Public PoC Drops for CVSS 9.8 Android Zero-Click CVE-2026-0073
May 13, 2026
Security group BARGHEST released a public PoC for CVE-2026-0073, a CVSS 9.8 zero-click RCE in Android’s debug bridge daemon affecting
Endpoint Security
Public PoC Drops for CVSS 9.8 Android Zero-Click CVE-2026-0073
Security group BARGHEST released a public PoC for CVE-2026-0073, a CVSS 9.8 zero-click RCE in Android's debug bridge daemon affecting Android 14, 15, and 16.
GhostLock Abuses Windows API to Lock 500K Files, Bypassing EDR
GhostLock uses Windows CreateFileW to lock 500,000 files in under three minutes, blocking all access without encryption and evading EDR detection.
Dirty Frag CVE-2026-43284 Exploited in Wild, Linux Patches Out
Microsoft Defender confirmed limited in-the-wild exploitation of Dirty Frag CVE-2026-43284 in Linux, a deterministic LPE chain targeting xfrm-ESP and RxRPC page caches. Patches available for ...
Five Malicious NuGet Packages Target Chinese .NET Developers
Socket discovered five NuGet packages typosquatting Chinese .NET UI libraries — IR.DantUI, IR.OscarUI, and three more — amassing 65,000 downloads while stealing credentials from 12 ...
QLNX Fileless Linux RAT Combines eBPF Rootkit, PAM Backdoor
QLNX is a fileless Linux RAT using eBPF rootkit and PAM backdoor to steal npm, PyPI, AWS, and GitHub tokens from developer hosts with near-zero ...
TrickMo Android Banker Routes C2 Traffic Through TON Blockchain
ThreatFabric identified Trickmo.C, a TrickMo Android banking trojan routing C2 through TON blockchain with SSH tunneling, SOCKS5, and NFC capabilities targeting European banking users.
JDownloader Website Hacked to Serve Python RAT Malware
Unknown attackers compromised the official JDownloader website and replaced legitimate Windows and Linux installers with a Python-based remote access trojan.
Fake OpenAI Repo Trended on Hugging Face Before Malware Found
A fraudulent OpenAI repository reached Hugging Face's trending list while distributing infostealing malware targeting credentials and access tokens.
MacSync Infostealer Weaponizes Google Ads and Claude.ai Chats
Attackers chain Google sponsored ads with fake Claude.ai chat sessions to deliver MacSync, a macOS infostealer harvesting Keychain contents and browser credentials.
TCLBanker Trojan Spreads via WhatsApp and Outlook, Hits 59 Banks
Researchers identify TCLBanker, a Brazilian banking trojan targeting 59 financial platforms that self-propagates by sending malicious messages through victims' WhatsApp and Outlook accounts.
GhostLock Abuses Windows API to Lock 500K Files, Bypassing EDR
May 13, 2026
GhostLock uses Windows CreateFileW to lock 500,000 files in under three minutes, blocking all access without encryption and evading EDR
Dirty Frag CVE-2026-43284 Exploited in Wild, Linux Patches Out
May 12, 2026
Microsoft Defender confirmed limited in-the-wild exploitation of Dirty Frag CVE-2026-43284 in Linux, a deterministic LPE chain targeting xfrm-ESP and RxRPC
Five Malicious NuGet Packages Target Chinese .NET Developers
May 12, 2026
Socket discovered five NuGet packages typosquatting Chinese .NET UI libraries — IR.DantUI, IR.OscarUI, and three more — amassing 65,000 downloads
QLNX Fileless Linux RAT Combines eBPF Rootkit, PAM Backdoor
May 12, 2026
QLNX is a fileless Linux RAT using eBPF rootkit and PAM backdoor to steal npm, PyPI, AWS, and GitHub tokens
TrickMo Android Banker Routes C2 Traffic Through TON Blockchain
May 12, 2026
ThreatFabric identified Trickmo.C, a TrickMo Android banking trojan routing C2 through TON blockchain with SSH tunneling, SOCKS5, and NFC capabilities
JDownloader Website Hacked to Serve Python RAT Malware
May 11, 2026
Unknown attackers compromised the official JDownloader website and replaced legitimate Windows and Linux installers with a Python-based remote access trojan.
Fake OpenAI Repo Trended on Hugging Face Before Malware Found
May 11, 2026
A fraudulent OpenAI repository reached Hugging Face’s trending list while distributing infostealing malware targeting credentials and access tokens.
MacSync Infostealer Weaponizes Google Ads and Claude.ai Chats
May 11, 2026
Attackers chain Google sponsored ads with fake Claude.ai chat sessions to deliver MacSync, a macOS infostealer harvesting Keychain contents and
TCLBanker Trojan Spreads via WhatsApp and Outlook, Hits 59 Banks
May 11, 2026
Researchers identify TCLBanker, a Brazilian banking trojan targeting 59 financial platforms that self-propagates by sending malicious messages through victims’ WhatsApp
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.