BTMOB Android malware service generates custom phishing payloads
…to remove from the device, or prevent sleep mode). It should be noted that BTMOB is mostly active in Brazil and Latin America. It is not a new Android trojan, as ANYRUN…
Search
Top stories
Microsoft backpedals: Edge to stop loading passwords into memory
…Last year, Microsoft also introduced a new Edge security feature to protect users against malicious extensions sideloaded into the web browser, and restricted access to Edge's Internet Explorer mode after hackers…
Ubiquiti patches three max severity UniFi OS vulnerabilities
…On Thursday, Ubiquiti also patched a second critical command injection flaw ( CVE-2026-33000 ) and a high-severity information disclosure ( CVE-2026-34911 ), both affecting Unifi OS devices. Ubiquiti has yet to…
GitHub investigates internal repositories breach claimed by TeamPCP
…The Trivy breach also affected the LiteLLM open-source Python library in an attack that infected tens of thousands of devices with its "TeamPCP Cloud Stealer" information-stealing malware. More recently, the…
Exploit available for new DirtyDecrypt Linux root escalation flaw
Exploit available for new DirtyDecrypt Linux root escalation flaw By Sergiu Gatlan May 18, 2026 03:18 AM A recently patched local privilege escalation vulnerability in the Linux kernel's rxgk module…
ChatGPT share links abused to host fake outage pages to deliver malware
…The website offers both macOS [ VirusTotal ] and Windows [ VirusTotal ] downloads that install malware on devices. While it is unclear what payloads are ultimately deployed, earlier campaigns abusing AI platform sharing features have…
Microsoft shares mitigation for YellowKey Windows zero-day
…On devices that are not yet encrypted, admins can enable the "Require additional authentication at startup" option via Microsoft Intune or Group Policies, while ensuring that "Configure TPM startup PIN" is set…
TrickMo Android banker adopts TON blockchain for covert comms
…The key new feature in the current variant is the TON-based communication with the operator, which uses .ADNL addresses routed through an embedded local TON proxy running on the infected device…
GitHub confirms breach of 3,800 repos via malicious VSCode extension
…The company has since removed the unnamed trojanized extension from the VS Code marketplace and has secured the compromised device. "Yesterday we detected and contained a compromise of an employee device involving…
SHub macOS infostealer variant spoofs Apple security updates
…compromised devices, which could allow fething additional malware. The researchers have provided a set of indicators of compromise that could help defenders protect against malicious behavior associated with the new SHub Reaper…