Toggle light / dark theme

Get the latest international news and world events from around the world.

Log in for authorized contributors

Ousaban Banking Trojan Targets Iberian Bank Users with Fake PDF Lures

The current version moves that screening to the operator’s server, so the exact rules are hidden. Either way, visitors outside Spain or Portugal get a Spanish “access denied” notice instead of malware.

Clear the check, and the download starts. A script downloads an image that looks like a PDF icon but hides a ZIP file inside, a trick called steganography. The script unpacks Ousaban from that ZIP, runs it, then deletes the image, the ZIP, and itself to leave less behind. Once running, Ousaban adds a registry entry named Financeiro (Portuguese for “finance”) so it starts up with Windows.

Ousaban’s command server, the machine that controls it, is deliberately hard to find. It carries a Pastebin link that points to one server address, but Fortinet says that address is a decoy.

Adobe Patches 7 CVSS 10.0 Flaws in ColdFusion and Campaign Classic

The issues have been addressed in ColdFusion 2023 Update 21 and ColdFusion 2025 Update 10. Security researchers Anirudh Anand, Matan Sandori, and 2Bsecure have been credited with discovering and reporting CVE-2026–48283, CVE-2026–48313, and CVE-2026–48307.

Separately, Adobe has also shipped fixes to close out a critical flaw in Adobe Campaign Classic impacting versions ACC v7: 7.4.3 build 9,396 and earlier for Windows and Linux that could result in arbitrary code execution.

The vulnerability, tracked as CVE-2026–48286 (CVSS score: 10.0), is a case of incorrect authorization that could enable an attacker to execute arbitrary code on affected systems. It has been patched in version ACC v7: 7.4.3 build 9397.

Critical Cursor Flaws Could Let Prompt Injection Escape Sandbox and Run Commands

Two flaws in Cursor, an AI code editor, could let a single, ordinary-looking prompt break out of the editor’s safety sandbox and run any command on a developer’s computer. There is no click to fall for and no approval box to ignore.

Cato AI Labs found the pair and named them DuneSlide. They are tracked as CVE-2026–50548 and CVE-2026–50549, both rated 9.8 out of 10 (or 9.3 under the newer CVSS 4.0 scale).

The fix is already out. Both bugs are patched in Cursor 3.0, released April 2, and every version before 3.0 is affected. Cursor’s maker says more than half the Fortune 500 use the tool, so if you run it, update now.

New ChocoPoC malware targets researchers via trojanized PoC exploits

Multiple weaponized proof-of-concept (PoC) exploits on GitHub were found delivering a Python-based remote access trojan (RAT) named ChocoPoC that can execute commands and steal sensitive data in a campaign believed to target cybersecurity researchers.

Hiding malware in PoC exploits for various vulnerabilities is not new, as there are examples of threat actors posing as real security researchers and taking advantage of trending vulnerabilities to target vulnerability and penetration testers or low-skilled hackers.

However, ChocoPoC stands out for not embedding the malware directly in the exploit file but for adding malicious Python packages to the PoC’s dependency list.

Consciousness likely not unique to earthlings, paper says

Does consciousness depend on flesh and blood?

The answer is almost certainly no, according to Eric Schwitzgebel, a distinguished professor of philosophy at the University of California, Riverside.

In a new working paper, Schwitzgebel and Jeremy Pober, a former UCR graduate student who is now a postdoctoral researcher at the University of Lisbon, assert that consciousness is likely possible in life forms made of much different stuff. Think of the five-limbed alien with a rock-like exterior in the recent blockbuster movie “Project Hail Mary.”

Why AI fiction still feels flat: New test shows characters lack mystery and complexity

Researchers at the University of North Carolina at Chapel Hill have found that while artificial intelligence can spin increasingly convincing stories, its characters may still lack one of the qualities that make human-written fiction memorable: mystery.

As AI writing tools become more common in publishing and entertainment, Carolina researchers wanted to understand whether the characters created by these systems are as varied and nuanced as those crafted by human authors. Their findings suggest that, despite advances in technology, AI still tends to rely on familiar patterns.

The study examined how characters in stories generated by AI compare with those written by people. Drawing on ideas from literary theory, the researchers analyzed eight different aspects of character portrayal, including whether characters seem realistic or exaggerated, whether they evolve over time, and whether they remain mysterious or fully understood by the end of a story.

/* */