email list, and avoids surveys or promotions. The anniversary concludes with a warm "Thanks again, and Happy New Year everyone! Be safe out there."