TrickMo.C Android Banker Turns Phones Into Proxy Nodes
TrickMo.C moves Android banking malware control to TON/.adnl and adds proxy/pivot features, turning infected phones into traffic-exit nodes for fraud.
News desk
Security News
Security incidents, exploited vulnerabilities, breach reports, malware campaigns, and urgent patch notes arranged for fast daily scanning.
June 4, 2026
Latest reports
ETR-Invspt.ca SMS Scam Leads to Fake Interac Deposit Page
A Canadian smishing campaign sends etr-invspt.ca SMS links that redirect to inc-gdep.com, a fake Interac deposit page impersonating Government of Canada and banks.
PamDOORa Linux PAM Backdoor Turns SSH Login Into a Trap
PamDOORa is a Linux PAM-based backdoor marketed for persistent OpenSSH access and credential theft. The cleanup problem is deeper than one password reset.
Fake Claude Code Ads Push MacSync Stealer on macOS
A Google Ads malvertising campaign used fake Claude Code install pages and terminal commands to deliver MacSync Stealer, targeting Keychain data, SSH keys, AWS…
Ollama CVE-2026-7482 Can Leak Prompts and API Keys
Cyera disclosed Bleeding Llama, an Ollama memory-leak flaw that can expose prompts, environment variables, API keys, and tool output from exposed local LLM servers.
Polish Water Plants Hit by ICS Breaches, ABW Says
Poland's ABW says hackers breached control systems at five water treatment plants, exposing how weak remote access and internet-facing OT can become a public-service…
Fake OpenAI Hugging Face Repo: Infostealer Warning
HiddenLayer says a fake OpenAI-themed Hugging Face repository copied a privacy-filter model card and used loader.py/start.bat to fetch Windows infostealer malware.
Is JDownloader Safe?
JDownloader says attackers changed several official website download links on May 6-7, sending Windows alternative installer and Linux shell installer users to malicious files.
cPanel WHM Patches File Read and Code Injection Bugs
cPanel patched three WHM and WP Squared vulnerabilities affecting server control paths, including arbitrary file read, Perl code injection, and unsafe symlink chmod behavior.