We’ve gathered the most important cybersecurity news of the week. Procolored printer drivers were found to contain cryptocurrency-stealing malware. Twelve people have been arrested in the US, accused of running a $263 million cryptocurrency fraud scheme. Dior has confirmed a cyberattack and data breach. Telegram has removed casino bots from its platform. Procolored printer drivers contained a cryptocurrency stealer For at least six months, the official software shipped with Procolored printers included a remote access trojan and a cryptocurrency stealer. This was first pointed out by YouTube blogger Serial Hobbyism. After installing the drivers for the Procolored V11 Pro UV printer, the user detected the Floxif USB worm on their computer using antivirus software. Third-party experts helped the blogger discover that at least six printer models (F8, F13, F13 Pro, V6, V11 Pro, and VF13 Pro), whose associated software was hosted on the Mega file-sharing platform, contained the XRedRAT trojan and the SnipVex clipper. The latter infects .exe files and replaces Bitcoin addresses in the clipboard. The address SnipVex is using to drain the stolen cryptocurrency has received about 9,308 BTC (~$1 million at the time of the report). The malicious software packages have already been removed, and an internal investigation has been launched. The U.S. has arrested 12 defendants accused of cryptocurrency fraud totaling $263 million. US authorities have charged 12 individuals in a cybercrime conspiracy to commit extortion, fraud, and money laundering that netted them more than $263 million. According to the DOJ, from October 2023 through March 2025, the group of U.S. and foreign nationals engaged in database hacking, phishing, and apartment burglaries to steal cryptocurrency hardware wallets. The criminal proceeds were spent on nightclubs, private jet rentals, security guards, and sports cars worth up to $3.8 million. $9 million was spent on exotic cars alone, with another $4 million spent on parties. Part of the scheme was uncovered with the help of crypto detective ZachXBT, who in August 2024 traced the theft of nearly 4,100 BTC from an early crypto investor. The investigation is ongoing. Dior confirms cyberattack and data breach French luxury brand Dior reported a cybersecurity incident that was discovered on May 7, in which unidentified individuals gained unauthorized access to partial customer information. The affected data includes names, gender, phone numbers, emails, addresses, purchase history, and preferences. The company assured that the database did not contain account passwords or financial information, including bank details, card details, or IBANs. Steps have been taken to limit the breach, and an investigation with cybersecurity experts is underway. The Personal Data Protection Commission and affected customers have been notified of the situation. The number of those affected and their regions of residence have not been disclosed. Telegram has removed casino bots Telegram has removed the largest gambling project on the platform, @CasinoBot. A number of other major projects with audiences in the millions were also targeted in the large-scale sweep, according to 'Durov's Code.' The messenger had previously blocked keywords such as 'casino,' 'freespin,' and others in searches, depriving such projects of organic traffic. Telegram is allegedly stepping up content moderation amid rumors of a probable IPO to minimize possible regulatory claims. Alleged BlackDB admin extradited to the US from Kosovo Liridon Mazurica, a 33-year-old citizen of Kosovo, was extradited to the United States on charges of running the cybercrime marketplace BlackDB, which has been operating since 2018, according to the Ministry of Justice. According to the prosecution, the defendant was the lead administrator of the platform that sold compromised accounts, server data, stolen credit card numbers, and personal information about individuals, most of whom are U.S. citizens. The first court hearing has already taken place. The defendant was charged with five counts of fraudulent use of unauthorized access devices and one count of conspiracy to commit fraud. He faces up to 55 years in prison. In turn, a 45-year-old ”foreign national” suspected of using the DoppelPaymer ransomware virus has been arrested in Moldova. Authorities believe the individual was behind a series of cyberattacks on Dutch organizations in 2021. One of the victims was NWO, which suffered damages of around €4.5 million. An e-wallet, €84,800, two laptops, a cell phone, a tablet, six bank cards, and several data storage devices were seized from the individual. He remains in custody and awaits extradition to the Netherlands.
