Cybersecurity on Cowlpane

Fake OpenAI repository on Hugging Face pushes infostealer malware

Sat, 09 May 2026 14:26:03 +0000

Originally published by BleepingComputer

A malicious Hugging Face repository that reached the platform’s trending list impersonated OpenAI’s “Privacy Filter” project to deliver information-stealing malware to Windows users.

The repository briefly reached #1 on Hugging Face and accumulated 244,000 downloads before the platform responded to reports and removed it.

The Hugging Face platform lets developers and researchers share AI models, datasets, and machine learning (ML) tools. Models are pre-trained AI systems hosted on the platform comprising weight files, configuration, and code.

cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now

Sat, 09 May 2026 07:16:00 +0000

Originally published by The Hacker News

cPanel has released updates to address three vulnerabilities in cPanel and Web Host Manager (WHM) that could be exploited to achieve privilege escalation, code execution, and denial-of-service.

The list of vulnerabilities is as follows -

CVE-2026-29201(CVSS score: 4.3) - An insufficient input validation of the feature file name in the “feature::LOADFEATUREFILE” adminbin call that could result in an arbitrary file read.
CVE-2026-29202(CVSS score: 8.8) - An insufficient input validation of the “plugin” parameter in the “create_user API” call that could result in arbitrary Perl code execution on behalf of the already authenticated account’s system user.

TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms

Fri, 08 May 2026 18:12:00 +0000

Originally published by The Hacker News

Threat hunters have flagged a previously undocumented Brazilian banking trojan dubbedTCLBANKERthat’s capable of targeting 59 banking, fintech, and cryptocurrency platforms.

The activity is being tracked by Elastic Security Labs under the monikerREF3076. The malware family is assessed to be a major update of theMaverick, which is known to leverage a worm called SORVEPOTEL to spread via WhatsApp Web to a victim’s contacts. The Maverick campaign is attributed to a threat cluster that Trend Micro calls Water Saci.

NVIDIA confirms GeForce NOW data breach affecting Armenian users

Fri, 08 May 2026 16:18:31 +0000

Originally published by BleepingComputer

NVIDIA has confirmed in a statement for BleepingComputer that GeForce NOW user information has been exposed in a data breach.

The gaming and hardware giant has clarified that the impact is limited to Armenia, and was caused by a compromise of the infrastructure operated by a regional partner.

The company added that its own network was not impacted by the incident.

“Our investigation found no impact on NVIDIA-operated services. The issue is limited to systems run by a third-party GeForce NOW Alliance partner based in Armenia. We are working closely with the partner to support their investigation and resolution. Impacted users will be notified by GFN.am,” the company said.

Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads

Fri, 08 May 2026 15:08:00 +0000

Originally published by The Hacker News

Cybersecurity researchers have discovered fraudulent apps on the official Google Play Store for Android that falsely claimed to offer access to call histories for any phone number, only to trick users into joining a subscription that provided fake data and incurred financial loss.

The 28 apps have collectively racked up more than 7.3 million downloads, with one of them alone accounting for over 3 million downloads, before they were taken down from the official app storefront.The activity, codenamedCallPhantomby Slovakian cybersecurity company ESET, primarily targeted Android users in India and the broader Asia-Pacific region.

Why More Analysts Won’t Solve Your SOC’s Alert Problem

Fri, 08 May 2026 14:02:12 +0000

Originally published by BleepingComputer

By Rich Perkins, Principal Sales Engineer, Prophet Security

Your security spend has roughlydoubled in six years. Your time-to-investigate and respond hasn’t moved. Your CFO is asking why the security headcount keeps growing while the metrics that matter to the business don’t.

The architecture under your SOC is the reason. Not your team. Not your tooling investment. Not your hiring funnel. The operating model your program inherited assumed human-drivenalert triageat the volume the business was producing five years ago, and the business stopped producing alerts at that volume a long time ago.

One Click, Total Shutdown: The "Patient Zero" Webinar on Killing Stealth Breaches

Fri, 08 May 2026 14:01:00 +0000

Originally published by The Hacker News

The hardest part of cybersecurity isn’t the technology, it’s the people.

Every major breach you’ve read about lately usually starts the same way: one employee, one clever email, and one “Patient Zero” infection.

In 2026, hackers are using AI to make these “first clicks” nearly impossible to spot. If a single laptop gets compromised on your watch, do you have a plan to stop it from taking down the whole company?

Trellix source code breach claimed by RansomHouse hackers

Fri, 08 May 2026 13:23:23 +0000

Originally published by BleepingComputer

The attack on the Trellix source code repository disclosed last week has been claimed by the RansomHouse threat group, which leaked a small set of images as proof of the intrusion.

Yesterday, the threat actor published on their data leak site screenshots indicating access to the cybersecurity company’s appliance management system. However, BleepingComputer could not confirm the authenticity of the data.

Trellix is an international cybersecurity firm with global Fortune 100 customers. In 2025, the company had more than 53,000 customers in 185 countries and 3,500 employees.

CISA gives feds four days to patch Ivanti flaw exploited as zero-day

Fri, 08 May 2026 12:16:32 +0000

Originally published by BleepingComputer

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. federal agencies four days to secure their networks against a high-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that has been exploited in zero-day attacks.

Tracked as CVE-2026-6973, this security flaw allows attackers with administrative privileges to execute arbitrary code remotely on systems running EPMM 12.8.0.0 and earlier.

In aThursday security advisory, Ivanti told customers they can secure their appliances by installing Ivanti EPMM 12.6.1.1, 12.7.0.1, and 12.8.0.1, and advised them to review accounts with Admin rights and rotate those credentials where necessary.

Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise

Fri, 08 May 2026 11:00:00 +0000

Originally published by The Hacker News

A previously undocumented Linux implant codenamedQuasar Linux RAT (QLNX)is targeting developers’ systems to establish a silent foothold as well as facilitate a broad range of post-compromise functionality, such as credential harvesting, keylogging, file manipulation, clipboard monitoring, and network tunneling.

“QLNX targets developers and DevOps credentials across the software supply chain,” Trend Micro researchers Aliakbar Zahravi and Ahmed Mohamed Ibrahimsaidin a technical analysis of the malware.

Canvas Breach Disrupts Schools & Colleges Nationwide

Fri, 08 May 2026 02:58:46 +0000

Originally published by Krebs on Security

Photo by Daniel Romero on Unsplash

An ongoing data extortion attack targeting the widely-used education technology platformCanvasdisrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the service’s login page with a ransom demand that threatened to leak data from 275 million students and faculty across nearly 9,000 educational institutions.

A screenshot shared by a reader showing the extortion message that was shown on the Canvas login page today.