All news in category “Incidents and Data Breaches”

🔒 HiddenLayer discovered the Open-OSS/privacy-filter repository on Hugging Face was malicious on May 7. The repo, which copied OpenAI's Privacy Filter model card almost verbatim and showed inflated engagement, delivered a Rust-based infostealer via a base64-encoded loader. The malware steals browser passwords, session cookies, tokens, crypto wallet data and other credentials. HiddenLayer warns anyone who ran files from the repo to treat hosts as fully compromised and to wipe, isolate and rotate all affected credentials.

🛡️ Instructure says it reached an agreement with ShinyHunters after a breach of its Canvas LMS that exposed usernames, emails, course names, enrollments, and messages. The actor returned the stolen data and supplied shred logs confirming destruction. Instructure attributes the intrusion to XSS flaws in the Free-for-Teacher environment, has restored Canvas, and temporarily disabled that free tier while investigating and monitoring activity.

🔒 Instructure said it reached an agreement with an unauthorized actor after a breach that exposed data from its Canvas learning platform, asserting the stolen data was returned and digitally destroyed. The company said the agreement covers all impacted customers and that it believes no customers will be separately extorted. It has engaged forensic vendors, revoked credentials, rotated keys, and temporarily disabled Free‑For‑Teacher accounts while it completes its review.

🔒 Checkmarx warned that a rogue version of its Jenkins AST plugin was published to the Jenkins Marketplace and contained credential-stealing malware attributed to the TeamPCP threat group. The attackers used credentials obtained in a prior Trivy supply-chain breach to backdoor multiple developer tools and maintain access. Checkmarx is publishing a clean plugin release, advising users to revert to version 2.0.13-829.vc72453fa_1c16, rotate secrets, and investigate for compromise.

🔒 Checkmarx confirmed a modified Jenkins AST plugin was published to the Jenkins Marketplace after attackers used stolen credentials to push malicious code. The company released v2.0.13-848.v76e89de8a_053 on GitHub and the Marketplace and says this release addresses the incident. It advised users to ensure they run 2.0.13-829.vc72453fa_1c16 (published Dec 17, 2025) or later. Researchers attribute the activity to TeamPCP.

🔒 Researchers report that a threat actor known as Mr_Rot13 is exploiting a critical cPanel/WHM vulnerability (CVE-2026-41940) to deploy a cross-platform backdoor named Filemanager on compromised hosts. A QiAnXin XLab analysis indicates automated attacks from more than 2,000 source IPs worldwide and an infection chain that replaces root credentials, plants SSH keys, deploys a PHP web shell, and delivers a Go-based infector. The malware harvests credentials and system data, sends results to attacker-controlled infrastructure, and enables file management and remote command execution across Windows, macOS, and Linux.

🛡️ Google disclosed detection of an unknown threat actor using a zero-day exploit likely developed with an AI model, marking the first observed malicious application of AI for vulnerability discovery and exploit generation. GTIG said the exploit was a Python script implementing a 2FA bypass in a widely used open-source web administration tool and contained hallmarks of LLM-generated code. Google worked with the vendor to patch the flaw, disabled malicious assets, and linked the activity to a broader set of AI-enabled abuse campaigns including the Android backdoor PromptSpy.

📡 ThreatFabric has identified a new Android banking trojan variant, TrickMo C, that shifts its command-and-control channel into The Open Network (TON) blockchain by resolving operator endpoints as .adnl identities. The malicious APK embeds a native TON proxy and routes its HTTP client through a loopback port, while any remaining clearnet queries are sent via DNS-over-HTTPS. This design makes conventional domain takedowns ineffective and helps conceal malicious traffic as legitimate TON application activity.

🔒 Ontinue detailed a campaign distributing a previously undocumented information stealer via fake Claude Code install pages that hijack Chromium browsers to bypass App-Bound Encryption and exfiltrate cookies, passwords and payment data from developer workstations. The lure substituted the canonical Anthropic host for an attacker-controlled domain while /install.ps1 returned a verbatim genuine installer, letting automated scanners see benign PowerShell. A native helper is reflectively injected into browser processes to invoke the IElevator2 COM interface and extract encryption keys, while the PowerShell layer handles persistence, collection and C2 communications. Defenders are urged to enforce constrained PowerShell, enable script block logging and block newly registered domains.

⚡ This weekly recap highlights a string of active campaigns and exploited flaws affecting enterprise and cloud environments. Attackers weaponized vulnerabilities in Ivanti EPMM and Palo Alto PAN-OS, while a new modular Linux implant dubbed Quasar Linux (QLNX) pairs a kernel rootkit with a P2P mesh to resist takedowns. Several supply-chain compromises and credential-stealing campaigns are targeting cloud and developer tooling, and threat actors increasingly abuse legitimate RMM platforms for persistence.

⚠️ A malicious Hugging Face repository posing as an OpenAI release delivered an infostealer to Windows hosts and accumulated about 244,000 downloads before removal. Researchers at HiddenLayer found the repo copied OpenAI’s model card and included a loader.py that fetched and executed credential-stealing payloads. The loader disabled SSL verification, used jsonkeeper.com as a C2, and employed scheduled tasks and a Rust-based infostealer to exfiltrate browser data, wallets, Discord storage, and FileZilla credentials.

🔒 A ShinyHunters “pay or leak” extortion campaign has targeted the education sector after the compromise of Instructure, operator of the Canvas LMS. The April 25 breach reportedly exposed around 275 million records and more than 3.65 TB of data via a vulnerability in the Free‑For‑Teacher Canvas version. After an initial ransom demand and a May 8 deadline, the group extended its timeline and began school‑by‑school extortion, defacing roughly 330 institutional login pages. Affected organizations are urged to change Canvas‑related passwords, enable multi‑factor authentication and heighten phishing awareness.

🔒 ThreatFabric uncovered a new TrickMo Android banker variant that communicates with operators via The Open Network (TON) using .adnl identities and an embedded local TON proxy on infected devices. Disguised as TikTok or streaming apps, it targets banking and crypto wallets in France, Italy, and Austria. The modular malware adds several remote networking commands and proxying capabilities. Android users should restrict app sources and enable Play Protect.

🔒 A ShinyHunters campaign has compromised data for over 197,000 Zara customers, according to HaveIBeenPwned. Stolen items include unique email addresses, product SKUs, order IDs and support ticket data after stolen authentication tokens from analytics provider Anodot were used to access BigQuery and Snowflake instances; the group leaked a claimed 140GB trove. Inditex says no names, passwords or payment details were affected and operations remained unaffected. Other reported victims include Vimeo, Rockstar Games and McGraw Hill.

🔒 Spanish and German authorities have shut down a relaunch of Crimenetwork, arresting a 35-year-old German national in Mallorca after coordination with the Frankfurt prosecutors and the BKA. The rebuilt marketplace attracted over 22,000 users and 100+ vendors, trading stolen data, narcotics and forged documents while generating more than €3.6m in revenue. Police seized €194,000 and user transaction data to support further investigations.

🚨 A malicious Hugging Face repository impersonating OpenAI's Privacy Filter model reached #1 trending before being disabled after delivering a Rust-based information stealer to Windows users. The attacker typosquatted the legitimate release and copied its model card, instructing victims to run a loader.py or Windows start.bat to fetch payloads via a JSON Keeper dead drop. The multi-stage chain used PowerShell to download secondary loaders, set Defender exclusions, and install a one-shot scheduled task that launched a stealer collecting browser, wallet and app data for exfiltration.

⚠️ Attackers are using Google Ads to direct macOS users to malicious instructions hosted inside Claude.ai shared chats. The chats disguise themselves as official installation guides and prompt users to paste Terminal commands that download compressed shell scripts and execute them in memory. Some variants profile victims (including keyboard locale) before running a second-stage payload via osascript, while others immediately steal browser credentials, cookies, and Keychain items. Avoid pasting terminal commands and visit the official site directly.

🚨 German authorities dismantled a relaunch of the criminal marketplace Crimenetwork and arrested its alleged operator after the reboot reportedly generated more than €3.6 million. The new instance had attracted roughly 22,000 users and over 100 vendors before investigators seized user and transaction data along with about €194,000 in assets. The arrest of a 35-year-old German was executed in Mallorca under a European arrest warrant, following coordinated actions by the Public Prosecutor's Office in Frankfurt am Main, the Central Office for Combating Cybercrime (ZIT), and the BKA.

⚠ The official JDownloader website was compromised between May 6 and May 7, 2026, and attackers replaced alternative Windows and Linux installers with malicious payloads. The Windows binaries deploy a heavily obfuscated Python-based remote access trojan, while the Linux shell installer installs SUID-root components and persistence. Developers say the CMS was abused to alter download links without host-level access and have taken the site offline to investigate. Users who ran affected installers should treat systems as compromised, verify installers' digital signatures (AppWork GmbH) and consider reinstalling and rotating credentials.

⚠️A malicious Hugging Face repository impersonated OpenAI’s Privacy Filter and briefly reached #1, reportedly accumulating 244,000 downloads before removal. HiddenLayer found the repo used a typosquatted name and a loader.py that disabled SSL checks, decoded a base64 URL, and executed a PowerShell chain to deploy a Rust-based infostealer. The malware harvests browser credentials, tokens, wallets, SSH/FTP/VPN files and more, exfiltrating data to a C2 server. Users are urged to reimage affected machines, rotate credentials, and replace wallets and seed phrases.