Cybercrime
-
Fake OpenAI privacy filter repository hit top of Hugging Face trending list
A malicious Hugging Face repository impersonating OpenAI’s Privacy Filter model reached the platform’s trending list before being disabled. HiddenLayer said it delivered Windows infostealer malware and drew about 244,000 downloads in 18 hours.
-
Sri Lanka arrests 37 Chinese nationals in suspected scam centre raid
Sri Lankan police arrested 37 Chinese nationals in a suburb of Colombo after raiding a suspected scam centre, seizing phones, tablets and SIM cards. Officials say the case fits a broader pattern of suspected fraud compounds in the country.
-
New Linux PamDOORa backdoor sold on cybercrime forum, researchers say
Researchers disclosed PamDOORa, a Linux backdoor sold on a Russian cybercrime forum for up to $1,600. The PAM-based tool can provide persistent SSH access, harvest credentials and tamper with logs, though no real-world use has been seen.
-
PCPJack credential stealer targets cloud systems and removes TeamPCP traces
Researchers said PCPJack is a new cloud-focused credential stealer that targets exposed services, removes TeamPCP-related artifacts and uses multiple exploits to spread across compromised environments.
-
Australia warns of ClickFix attacks spreading Vidar Stealer malware
Australia’s cyber security agency warned of a ClickFix campaign using compromised WordPress sites to push Vidar Stealer. The advisory recommends restricting PowerShell, using allow-listing and updating WordPress plugins and themes.
-
Two US nationals sentenced for helping North Korea run laptop farms
Two U.S. nationals were sentenced to 18 months in prison for hosting laptops that helped North Korea’s remote IT worker scheme, which affected nearly 70 U.S. companies and generated about $1.2 million.
-
Mirai-based xlabs_v1 botnet targets Android devices with exposed ADB
A Mirai-derived botnet called xlabs_v1 is targeting Android devices with exposed ADB services, using them for DDoS attacks and bandwidth-based profiling, according to a technical analysis from Hunt.io.
-
MuddyWater linked to Microsoft Teams intrusion that used Chaos ransomware branding
A Rapid7 technical analysis says MuddyWater used Microsoft Teams, screen-sharing and remote access tools in an early 2026 intrusion that looked like Chaos ransomware but focused on data theft and persistence.
-
Taiwan student accused of hacking high-speed rail radio system to trigger emergency brakes
A 23-year-old Taiwanese university student was arrested after allegedly using radio equipment to trigger emergency brakes on Taiwan High Speed Rail, stopping four trains for 48 minutes on April 5, according to a local report.
-
Amazon SES abuse rises in phishing campaigns, Kaspersky says
Kaspersky says Amazon Simple Email Service is being increasingly abused in phishing campaigns that can bypass standard email defenses. The report links the activity to exposed AWS credentials and notes that the messages can evade SPF, DKIM and DMARC checks.
