Bleeping Computer

Fake OpenAI repository on Hugging Face pushes infostealer malware

A malicious Hugging Face repository that reached the platform’s trending list impersonated OpenAI’s “Privacy Filter” project to deliver information-stealing ...
VentureBeat

Anthropic Skill scanners passed every check. The malicious code rode in on a test file.

Picture this scenario: An Anthropic Skill scanner runs a full analysis of a Skill pulled from ClawHub or skills.sh. Its markdown instructions are clean, and no prompt injection is detected. No shell ...
Microsoft

ClickFix campaign uses fake macOS utilities lures to deliver infostealers

Microsoft researchers continue to observe the evolution of an infostealer campaign distributing ClickFix‑style instructions and targeting macOS users. In this recent iteration, threat actors attempt ...
Ars Technica

Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack

Daemon Tools, a widely used app for mounting disk images, has been backdoored in a monthlong compromise that has pushed malicious updates from the servers of its developer, researchers said Tuesday.
Bleeping Computer

Microsoft Defender wrongly flags DigiCert certs as Trojan:Win32/Cerdigent.A!dha

Update: Added Microsoft's statement to the end of the first section of this article. Microsoft Defender is detecting legitimate DigiCert root certificates as Trojan ...
Ars Technica

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers’ account workflow that gave access to its signing keys ...
IEEE

Smarter Cyber Defense: Machine Learning-Based Malicious File Detection

Abstract: The potential of malicious files to compromise sensitive information and systems is significant, making them a risk to any organization that has implemented an information security program.