That creepy feeling in old buildings might come from a sound you can’t hear.
Get the latest international news and world events from around the world.
JDownloader site hacked to replace installers with Python RAT malware
The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows and Linux installers, with the Windows payload found deploying a Python-based remote access trojan.
The supply chain attack affects those who downloaded installers from the official website between May 6 and May 7, 2026 via the Windows “Download Alternative Installer” links or the Linux shell installer.
According to the developers, the attackers modified the website’s download links to point to malicious third-party payloads rather than legitimate installers.
New GhostLock tool abuses Windows API to block file access
A security researcher has released a proof-of-concept tool named GhostLock that demonstrates how a legitimate Windows file API can be abused in attacks to block access to files stored locally or on SMB network shares.
This technique, created by Kim Dvash of Israel Aerospace Industries, abuses the Windows ‘CreateFileW’ API and file-sharing modes to prevent other users and applications from opening files while handles remain active.
The GhostLock technique abuses the ‘dwShareMode’ parameter in the CreateFileW function, which specifies the type of access other processes have to a file while it is opened.
Instructure confirms hackers used Canvas flaw to deface portals
Education technology giant Instructure has confirmed that a security vulnerability allowed hackers to modify Canvas login portals and leave an extortion message.
BleepingComputer has learned that both the breach and defacements involved multiple cross-site scripting (XSS) vulnerabilities that enabled the attacker to obtain authenticated admin sessions.
The second hack was to draw attention and to pressure Instructure into entering negotiations to pay a ransom following an initial breach disclosed a week before.
Google: Hackers used AI to develop zero-day exploit for web admin tool
Researchers at Google Threat Intelligence Group (GTIG) say that a zero-day exploit targeting a popular open-source web administration tool was likely generated using AI.
The exploit could be leveraged to bypass the two-factor authentication (2FA) protection in a popular open-source, web-based system administration tool that remains unnamed.
Although the attack was foiled before the mass exploitation phase, the incident shows that threat actors are relying more on AI assistance for their vulnerability discovery and exploitation efforts.
TrickMo Android banker adopts TON blockchain for covert comms
A new variant of the TrickMo Android banking malware, delivered in campaigns targeting users across Europe, introduces new commands and uses The Open Network (TON) for stealthy command-and-control communications.
The TrickMo banker was first spotted in September 2019 and has remained in active development, constantly receiving updates since then.
In October 2024, Zimperium analyzed 40 variants of the malware delivered via 16 droppers, communicating with 22 distinct command-and-control (C2) infrastructures, and targeting sensitive data belonging to users worldwide.
Hackers abuse Google ads, Claude.ai chats to push Mac malware
Attackers are abusing Google Ads and legitimate Claude.ai shared chats in an active malvertising campaign.
Users searching for “Claude mac download” may come across sponsored search results that list claude.ai as the target website, but lead to instructions that install malware on their Mac.
The campaign was spotted by Berk Albayrak, a security engineer at Trendyol Group, who shared his findings on LinkedIn.