What happened A malicious Hugging Face repository impersonating OpenAI’s Privacy Filter project reached the platform’s trending list and accumulated 244,000 downloads before being removed following reports from HiddenLayer researchers. The repository, named Open-OSS/privacy-filter, briefly reached the number one spot on Hugging Face’s trending page. The download count and the 667 ... Read More

What happened The official JDownloader website was compromised between May 6 and May 7, 2026, with attackers replacing Windows and Linux installer download links with malicious payloads. JDownloader is a widely used free download manager with millions of users across Windows, Linux, and macOS. The developers took the website offline ... Read More

What happened German authorities have arrested the operator of a rebooted version of Crimenetwork, the largest German online cybercrime marketplace, and seized the platform less than six months after the original was dismantled. A 35-year-old German national was arrested at his residence in Mallorca, Spain, by the Spanish National Police ... Read More

What happened An active malvertising campaign is abusing Google sponsored search results and Claude.ai’s shared chat feature to deliver macOS infostealer malware to users searching for Claude downloads on Mac. The campaign was identified by security engineer Berk Albayrak and independently verified by BleepingComputer, which found a second variant using ... Read More

What happened General Motors has agreed to pay $12.75 million to settle charges brought by California authorities that it violated millions of consumers’ privacy by collecting and selling driving data without their consent, the largest fine issued under the California Consumer Privacy Act since the law took effect more than ... Read More

What happened Škoda Auto has disclosed a security incident affecting its official online shop after attackers exploited a vulnerability in the platform’s standard shop software to gain temporary unauthorized access to customer data. Škoda’s IT team identified the intrusion during routine security monitoring, immediately took the shop offline, and activated ... Read More

The organizations in this feature are among the most recognizable in the world. Their security programs operate at a scale that most enterprises will never approach, protecting billions of customer records, trillions in financial assets, global supply chains, and the technology infrastructure that hundreds of millions of people depend on ... Read More

The organizations in this feature are household names operating across dozens of countries, serving millions of customers, and managing security programs of a scale that most enterprises will never approach. The leaders protecting them have built careers across financial services, defense, healthcare, automotive, and technology, and their programs reflect what ... Read More

What happened Elastic Security Labs has documented a new Brazilian banking trojan called TCLBanker, tracked under campaign REF3076, that combines credential theft targeting 59 banking, fintech, and cryptocurrency platforms with self-spreading worm modules that propagate the malware autonomously through victims’ own WhatsApp and Microsoft Outlook accounts. The malware is delivered ... Read More

Who is happened Sophos X-Ops researchers have documented an active malvertising campaign using a fake Claude AI website to distribute a previously undocumented Windows backdoor named Beagle. The malicious domain claude-pro[.]com impersonates Anthropic’s Claude interface using similar colors and fonts, but with non-functional links that redirect to the front page ... Read More