A new variant of the DarkCloud information-stealing malware has emerged, leveraging the AutoIt scripting language to bypass security tools and harvest sensitive credentials from infected systems. Dubbed DarkCloud Stealer v4, the malware has targeted financial institutions, healthcare organizations, and e-commerce…
Category: EN
TransferLoader Malware Allows Attackers to Execute Arbitrary Commands on Compromised System
A newly identified malware loader dubbed TransferLoader has emerged as a critical threat, enabling attackers to execute arbitrary commands on compromised systems and deliver payloads such as the Morpheus ransomware. First detected in February 2025 by Zscaler ThreatLabz researchers, this…
Xerox Issues April 2025 Security Patch Update for FreeFlow Print Server v2
Xerox has announced the release of its April 2025 Security Patch Update for the FreeFlow® Print Server v2 running on Windows® 10, reinforcing the company’s commitment to robust cybersecurity for its production print platforms. The update, officially released on May…
Coinbase Rejects $20M Ransom After Rogue Contractors Bribed to Leak Customer Data
Coinbase said a group of rogue contractors were bribed to pull customer data from internal systems, leading to a $20 million ransom demand. The post Coinbase Rejects $20M Ransom After Rogue Contractors Bribed to Leak Customer Data appeared first on…
BSidesLV24 – GroundFloor – The Road To Developers’ Hearts
Author/Presenter: Sing Ambikapathi Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel. Permalink The post BSidesLV24…
Microsoft Outlook Down – Millions of Business & Personal Users Worldwide Impacted
A major outage hit Microsoft Outlook and other Microsoft 365 services on Thursday, May 15, 2025, leaving millions of users around the globe unable to access their email, calendars, and other essential productivity tools. The disruption began in the evening…
Xerox Launches April 2025 Security Patch for FreeFlow Print Server v2
Xerox has launched its April 2025 Security Patch Update for the FreeFlow Print Server v2 running on Windows 10, addressing over 40 critical vulnerabilities while introducing stricter encryption protocols for secure file transfers. The update, detailed in Security Bulletin XRX25-009,…
New .NET Multi-Stage Loader Targets Windows Systems to Deploy Malicious Payloads
A recently discovered .NET-based multi-stage loader has caught the attention of cybersecurity researchers due to its complex architecture and ability to deploy a range of malicious payloads on Windows systems. Tracked since early 2022 by Threatray, this loader employs a…
Barclays Introduces New Step-by-Step Model to Tackle Modern Fraud
Banks and shops are facing more advanced types of fraud that mix online tricks with real-world scams. To fight back, experts from Barclays and a security company called Threat Fabric have created a detailed model to understand how these…
One Click Is All It Takes: New Mac Malware Steals Your Data
A growing number of Mac users are being tricked into downloading harmful software through fake verification messages. These scams look like normal human checks, such as Google’s “I’m not a robot” box, but are actually part of a malware…
Audio and Video Chat Recording Could Be Part of Nintendo Switch 2
Audio and Video Chat Recording Could Be Part of Nintendo Switch 2. In an official announcement from Nintendo, a new in-game communication system known as GameChat will be included in the Nintendo Switch 2 console, which is due…
iHeartMedia Cyberattack Exposes Sensitive Data Across Multiple Radio Stations
iHeartMedia, the largest audio media company in the United States, has confirmed a significant data breach following a cyberattack on several of its local radio stations. In official breach notifications sent to affected individuals and state attorney general offices…
Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails
Cryptocurrency exchange Coinbase has disclosed that unknown cyber actors broke into its systems and stole account data for a small subset of its customers. “Criminals targeted our customer support agents overseas,” the company said in a statement. “They used cash…
PowerShell-Based Loader Deploys Remcos RAT in New Fileless Attack
A stealthy fileless PowerShell attack using Remcos RAT bypassed antivirus by operating in memory This article has been indexed from www.infosecurity-magazine.com Read the original article: PowerShell-Based Loader Deploys Remcos RAT in New Fileless Attack
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 5, 2025 to May 11, 2025)
📢 In case you missed it, Wordfence just published its annual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. …
Customer Data Compromised in Dior Cyber Attack
Luxury fashion house Dior experienced a significant security incident when unauthorized external actors breached their customer database. According to the official notification, Dior immediately implemented containment protocols and engaged cybersecurity experts to investigate the intrusion. The breach exposed various categories…
Nucor Steel Manufacturer Halts Production After Cyberattack
Nucor Corporation, one of North America’s largest steel producers, has temporarily halted production at multiple facilities following a cybersecurity breach that compromised critical operational systems. The incident, disclosed in a May 15, 2025, SEC filing, marks one of the most…
Coinbase suffers data breach, gets extorted (but won’t pay)
Cryptocurrency exchange platform Coinbase has suffered a breach, which resulted in attackers acquiring customers’ data that can help them mount social engineering attacks, the company confirmed today by filing a report with the US Securities and Exchange Commission (SEC). The…
SAP NetWeaver Flaw Exploited by Ransomware Groups and Chinese-Backed Hackers
The critical vulnerability is being exploited by BianLian, RansomwEXX and a Chinese nation-state actor known as Chaya_004 This article has been indexed from www.infosecurity-magazine.com Read the original article: SAP NetWeaver Flaw Exploited by Ransomware Groups and Chinese-Backed Hackers
Node.js Vulnerability Enables Attackers to Crash Processes and Disrupt Services
Node.js project has released a critical security update addressing several vulnerabilities that could allow attackers to crash server processes and disrupt critical services. The security fixes, announced on May 14, 2025 by Node.js maintainer RafaelGSS, affect multiple release lines (LTS…