VulnHub

Real-time Cybersecurity News

Bitrefill pins extensive purchase record-exposing hack on Lazarus Group

SCM feed for Latest
Data Breach

Overview

Bitrefill, a cryptocurrency e-commerce platform, has reported a cyberattack attributed to the North Korean hacking group Lazarus Group. This incident, which occurred earlier this month, resulted in the theft of 18,500 purchase records from Bitrefill's infrastructure. The stolen data could potentially expose users' transaction histories and personal information, raising significant privacy concerns. The involvement of Lazarus Group highlights the ongoing threat posed by state-sponsored cybercriminals, particularly in the cryptocurrency sector. As cryptocurrency transactions often lack the same protections as traditional financial systems, users need to remain vigilant and consider the security of platforms they use.

Key Takeaways

  • Affected Systems: Bitrefill purchase records
  • Timeline: Newly disclosed

Original Article Summary

North Korean hacking collective Lazarus Group has been blamed by cryptocurrency e-commerce platform Bitrefill for a cyberattack against portions of its infrastructure earlier this month, which led to the theft of 18,500 purchase records, reports CoinDesk.

Impact

Bitrefill purchase records

Exploitation Status

The exploitation status is currently unknown. Monitor vendor advisories and security bulletins for updates.

Timeline

Newly disclosed

Remediation

Not specified

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Data Breach.

Read Original Article

Related Coverage

Interlock ransomware targeting of max severity Cisco FMC zero-day precedes disclosure

SCM feed for Latest

The Interlock ransomware group has been exploiting a severe zero-day vulnerability in Cisco Secure Firewall Management Center software, identified as CVE-2026-20131, since January 26, prior to its public disclosure. This vulnerability allows for insecure deserialization, which can lead to unauthorized access and potential takeover of affected systems. Organizations using Cisco's Secure Firewall Management Center should be particularly vigilant, as the attacks have been ongoing for over a month, posing a significant risk to network security. The situation emphasizes the urgent need for timely security updates and monitoring to protect against such exploitation.

Mar 19, 2026

Refund fraud evolves into packaged digital products on underground markets

SCM feed for Latest

The underground market has seen a rise in refund fraud schemes, where methods like 'refund without return' allow customers to keep items while still getting their money back. Other tactics include chargeback fraud, where buyers dispute charges after receiving goods, and empty-box returns, where customers send back nothing or an empty box. These evolving practices not only cost retailers millions but also complicate the return process for legitimate customers. As these fraudulent activities gain traction, they pose a significant risk to businesses, affecting their bottom line and operational integrity. Companies need to be vigilant and adapt their return policies to combat these schemes effectively.

Mar 19, 2026

AI Conundrum: Why MCP Security Can't Be Patched Away

darkreading

At the RSAC 2026 Conference, a researcher raised alarms about the security risks associated with MCP (Multi-Cloud Platform) in large language model (LLM) environments. They explained that these risks are rooted in the architecture of MCP itself, making them difficult to address with simple patches or updates. This situation poses a significant challenge for organizations utilizing LLMs, as they may inadvertently expose sensitive data or systems to attackers. The implications are serious, affecting not just the integrity of the models but also the security of the broader infrastructure that supports them. Companies using MCP need to reassess their security frameworks to mitigate these inherent vulnerabilities.

Mar 19, 2026

Aura customer data exposed in voice phishing attack

SCM feed for Latest

Aura, a digital security company, has reported a data breach linked to a voice phishing attack that compromised customer information. The exposed data originated from a marketing tool that Aura acquired in 2021. While specific details about the type of data exposed have not been disclosed, the incident raises concerns about the safety of customer data and the potential for further exploitation by cybercriminals. Users affected by this breach should be vigilant for phishing attempts and other suspicious activities. This incident highlights the ongoing risks associated with third-party tools and the importance of robust security measures for customer data protection.

Mar 19, 2026

IP KVM device vulnerabilities pose significant network risks

SCM feed for Latest

Researchers from Eclypsium have identified vulnerabilities in four different IP KVM devices: GL-iNet Comet RM-1, Angeet/Yeeso ES3 KVM, Sipeed NanoKVM, and JetKVM. These security flaws allow unauthorized users to gain root access or run malicious code without authentication. This situation poses a serious risk to networks utilizing these devices, as attackers could potentially manipulate connected systems. It’s crucial for users of these products to be aware of these vulnerabilities and take necessary precautions to secure their networks. The discovery emphasizes the need for regular security assessments and updates for devices that manage critical network functions.

Mar 19, 2026

ConnectWise warns of critical ScreenConnect vulnerability

SCM feed for Latest

ConnectWise has issued a warning about a serious vulnerability in its ScreenConnect software. This flaw allows attackers to extract ASP.NET machine keys, which could lead to unauthorized access to user sessions. Organizations using ScreenConnect could be at risk, as this vulnerability enables attackers to bypass authentication controls. Users should be aware of the potential for misuse of their systems and take immediate action to protect their data. It is crucial for affected parties to stay updated on this issue and implement necessary safeguards to prevent exploitation.

Mar 19, 2026