Kategorie

The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows and Linux installers, with the Windows payload found deploying a Python-based remote access trojan. [...]

A malicious Hugging Face repository that reached the platform's trending list impersonated OpenAI's "Privacy Filter" project to deliver information-stealing malware to Windows users. [...]

cPanel has released updates to address three vulnerabilities in cPanel and Web Host Manager (WHM) that could be exploited to achieve privilege escalation, code execution, and denial-of-service. The list of vulnerabilities is as follows - CVE-2026-29201 (CVSS score: 4.3) - An insufficient input validation of the feature file name in the "feature::LOADFEATUREFILE" adminbin call that could result Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Chaos erupted at schools and colleges throughout the US on Thursday as a cyberattack disrupted online learning platform Canvas just as students were due to take final exams.

Canvas parent company Instructure said that as of Friday morning, the platform was back online. Instructure said it temporarily took Canvas offline on Thursday after identifying unauthorized activity in its network. The threat actor was the same one responsible for a data breach that Instructure disclosed a week ago. Data accessed included user names, email addresses, student ID numbers, and messages exchanged on the platform. The company said it has no indication that passwords, dates of birth, government identifiers, or financial information were involved.

Schools and colleges scramble

A ransomware group known as ShinyHunters claimed responsibility for the breach on its dark web site. It claimed the data it took came from 275 million people associated with 8,800 schools.

Read full article

Comments

Threat hunters have flagged a previously undocumented Brazilian banking trojan dubbed TCLBANKER that's capable of targeting 59 banking, fintech, and cryptocurrency platforms. The activity is being tracked by Elastic Security Labs under the moniker REF3076. The malware family is assessed to be a major update of the Maverick, which is known to leverage a worm called SORVEPOTEL to spread via Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

NVIDIA has confirmed in a statement for BleepingComputer that GeForce NOW user information has been exposed in a data breach. [...]

Cybersecurity researchers have discovered fraudulent apps on the official Google Play Store for Android that falsely claimed to offer access to call histories for any phone number, only to trick users into joining a subscription that provided fake data and incurred financial loss. The 28 apps have collectively racked up more than 7.3 million downloads, with one of them alone accounting for over Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

A lot of Linux attacks now look like normal admin activity. Attackers use SSH , cron , curl , systemd , cloud scripts, and other trusted tools that defenders already expect to see running across production systems.

Attackers move faster than overwhelmed SOC teams can realistically investigate alerts. Prophet Security breaks down how AI can help analysts investigate alerts faster and focus on real threats. [...]

The hardest part of cybersecurity isn't the technology, it’s the people. Every major breach you’ve read about lately usually starts the same way: one employee, one clever email, and one "Patient Zero" infection. In 2026, hackers are using AI to make these "first clicks" nearly impossible to spot. If a single laptop gets compromised on your watch, do you have a plan to stop it from taking down [email protected]

Just weeks after Linux defenders began responding to Copy Fail , researchers have disclosed another serious privilege escalation vulnerability that can deliver reliable root access on major distributions.

Echoing concerns from other security experts, Orange Cyberdefense (OC) recently warned that employees have become the biggest security threat faced by business. 

Now, in the latest illustration of its ongoing security response, Apple is putting new protections in place in macOS 26.4 that should help – but employee education remains critical as hackers turn to complex, multi-stage, social engineering attacks to infest systems with malware.

Your people are your weakness

The data tells its own story. OC explains: Employees account for 57% of all security incidents and 45% of these incidents come when workers bypass or ignore security policies by, for example, using unapproved tools. 

Attackers are actively searching for and exploiting those kinds of policy workarounds, seeking weaknesses in commonly used, but unapproved, tools. Users really should educate themselves.

While companies can put some mitigations in place using device management and policy controls to constrain app use and downloads across their endpoints, Apple is also working to keep systems secure with a focus on the Terminal app. 

Terminal’s early warning system

In this case, it will introduce new malware warnings and protections to help prevent people from using Terminal to override system security to install malware-laden scripts. That’s the attack vector currently being used in the ClickFix series of attacks, which use fake macOS utilities to trick Mac users into doing just that.

It’s yet another example of how attackers rely on complex social engineering attacks to fool targets into undermining their own security. These attacks often begin with an attempt to get users to install infostealer malware on their own machines, and run them, bypassing Mac’s native malware defence.

Apple already has many, many protections to help combat attacks like these; now, we’ll see warnings in macOS Tahoe 26.4 whenever a relatively novice user pastes anything into the Terminal. Apple’s XProtect continues to block known malicious scripts. 

Helping people make better decisions

These warnings don’t appear in the first 24 hours after setting up a Mac, nor do they appear if a user has developer tools such as Xcode installed. That’s because Apple assumes developers are savvy enough to avoid falling for such tricks, while many users setting up their Macs may have legitimate need to use Terminal for legitimate purposes. (Apple will always warn when you try to paste code from sources known to be malicious.)

To an extent, Apple’s new protection reflects its belief that users should have choice while ensuring they are informed. Figuring out when to warn a user of the dangers they take has always been a challenge, as you don’t want to interfere in the user experience too heavily. But the prevalence of the kinds of threats OC warns about pushed Apple to put a new gate in place. 

FileVault keys come to the Passwords app

This isn’t the only new protection Apple has planned for macOS 26.4. The update does something many have long wanted. Ever since Apple’s first M-series chips arrived, we’ve had situations in which users forget their FileVault key, which can lead to Macs getting bricked when sold. Apple has now moved the macOS FileVault recovery key into users’ end-to-end encrypted Passwords app.

That’s good in two ways: it removes the threat Apple could lose or leak the key and makes it easier for a user to recover that key using the Passwords app on anther device. When you protect the data on your Mac with FileVault, you get a recovery key during set-up. If you forget the password for your Mac, you can reset the password by entering the recovery key.

Finally, IT admins seeking to ensure compliance with security policies will appreciate that Apple began rolling out Background Security Improvements in iOS 26.3.1, iPadOS 26.3.1 and macOS 26.3.1 to deliver incremental fixes and additional protections in between normal software updates. Still, as the OC data shows, the best and most effective security (beyond moving to a Mac) is to ensure employees fully understand the implications and significance of your company’s current security policies.

Please follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

The attack on the Trellix source code repository disclosed last week has been claimed by the RansomHouse threat group, which leaked a small set of images as proof of the intrusion. [...]

CISA has given U.S. federal agencies four days to secure their networks against a high-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) exploited in zero-day attacks. [...]

A previously undocumented Linux implant codenamed Quasar Linux RAT (QLNX) is targeting developers' systems to establish a silent foothold as well as facilitate a broad range of post-compromise functionality, such as credential harvesting, keylogging, file manipulation, clipboard monitoring, and network tunneling. "QLNX targets developers and DevOps credentials across the software supply chain," Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Hackers who gained access to the databases of Spanish fast-fashion retailer Zara stole data belonging to more than 197,000 customers, according to data breach notification service Have I Been Pwned. [...]

The dark secret of enterprise security operations is that defenders have quietly institutionalized the practice of not looking. This is not just anecdotal, but rather backed by a recent report investigating more than 25 million security alerts, including informational and low-severity, across live enterprise environments.  The dataset behind these findings includes 10 million monitored [email protected]

A 34-year-old Virginia man was found guilty of conspiring to destroy dozens of government databases after getting fired from his job as a federal contractor. [...]

Cybersecurity researchers have disclosed details of a new Linux backdoor named PamDOORa that's being advertised on the Rehub Russian cybercrime forum for $1,600 by a threat actor called "darkworm." The backdoor is designed as a Pluggable Authentication Module (PAM)-based post-exploitation toolkit that enables persistent SSH access by means of a magic password and specific TCP port combination. Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

A Linux server running a few predictable services is relatively easy to secure.