Today’s roundup
JDownloader site hacked to replace installers with Python RAT malware
Fake OpenAI repository on Hugging Face pushes infostealer malware
Nation-state actors exploit Palo Alto PAN-OS zero-day for weeks
Hackers target governments and MSPs via critical cPanel flaw CVE-2026-41940
Dirty Frag: A new Linux privilege escalation vulnerability is already in the wild
Cyberattacks on Poland’s Water Plants: A Blueprint for Hybrid Warfare
RansomHouse says it breached Trellix and exposes internal systems
Taiwan High-Speed Rail Emergency Braking Hack: How a Student Stopped the Trains and Exposed a Major Security Gap
Malicious PyTorch Lightning update hits AI supply chain security
Microsoft warns of global campaign stealing auth tokens from 35K users
Summary
The official website of the popular JDownloader download manager was compromised, leading to the distribution of malicious Windows and Linux installers. The Windows payload has been identified as a Python-based remote access trojan (RAT), indicating a supply chain attack on users seeking the legitimate software.
A malicious repository impersonating OpenAI's "Privacy Filter" project appeared on Hugging Face, reaching its trending list. This repository was designed to deliver information-stealing malware to Windows users, posing a significant risk to developers and researchers seeking AI-related tools.
Nation-state actors have been actively exploiting a zero-day vulnerability in Palo Alto Networks' PAN-OS for several weeks. This critical flaw allows for unauthenticated remote code execution, impacting the security of network devices widely used by enterprises and governments globally.
A critical authentication bypass vulnerability, CVE-2026-41940, in cPanel & WHM is being actively exploited by hackers. The targets include government entities and Managed Service Providers (MSPs), presenting a severe risk of widespread system compromise and data theft.
A new Linux privilege escalation vulnerability dubbed "Dirty Frag" has been discovered and is already being actively exploited in the wild. This flaw grants attackers root access on various modern Linux distributions, necessitating immediate patching for affected systems.
Poland's security agency has reported cyberattacks on five water treatment plants, highlighting a potential blueprint for hybrid warfare. These incidents underscore the escalating threat to critical national infrastructure from sophisticated actors.
The RansomHouse ransomware group has claimed to have breached cybersecurity firm Trellix and exfiltrated internal systems data. This assertion, if true, represents a significant incident targeting a major security vendor and its intellectual property.
A student in Taiwan was arrested for using a software-defined radio (SDR) and handheld radios to halt four high-speed trains. This incident exposed a major security gap in the critical infrastructure's emergency braking system.
A malicious update to the PyTorch Lightning library has impacted AI supply chain security. This incident demonstrates the growing risk of software supply chain attacks targeting the rapidly evolving artificial intelligence development ecosystem.
Microsoft has issued a warning regarding a global campaign that has successfully stolen authentication tokens from approximately 35,000 users. This multi-stage phishing campaign aims to bypass multi-factor authentication and gain unauthorized access to accounts.
Want to dig deeper?
Vulnerabilities
Malware Families