Microsoft has said it will address a vulnerability in its May 2013 Patch Tuesday next week that could potentially expose systems to zero-day attacks on Internet Explorer (IE) 8 if not patched.

The vulnerability has already been exploited in a watering hole attack targeting the US Department of Labor (DoL) website, where, as Alienvault warned earlier this month, it could have lead to a Chinese hacking group installing malware to extract information.

Security researchers are advising users of IE8 that this patch, which is rated as Critical, should be applied first. Qualys' Wolfgang Kendek warned in his blog that the patch "should be on the top of your list if you are on IE8".

The massive heist unfolded "in a matter of hours," said the US prosecutor's office for Brooklyn, New York.

Prosecutors unveiled charges against eight people accused of forming the New York cell of the plot, which stretched across 26 countries. In their case, they allegedly lifted $2.8 million in cash and now face charges of conspiracy to commit access device fraud and money laundering.

Seven of the eight have been arrested, the US attorney's office said. The eighth, Alberto Yusi Lajud-Pena, nicknamed "Prime" and "Albertico," is "reported to have been murdered on April 27," the office said.

A botched software update by Malwarebytes disabled thousands of systems around the globe this week, according to a blog post penned by CEO Marcin Kleczynski. Around 3PM PST on Monday, April 15, the security vendor released a definitions patch that wrongly identified legit system files as being malware.

By preventing essential Windows.dll and .exe files from running, the update crippled affected machines and caused quite a headache for many IT professionals. Speaking with V3, an unnamed organization said the update took down 80% of its servers, and that was just one of many stories the publication said it received.

Anonymous has restarted its attack against North Korea and once again is using a North Korean Twitter account to announce website scalps.

The Twitter account @uriminzok was the scene of announcements about the hacked websites during the last stage of Op North Korea, and reports have tipped up there again.

The first wave of attacks saw a stream of websites defaced or altered with messages or images that were very much not in favour of the latest North Korean hereditary leader, Kim Jong-un.