Research
-
TrickMo Android banker adds TON blockchain for covert communications
A new TrickMo Android banking malware variant is targeting users in Europe and using the TON blockchain for covert command and control traffic, according to a technical analysis. The malware adds new network and tunneling commands and targets banking and crypto wallets.
-
Google says hackers used AI to help find and weaponize a zero-day 2FA bypass
Google said it found what it believes is the first known in-the-wild use of AI for vulnerability discovery and exploit generation, after attackers used a zero-day Python script to bypass two-factor authentication on an open-source admin tool.
-
Fake OpenAI privacy filter repository hit top of Hugging Face trending list
A malicious Hugging Face repository impersonating OpenAI’s Privacy Filter model reached the platform’s trending list before being disabled. HiddenLayer said it delivered Windows infostealer malware and drew about 244,000 downloads in 18 hours.
-
Ollama flaw could expose process memory from exposed servers, researchers say
Researchers say a critical Ollama flaw could let remote attackers leak process memory from exposed servers, while separate Windows update bugs may allow persistent code execution. The disclosures affect widely used local AI software.
-
New Linux PamDOORa backdoor sold on cybercrime forum, researchers say
Researchers disclosed PamDOORa, a Linux backdoor sold on a Russian cybercrime forum for up to $1,600. The PAM-based tool can provide persistent SSH access, harvest credentials and tamper with logs, though no real-world use has been seen.
-
Mozilla says AI-assisted Mythos found 271 Firefox vulnerabilities with few false positives
Mozilla said its Mythos AI-assisted security research found 271 Firefox vulnerabilities, including 180 rated sec-high. The company faced skepticism over false positives and the lack of individual CVEs.
-
PCPJack credential stealer targets cloud systems and removes TeamPCP traces
Researchers said PCPJack is a new cloud-focused credential stealer that targets exposed services, removes TeamPCP-related artifacts and uses multiple exploits to spread across compromised environments.
-
Fake Claude AI site pushes new Windows backdoor Beagle
A fake Claude AI website is pushing a malicious Claude-Pro Relay download that installs a new Windows backdoor called Beagle. The campaign uses a lookalike site, a 505MB archive and multiple malware delivery methods.
-
US commerce unit expands AI model testing agreements with Google, Microsoft and xAI
A US commerce unit has signed agreements with Google DeepMind, Microsoft and xAI to test frontier AI models before release, joining earlier deals with Anthropic and OpenAI as Washington weighs broader oversight.
-
Mirai-based xlabs_v1 botnet targets Android devices with exposed ADB
A Mirai-derived botnet called xlabs_v1 is targeting Android devices with exposed ADB services, using them for DDoS attacks and bandwidth-based profiling, according to a technical analysis from Hunt.io.
