Cryptocurrency portfolio manager CoinStats recently resumed activity after hackers drained over $2 million in virtual assets from 1,590 hosted wallets.  The incident occurred on Friday and prompted CoinStats to shut down its application to mitigate the attack.  Because CoinStats asks for read-only access to connected wallets, only some of those created directly within CoinStats were affected by the hack.  CoinStats noted that none of the connected wallets and CEXes were impacted.

A now-patched security flaw impacting the Ollama open source Artificial Intelligence (AI) infrastructure platform could have enabled Remote Code Execution (RCE). Ollama is a service used to package, deploy, and run Large Language Models (LLMs) locally on Windows, Linux, and macOS devices. The vulnerability, dubbed "Probllama" by the cloud security company Wiz, stems from insufficient input validation. Exploitation requires the threat actor to send specially crafted HTTP requests to the Ollama Application Programming Interface (API) server.

A study conducted by security researchers from Stanford University and the CISPA Helmholtz Center for Information Security found that the Chrome Web Store (CWS) has many malicious extensions. Some include malware, while others are vulnerable due to bugs or violate policies. This article continues to discuss the study "What is in the Chrome Web Store? Investigating Security-Noteworthy Browser Extensions."

Group-IB researchers have detailed the operations of a threat actor named "Boolka." Their activities include launching sophisticated malware and web attacks. The group has been exploiting vulnerabilities through SQL injection attacks on websites since 2022. The injected scripts intercept user inputs to steal data. In January 2024, Group-IB analysts found a Boolka-linked landing page that distributed the "BMANAGER" modular Trojan. This discovery revealed Boolka's malware delivery platform, which leverages the BeEF framework.

A flaw in a premium Facebook module for PrestaShop named "pkfacebook" allows hackers to use a card skimmer on vulnerable e-commerce websites to steal credit card information. PrestaShop is an open source e-commerce platform where individuals and businesses develop and manage online stores. Promokit's pkfacebook add-on lets shop visitors log in with Facebook, leave comments on shop pages, and chat with support agents via Messenger. The critical SQL injection vulnerability in pkfacebook's facebookConnect.php Ajax script enables remote attackers to trigger SQL injection using HTTP requests.

In an attack called "SnailLoad," computer scientists from the Institute of Applied Information Processing and Communication Technology (IAIK) at Graz University of Technology (TU Graz) were able to track users' online activities in detail by analyzing fluctuations in the speed of their Internet connection. The attack does not require malicious code or access to the data traffic. Internet users leave traces on websites and online services. Firewalls, Virtual Private Network (VPN) connections, and browser privacy modes are measures that provide some level of data protection.

"Rafel" is an open source Android RAT used by multiple threat actors, including an espionage group. According to an earlier Check Point Research (CPR) report, Rafel had already been linked to the "APT-C-35/DoNot Team." CPR highlighted the RAT's remote access, surveillance, data exfiltration, and persistence maintenance capabilities. Through collecting malware samples and analyzing around 120 Command-and-Control (C2) servers, CPR identified the US, China, and Indonesia as the most impacted countries. Most of the devices infected were Samsung phones, followed by Xiaomi, Vivo, and Huawei.

The Electronic Frontier Foundation (EFF) warns of risks and threats associated with mass surveillance technologies after the disclosure of several potentially severe vulnerabilities in Automated License Plate Readers (ALPRs). ALPRs are high-speed camera systems that automatically capture license plate numbers in their view. They can also capture location, date, time, and other data. The organization's latest warning follows the US Cybersecurity and Infrastructure Security Agency's (CISA) advisory about vulnerabilities in Vigilant license plate readers made by Motorola Solutions.

In collaboration with Google, Florida International University (FIU) researchers have identified a new threat: ransomware over a browser, which is malware embedded in a browser. According to the researchers, this threat is not specific to a particular browser type or version. Many browsers now include many advanced features in addition to allowing users to surf the web, making them more vulnerable from a cybersecurity standpoint. Cybercriminals have begun to exploit these vulnerabilities to install ransomware in browsers.