Most teams that deploy AI start with a backbone model. They download a large pre-trained system, adapt it to a specific task, and put it into production. The download step carries a security question: the origin of the model. A research team built an attack called BadBone. It plants a backdoor inside a backbone model.…
Tag: download
Data Breaches, Global Security News
Attackers accessed, downloaded code from Grafana Labs’ GitHub
A threat actor has managed to access Grafana Labs’ GitHub environment and download the company’s codebase, the open-source observability and data visualization firm announced on Sunday. The breach is significant given Grafana Labs’ widespread use across enterprise engineering and DevOps teams worldwide. Grafana Labs is best known for its open-source dashboard and visualization platform, but…
AI, Global Security News
⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
Rough Monday. Somebody poisoned a trusted download again, somebody else turned cloud servers into public housing, and a few crews are still getting into boxes with bugs that should’ve died years ago — the same old holes, same lazy access paths, same “how the hell is this still open” feeling. One report this week basically…
Data Breaches, Global Security News
Hackers Hijack JDownloader Site to Deliver Malware Through Installers
JDownloader confirms a security breach where hackers manipulated official download links to distribute malicious files between 6 and 7 May 2026.
Global Security News
JDownloader site hacked to replace installers with Python RAT malware
The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows and Linux installers, with the Windows payload found deploying a Python-based remote access trojan. […]
AI, Global Security News
Fake Claude AI website delivers new ‘Beagle’ Windows malware
A fake version for the Claude AI website offers a malicious Claude-Pro Relay download that pushes a previously undocumented backdoor for Windows named Beagle. […]
AI, Global Security News, privacy
Chrome’s AI features can take up to 4GB of space on your computer
Google Chrome can automatically download a local AI model that takes up to 4 gigabytes of hard drive space on a computer when certain AI features are enabled, according to The Verge. The file, called weights.bin, is used by Google’s Gemini Nano AI model to provide writing assistance, autocomplete, and fraud protection directly on the…
Global Security News, Risk Management
Why Unofficial Download Sources Are Still a Security Risk in 2026
Security Risk in 2026: why unofficial download sources still put users at risk, and how to verify safe, official install paths before installing software.
AI, Endpoint, Exploits, Global Security News, malware, Network Security
Fake Claude AI installer abuses DLL sideloading to deploy PlugX
Fake Claude website impersonates Anthropic and delivers PlugX RAT via ZIP download using DLL sideloading. A fake website impersonating Anthropic’s Claude service was found distributing the PlugX remote access trojan, according to Malwarebytes. The rogue site abuses the chatbot’s popularity to trick users into downloading a ZIP archive presented as a “pro version” installer. The…
AI, Global Security News, malware
Hackers hijacked CPUID downloads, served STX RAT to victims
If you tried to download software from CPUID’s website late last week, you might have downloaded malware instead. “Investigations are still ongoing, but it appears that a secondary feature (basically a side API) was compromised for approximately six hours between April 9 and April 10, causing the main website to randomly display malicious links (our…
AI, Global Security News
Supply chain attack at CPUID pushes malware with CPU-Z/HWMonitor
Hackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular CPU-Z and HWMonitor tools. […]
AI, Global Security News
Kali Linux 2026.1 released with 8 new tools, new BackTrack mode
Kali Linux 2026.1, the first release of the year, is now available for download, featuring 8 new tools, a theme refresh, and a new BackTrack mode for Kali-Undercover. […]
AI, Global Security News
OpenWrt 25.12.0 ships with new package manager, built-in upgrade tool, support for 2200+ devices
OpenWrt 25.12.0 is now available for download. The release incorporates over 4,700 commits since branching from OpenWrt 24.10. Package manager changes One of the most significant structural changes in 25.12.0 is the replacement of the opkg package manager with apk, the Alpine Package Keeper. The OpenWrt fork of opkg is no longer maintained, and the…
AI, Apps, Endpoint, Exploits, Global Security News, Network Security, Risk Management
Critical Nginx UI flaw CVE-2026-27944 exposes server backups
Nginx UI flaw CVE-2026-27944 lets attackers download and decrypt server backups without authentication, exposing sensitive data on public management interfaces. A critical vulnerability in Nginx UI, tracked as CVE-2026-27944 (CVSS score of 9.8), allows attackers to download and decrypt full server backups without authentication. The flaw poses a serious risk to organizations exposing the management…
AI, Global Security News, malware
New BoryptGrab Stealer Targets Windows Users via Deceptive GitHub Pages
The BoryptGrab campaign uses fake SEO‑optimized GitHub repositories and deceptive download pages to distribute a data‑stealing malware family that delivers multiple payloads, including a reverse SSH backdoor, to Windows users.
AI, Global Security News, malware
Another day, another malicious JPEG, (Mon, Feb 23rd)
In his last two diaries, Xavier discussed recent malware campaigns that download JPEG files with embedded malicious payload[1,2]. At that point in time, I’ve not come across the malicious “MSI image” myself, but while I was going over malware samples that were caught by one of my customer’s e-mail proxies during last week, I found…