An underground forum called Nulled.io that helped users share stolen credentials, software cracks, and leaked content was hacked earlier this month, spilling a glut of information, including users’ email addresses, encrypted passwords, and IP addresses, among other details. According to researchers at Risk Based Security who reported the breach last week, a 1.3 GB tar.gz...

As zero days in Adobe Flash Player continue to bubble to the surface, major technology players are announcing their plans to shove the maligned software aside in favor of HTML5. Google is the latest, announcing recently that by Q4 of this year, HTML5 would be the default in the Chrome browser, except for content on...

Incidents of Android lockscreen malware masquerading as porn apps are a growing concern to security analysts who are forecasting an uptick in attacks. Once infected, Android users bitten by this malware appear to be locked out of their device and are forced to undergo a complex extraction of the app to win back control of...

Starting in April security experts at FireEye spotted a massive uptick in Cerber ransomware attacks delivered via a rolling wave of spam. Researchers there link the Cerber outbreaks to the fact that attackers are now leveraging the same spam infrastructure credited for making the potent Dridex financial Trojan extremely dangerous. Cerber, which is best known...

Mike Mimoso and Chris Brook discuss the news of the week, including zero day vulnerabilities–both in Adobe Flash and Windows, a nasty vulnerability in SAP business applications, Mozilla asking FBI to disclose a Tor exploit, and more. Download: Threatpost_News_Wrap_May_13_2016.mp3 Music by Chris Gonsalves

News of yet another attack involving a bank and SWIFT, the financial network used by thousands of banks to transfer funds, came to light Thursday as investigators continue to probe a separate $81 million heist in February involving the network and the central bank of Bangladesh. The Brussels-based global financial messaging network notified users on...

Several vulnerabilities were fixed this week in the file archiver 7-Zip that could have led to arbitrary code execution and file corruption. The developer behind the tool-which is open source and can be used with any compression, conversion, or encryption method-is urging users to update to the most recent patched version, 16.00, as soon as possible to...

As promised earlier this week, Adobe today released an updated version of Flash Player that includes a patch for a zero-day vulnerability. Adobe said it is aware of the existence of a public exploit for CVE-2016-4117, but said the flaw has not been publicly attacked. The vulnerability affects Flash Player versions 21.0.0.226 and earlier on Windows,...

Google is urging Windows, Mac and Linux users to update their Chrome browser to fix five security holes – two which rate as high severity. Google warned users of the vulnerabilities Wednesday as it released a new version, 50.0.2661.102, of the browser. The Chrome security holes were found by four bug bounty hunters as part of Google’s Chromium Project and...

Mozilla on Wednesday filed a motion with the U.S. District Court in Tacoma, Wa., asking the government to disclose a vulnerability it exploited in the Tor Browser and Firefox. The FBI used the zero-day to hack a child pornography site and de-anonymize users visiting the site using the Tor Browser. Mozilla’s motion asks that the...