Application Security

Two cloned AI model card tiles with a Trojan horse silhouette emerging from one, a data pipe to a crypto wallet, a browser with a key icon.

A Fake OpenAI Repository on Hugging Face Hit 244,000 Downloads. It Was Stealing Crypto Wallets and Browser Sessions.

HiddenLayer disclosed on May 7 that a malicious Hugging Face repository, Open-OSS/privacy-filter, typosquatted OpenAI's legitimate Privacy Filter release and shipped a Rust-based infostealer called Boxter. The repo briefly hit #1 on Hugging Face and reached 244,000 downloads before takedown.

09 May 2026

A laptop with three floating keys descending toward its terminal screen, three credential file icons on a shelf below, a Linux penguin silhouette, and a red dot.

Application Security

A New Linux RAT Was Built to Steal npm and PyPI Tokens, and It's the Tool the Next LiteLLM Was Waiting For

Trend Micro researchers disclosed Quasar Linux RAT (QLNX) on May 4 — a Linux implant purpose-built to harvest npm tokens, PyPI keys, AWS credentials, Kubernetes configs, and the rest of the developer credential file universe. Capabilities map to the LiteLLM compromise of March 2026.

09 May 2026

An open filing cabinet drawer with three dashboard outlines (chart, gauge, line graph) fanned behind, an open padlock, and a red-orange accent dot.

Application Security

RansomHouse Claims the Trellix Breach, and the Screenshots Show More Than Source Code

RansomHouse claimed responsibility on May 7 for the Trellix breach the cybersecurity firm disclosed last week — and Cybernews researchers say screenshots posted by the group show internal VMware, Rubrik, and Dell EMC dashboards. That's a much wider compromise than Trellix's "portion of our source code

08 May 2026

Minimalist white line art on maroon: an open vault door with files spilling out onto a curved globe-grid, with an unlocked padlock above.

Application Security

WIRED Found 380,000 Vibe-Coded Apps on the Open Web — and 5,000 of Them Were Leaking Corporate Data

WIRED's Andy Greenberg published an investigation on May 7, 2026 reporting that the Israeli cybersecurity firm RedAccess found roughly 380,000 publicly accessible web assets built with AI "vibe-coding" platforms — Lovable, Base44, Replit, and Netlify — of which around 5,000 exposed sensitive corporate data and another

07 May 2026

Minimalist white line art on bright cyan-teal: a wax-sealed envelope with a small backdoor cut into one side, beside three stacked file icons on a shelf.

Malware

Daemon Tools Was Trojanized for a Month — and the Installer Was Properly Signed

Kaspersky disclosed on May 5, 2026 that Daemon Tools — disk-imaging software with millions of users worldwide — has been distributing trojanized installers from its official website since April 8, 2026. The compromised binaries were signed with valid AVB Disc Soft developer certificates. Thousands of machines across approximately 100 countries received a

07 May 2026

Minimalist white line art on muted blue showing a medical clipboard with three data tags flying through a dashed network arc into two generic app-tile silhouettes.

Data Breaches

State Health Exchanges Sent Citizenship and Race Data to TikTok and Meta

A Bloomberg investigation found that nearly all 20 U.S. state-run health insurance exchanges plus D.C. were sending applicant data — citizenship, race, ZIP codes, prescriptions, even disclosures about incarcerated family members — to TikTok, Meta, Google, Snap, and LinkedIn via misconfigured tracking pixels. More than 7 million Americans bought insurance

05 May 2026

Minimalist white line art on slate-grey showing a folder icon with code-bracket symbols inside, a diagonal fracture line, and an exit arrow, marked by a red accent dot.

Cyber Attacks

Trellix Confirms Source Code Repository Breach

Trellix — formed from McAfee Enterprise + FireEye, owned by Symphony Technology Group — confirms unauthorized access to its source code repository. Customers should monitor and ask, not panic.

04 May 2026

Minimalist white line art on a forest green background showing a stylized computer tower with a ghost icon and an upward-pointing arrow, symbolizing the PhantomRPC privilege escalation.

Vulnerabilities

PhantomRPC: A New Windows RPC Privilege Escalation Technique

Security researchers at Kaspersky have uncovered PhantomRPC, an architectural-level vulnerability in Windows Remote Procedure Call that lets attackers deploy a fake RPC server and escalate privileges from low-privileged contexts to SYSTEM or Administrator — without requiring a classic memory-corruption bug. SINGAPORE — In the world of Windows exploitation, attackers usually hunt for

26 Apr 2026

Minimalist white line art on a deep navy background showing a smartphone with a stylized fingerprint icon and an interlocking gear, symbolizing biometric spoofing.

Spyware

Morpheus Android Spyware: Fake Updates and WhatsApp Hijacking

Italian-linked surveillance firm IPS Intelligence is tied to a new Android spyware, “Morpheus,” that tricks targets into installing a fake “update” app and then hijacks WhatsApp accounts using biometric-spoofing overlays. The case highlights how commercial spyware vendors are turning to mobile-phishing tactics to deploy powerful snooping tools. MILAN, ITALY — Another

26 Apr 2026

Nation-State Cyber Threats

China-Linked GopherWhisper APT Hits 12 Mongolian Gov Systems Using Slack/Discord C2

ESET discovers a new espionage group abusing legitimate cloud services for command-and-control against strategically sensitive Mongolian targets. ULAN BATOR, MN — Researchers at ESET have uncovered a sophisticated, China-aligned espionage campaign targeting the Mongolian government. The threat actor, dubbed GopherWhisper, has successfully infected at least 12 government systems since late 2023,

23 Apr 2026

A white cloud folder icon with neon purple binary code leaking on a charcoal background.

Vulnerability Management

"Public by Intent": Lovable AI Faces Scrutiny Over Massive Project Exposure

A reported Broken Object Level Authorization (BOLA) flaw on the Lovable AI platform allegedly exposed thousands of private coding projects, prompts, and credentials, sparking a debate over "vibe coding" security standards. Stockholm, Sweden — Lovable, the rapidly growing AI "app builder" platform, has found itself at the

22 Apr 2026

A white Firefox silhouette with a neon purple digital repair mesh on an orange background.

Application Security

The Mythos Breakthrough: Anthropic AI Uncovers 271 Security Flaws in Firefox 150

In a landmark moment for automated defense, Mozilla has patched 271 vulnerabilities in the latest version of Firefox — all identified by Anthropic’s specialized security model, Mythos. Mountain View, CA — Mozilla has released Firefox 150, an update that may represent the single largest leap in automated browser hardening to date.

22 Apr 2026

See all