Operation HookedWing Phishing Hit 500+ Organizations
Operation HookedWing used GitHub Pages, compromised servers, and staged redirects to target more than 500 organizations with credential phishing.
News desk
Security News
Security incidents, exploited vulnerabilities, breach reports, malware campaigns, and urgent patch notes arranged for fast daily scanning.
June 24, 2026
Latest reports
Ollama CVE-2026-7482 Can Leak Prompts and API Keys
Cyera disclosed Bleeding Llama, an Ollama memory-leak flaw that can expose prompts, environment variables, API keys, and tool output from exposed local LLM servers.
Polish Water Plants Hit by ICS Breaches, ABW Says
Poland's ABW says hackers breached control systems at five water treatment plants, exposing how weak remote access and internet-facing OT can become a public-service…
Fake OpenAI Hugging Face Repo: Infostealer Warning
HiddenLayer says a fake OpenAI-themed Hugging Face repository copied a privacy-filter model card and used loader.py/start.bat to fetch Windows infostealer malware.
Is JDownloader Safe?
JDownloader says attackers changed several official website download links on May 6-7, sending Windows alternative installer and Linux shell installer users to malicious files.
cPanel WHM Patches File Read and Code Injection Bugs
cPanel patched three WHM and WP Squared vulnerabilities affecting server control paths, including arbitrary file read, Perl code injection, and unsafe symlink chmod behavior.
Canvas Breach: Login Portals Defaced in Extortion Attack
Instructure says a Canvas incident exposed names, emails, student IDs, and user messages at affected organizations, while login pages were later altered during the…
CallPhantom Scam Apps Reached 7.3M Google Play Installs
ESET says 28 CallPhantom apps in Google Play sold fake call, SMS, and WhatsApp history reports, turning curiosity into paid subscriptions and harder-to-refund charges.
QLNX RAT Targets Linux Developer and Cloud Credentials
Trend Micro reports QLNX, a Linux-focused Quasar RAT variant that combines persistence, rootkit-style hiding, PAM backdoor access, and credential theft from developer and cloud…