Fake OpenAI Hugging Face Repo: Infostealer Warning
HiddenLayer says a fake OpenAI-themed Hugging Face repository copied a privacy-filter model card and used loader.py/start.bat to fetch Windows infostealer malware.
News desk
Security incidents, exploited vulnerabilities, breach reports, malware campaigns, and urgent patch notes arranged for fast daily scanning.
July 15, 2026
HiddenLayer says a fake OpenAI-themed Hugging Face repository copied a privacy-filter model card and used loader.py/start.bat to fetch Windows infostealer malware.
Trend Micro reports QLNX, a Linux-focused Quasar RAT variant that combines persistence, rootkit-style hiding, PAM backdoor access, and credential theft from developer and cloud…
Elastic reports that TCLBANKER hides inside a fake peripheral-device installer, uses DLL sideloading, and spreads through WhatsApp and Outlook while targeting Brazilian banking users.
Kaspersky reports a suspected OceanLotus campaign that used malicious PyPI packages to deliver ZiChatBot, turning routine Python installs into a cross-platform backdoor risk.
Australia warns that ClickFix attacks are abusing compromised WordPress sites and fake CAPTCHA prompts to make Windows users run PowerShell commands that install Vidar…
A fake Claude AI download site is using a working-looking installer to hide a Windows malware chain that drops PlugX-related artifacts and the newer…
A paid-search phishing campaign is targeting GoDaddy ManageWP logins, turning one stolen dashboard session into a potential multi-site WordPress incident.
Microsoft says a code-of-conduct phishing campaign targeted 35,000 users with PDF lures, CAPTCHA gates, and AiTM token theft that can bypass ordinary MFA.
Cisco Talos says CloudZ RAT and its Pheno plugin target Microsoft Phone Link data on infected Windows PCs, turning phone-to-PC syncing into a path…