The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows ...

The post Attackers replaced JDownloader installer downloads with malware appeared first on . If you downloaded the JDownloader installer during the compromise window ( ...

Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.

The repository reached the #1 trending position on Hugging Face within 18 hours, highlighting how public AI repositories are ...

A malicious Hugging Face repository that reached the platform's trending list impersonated OpenAI's "Privacy Filter" project ...

What happened?: Attackers exploited a CMS flaw to replace JDownloader’s Windows and Linux installers with malware between May 6–7, 2026. What was affected?: Only Windows and Linux shell installers ...

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...

In early May, the JDownloader website delivered malware. This is reminiscent of Daemon Tools, which have since reacted.

Between May 6 and 7, it was dangerous to install JDownloader from alternative links on the site.

The attacks compromise aerospace and drone firms' systems to exfiltrate GIS files, terrain models, and GPS data to gain a clear picture of analysts' intel.

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...

John Hammond is a Security Researcher at Huntress as well as a cybersecurity instructor, developer, red teamer, and CTF enthusiast. John is a former Department of Defense Cyber Training Academy ...