Microsoft and law enforcement announced a coordinated takedown of the Lumma pasword-stealing malware.
Cache Me Out
Technology on the move.
Technology on the move.
Microsoft and law enforcement announced a coordinated takedown of the Lumma pasword-stealing malware.
<article>
<hr><ul><li><strong>The faulty CrowdStrike update disrupted operations at Delta</strong></li><li><strong>The airline sued the cybersecurity outfit, which then filed a motion to dismiss</strong></li><li><strong>The judge denied the motion and gave the lawsuit the go-ahead</strong></li></ul><hr><p>Delta’s lawsuit against cybersecurity outfit CrowdStrike got the judge’s green light and will proceed. Earlier this May, Judge Kelly Lee Ellerbe filed their decision with the Fulton County Superior Court, denying CrowdStrike’s motion to dismiss and allowing most of Delta’s claims to move forward.</p><p>Here is a little context: Last year, cybersecurity company CrowdStrike pushed a faulty update to users on Windows devices, causing widespread disruption. Banks, airlines, TV broadcasters, and many other companies, were unable to operate nominally due to the dreaded Blue Screen of Death popping up across their IT infrastructure.</p><p>US airline Delta was hit particularly hard. According to <em>The Register</em>, it took five days to recover, significantly more than rivals American Airlines and United Airlines. What’s more, the same source claims Delta was forced to ground a lot more airplanes compared to other organizations.</p><div class="product"><a data-dimension112="00f5c790-2c32-447b-bc58-4f663ad15e44" data-action="Deal Block" data-label="TechRadar Pro readers can get 60% off Premium Plans at RoboForm now!" data-dimension48="TechRadar Pro readers can get 60% off Premium Plans at RoboForm now!" href="https://www.kqzyfj.com/click-6361382-13820020?sid=trdpro-gb-3630665983516969898" target="_blank" rel="nofollow"><figure class="van-image-figure " ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:300px;"><p class="vanilla-image-block" style="padding-top:100.00%;"><img id="v6SQoUxgTNFXAJqBnhu8fb" name="roboform.png" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/v6SQoUxgTNFXAJqBnhu8fb.png" mos="" align="middle" fullscreen="" width="300" height="300" attribution="" endorsement="" credit="" class=""></p></div></div></figure></a><p><a href="https://www.kqzyfj.com/click-6361382-13820020?sid=trdpro-gb-3630665983516969898" target="_blank" rel="nofollow" data-dimension112="00f5c790-2c32-447b-bc58-4f663ad15e44" data-action="Deal Block" data-label="TechRadar Pro readers can get 60% off Premium Plans at RoboForm now!" data-dimension48="TechRadar Pro readers can get 60% off Premium Plans at RoboForm now!" data-dimension25=""><em><strong>TechRadar Pro readers can get 60% off Premium Plans at RoboForm now!</strong></em></a></p><p>New users can take advantage of RoboForm’s exclusive deal and get 60% off the Premium Plan. With this deal, you can get unlimited password storage, one-click login & autofill, password sharing, two-factor authentication for added protection, cloud backup, and emergency access for trusted contacts. To claim this deal, visit this link and sign up for the Premium Plan to lock in this huge discount.</p><p><em>Preferred partner (</em><a href="https://www.techradar.com/news/content-funding-on-techradar" target="_blank"><em>What does this mean?</em></a><em>)</em><a class="view-deal button" href="https://www.kqzyfj.com/click-6361382-13820020?sid=trdpro-gb-3630665983516969898" target="_blank" rel="nofollow" data-dimension112="00f5c790-2c32-447b-bc58-4f663ad15e44" data-action="Deal Block" data-label="TechRadar Pro readers can get 60% off Premium Plans at RoboForm now!" data-dimension48="TechRadar Pro readers can get 60% off Premium Plans at RoboForm now!" data-dimension25="">View Deal</a></p></div><h2 id="motion-to-dismiss-6">Motion to dismiss</h2><p>This prompted Delta to sue CrowdStrike claiming the company deployed the <a data-analytics-id="inline-link" href="https://www.techradar.com/best/best-patch-management-tools" target="_blank">update</a> without permission, bypassed Microsoft’s certification process, and failed to properly test the update before release. CrowdStrike admitted the update was flawed but claims Delta’s delayed recovery was due to its own decisions. The lawsuit included multiple claims, such as breach of contract, trespass, negligence, and fraud.</p><p>CrowdStrike filed a motion to dismiss, arguing that Delta’s claims were invalid. The argument here is that the claims should be limited by the contract under Georgia’s economic loss rule, which generally prevents tort claims for purely financial losses arising from a contract. Delta says CrowdStrike violated independent duties, such as obligations under trespass laws and cybersecurity standards.</p><p>Now, the judge has partially denied CrowdStrike’s motion to dismiss. Namely, trespass and negligence claims are valid, while fraud claims were upheld in part.</p><p>The Register spoke to CrowdStrike’s outside counsel, Michael Carlinsky of law firm Quinn Emanuel, who says that the worst-case scenario is the company having to pay “single-digit millions” to Delta. The airline, on the other hand, is “pleased by the ruling”.</p><p><em>Via </em><a data-analytics-id="inline-link" href="https://www.theregister.com/2025/05/21/judge_allows_deltas_lawsuit_against/" target="_blank"><em>The Register</em></a></p><h3 class="article-body__section" id="section-you-might-also-like"><span>You might also like</span></h3><ul><li><a href="https://www.techradar.com/news/live/windows-outage-july-2024-live" target="_blank">Global Windows outage plunged banks, airlines, and more into chaos – here's everything you need to know</a></li><li>Take a look at our guide to the <a href="https://www.techradar.com/best/best-authenticator-apps" target="_blank">best authenticator app</a></li><li>We've rounded up the <a href="https://www.techradar.com/best/password-manager" target="_blank">best password managers</a></li></ul>
</article>
<article>
<hr><ul><li><strong>Coinbase filed a new form with the Maine Attorney General</strong></li><li><strong>It confirmed when the attack happened and how many people were affected</strong></li><li><strong>The company confirmed offering a bounty </strong></li></ul><hr><p>We now know exactly how many people are affected by the recent Coinbase data breach - 69,461. The company confirmed the news in a new filing with the Office of the Maine Attorney General. In the filing, the company said that the attack took place in late December, 2024, and that it was spotted months later, in mid-May 2025.</p><p>It also shared a data breach notification letter it is sending out to affected people, in which it detailed what happened.</p><p>Apparently, threat actors bribed “a small number of individuals performing services for Coinbase” to have them exfiltrate sensitive customer data.</p><div class="product"><a data-dimension112="7482c33b-a3ae-4531-ae78-1a98be3cc76f" data-action="Deal Block" data-label="Save up to 68% on identity theft protection for Techradar readers" data-dimension48="Save up to 68% on identity theft protection for Techradar readers" href="https://buy.aura.com/techradar" target="_blank" rel="nofollow"><figure class="van-image-figure " ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:400px;"><p class="vanilla-image-block" style="padding-top:56.50%;"><img id="nFBwiaT7Wu3AQDQBqY3Ccb" name="Aura Logo Box" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/nFBwiaT7Wu3AQDQBqY3Ccb.jpg" mos="" align="middle" fullscreen="" width="400" height="226" attribution="" endorsement="" credit="" class=""></p></div></div></figure></a><p><a href="https://buy.aura.com/techradar" target="_blank" rel="nofollow" data-dimension112="7482c33b-a3ae-4531-ae78-1a98be3cc76f" data-action="Deal Block" data-label="Save up to 68% on identity theft protection for Techradar readers" data-dimension48="Save up to 68% on identity theft protection for Techradar readers" data-dimension25=""><strong>Save up to 68% on identity theft protection for Techradar readers</strong></a></p><p>TechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal.</p><p><em>Preferred partner (</em><a href="https://www.techradar.com/news/content-funding-on-techradar"><em>What does this mean?</em></a><em>)</em><a class="view-deal button" href="https://buy.aura.com/techradar" target="_blank" rel="nofollow" data-dimension112="7482c33b-a3ae-4531-ae78-1a98be3cc76f" data-action="Deal Block" data-label="Save up to 68% on identity theft protection for Techradar readers" data-dimension48="Save up to 68% on identity theft protection for Techradar readers" data-dimension25="">View Deal</a></p></div><h2 id="extortions-and-bounties-6">Extortions and bounties</h2><p>These individuals, which were allegedly fired afterwards, stole <a data-analytics-id="inline-link" href="https://www.techradar.com/best/best-identity-theft-protection" target="_blank">identity information</a> (names, dates of birth, last four digits of their social security numbers), masked bank account numbers and “some bank account identifiers”, addresses, phone numbers, email addresses, images of IDs, driver’s licenses, and passports, and different account information (transaction history, balance, transfers, and more).</p><p>The attackers then tried to extort Coinbase for $20 million, in exchange for deleting the data. Coinbase not only denied the offer, but also doubled-down on it, offering the exact same sum - $20 million, to whoever comes forward with actionable information about the identities or whereabouts of the attackers.</p><p>Earlier reports on Reuters claimed the attack might cost Coinbase between $180 million and $400 million, citing a regulatory filing the company submitted recently.</p><p>Besides offering a $20 million bounty, Coinbase also promised to “make customers whole” - by reimbursing anyone who can prove that they lost money after a social engineering attack made possible by the data stolen from the crypto exchange.</p><p>Coinbase also said it was working with law enforcement, and urged users to stay vigilant, create strong passwords, set up multi-factor <a data-analytics-id="inline-link" href="https://www.techradar.com/best/best-authenticator-apps" target="_blank">authentication</a> (MFA), and never share their login credentials with anyone.</p><p><em>Via </em><a data-analytics-id="inline-link" href="https://techcrunch.com/2025/05/21/coinbase-says-its-data-breach-affects-at-least-69000-customers/" target="_blank"><em>TechCrunch</em></a></p><h3 class="article-body__section" id="section-you-might-also-like"><span>You might also like</span></h3><ul><li><a href="https://www.techradar.com/pro/security/personal-information-leaked-in-coinbase-cyberattack-cost-could-be-usd400-million" target="_blank">Personal information leaked in Coinbase cyberattack, cost could be $400 million</a></li><li>Take a look at our guide to the <a href="https://www.techradar.com/best/best-authenticator-apps" target="_blank">best authenticator app</a></li><li>We've rounded up the <a href="https://www.techradar.com/best/password-manager" target="_blank">best password managers</a></li></ul>
</article>
<article>
<hr>
Experts have uncovered a flaw in WinRAR which could allow threat actors to bypass the Mark of the Web (MotW) and deploy malware on people’s computers.
The vulnerability was discovered by Japanese researcher Shimamine Taihei from the Mitsui Bussan Secure Directions, and is now tracked as CVE-2025-31334, and was given a severity score of 6.8/10 (medium).
MotW is a security mechanism that displays a warning when an executable file is downloaded from the internet. It is built into Windows and serves as an additional layer of security, warning people that files downloaded from the internet might be dangerous - however, there is a way to work around the warning when a file is shared in an archived format.
Monitor your credit score with TransUnion starting at $29.95/month
TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnion’s advanced risk assessment tools.
Preferred partner (What does this mean?)View Deal
“If symlink pointing at an executable was started from WinRAR shell, the executable Mark of the Web data was ignored,” WinRAR explained the vulnerability.
A symlink (short for symbolic link) is a shortcut or alias to a file or folder. Instead of copying a file, a symlink just points to it. Therefore, a hacker could create a symlink pointing to an executable with MotW, and if a victim runs it, the MotW wouldn’t show.
The vulnerability was found in all older versions of WinRAR, and it was addressed in version 7.11, which is now available for download.
Ever since Mark of the Web was introduced, cybercriminals have been looking for different ways to bypass it and deliver malware without warning.
In late January 2025, 7-Zip patched a major flaw that enabled just that. It is tracked as CVE-2025-0411 and was given a high severity score, 7/10. Earlier still, in 2022, researchers found a password-protected .ZIP file with an .ISO file inside that was able to bypass MotW.
To mitigate the risk, users should always keep their archivers up to date, and be vigilant when downloading files from the internet.
Via BleepingComputer
</article>
<article>
<hr>
Multiple open source software packages on the Python Package Index (PyPI) repository were found to be malicious, likely compromising thousands of devices, experts have warned.
Cybersecurity researchers at ReversingLabs found two malicious packages, “bitcoinlibdbfix” and “bitcoinlib-dev”, which cumulatively have around 2,000 downloads.
They claim to be a fix for a legitimate Python module named “bitcoinlib”, which contains features for creating and managing cryptocurrency wallets.
Monitor your credit score with TransUnion starting at $29.95/month
TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnion’s advanced risk assessment tools.
Preferred partner (What does this mean?)View Deal
Recently, the community discussed an issue related to how the package generates error messages.
The crooks saw this as an opportunity, created the two malicious packages and jumped into the conversation in an attempt to distribute them. It doesn’t seem to have worked: “The malicious content of that library was detected by the package contributors and the comments were deleted,” ReversingLabs said.
Both libraries attempted a similar attack, the researchers further explained. The idea was to overwrite the legitimate ‘clw cli’ command with malicious code, exfiltrating sensitive database files.
At the same time, researchers from Socket found a third package, which doesn’t target bitcoin developers, but rather WooCommerce stores. Furthermore, this package doesn’t even try to hide its true intentions, and instead is “openly malicious”. Despite being obvious malware, it still managed to rake in 37,217 downloads.
The malware is called “disgrasya” and works as a fully automated carding script. "The malicious payload was introduced in version 7.36.9, and all subsequent versions carried the same embedded attack logic," Socket said.
Carding is a type of cybercrime where stolen credit card information is used to make unauthorized purchases or test if the card is still active. Since criminals often buy these card details from the dark web, whoever built and distributed disgrasya could have profited greatly from it.
Via The Hacker News
</article>
<article>
<hr>
Hackers are stealing mailing lists from major companies and using them to break into people’s cryptocurrency wallets and snatch their funds.
A new report from cybersecurity researchers Silent Push, who dubbed the campaign ‘PoisonSeed’, outlined how the criminals first set up spoofed landing pages for companies such as Coinbase, Ledger, Mailchimp, SendGrid, Hubspot, and others. They harvest people’s login credentials, which allow cybercriminals to log into mailing service accounts and exfiltrate any mailing lists.
Then they would send emails, impersonating those companies, and urging users to set up a new Coinbase Wallet, using the seed phrase embedded in the email. A seed phrase is a series of 12 to 24 words generated by the wallet that gives access to the funds inside. It acts as a master key, so anyone who has it can restore the wallet and control the cryptocurrencies inside.
Monitor your credit score with TransUnion starting at $29.95/month
TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnion’s advanced risk assessment tools.
Preferred partner (What does this mean?)View Deal
"Recipients of the bulk spam are targeted with a cryptocurrency seed phrase poisoning attack," Silent Push explained.
"As part of the attack, PoisonSeed provides security seed phrases to get potential victims to copy and paste them into new cryptocurrency wallets for future compromising."
Once users set up new wallets, and top them up with their funds, the criminals can simply send the money elsewhere, which is a permanent loss for the victims.
The researchers believe the campaign is the work of two “loosely aligned” threat actors, called Scattered Spider, and CryptoChameleon, both of which are reportedly part of a broader cybercrime ecosystem called The Com.
Since cryptocurrency is permissionless and decentralized, once the funds are sent from one wallet to another, the only way to retrieve them is to have the other side send the money back.
In 2024, the US government has seized tens of millions of dollars' worth of crypto, as part of a broader investigation into market manipulation, theft, fraud, and more.
Via The Hacker News
</article>
Source: PoisonSeed campaign hijacks business CRM and email accounts to send out huge amounts of spam
Despite the stealthy nature of spyware, security researchers keep detecting Pegasus spyware attacks in part because of sloppy 'operational security.'